Mailing List Archive

Okay, I tried adding "ppp multilink" to the 7200 config


Without it --

gw1.armplc#show users
Line User Host(s) Idle Location
* 2 vty 0 admin idle 00:00:00 admin1.win.net

Interface User Mode Idle Peer Address
Vi2.1 K1.LXFU.396853..SC PPPoE 00:01:32 216.24.35.57
Vi2.2 quickcash1 PPPoE 00:00:09 216.24.12.100

... and I can ping 216.24.12.100 (the 2620) and telnet to it fine.
With it....

gw1.armplc#show users
Line User Host(s) Idle Location
* 2 vty 0 admin idle 00:00:00 admin1.win.net

Interface User Mode Idle Peer Address
Vi2.1 K1.LXFU.396853..SC PPPoE 00:00:40 216.24.35.57
Vi3 quickcash1 PPPoE 00:00:24
Vi4 quickcash1 MLP Bundle 00:00:24 216.24.12.100

... and 216.24.12.100 does not respond to ping or telnet requests.


----- Original Message -----
From: "Vince Mammoliti" <vince@cisco.com>
To: "'Joe Mays'" <jfmays@launchpad.win.net>
Cc: <cisco-nas@puck.nether.net>
Sent: Saturday, March 19, 2011 11:47 AM
Subject: RE: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP


> Joe,
>
>
>
> At a very quick look it looks like you are missing:
>
>
>
> ppp multilink
>
>
>
> on your 7200 config:
>
>
>
> From:
>
> interface Virtual-Template1
> ip unnumbered FastEthernet1/0.2
> ip tcp adjust-mss 1360
> peer default ip address pool pppoepool
> ppp authentication pap chap
>
>
>
> to:
>
> interface Virtual-Template1
> ip unnumbered FastEthernet1/0.2
> ip tcp adjust-mss 1360
> peer default ip address pool pppoepool
> ppp authentication pap chap
>
> ppp multilink
>
>
>
>
>
> Regards,
>
>
>
> Vince
>
>
>
>
>
>
>
>
>
>
>
> From: cisco-nas-bounces@puck.nether.net
> [mailto:cisco-nas-bounces@puck.nether.net] On Behalf Of Joe Mays
> Sent: Saturday, March 19, 2011 3:27 AM
> To: cisco-nas@puck.nether.net
> Subject: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP
>
>
>
> Okay. At one end is a 2620 running 12.3(15) IPBase, with a 4NME
card. At the
> other is a 7206. Between them are three DSL lines, all running in
bridged
> mode. Two are bonded together between the DSL modem and the DSLam,
so
> essentially, we have two long Ethernet lines, plugged into ports
ethernet1/0
> and ethernet1/1 on the 2620.
>
>
>
> /--------C1 ~~~~\
> A ~~~~~~~ B< > D
> \========C2 ~~~~/
>
>
>
>
> A (Cisco 7206, FE2/0)
> B (Zhone Bitstorm)
> ~ (ethernet link)
> - (single DSL line)
> = (bonded DSL lines)
> D (Cisco 2620, 4NME card, E1/0 and E1/1)
>
>
>
> Essentially it all seems to work, turning it up with one port binds
virtual
> access 1 to the multilink PPP connection. But when both ports on
turned up
> on the 2620, it binds the second port, but then the second port
begins to go
> up and down and massive packet loss starts occuring. It's not the
DSL line,
> we tried both lines separately in port 1, but work great. It's not
the port,
> the same problem occurs if we using ethernet1/2 as the second port,
instead
> of E1/1. I was just guessing at the config to make this work and I
may have
> done it completely wrongly.
>
>
>
> Cisco 2620 config....
>
>
>
> Current configuration : 1388 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Quickcash
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxxxxx.
> !
> aaa new-model
> !
> !
> aaa authentication login default local
> aaa accounting delay-start
> aaa session-id common
> ip subnet-zero
> ip cef
> !
> !
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> request-dialin
> protocol pppoe
> !
> !
> username admin password 0 xxxxxxxx
> !
> !
> !
> interface FastEthernet0/0
> ip address xxx.24.2.89 255.255.255.248
> duplex auto
> speed auto
> !
> interface Ethernet1/0
> no ip address
> full-duplex
> pppoe enable
> pppoe-client dial-pool-number 1
> !
> interface Ethernet1/1
> no ip address
> shutdown
> full-duplex
> pppoe enable
> pppoe-client dial-pool-number 1
> !
> interface Ethernet1/2
> no ip address
> shutdown
> full-duplex
> pppoe enable
> pppoe-client dial-pool-number 1
> !
> interface Ethernet1/3
> no ip address
> shutdown
> half-duplex
> !
> interface Dialer1
> ip address xxx.24.12.100 255.255.255.0
> ip mtu 1420
> encapsulation ppp
> dialer pool 1
> dialer-group 1
> ppp authentication pap callin
> ppp pap sent-username quickcash1 password 0 xxxxxxxx
> ppp multilink
> ppp multilink links minimum 2
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer1
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> transport preferred none
> transport input telnet
> !
> !
> end
>
> Cisco 7206 Config....
>
>
>
> Current configuration : 11227 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname gw1.armplc
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxxxxx
> !
> aaa new-model
> !
> !
> aaa group server radius WinAuthAcct
> server xxx.24.27.48 auth-port 1812 acct-port 1813
> server xxx.24.27.49 auth-port 1812 acct-port 1813
> !
> aaa authentication login default local
> aaa authentication ppp default local group WinAuthAcct
> aaa authorization exec default local none
> aaa authorization network default local group WinAuthAcct
if-authenticated
> aaa accounting delay-start
> aaa accounting update newinfo
> aaa accounting network default start-stop broadcast group
WinAuthAcct
> aaa session-id common
> ip subnet-zero
> no ip source-route
> !
> !
> ip cef
> ip telnet source-interface Loopback100
> ip tftp source-interface Loopback100
> ip domain list win.net
> ip domain name win.net
> ip name-server xxx.24.27.3
> ip name-server xx.235.0.25
> ip name-server xxx.24.27.4
> !
> no ip bootp server
> pppoe-forwarding
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> username admin secret 5 xxxxxxxx
> username quickcash1 password 0 xxxxxxxx
> !
> !
> controller T3 6/0
> !
> !
> bba-group pppoe global
> virtual-template 1
> !
> bba-group pppoe global1
> virtual-template 2
> !
> !
> interface Loopback100
> description gw1.armplc.win.net loopback interface
> ip address 216.24.30.16 255.255.255.255
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> !
> interface FastEthernet1/0
> ip address xxx.24.8.1 255.255.255.0
> duplex full
> !
> interface FastEthernet1/0.2
> encapsulation dot1Q 2
> ip address xxx.24.12.193 255.255.255.192
> pppoe enable group global
> no snmp trap link-status
> !
> interface FastEthernet1/0.3
> encapsulation dot1Q 3
> ip tcp adjust-mss 1360
> pppoe enable group global1
> no snmp trap link-status
> !
> interface FastEthernet1/0.16
> encapsulation dot1Q 16
> no snmp trap link-status
> !
> interface FastEthernet1/0.17
> encapsulation dot1Q 17
> no snmp trap link-status
> !
> interface FastEthernet2/0
> no ip address
> shutdown
> duplex half
> !
> interface Serial3/0
> description Armory Place CO to Heyburn
> bandwidth 44210
> ip address 216.24.28.246 255.255.255.252
> ip route-cache flow
> dsu bandwidth 44210
> framing c-bit
> cablelength 50
> serial restart-delay 0
> no cdp enable
> !
> interface Serial3/1
> no ip address
> shutdown
> dsu bandwidth 44210
> framing c-bit
> cablelength 10
> serial restart-delay 0
> !
> interface Serial4/0
> no ip address
> shutdown
> dsu bandwidth 44210
> framing c-bit
> cablelength 10
> serial restart-delay 0
> !
> interface ATM5/0
> no ip address
> shutdown
> no atm ilmi-keepalive
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet1/0.2
> ip tcp adjust-mss 1360
> peer default ip address pool pppoepool
> ppp authentication pap chap
> !
> interface Virtual-Template2
> mtu 1400
> ip unnumbered FastEthernet1/0.3
> peer default ip address pool pppoepool
> ppp mtu adaptive
> ppp authentication pap chap
> !
> router ospf 5150
> log-adjacency-changes
> area 0 authentication message-digest
> summary-address 216.24.9.0 255.255.255.128
> redistribute connected subnets route-map ospf-redistrib
> redistribute static subnets route-map ospf-redistrib
> passive-interface default
> no passive-interface FastEthernet1/0
> no passive-interface Serial3/0
> no passive-interface Loopback100
> network 24.235.0.0 0.0.31.255 area 0
> network 216.24.0.0 0.0.63.255 area 0
> !
> ip local pool pppoepool 216.24.12.100 216.24.12.180
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial3/0
> ip route 216.24.2.88 255.255.255.248 216.24.12.100
> ip route 216.24.35.91 255.255.255.255 216.24.12.100
> no ip http server
> !
> !
> !
> ip access-list standard allow-our-nets
> permit 216.24.0.0 0.0.63.255
> permit 24.235.0.0 0.0.31.255
> !
> ip access-list extended in-block-all-smtp-nb
> deny tcp any any eq smtp log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended in-block-nb
> remark -- Same as out-block-nb
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended in-block-smtp-nb
> permit tcp any 216.24.27.0 0.0.0.255 eq smtp
> deny tcp any any eq smtp log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended in-dangerously-allow-all
> permit ip any any
> ip access-list extended in-permitlog-smtp
> remark -- This one is used to see who we need to not apply
blocksmtp to.
> remark -- It is functionally identical to in-block-nb.
> permit tcp any 216.24.27.0 0.0.0.255 eq smtp
> permit tcp any any eq smtp syn log-input
> permit tcp any any eq smtp
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-block-all-smtp-nb
> deny tcp any eq smtp any log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-block-nb
> remark -- Same as in-block-nb
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-block-smtp-nb
> permit tcp 216.24.27.0 0.0.0.255 eq smtp any
> deny tcp any eq smtp any log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-dangerously-allow-all
> permit ip any any
> ip access-list extended out-permitlog-smtp
> permit tcp any 216.24.27.0 0.0.0.255 eq smtp
> permit tcp any any eq smtp log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip radius source-interface Loopback100
> logging source-interface Loopback100
> !
> route-map ospf-redistrib permit 10
> match ip address allow-our-nets
> !
> snmp-server trap-source Loopback100
> !
> radius-server attribute nas-port format c
> radius-server dead-criteria tries 2
> radius-server host 216.24.27.201 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.202 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.203 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.204 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.205 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.206 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.207 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.208 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.209 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.200 auth-port 1645 acct-port 1646
> radius-server retry method reorder
> radius-server transaction max-tries 3
> radius-server retransmit 0
> radius-server timeout 3
> radius-server deadtime 2
> radius-server key m00c0w6809
> radius-server vsa send accounting
> radius-server vsa send authentication
> !
> !
> !
> !
> gatekeeper
> shutdown
> !
> !
> line con 0
> stopbits 1
> line aux 0
> stopbits 1
> line vty 0 4
> exec-timeout 60 0
> logging synchronous
> transport preferred none
> transport input telnet
> !
> !
> end
>
>
>
>
>
>
>
> --
> "The problem with our concept of mind is that we confuse our own
kind of
> self-awareness with thinking in general. Self-awareness is an
attribute of
> certain kinds of social animals. Why should a mind be self-aware?
It's
> enough it's world-aware. If it isn't socially connected to other
minds, it
> doesn't need social filters or self-modeling. It's self-making,
> self-sufficient. It embodies and acts. A world-aware mind is just
one step
> closer to God than you and I."
> -- Greg Bear, "Slant"
>
>

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

> Which Ethernet interfaces are the session coming in on?
> FE 1/0.2 or FE 1/0.3

FE 1/0.2
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

> > Which Ethernet interfaces are the session coming in on?
> > FE 1/0.2 or FE 1/0.3
>
> FE 1/0.2

I'm still rather at a loss as to why this isn't working, and would
deeply appreciate any suggestions.

Would it be possible for me to find a simple example of a 2620 config
that does PPPoE and ppp multilink on the customer side, across two
ethernet interfaces to a cisco 7206 on the ISP side?

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

Okay, I got this to work, for a given value of working. Adding ppp
multilink to the virtual template on the 7206 and removing the minimum
links entry on the 2600 led to the connection coming up with both ends
showing both links bundled into one MLP bundle, and I was able to ping
both directions across the bundle fine. Unfortunately, inexplicably,
the 2600, which had its default route set to "ip route 0.0.0.0 0.0.0.0
Dialer1" began ignoring the default route. It could ping the local
lan, could ping the 7206, but given an IP address that was not
directly connected, it would respond no route to host.

This is close to working. Can anyone offer any ideas about what might
have been causing this?


----- Original Message -----
From: "Joe Mays" <jfmays@launchpad.win.net>
To: <cisco-nas@puck.nether.net>
Sent: Saturday, March 19, 2011 2:26 AM
Subject: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP


Okay. At one end is a 2620 running 12.3(15) IPBase, with a 4NME card.
At the other is a 7206. Between them are three DSL lines, all running
in bridged mode. Two are bonded together between the DSL modem and the
DSLam, so essentially, we have two long Ethernet lines, plugged into
ports ethernet1/0 and ethernet1/1 on the 2620.

/--------C1 ~~~~\
A ~~~~~~~ B< > D
\========C2 ~~~~/


A (Cisco 7206, FE2/0)
B (Zhone Bitstorm)
~ (ethernet link)
- (single DSL line)
= (bonded DSL lines)
D (Cisco 2620, 4NME card, E1/0 and E1/1)

Essentially it all seems to work, turning it up with one port binds
virtual access 1 to the multilink PPP connection. But when both ports
on turned up on the 2620, it binds the second port, but then the
second port begins to go up and down and massive packet loss starts
occuring. It's not the DSL line, we tried both lines separately in
port 1, but work great. It's not the port, the same problem occurs if
we using ethernet1/2 as the second port, instead of E1/1. I was just
guessing at the config to make this work and I may have done it
completely wrongly.

Cisco 2620 config....

Current configuration : 1388 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Quickcash
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxx.
!
aaa new-model
!
!
aaa authentication login default local
aaa accounting delay-start
aaa session-id common
ip subnet-zero
ip cef
!
!
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
username admin password 0 xxxxxxxx
!
!
!
interface FastEthernet0/0
ip address xxx.24.2.89 255.255.255.248
duplex auto
speed auto
!
interface Ethernet1/0
no ip address
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/1
no ip address
shutdown
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/2
no ip address
shutdown
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
interface Dialer1
ip address xxx.24.12.100 255.255.255.0
ip mtu 1420
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username quickcash1 password 0 xxxxxxxx
ppp multilink
ppp multilink links minimum 2
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
transport preferred none
transport input telnet
!
!
end

Cisco 7206 Config....

Current configuration : 11227 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw1.armplc
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxx
!
aaa new-model
!
!
aaa group server radius WinAuthAcct
server xxx.24.27.48 auth-port 1812 acct-port 1813
server xxx.24.27.49 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication ppp default local group WinAuthAcct
aaa authorization exec default local none
aaa authorization network default local group WinAuthAcct
if-authenticated
aaa accounting delay-start
aaa accounting update newinfo
aaa accounting network default start-stop broadcast group WinAuthAcct
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip cef
ip telnet source-interface Loopback100
ip tftp source-interface Loopback100
ip domain list win.net
ip domain name win.net
ip name-server xxx.24.27.3
ip name-server xx.235.0.25
ip name-server xxx.24.27.4
!
no ip bootp server
pppoe-forwarding
!
!
!
!
!
!
!
!
!
!
!
username admin secret 5 xxxxxxxx
username quickcash1 password 0 xxxxxxxx
!
!
controller T3 6/0
!
!
bba-group pppoe global
virtual-template 1
!
bba-group pppoe global1
virtual-template 2
!
!
interface Loopback100
description gw1.armplc.win.net loopback interface
ip address 216.24.30.16 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface FastEthernet1/0
ip address xxx.24.8.1 255.255.255.0
duplex full
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
ip address xxx.24.12.193 255.255.255.192
pppoe enable group global
no snmp trap link-status
!
interface FastEthernet1/0.3
encapsulation dot1Q 3
ip tcp adjust-mss 1360
pppoe enable group global1
no snmp trap link-status
!
interface FastEthernet1/0.16
encapsulation dot1Q 16
no snmp trap link-status
!
interface FastEthernet1/0.17
encapsulation dot1Q 17
no snmp trap link-status
!
interface FastEthernet2/0
no ip address
shutdown
duplex half
!
interface Serial3/0
description Armory Place CO to Heyburn
bandwidth 44210
ip address 216.24.28.246 255.255.255.252
ip route-cache flow
dsu bandwidth 44210
framing c-bit
cablelength 50
serial restart-delay 0
no cdp enable
!
interface Serial3/1
no ip address
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
interface Serial4/0
no ip address
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
interface ATM5/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Virtual-Template1
ip unnumbered FastEthernet1/0.2
ip tcp adjust-mss 1360
peer default ip address pool pppoepool
ppp authentication pap chap
!
interface Virtual-Template2
mtu 1400
ip unnumbered FastEthernet1/0.3
peer default ip address pool pppoepool
ppp mtu adaptive
ppp authentication pap chap
!
router ospf 5150
log-adjacency-changes
area 0 authentication message-digest
summary-address 216.24.9.0 255.255.255.128
redistribute connected subnets route-map ospf-redistrib
redistribute static subnets route-map ospf-redistrib
passive-interface default
no passive-interface FastEthernet1/0
no passive-interface Serial3/0
no passive-interface Loopback100
network 24.235.0.0 0.0.31.255 area 0
network 216.24.0.0 0.0.63.255 area 0
!
ip local pool pppoepool 216.24.12.100 216.24.12.180
ip classless
ip route 0.0.0.0 0.0.0.0 Serial3/0
ip route 216.24.2.88 255.255.255.248 216.24.12.100
ip route 216.24.35.91 255.255.255.255 216.24.12.100
no ip http server
!
!
!
ip access-list standard allow-our-nets
permit 216.24.0.0 0.0.63.255
permit 24.235.0.0 0.0.31.255
!
ip access-list extended in-block-all-smtp-nb
deny tcp any any eq smtp log-input
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended in-block-nb
remark -- Same as out-block-nb
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended in-block-smtp-nb
permit tcp any 216.24.27.0 0.0.0.255 eq smtp
deny tcp any any eq smtp log-input
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended in-dangerously-allow-all
permit ip any any
ip access-list extended in-permitlog-smtp
remark -- This one is used to see who we need to not apply blocksmtp
to.
remark -- It is functionally identical to in-block-nb.
permit tcp any 216.24.27.0 0.0.0.255 eq smtp
permit tcp any any eq smtp syn log-input
permit tcp any any eq smtp
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended out-block-all-smtp-nb
deny tcp any eq smtp any log-input
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended out-block-nb
remark -- Same as in-block-nb
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended out-block-smtp-nb
permit tcp 216.24.27.0 0.0.0.255 eq smtp any
deny tcp any eq smtp any log-input
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip access-list extended out-dangerously-allow-all
permit ip any any
ip access-list extended out-permitlog-smtp
permit tcp any 216.24.27.0 0.0.0.255 eq smtp
permit tcp any any eq smtp log-input
deny tcp any any range 135 139 log-input
permit udp any eq netbios-ns host 216.24.27.3 eq domain
permit udp any eq netbios-ns host 216.24.27.4 eq domain
permit udp any eq netbios-ns host 199.120.154.17 eq domain
permit udp host 216.24.27.3 eq domain any eq netbios-ns
permit udp host 216.24.27.4 eq domain any eq netbios-ns
permit udp host 199.120.154.17 eq domain any eq netbios-ns
deny udp any any eq netbios-ns
deny udp any any range 135 netbios-ss log-input
deny tcp any any eq 445 log-input
deny udp any any eq 445 log-input
permit ip any any
ip radius source-interface Loopback100
logging source-interface Loopback100
!
route-map ospf-redistrib permit 10
match ip address allow-our-nets
!
snmp-server trap-source Loopback100
!
radius-server attribute nas-port format c
radius-server dead-criteria tries 2
radius-server host 216.24.27.201 auth-port 1645 acct-port 1646
radius-server host 216.24.27.202 auth-port 1645 acct-port 1646
radius-server host 216.24.27.203 auth-port 1645 acct-port 1646
radius-server host 216.24.27.204 auth-port 1645 acct-port 1646
radius-server host 216.24.27.205 auth-port 1645 acct-port 1646
radius-server host 216.24.27.206 auth-port 1645 acct-port 1646
radius-server host 216.24.27.207 auth-port 1645 acct-port 1646
radius-server host 216.24.27.208 auth-port 1645 acct-port 1646
radius-server host 216.24.27.209 auth-port 1645 acct-port 1646
radius-server host 216.24.27.200 auth-port 1645 acct-port 1646
radius-server retry method reorder
radius-server transaction max-tries 3
radius-server retransmit 0
radius-server timeout 3
radius-server deadtime 2
radius-server key m00c0w6809
radius-server vsa send accounting
radius-server vsa send authentication
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
transport preferred none
transport input telnet
!
!
end



--
"The problem with our concept of mind is that we confuse our own kind
of self-awareness with thinking in general. Self-awareness is an
attribute of certain kinds of social animals. Why should a mind be
self-aware? It's enough it's world-aware. If it isn't socially
connected to other minds, it doesn't need social filters or
self-modeling. It's self-making, self-sufficient. It embodies and
acts. A world-aware mind is just one step closer to God than you and
I."
-- Greg Bear, "Slant"



----------------------------------------------------------------------
----------


> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas