Hi!
I have an as5200 running 24 lines through a channelized T1.
The problem that I have is that it starts dropping the connections
after 15 or more lines are being used.
I applied the suggestions being offered i.e. deny access to 135, etc.
I got an improvement but not as expected?.
I will appreciate any suggestions. Here is my current conf:
Using 3404 out of 126968 bytes
!
version 12.0
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname as5200
!
no logging buffered
no logging console
no logging monitor
aaa new-model
aaa authentication login default radius local
aaa authentication login console enable
aaa authentication ppp default radius
aaa accounting update newinfo
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
aaa accounting network ppp start-stop radius
enable secret 5 <passwd>
enable password 7 <passwd>
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip domain-name <domain>
ip name-server <ip>
ip name-server <ip>
isdn switch-type primary-5ess
clock timezone MDT -7
clock summer-time MDT recurring
!
!
controller T1 0
framing esf
clock source internal
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-immediate-start
!
controller T1 1
framing esf
clock source line primary
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-immediate-start
!
!
interface Loopback0
no ip address
no ip directed-broadcast
!
interface Ethernet0
ip address <ip> 255.255.255.0
ip access-group 109 out
no ip unreachables
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0
ip access-group 109 in
no ip unreachables
no ip directed-broadcast
encapsulation ppp
no ip route-cache
no ip mroute-cache
async mode interactive
peer default ip address pool setup_pool
no fair-queue
no cdp enable
ppp authentication chap pap
group-range 1 48
!
ip local pool setup_pool <ip range>
ip default-gateway <ip>
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
!
logging trap warnings
logging facility local6
logging <ip>
access-list 60 permit <ip>
access-list 60 permit <ip>
access-list 60 permit <ip>
access-list 109 deny icmp any any echo
access-list 109 deny icmp any any echo-reply
access-list 109 deny tcp any any eq 135
access-list 109 deny udp any any eq 135
access-list 109 deny udp any any eq tftp
access-list 109 deny udp any any eq netbios-ns
access-list 109 deny tcp any any eq 137
access-list 109 deny tcp any any eq 138
access-list 109 deny udp any any eq netbios-dgm
access-list 109 deny udp any any eq netbios-ss
access-list 109 deny tcp any any eq 139
access-list 109 deny tcp any any eq 445
access-list 109 deny tcp any any eq 593
access-list 109 deny tcp any any eq 707
access-list 109 deny tcp any any eq 4444
access-list 109 permit ip any any
no cdp run
snmp-server community <comunity> RO
snmp-server community <cumunity> RW
snmp-server community <comunity> RW 60
radius-server host <host-ip> auth-port 1812 acct-port 1813
radius-server host <host-ip> auth-port 1812 acct-port 1813
radius-server timeout 3
radius-server key <key>
!
line con 0
transport input none
line 1 48
exec-timeout 0 0
autoselect during-login
autoselect ppp
modem InOut
transport input all
line aux 0
line vty 0 4
password 7 <deleted>
end
Regards,
Rodolfo Estrada
restrada@linuxmail.org
I have an as5200 running 24 lines through a channelized T1.
The problem that I have is that it starts dropping the connections
after 15 or more lines are being used.
I applied the suggestions being offered i.e. deny access to 135, etc.
I got an improvement but not as expected?.
I will appreciate any suggestions. Here is my current conf:
Using 3404 out of 126968 bytes
!
version 12.0
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname as5200
!
no logging buffered
no logging console
no logging monitor
aaa new-model
aaa authentication login default radius local
aaa authentication login console enable
aaa authentication ppp default radius
aaa accounting update newinfo
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
aaa accounting network ppp start-stop radius
enable secret 5 <passwd>
enable password 7 <passwd>
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip domain-name <domain>
ip name-server <ip>
ip name-server <ip>
isdn switch-type primary-5ess
clock timezone MDT -7
clock summer-time MDT recurring
!
!
controller T1 0
framing esf
clock source internal
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-immediate-start
!
controller T1 1
framing esf
clock source line primary
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-immediate-start
!
!
interface Loopback0
no ip address
no ip directed-broadcast
!
interface Ethernet0
ip address <ip> 255.255.255.0
ip access-group 109 out
no ip unreachables
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0
ip access-group 109 in
no ip unreachables
no ip directed-broadcast
encapsulation ppp
no ip route-cache
no ip mroute-cache
async mode interactive
peer default ip address pool setup_pool
no fair-queue
no cdp enable
ppp authentication chap pap
group-range 1 48
!
ip local pool setup_pool <ip range>
ip default-gateway <ip>
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
!
logging trap warnings
logging facility local6
logging <ip>
access-list 60 permit <ip>
access-list 60 permit <ip>
access-list 60 permit <ip>
access-list 109 deny icmp any any echo
access-list 109 deny icmp any any echo-reply
access-list 109 deny tcp any any eq 135
access-list 109 deny udp any any eq 135
access-list 109 deny udp any any eq tftp
access-list 109 deny udp any any eq netbios-ns
access-list 109 deny tcp any any eq 137
access-list 109 deny tcp any any eq 138
access-list 109 deny udp any any eq netbios-dgm
access-list 109 deny udp any any eq netbios-ss
access-list 109 deny tcp any any eq 139
access-list 109 deny tcp any any eq 445
access-list 109 deny tcp any any eq 593
access-list 109 deny tcp any any eq 707
access-list 109 deny tcp any any eq 4444
access-list 109 permit ip any any
no cdp run
snmp-server community <comunity> RO
snmp-server community <cumunity> RW
snmp-server community <comunity> RW 60
radius-server host <host-ip> auth-port 1812 acct-port 1813
radius-server host <host-ip> auth-port 1812 acct-port 1813
radius-server timeout 3
radius-server key <key>
!
line con 0
transport input none
line 1 48
exec-timeout 0 0
autoselect during-login
autoselect ppp
modem InOut
transport input all
line aux 0
line vty 0 4
password 7 <deleted>
end
Regards,
Rodolfo Estrada
restrada@linuxmail.org