电脑技术学习

一个外资银行的路由器配置

dn001

  今天终于稍微闲一点了,给大家贴个配置吧。这个路由器不是我配的,是欧洲某国的IBM配的,我们也可以看看大公司做事有什么特点,背景是这家银行暴有钱,买了两个3725,一个上了WIC-1T,一个上了WIC-1S/T,做备份。
  其中一台机器的配置如下(简其中重要的贴)
  version 12.2
  service timestamps debug datetime localtime
  service timestamps log datetime localtime
  service passWord-encryption
  hostname shanghai_2
  boot system flash c3725-ik9s.mz-122-15.T1.bin
  logging buffered 4096 debug
  enable security xxx
  username Moncalieri_1 password xxx
  username Moncalieri_2 password xxx
  username settimo_2 password xxx
  no ip domain lookup
  ip host h2 10.128.208.235
  ip host h1 10.128.208.234
  ip host s1 10.131.240.150
  ...
  isdn switch-type basic-net3
  isdn voice-call-failure 0
  mta receive maximum-recipients 0
  dlsw local-peer peer-id 172.18.1.38
  dlsw remote--peer 0 tcp 172.18.1.1
  dlsw remote--peer 0 tcp 172.18.1.2 backup-peer 172.18.1.1 linger 1
  dlsw transparent switch-support
  interface loopback0
  ip addr 172.18.1.35 255.255.255.255
  interface multilink1
  no ip address
  ppp multilink
  multilink-group 1
  interface fasethernet0/0
  description connected to ETHERNET_LAN
  mac-address 4000.0000.6666
  ip address 10.128.210.235 255.255.255.0
  no ip proxy-arp
  speed auto
  half-duplex
  standby use-bia
  standby 12 ip 10.128.210.233
  standby 12 priority 90
  standby 12 preemtp
  standby 12 authentication SHANGHAI
  interface s0/0
  no ip address
  shut
  interface bri0/0
  no ip address
  encapsulation ppp
  dialer pool-member 1
  isdn switch-type basic-net3
  ppp athentication chap
  interface fastethernet 0/1
  no ip address
  shutdown
  interface dialer1
  description connect to SETTIMO_2
  ip address 10.128.211.49 255.255.255.252
  encapsulation ppp
  dialer pool 1
  dialer remote-name SETTIMO_2
  dialer load-threshold 1 either
  dialer max-call 2
  dialer-group 1
  ppp authentication chap
  ppp multilink
  ppp multilink fragment-delay 20
  ppp multilink interleave
  router eigrp 128
  passive-interface dialer1
  network 10.0.0.0
  network 172.18.0.0
  no autoo-summary
  ip classless
  ip route 10.0.0.0 255.0.0.0 10.128.211.50 200
  ip route 172.16.0.0 255.240.0.0 10.128.211.50 200
  ip route 172.18.1.0 255.255.255.0 10.128.211.50 200
  ip route 192.168.0.0 255.255.0.0 10.128.211.50 200
  no ip http server
  ip Access-list extended SHANGHAI_2_LIST
  permit ip 10.128.211.0 0.0.0.255 10.128.192.0 0.0.0.255
  permit ip 10.128.211.0 0.0.0.255 10.128.209.0 0.0.0.255
  access-list 78 permit 10.254.4.2
  access-list 78 permit 10.254.4.3
  access-list 78 deny all
  access-list 79 permit 10.254.4.2
  access-list 79 permit 10.254.4.3
  access-list 79 deny all
  access-list 80 permit 10.7.30.9
  access-list 80 permit 10.7.30.40
  access-list 80 permit 10.7.30.100
  access-list 80 deny any log
  access-list 100 deny icmp any any
  access-list 100 deny eigrp any any
  access-list 100 deny udp any any eq snmp
  access-list 100 deny udp any any eq snmptrap
  access-list 100 permit ip any any
  dialer-list 1 protocol ip list 100
  snmp-server community public ro
  snmp-server community mioixx ro 80
  snmp-server community cxssi23424 rw 80
  snmp-server community r646545 ro 78
  snmp-server community c234719247 ro 79
  snmp-server ifindex persist
  snmp-server trap-source loopback0
  snmp-server packetsize 4096
  snmp-server trap-timeout 120
  snmp-server queue-length 30
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  no snmp-server enable traps tty
  snmp-server enable traps isdn call-information
  snmp-server enable traps config
  snmp-server enable traps entity
  snmp-server enable traps envmon
  snmp-server enable traps dlsw tconn
  snmp-server host 10.248.0.100 csxxx
  snmp-server host 10.254.4.2 undefined
  call rsvp-sync
  mgcp profile defualt
  dialer-peer cor custom
  banner motd ^CC
  YOU HAVE ENTERED A SECURED SYSTEM
  AUTHORIZED ACCESS ONLY
  UNAUTHORIZED USE IS CONSIDERED ILLEGAL!
  router:$(hostname)
  ^c
  line con 0
  exec-timeout 0 0
  password 2034u10481290
  login
  line aux 0
  line vty 0 4
  pass q230578901247821
  login
  ntp clock-period 17180040
  ntp server 172.18.1.1