partendo dalla configurazione del 1751 che uso presso una sede:
Codice: Seleziona tutto
!
! Last configuration change at 11:56:24 SUMMER- Tue Jul 15 2008
!
version 12.3
no parser cache
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxxxxxx
!
username xxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxx
memory-size iomem 25
clock timezone GMT+1 1
clock summer-time SUMMER-TIME recurring last Sun Mar 2:00 last Sun Oct 3:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userlist group radius local
aaa authorization network grouplist group radius local
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
description "LAN"
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no ip redirects
ip mtu 1492
ip nat inside
ip tcp adjust-mss 1452
speed auto
full-duplex
no cdp enable
hold-queue 100 out
!
interface Dialer0
description "WAN logica"
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
no cdp enable
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxx
ppp pap sent-username [email protected] password 7 xxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 4096
ip nat inside source list 1 interface Dialer0 overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
!
ip access-list standard MANAGEMENT
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx log
permit xxx.xxx.xxx.xxx log
deny any log
logging history size 500
no logging trap
access-list 1 permit xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no cdp run
!
banner motd
###########################################################################
###########################################################################
!
line con 0
logging synchronous
line aux 0
line vty 0 4
session-timeout 600
access-class MANAGEMENT in
exec-timeout 600 0
logging synchronous
transport input telnet
!
ntp clock-period xxx.xxx.xxx.xxx
ntp server xxx.xxx.xxx.xxx
ntp server xxx.xxx.xxx.xxx
!
end
Codice: Seleziona tutto
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.203.130(1720) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.212.15(1249) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.166.112(1764) -> 0.0.0.0(23), 1 packet
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.168.40(3428) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.188.40(1999) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.155.221(2018) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.154.39(3644) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.180.241(2042) -> 0.0.0.0(23), 2 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.207.126(1246) -> 0.0.0.0(23), 3 packets
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.48.107(2643) -> 0.0.0.0(23), 1 packet
MET: %SEC-6-IPACCESSLOGP: list MANAGEMENT denied tcp 151.32.129.130(3082) -> 0.0.0.0(23), 1 packet
collegandomi in console ho trovato modificata la acl nella parte vty e aux
"sl_def_acl" pur non essendo specificata nella configurazione...
Codice: Seleziona tutto
line con 0
logging synchronous
line aux 0
access-class sl_def_acl in
line vty 0 4
session-timeout 600
access-class sl_def_acl in
exec-timeout 600 0
logging synchronous
transport preferred ssh
transport input all