一个外资银行的路由器配置
今天终于稍微闲一点了,给大家贴个配置吧。这个路由器不是我配的,是欧洲某国的IBM配的,我们也可以看看大公司做事有什么特点,背景是这家银行暴有钱,买了两个3725,一个上了WIC-1T,一个上了WIC-1S/T,做备份。
其中一台机器的配置如下(简其中重要的贴)
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service passWord-encryption
hostname shanghai_2
boot system flash c3725-ik9s.mz-122-15.T1.bin
logging buffered 4096 debug
enable security xxx
username Moncalieri_1 password xxx
username Moncalieri_2 password xxx
username settimo_2 password xxx
no ip domain lookup
ip host h2 10.128.208.235
ip host h1 10.128.208.234
ip host s1 10.131.240.150
...
isdn switch-type basic-net3
isdn voice-call-failure 0
mta receive maximum-recipients 0
dlsw local-peer peer-id 172.18.1.38
dlsw remote--peer 0 tcp 172.18.1.1
dlsw remote--peer 0 tcp 172.18.1.2 backup-peer 172.18.1.1 linger 1
dlsw transparent switch-support
interface loopback0
ip addr 172.18.1.35 255.255.255.255
interface multilink1
no ip address
ppp multilink
multilink-group 1
interface fasethernet0/0
description connected to ETHERNET_LAN
mac-address 4000.0000.6666
ip address 10.128.210.235 255.255.255.0
no ip proxy-arp
speed auto
half-duplex
standby use-bia
standby 12 ip 10.128.210.233
standby 12 priority 90
standby 12 preemtp
standby 12 authentication SHANGHAI
interface s0/0
no ip address
shut
interface bri0/0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp athentication chap
interface fastethernet 0/1
no ip address
shutdown
interface dialer1
description connect to SETTIMO_2
ip address 10.128.211.49 255.255.255.252
encapsulation ppp
dialer pool 1
dialer remote-name SETTIMO_2
dialer load-threshold 1 either
dialer max-call 2
dialer-group 1
ppp authentication chap
ppp multilink
ppp multilink fragment-delay 20
ppp multilink interleave
router eigrp 128
passive-interface dialer1
network 10.0.0.0
network 172.18.0.0
no autoo-summary
ip classless
ip route 10.0.0.0 255.0.0.0 10.128.211.50 200
ip route 172.16.0.0 255.240.0.0 10.128.211.50 200
ip route 172.18.1.0 255.255.255.0 10.128.211.50 200
ip route 192.168.0.0 255.255.0.0 10.128.211.50 200
no ip http server
ip Access-list extended SHANGHAI_2_LIST
permit ip 10.128.211.0 0.0.0.255 10.128.192.0 0.0.0.255
permit ip 10.128.211.0 0.0.0.255 10.128.209.0 0.0.0.255
access-list 78 permit 10.254.4.2
access-list 78 permit 10.254.4.3
access-list 78 deny all
access-list 79 permit 10.254.4.2
access-list 79 permit 10.254.4.3
access-list 79 deny all
access-list 80 permit 10.7.30.9
access-list 80 permit 10.7.30.40
access-list 80 permit 10.7.30.100
access-list 80 deny any log
access-list 100 deny icmp any any
access-list 100 deny eigrp any any
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq snmptrap
access-list 100 permit ip any any
dialer-list 1 protocol ip list 100
snmp-server community public ro
snmp-server community mioixx ro 80
snmp-server community cxssi23424 rw 80
snmp-server community r646545 ro 78
snmp-server community c234719247 ro 79
snmp-server ifindex persist
snmp-server trap-source loopback0
snmp-server packetsize 4096
snmp-server trap-timeout 120
snmp-server queue-length 30
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
no snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps dlsw tconn
snmp-server host 10.248.0.100 csxxx
snmp-server host 10.254.4.2 undefined
call rsvp-sync
mgcp profile defualt
dialer-peer cor custom
banner motd ^CC
YOU HAVE ENTERED A SECURED SYSTEM
AUTHORIZED ACCESS ONLY
UNAUTHORIZED USE IS CONSIDERED ILLEGAL!
router:$(hostname)
^c
line con 0
exec-timeout 0 0
password 2034u10481290
login
line aux 0
line vty 0 4
pass q230578901247821
login
ntp clock-period 17180040
ntp server 172.18.1.1