Mailing List Archive: As5300 crashes

As5300 crashes

Oct 31, 2003, 8:51 AM

Post #1 of 4 (1141 views)

Is anyone still having problems with worms crashing their nas's I have
an as5300 that is still locking up every couple weeks , ive added no ip
route-cache and ip cef to it but if I don't watch my network and kill
off infected users it will lockup every day , is there a fix or
something I need to add to my config? Here is my config below

As5300-Oc#sh conf
Using 4638 out of 124920 bytes
!
version 12.2
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname As5300-Oc
!
boot system flash:c5300-i-mz.122-15.T1.bin
logging queue-limit 100
logging buffered 10000 debugging
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
spe 1/0 1/7
firmware location bootflash:mica-modem-pw.2.9.4.0.bin
spe 2/0 2/7
firmware location bootflash:mica-modem-pw.2.9.4.0.bin
!
!
resource-pool disable
!
modem link-info poll time 10
aaa new-model
!
!
aaa authentication login default local group radius
aaa authentication login consoleport none
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero

ip cef
ip finger
ip name-server 65.xxx.xxx.xxx
!
async-bootp dns-server 65.xxx.xxx.xxx 65.xxx.xxx.xxx
!
isdn switch-type primary-dms100
isdn voice-call-failure 0
modemcap entry
mica-nokflex:MSC=&F&D2S54=16584S0=0S29=12S21=15S62=8S63=3S34=18000S40=10
S10=50
!
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 0
!
controller T1 1
framing esf
clock source line secondary 1
linecode b8zs
pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 0
!
controller T1 2
framing esf
linecode b8zs
pri-group timeslots 1-24
!
controller T1 3
framing esf
linecode b8zs
pri-group timeslots 1-24
!
controller T1 4
shutdown
framing sf
linecode ami
!
controller T1 5
shutdown
framing sf
linecode ami
!
controller T1 6
shutdown
framing sf
linecode ami
!
controller T1 7
shutdown
framing sf
linecode ami
!
!
interface Loopback0
ip address 65.xxx.xxx.xxx 255.255.255.128
!
interface Serial0:23
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
dialer-group 1
isdn switch-type primary-dms100
isdn incoming-voice modem
peer default ip address pool setup_pool
fair-queue 64 256 0
ppp authentication pap
ppp multilink
!
interface Serial2:23
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
dialer-group 1
isdn switch-type primary-dms100
isdn incoming-voice modem
peer default ip address pool setup_pool
fair-queue 64 256 0
ppp authentication pap
ppp multilink
!
interface Serial3:23
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
dialer-group 1
isdn switch-type primary-dms100
isdn incoming-voice modem
peer default ip address pool setup_pool
fair-queue 64 256 0
ppp authentication pap
ppp multilink
!
interface FastEthernet0
ip address 65.xxx.xxx.xxx 255.255.255.0
no ip unreachables
duplex full
speed 100
no cdp enable
!
interface Group-Async1
ip unnumbered Loopback0
no ip unreachables
encapsulation ppp
ip tcp header-compression
async mode interactive
peer default ip address pool setup_pool
no keepalive
ppp authentication pap
group-range 1 192
!
ip local pool setup_pool 65.xxx.xxx.xxx 65.xxx.xxx.xxx
ip classless
ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.xxx
no ip http server
!
!
!
!
access-list 101 permit ip any any
access-list 110 permit tcp any any established
access-list 110 deny icmp any any echo log
access-list 110 deny icmp any any echo-reply log
access-list 110 permit ip any any
dialer-list 1 protocol ip permit
snmp-server engineID local 000000090200003080BD40CA
snmp-server community xxxxxx RO
snmp-server enable traps tty
radius-server host 65.xxx.xxx.xxx auth-port 1812 acct-port 1813
non-standard
radius-server key 7 xxxxxxxxxx
radius-server authorization permit missing Service-Type
!
line con 0
exec-timeout 0 0
logging synchronous
line 1 192
no flush-at-activation
modem Dialin
modem autoconfigure type mica-nokflex
autocommand ppp
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 xxxxxxxxxxxxx
!
scheduler interval 1000
end

John Lord
It Manager
AllTurbo Internet Services Inc
410-213-9388 Office
www.allturbo.com

Re: As5300 crashes [ In reply to ]

mpb at melitacable

Oct 31, 2003, 8:55 AM

Post #2 of 4 (1130 views)

Permalink

you may want to look at worm mitigation recommendations from cisco.

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00801b143a.shtml

----- Original Message -----
From: "John Lord" <lord@allturbo.com>
To: <cisco-nas@puck.nether.net>
Sent: Friday, October 31, 2003 4:51 PM
Subject: [cisco-nas] As5300 crashes

> Is anyone still having problems with worms crashing their nas's I have
> an as5300 that is still locking up every couple weeks , ive added no ip
> route-cache and ip cef to it but if I don't watch my network and kill
> off infected users it will lockup every day , is there a fix or
> something I need to add to my config? Here is my config below
>
> As5300-Oc#sh conf
> Using 4638 out of 124920 bytes
> !
> version 12.2
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> !
> hostname As5300-Oc
> !
> boot system flash:c5300-i-mz.122-15.T1.bin
> logging queue-limit 100
> logging buffered 10000 debugging
> no logging console
> enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> username xxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> spe 1/0 1/7
> firmware location bootflash:mica-modem-pw.2.9.4.0.bin
> spe 2/0 2/7
> firmware location bootflash:mica-modem-pw.2.9.4.0.bin
> !
> !
> resource-pool disable
> !
> modem link-info poll time 10
> aaa new-model
> !
> !
> aaa authentication login default local group radius
> aaa authentication login consoleport none
> aaa authentication ppp default if-needed group radius
> aaa authorization network default group radius
> aaa accounting delay-start
> aaa accounting update periodic 5
> aaa accounting exec default start-stop group radius
> aaa accounting network default start-stop group radius
> aaa session-id common
> ip subnet-zero
>
> ip cef
> ip finger
> ip name-server 65.xxx.xxx.xxx
> !
> async-bootp dns-server 65.xxx.xxx.xxx 65.xxx.xxx.xxx
> !
> isdn switch-type primary-dms100
> isdn voice-call-failure 0
> modemcap entry
> mica-nokflex:MSC=&F&D2S54=16584S0=0S29=12S21=15S62=8S63=3S34=18000S40=10
> S10=50
> !
> !
> controller T1 0
> framing esf
> clock source line primary
> linecode b8zs
> pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 0
> !
> controller T1 1
> framing esf
> clock source line secondary 1
> linecode b8zs
> pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 0
> !
> controller T1 2
> framing esf
> linecode b8zs
> pri-group timeslots 1-24
> !
> controller T1 3
> framing esf
> linecode b8zs
> pri-group timeslots 1-24
> !
> controller T1 4
> shutdown
> framing sf
> linecode ami
> !
> controller T1 5
> shutdown
> framing sf
> linecode ami
> !
> controller T1 6
> shutdown
> framing sf
> linecode ami
> !
> controller T1 7
> shutdown
> framing sf
> linecode ami
> !
> !
> interface Loopback0
> ip address 65.xxx.xxx.xxx 255.255.255.128
> !
> interface Serial0:23
> ip unnumbered Loopback0
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-dms100
> isdn incoming-voice modem
> peer default ip address pool setup_pool
> fair-queue 64 256 0
> ppp authentication pap
> ppp multilink
> !
> interface Serial2:23
> ip unnumbered Loopback0
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-dms100
> isdn incoming-voice modem
> peer default ip address pool setup_pool
> fair-queue 64 256 0
> ppp authentication pap
> ppp multilink
> !
> interface Serial3:23
> ip unnumbered Loopback0
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-dms100
> isdn incoming-voice modem
> peer default ip address pool setup_pool
> fair-queue 64 256 0
> ppp authentication pap
> ppp multilink
> !
> interface FastEthernet0
> ip address 65.xxx.xxx.xxx 255.255.255.0
> no ip unreachables
> duplex full
> speed 100
> no cdp enable
> !
> interface Group-Async1
> ip unnumbered Loopback0
> no ip unreachables
> encapsulation ppp
> ip tcp header-compression
> async mode interactive
> peer default ip address pool setup_pool
> no keepalive
> ppp authentication pap
> group-range 1 192
> !
> ip local pool setup_pool 65.xxx.xxx.xxx 65.xxx.xxx.xxx
> ip classless
> ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.xxx
> no ip http server
> !
> !
> !
> !
> access-list 101 permit ip any any
> access-list 110 permit tcp any any established
> access-list 110 deny icmp any any echo log
> access-list 110 deny icmp any any echo-reply log
> access-list 110 permit ip any any
> dialer-list 1 protocol ip permit
> snmp-server engineID local 000000090200003080BD40CA
> snmp-server community xxxxxx RO
> snmp-server enable traps tty
> radius-server host 65.xxx.xxx.xxx auth-port 1812 acct-port 1813
> non-standard
> radius-server key 7 xxxxxxxxxx
> radius-server authorization permit missing Service-Type
> !
> line con 0
> exec-timeout 0 0
> logging synchronous
> line 1 192
> no flush-at-activation
> modem Dialin
> modem autoconfigure type mica-nokflex
> autocommand ppp
> autoselect during-login
> autoselect ppp
> line aux 0
> line vty 0 4
> exec-timeout 0 0
> password 7 xxxxxxxxxxxxx
> !
> scheduler interval 1000
> end
>
> John Lord
> It Manager
> AllTurbo Internet Services Inc
> 410-213-9388 Office
> www.allturbo.com
>
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>

Re: As5300 crashes [ In reply to ]

pnepveu at videotron

Oct 31, 2003, 12:13 PM

Post #3 of 4 (1133 views)

Permalink

if this may help :

we've applied pretty drastic measures. We block all incoming tcp/135 and all
icmp from modems. We also have an anti-sppofing measure. The access-list
is quite simple :
access-list 109 deny tcp any any eq 135 log
access-list 109 deny icmp any any log
access-list 109 permit ip <adress range for this NAS> any
access-list 109 deny ip any any

It is applied thusly :
interface Group-Async1
ip access-group 109 in

The 'log' instruction sends violations of the rules to a syslog server. There,
we can compile this info to detect who is infected.

Since implementing these measures, we have stopped crashes (and, since our boxes
are 5200's, they were crashing much more often that your's).

-------------------------------------------------------------------
Pierre Nepveu, CCNP tel: +1 514.380-4289
Administrateur de reseau +1 888.INFOVTL x 4289
Ingenierie / Acces Internet fax: +1 514 899-8452
Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
-------------------------------------------------------------------

Le 2003-10-31 à 10:51, John Lord a écrit:

JL> Is anyone still having problems with worms crashing their nas's I have
JL> an as5300 that is still locking up every couple weeks , ive added no ip
JL> route-cache and ip cef to it but if I don't watch my network and kill
JL> off infected users it will lockup every day , is there a fix or
JL> something I need to add to my config? Here is my config below
JL>
JL> As5300-Oc#sh conf
JL> Using 4638 out of 124920 bytes
JL> !
JL> version 12.2
JL> service timestamps debug datetime msec localtime show-timezone
JL> service timestamps log datetime msec localtime show-timezone
JL> service password-encryption
JL> !
JL> hostname As5300-Oc
JL> !
JL> boot system flash:c5300-i-mz.122-15.T1.bin
JL> logging queue-limit 100
JL> logging buffered 10000 debugging
JL> no logging console
JL> enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
JL> !
JL> username xxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
JL> spe 1/0 1/7
JL> firmware location bootflash:mica-modem-pw.2.9.4.0.bin
JL> spe 2/0 2/7
JL> firmware location bootflash:mica-modem-pw.2.9.4.0.bin
JL> !
JL> !
JL> resource-pool disable
JL> !
JL> modem link-info poll time 10
JL> aaa new-model
JL> !
JL> !
JL> aaa authentication login default local group radius
JL> aaa authentication login consoleport none
JL> aaa authentication ppp default if-needed group radius
JL> aaa authorization network default group radius
JL> aaa accounting delay-start
JL> aaa accounting update periodic 5
JL> aaa accounting exec default start-stop group radius
JL> aaa accounting network default start-stop group radius
JL> aaa session-id common
JL> ip subnet-zero
JL>
JL> ip cef
JL> ip finger
JL> ip name-server 65.xxx.xxx.xxx
JL> !
JL> async-bootp dns-server 65.xxx.xxx.xxx 65.xxx.xxx.xxx
JL> !
JL> isdn switch-type primary-dms100
JL> isdn voice-call-failure 0
JL> modemcap entry
JL> mica-nokflex:MSC=&F&D2S54=16584S0=0S29=12S21=15S62=8S63=3S34=18000S40=10
JL> S10=50
JL> !
JL> !
JL> controller T1 0
JL> framing esf
JL> clock source line primary
JL> linecode b8zs
JL> pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 0
JL> !
JL> controller T1 1
JL> framing esf
JL> clock source line secondary 1
JL> linecode b8zs
JL> pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 0
JL> !
JL> controller T1 2
JL> framing esf
JL> linecode b8zs
JL> pri-group timeslots 1-24
JL> !
JL> controller T1 3
JL> framing esf
JL> linecode b8zs
JL> pri-group timeslots 1-24
JL> !
JL> controller T1 4
JL> shutdown
JL> framing sf
JL> linecode ami
JL> !
JL> controller T1 5
JL> shutdown
JL> framing sf
JL> linecode ami
JL> !
JL> controller T1 6
JL> shutdown
JL> framing sf
JL> linecode ami
JL> !
JL> controller T1 7
JL> shutdown
JL> framing sf
JL> linecode ami
JL> !
JL> !
JL> interface Loopback0
JL> ip address 65.xxx.xxx.xxx 255.255.255.128
JL> !
JL> interface Serial0:23
JL> ip unnumbered Loopback0
JL> encapsulation ppp
JL> no ip route-cache
JL> dialer-group 1
JL> isdn switch-type primary-dms100
JL> isdn incoming-voice modem
JL> peer default ip address pool setup_pool
JL> fair-queue 64 256 0
JL> ppp authentication pap
JL> ppp multilink
JL> !
JL> interface Serial2:23
JL> ip unnumbered Loopback0
JL> encapsulation ppp
JL> no ip route-cache
JL> dialer-group 1
JL> isdn switch-type primary-dms100
JL> isdn incoming-voice modem
JL> peer default ip address pool setup_pool
JL> fair-queue 64 256 0
JL> ppp authentication pap
JL> ppp multilink
JL> !
JL> interface Serial3:23
JL> ip unnumbered Loopback0
JL> encapsulation ppp
JL> no ip route-cache
JL> dialer-group 1
JL> isdn switch-type primary-dms100
JL> isdn incoming-voice modem
JL> peer default ip address pool setup_pool
JL> fair-queue 64 256 0
JL> ppp authentication pap
JL> ppp multilink
JL> !
JL> interface FastEthernet0
JL> ip address 65.xxx.xxx.xxx 255.255.255.0
JL> no ip unreachables
JL> duplex full
JL> speed 100
JL> no cdp enable
JL> !
JL> interface Group-Async1
JL> ip unnumbered Loopback0
JL> no ip unreachables
JL> encapsulation ppp
JL> ip tcp header-compression
JL> async mode interactive
JL> peer default ip address pool setup_pool
JL> no keepalive
JL> ppp authentication pap
JL> group-range 1 192
JL> !
JL> ip local pool setup_pool 65.xxx.xxx.xxx 65.xxx.xxx.xxx
JL> ip classless
JL> ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.xxx
JL> no ip http server
JL> !
JL> !
JL> !
JL> !
JL> access-list 101 permit ip any any
JL> access-list 110 permit tcp any any established
JL> access-list 110 deny icmp any any echo log
JL> access-list 110 deny icmp any any echo-reply log
JL> access-list 110 permit ip any any
JL> dialer-list 1 protocol ip permit
JL> snmp-server engineID local 000000090200003080BD40CA
JL> snmp-server community xxxxxx RO
JL> snmp-server enable traps tty
JL> radius-server host 65.xxx.xxx.xxx auth-port 1812 acct-port 1813
JL> non-standard
JL> radius-server key 7 xxxxxxxxxx
JL> radius-server authorization permit missing Service-Type
JL> !
JL> line con 0
JL> exec-timeout 0 0
JL> logging synchronous
JL> line 1 192
JL> no flush-at-activation
JL> modem Dialin
JL> modem autoconfigure type mica-nokflex
JL> autocommand ppp
JL> autoselect during-login
JL> autoselect ppp
JL> line aux 0
JL> line vty 0 4
JL> exec-timeout 0 0
JL> password 7 xxxxxxxxxxxxx
JL> !
JL> scheduler interval 1000
JL> end
JL>
JL> John Lord
JL> It Manager
JL> AllTurbo Internet Services Inc
JL> 410-213-9388 Office
JL> www.allturbo.com
JL>
JL>
JL> _______________________________________________
JL> cisco-nas mailing list
JL> cisco-nas@puck.nether.net
JL> https://puck.nether.net/mailman/listinfo/cisco-nas
JL>

Re: As5300 crashes [ In reply to ]

maillist at webjogger

Nov 1, 2003, 6:45 AM

Post #4 of 4 (1129 views)

Permalink

One issue I see with your configuration is that although you have defined an
ACL

access-list 110 permit tcp any any established
access-list 110 deny icmp any any echo log
access-list 110 deny icmp any any echo-reply log
access-list 110 permit ip any any

I don't see that you have actually applied it to any interface, so I think
it is not doing anything.

I suggest the following:

interface Group-Async1
ip access-group 110 in
ip access-group 110 out

After configuring this kind of ACL on my own AS5396, it stopped locking up.

You can gauge the effectiveness also by issuing a "show access-list
command":

Extended IP access list 110
deny icmp any any echo (34882010 matches)
deny icmp any any echo-reply (17507 matches)
...
(various additional deny commands)
...
permit ip any any (396308442 matches)

The link Mark provided goes into further detail, too...

Hope that helps,
Adam

----- Original Message -----
From: "John Lord" <lord@allturbo.com>
To: <cisco-nas@puck.nether.net>
Sent: Friday, October 31, 2003 10:51 AM
Subject: [cisco-nas] As5300 crashes

> Is anyone still having problems with worms crashing their nas's I have
> an as5300 that is still locking up every couple weeks , ive added no ip
> route-cache and ip cef to it but if I don't watch my network and kill
> off infected users it will lockup every day , is there a fix or
> something I need to add to my config? Here is my config below
>
> As5300-Oc#sh conf
> Using 4638 out of 124920 bytes
> !
> version 12.2
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> !
> hostname As5300-Oc
> !
> boot system flash:c5300-i-mz.122-15.T1.bin
> logging queue-limit 100
> logging buffered 10000 debugging
> no logging console
> enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> username xxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> spe 1/0 1/7
> firmware location bootflash:mica-modem-pw.2.9.4.0.bin
> spe 2/0 2/7
> firmware location bootflash:mica-modem-pw.2.9.4.0.bin
> !
> !
> resource-pool disable
> !
> modem link-info poll time 10
> aaa new-model
> !
> !
> aaa authentication login default local group radius
> aaa authentication login consoleport none
> aaa authentication ppp default if-needed group radius
> aaa authorization network default group radius
> aaa accounting delay-start
> aaa accounting update periodic 5
> aaa accounting exec default start-stop group radius
> aaa accounting network default start-stop group radius
> aaa session-id common
> ip subnet-zero
>
> ip cef
> ip finger
> ip name-server 65.xxx.xxx.xxx
> !
> async-bootp dns-server 65.xxx.xxx.xxx 65.xxx.xxx.xxx
> !
> isdn switch-type primary-dms100
> isdn voice-call-failure 0
> modemcap entry
> mica-nokflex:MSC=&F&D2S54=16584S0=0S29=12S21=15S62=8S63=3S34=18000S40=10
> S10=50
> !
> !
> controller T1 0
> framing esf
> clock source line primary
> linecode b8zs
> pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 0
> !
> controller T1 1
> framing esf
> clock source line secondary 1
> linecode b8zs
> pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 0
> !
> controller T1 2
> framing esf
> linecode b8zs
> pri-group timeslots 1-24
> !
> controller T1 3
> framing esf
> linecode b8zs
> pri-group timeslots 1-24
> !
> controller T1 4
> shutdown
> framing sf
> linecode ami
> !
> controller T1 5
> shutdown
> framing sf
> linecode ami
> !
> controller T1 6
> shutdown
> framing sf
> linecode ami
> !
> controller T1 7
> shutdown
> framing sf
> linecode ami
> !
> !
> interface Loopback0
> ip address 65.xxx.xxx.xxx 255.255.255.128
> !
> interface Serial0:23
> ip unnumbered Loopback0
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-dms100
> isdn incoming-voice modem
> peer default ip address pool setup_pool
> fair-queue 64 256 0
> ppp authentication pap
> ppp multilink
> !
> interface Serial2:23
> ip unnumbered Loopback0
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-dms100
> isdn incoming-voice modem
> peer default ip address pool setup_pool
> fair-queue 64 256 0
> ppp authentication pap
> ppp multilink
> !
> interface Serial3:23
> ip unnumbered Loopback0
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-dms100
> isdn incoming-voice modem
> peer default ip address pool setup_pool
> fair-queue 64 256 0
> ppp authentication pap
> ppp multilink
> !
> interface FastEthernet0
> ip address 65.xxx.xxx.xxx 255.255.255.0
> no ip unreachables
> duplex full
> speed 100
> no cdp enable
> !
> interface Group-Async1
> ip unnumbered Loopback0
> no ip unreachables
> encapsulation ppp
> ip tcp header-compression
> async mode interactive
> peer default ip address pool setup_pool
> no keepalive
> ppp authentication pap
> group-range 1 192
> !
> ip local pool setup_pool 65.xxx.xxx.xxx 65.xxx.xxx.xxx
> ip classless
> ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.xxx
> no ip http server
> !
> !
> !
> !
> access-list 101 permit ip any any
> access-list 110 permit tcp any any established
> access-list 110 deny icmp any any echo log
> access-list 110 deny icmp any any echo-reply log
> access-list 110 permit ip any any
> dialer-list 1 protocol ip permit
> snmp-server engineID local 000000090200003080BD40CA
> snmp-server community xxxxxx RO
> snmp-server enable traps tty
> radius-server host 65.xxx.xxx.xxx auth-port 1812 acct-port 1813
> non-standard
> radius-server key 7 xxxxxxxxxx
> radius-server authorization permit missing Service-Type
> !
> line con 0
> exec-timeout 0 0
> logging synchronous
> line 1 192
> no flush-at-activation
> modem Dialin
> modem autoconfigure type mica-nokflex
> autocommand ppp
> autoselect during-login
> autoselect ppp
> line aux 0
> line vty 0 4
> exec-timeout 0 0
> password 7 xxxxxxxxxxxxx
> !
> scheduler interval 1000
> end
>
> John Lord
> It Manager
> AllTurbo Internet Services Inc
> 410-213-9388 Office
> www.allturbo.com
>
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
> ---
> [.This e-mail was scanned for viruses by Webjogger's AntiVirus Protection
System]
>
>

---
[.This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System]