Cisco1812JをPPPoEで繋いだ時の記録

Posted on by オーナー

Cisco1812のルータをPPPoEで使えるようにしたときの記録です。

大昔なのであんまり詳細が記憶にないですが、忘れないように記録しておきます。

FE0/1を無線LAN用、FE1/0を有線LAN用で使ってます。

Building configuration...

Current configuration : 6866 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
clock timezone JST 9 0
crypto pki token default removal timeout 0
dot11 syslog
ip source-route
!
!
!
ip dhcp pool wlan
 network 192.168.11.0 255.255.255.0
 default-router 192.168.11.1
 dns-server 192.168.11.1
!
ip dhcp pool vlan1
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 192.168.1.1
!
ip dhcp pool vlan2
 network 192.168.2.0 255.255.255.0
 dns-server 192.168.2.1
 default-router 192.168.2.1
!
ip dhcp pool vlan3
 network 192.168.3.0 255.255.255.0
 dns-server 192.168.3.1
 default-router 192.168.3.1
!
!
!
ip cef
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC icmp
ip inspect name CBAC dns
ip inspect name CBAC ftp
ip inspect name CBAC http
ip inspect name CBAC https
ip inspect name CBAC sip
ip inspect name CBAC telnet
ip inspect name CBAC ssh
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
!
!
license udi pid CISCO1812-J/K9 sn FHK112911CE
!
spanning-tree portfast bpduguard
!
ip ssh version 2
!
!
!
!
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet1
 description WirelessLAN
 ip address 192.168.11.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
!
interface FastEthernet2
 switchport mode trunk
 no ip address
 spanning-tree portfast
!
interface FastEthernet3
 no ip address
 spanning-tree portfast
!
interface FastEthernet4
 switchport access vlan 2
 no ip address
 spanning-tree portfast
!
interface FastEthernet5
 switchport access vlan 2
 no ip address
 spanning-tree portfast
!
interface FastEthernet6
 switchport access vlan 3
 no ip address
 spanning-tree portfast
!
interface FastEthernet7
 switchport access vlan 3
 no ip address
 spanning-tree portfast
!
interface FastEthernet8
 switchport access vlan 3
 no ip address
 spanning-tree portfast
!
interface FastEthernet9
 switchport access vlan 3
 no ip address
 spanning-tree portfast
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Vlan2
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Vlan3
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Dialer1
 ip address negotiated
 ip access-group Block_IN in
 ip access-group Block_OUT out
 ip mtu 1492
 ip nat outside
 ip inspect CBAC in
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname ********
 ppp chap password 7 ********
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns view default
 dns forwarder 129.250.35.250
 dns forwarder 129.250.35.251
 dns forwarding source-interface Dialer1
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
ip access-list extended Block_IN
 deny   ip 0.0.0.0 0.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 224.0.0.0 16.255.255.255 any
 deny   tcp any any eq ftp
 deny   tcp any any eq telnet
 deny   tcp any any eq 1243
 deny   tcp any any eq 12345
 deny   tcp any any eq 27374
 deny   tcp any any eq 31785
 deny   udp any any eq 31789
 deny   udp any any eq 31791
 permit ip any any
ip access-list extended Block_OUT
 deny   tcp any any eq 135
 deny   udp any any eq 135
 deny   tcp any any range 137 139
 deny   udp any any range netbios-ns netbios-ss
 deny   tcp any any eq 445
 deny   udp any any eq 445
 deny   tcp any any eq 2049
 deny   udp any any eq 2049
 deny   tcp any any eq 1243
 deny   tcp any any eq 12345
 deny   tcp any any eq 27374
 deny   tcp any any eq 31785
 deny   udp any any eq 31789
 deny   udp any any eq 31791
 permit ip any any
!
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 2 in
 login local
 transport input ssh
line vty 5 15
 access-class 2 in
 login local
 transport input ssh
!
ntp server 133.243.238.163
ntp server 133.243.238.164
ntp server 133.243.238.243
ntp server 133.243.238.244
end

Related Posts