# ADSL, ADSL 2, ADSL 2+  και  Broadband Hardware > Cisco  ADSL modems και routers >  cisco 800 series και otenet

## dyzio2206

καλησπερα και καλως σας βρηκα
εχω ενα θεματακι με το προαναφερθεν ρουτερ..


```
Hellas#show run
Building configuration...

Current configuration : 11278 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Hellas
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 *********/*********
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local 
!
!
aaa session-id common
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-152884364
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-152884364
 revocation-check none
 rsakeypair TP-self-signed-152884364
!
!
crypto pki certificate chain TP-self-signed-152884364
 certificate self-signed 01
*****************************
  	quit
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.10.10.9 10.255.255.254
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool1
 --More--            import all
   network 10.0.0.0 255.0.0.0
   dns-server 195.170.0.1 195.170.2.2 
   default-router 10.10.10.1 
!
!
ip cef
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp router-traffic
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip name-server 195.170.0.1
ip name-server 195.170.2.2
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
!
!
!
!
username *********** privilege 15 secret ********
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
 --More--         policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
!
!
interface Null0
 no ip unreachables
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.0.0.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address dhcp hostname ote
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username *********@otenet.gr password ****************
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 103 interface Dialer0 overload
!
logging trap debugging
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_12##
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 permit udp any eq bootps any eq bootpc
access-list 102 permit udp host 195.170.0.1 eq domain any
access-list 102 permit udp host 195.170.2.2 eq domain any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip any any log
access-list 103 remark CCP_ACL Category=2
access-list 103 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
 --More--         supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you 
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login authentication local_authen
 no modem enable
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Hellas#show run
Building configuration...

Current configuration : 11278 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Hellas
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret ***************
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local 
!
!
aaa session-id common
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-152884364
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-152884364
 revocation-check none
 rsakeypair TP-self-signed-152884364
!
!
crypto pki certificate chain TP-self-signed-152884364
 certificate self-signed 01
 ***********************************
  	quit
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.10.10.9 10.255.255.254
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool1
 --More--            import all
   network 10.0.0.0 255.0.0.0
   dns-server 195.170.0.1 195.170.2.2 
   default-router 10.10.10.1 
!
!
ip cef
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp router-traffic
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip name-server 195.170.0.1
ip name-server 195.170.2.2
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
 --More--             server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
!
!
!
!
username ******* privilege * secret * ********************
! 
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
 --More--         policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
!
!
interface Null0
 no ip unreachables
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.0.0.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1412
 !
interface Dialer0
 description $FW_OUTSIDE$
 ip address dhcp hostname ote
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username *****@otenet.gr password 7 *********
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 103 interface Dialer0 overload
!
logging trap debugging
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_12##
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 permit udp any eq bootps any eq bootpc
access-list 102 permit udp host 195.170.0.1 eq domain any
access-list 102 permit udp host 195.170.2.2 eq domain any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip any any log
access-list 103 remark CCP_ACL Category=2
access-list 103 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
 --More--         supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you 
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login authentication local_authen
 no modem enable
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
```

περα απο το γεγονος οτι δεν εχει default route τι παιζει κ δεν μπορει να συνδεθει? επισεις τι πρεπει να καθαρισω απο το config για να μπορεσω να σεταρω σωστα το firewall/nat??

----------


## purpleaura

Δώσε το output της εντολής show version.

----------


## SfH

Τι εννοείς δε μπορεί να συνδεθεί ? Τι ακριβώς θες να κάνεις και τι δε σου δουλεύει ?

Αν θες να ασχοληθείς σοβαρά με το εργαλείο, καλό θα ήταν να μην το διαχειρίζεσαι μέσο sdm/ccp γιατί κάνει το config αχταρμά  :Razz: 

Με μια πολύ γρήγορη ματιά, έχεις λάθος το addressing στο Dialer0. Από ipcp θα πάρει, όχι από dhcp, άρα αντί για " ip address dhcp hostname ote" θες "ip add neg" .

----------


## arisgr

Ισως θα ηθελες να ξεκινησεις με αυτα:


```
interface ATM0.1 point-to-point
no ip nat outside
pvc 8/35
 no pppoe-client dial-pool-number 1
 encapsulation aal5mux ppp dialer
 dialer pool-member 1
exit
interface Vlan1
no ip access-group 101 in
interface Dialer0
ip address negotiated
no ip access-group 102 in
```

----------


## dyzio2206

ευχαριστω.. θα δοκιμασω κ θα σας πω..!

----------

