I have an ASA 5520 setup at home, it is straight onto the internnet via PPPoE and its ste up with mulitple VLANs and is linked straight to my Juniper switch with sub interfaces.
The ASA also has DHCP scoopes set up for each VLAN. This is all working perfectly. The only issue is that i need to created some static IPs which I know the ASA cant do.
My idea is to somehow use my old 887VA router just as a DHCP server but i am unsure how to link this in with my current setup, I have set the DHCP scopes up on the 887VA just unsure how to link it in to the ASA.
ASA ConfigMartys-ASA# show run
Spoiler
: Saved
:
: Serial Number: JMX1607X0VU
: Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
:
ASA Version 9.1(7)7
!
hostname Martys-ASA
domain-name martynet
enable password fGOy1DeWiPMCxQS7 encrypted
names
!
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.10
vlan 10
nameif MartyNet
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
vlan 20
nameif KidsNet
security-level 90
ip address 10.10.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
vlan 30
nameif IoT
security-level 80
ip address 10.10.30.1 255.255.255.0
!
interface GigabitEthernet0/0.40
vlan 40
nameif GuestNet
security-level 80
ip address 10.10.40.1 255.255.255.0
!
interface GigabitEthernet0/0.90
vlan 90
nameif WiFi
security-level 100
ip address 10.10.90.1 255.255.255.0
!
interface GigabitEthernet0/0.100
vlan 100
nameif Network-Managment
security-level 100
ip address 10.10.100.1 255.255.255.0
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
nameif OUTSIDE
security-level 0
ip address pppoe setroute
!
interface Management0/0
management-only
nameif management
security-level 100
no ip address
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name martynet
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Emotech
host 82.32.27.76
object network Olly
host 10.10.10.128
object service Olly-SSH
service tcp source eq ssh
access-list OUTSIDE_access_in extended permit tcp object Emotech object Olly eq ssh
pager lines 24
logging enable
logging monitor informational
logging asdm warnings
logging mail errors
mtu MartyNet 1500
mtu KidsNet 1500
mtu IoT 1500
mtu GuestNet 1500
mtu WiFi 1500
mtu Network-Managment 1500
mtu OUTSIDE 1492
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (MartyNet,OUTSIDE) source static Olly interface service any Olly-SSH
nat (MartyNet,OUTSIDE) source dynamic any interface
nat (KidsNet,OUTSIDE) source dynamic any interface
nat (IoT,OUTSIDE) source dynamic any interface
nat (GuestNet,OUTSIDE) source dynamic any interface
access-group OUTSIDE_access_in in interface OUTSIDE
!
router ospf 1
network 10.10.10.0 255.255.255.0 area 0
network 10.10.20.0 255.255.255.0 area 0
network 10.10.30.0 255.255.255.0 area 0
network 10.10.40.0 255.255.255.0 area 0
network 10.10.90.0 255.255.255.0 area 0
network 10.10.100.0 255.255.255.0 area 0
log-adj-changes
!
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.10.100.0 255.255.255.0 management
http 10.10.10.0 255.255.255.0 MartyNet
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 10.10.100.0 255.255.255.0 Network-Managment
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group PLUSNET request dialout pppoe
vpdn group PLUSNET localname martyw@plusdsl.net
vpdn group PLUSNET ppp authentication chap
vpdn username martyw@plusdsl.net password ***** store-local
dhcpd dns 212.159.13.49 212.159.13.50
dhcpd lease 7200
!
dhcpd address 10.10.10.100-10.10.10.254 MartyNet
dhcpd dns 212.159.13.49 212.159.13.50 interface MartyNet
dhcpd lease 7200 interface MartyNet
dhcpd domain MartyNet interface MartyNet
dhcpd enable MartyNet
!
dhcpd address 10.10.20.100-10.10.20.254 KidsNet
dhcpd dns 212.159.13.49 212.159.13.50 interface KidsNet
dhcpd lease 7200 interface KidsNet
dhcpd domain KidsNet interface KidsNet
dhcpd enable KidsNet
!
dhcpd address 10.10.30.100-10.10.30.254 IoT
dhcpd dns 212.159.13.49 212.159.13.50 interface IoT
dhcpd lease 7200 interface IoT
dhcpd domain IoT interface IoT
dhcpd enable IoT
!
dhcpd address 10.10.40.100-10.10.40.254 IoT
dhcpd dns 212.159.13.49 212.159.13.50 interface IoT
dhcpd lease 7200 interface GuestNet
dhcpd domain GuestNet interface GuestNet
dhcpd enable GuestNet
!
dhcpd address 10.10.90.100-10.10.90.254 IoT
dhcpd dns 212.159.13.49 212.159.13.50 interface WiFi
dhcpd lease 7200 interface WiFi
dhcpd domain WiFi interface WiFi
dhcpd enable WiFi
!
dhcpd address 10.10.100.100-10.10.100.254 Network-Managment
dhcpd dns 212.159.13.49 212.159.13.50 interface Network-Managment
dhcpd lease 7200 interface Network-Managment
dhcpd domain Network-Managment interface Network-Managment
dhcpd enable Network-Managment
!
threat-detection basic-threat
threat-detection statistics host number-of-rate 3
threat-detection statistics port number-of-rate 3
threat-detection statistics protocol number-of-rate 3
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 127.127.1.1 prefer
username marty password mycDIbWM1shfIpnO encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:711f6064c8e24acb45c0ba7a67d55415
: end
887VA Config
version 15.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MartyNet
!
boot-start-marker
boot system flash c880data-universalk9-mz.154-3.M4.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default line
aaa authentication login CON local line
aaa authentication login VTY local line
aaa authorization exec default local if-authenticated
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
! crypto pki trustpoint TP-self-signed-2188670562
enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2188670562
revocation-check none rsakeypair TP-self-signed-2188670562
!
! crypto pki certificate chain TP-self-signed-2188670562
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.20
ip dhcp excluded-address 10.10.20.1 10.10.20.20
ip dhcp excluded-address 10.10.30.1 10.10.30.20
ip dhcp excluded-address 10.10.40.1 10.10.40.20
ip dhcp excluded-address 10.10.90.1 10.10.90.20
ip dhcp excluded-address 10.10.100.1 10.10.100.20
!
ip dhcp pool MartyNet
import all
network 10.10.10.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.10.1
lease 3
!
ip dhcp pool KidsNet
import all
network 10.10.20.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.20.1
lease 3
!
ip dhcp pool IoT
import all
network 10.10.30.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.30.1
lease 3
!
ip dhcp pool GuestNet
import all
network 10.10.40.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.40.1
lease 3
!
ip dhcp pool WiFi
import all
network 10.10.90.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.90.1
lease 3
!
ip dhcp pool Managment
import all
network 10.10.100.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.100.1
lease 3
!
!
!
no ip bootp server
no ip domain lookup
ip domain name martynet.co.uk
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
cts logging verbose
license udi pid CISCO887VA-SEC-K9 sn FCZ1601C3W9
!
!
username marty privilege 15 secret 5 $1$QDkM$TDkRQFbzAIY2XZ6gNKtUq.
username helen privilege 15 secret 5 $1$..DI$Oh.Lg4sbKyof.nlMjL0DP/
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
!
!
!
!
!
!
!
!
!
!
bba-group pppoe global
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F08:1244::2/64
ipv6 enable
tunnel source 84.92.109.26
tunnel mode ipv6ip
tunnel destination 216.66.80.26
!
interface Ethernet0
ip address 10.10.0.1 255.255.255.252
ip virtual-reassembly in
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description MartyNet
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:10::1/64
!
interface Vlan20
description KidsNet
ip address 10.10.20.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:20::1/64
!
interface Vlan30
description IoT
ip address 10.10.30.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
rate-limit output 5000000 78125 78125 conform-action transmit exceed-action drop
ipv6 address 2001:470:6E39:30::1/64
!
interface Vlan40
description GuestNet
ip address 10.10.40.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
rate-limit output 5000000 78125 78125 conform-action transmit exceed-action drop
ipv6 address 2001:470:6E39:40::1/64
!
interface Vlan90
description WiFi
ip address 10.10.90.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:90::1/64
!
interface Vlan100
description Management
ip address 10.10.100.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:100::1/64
!
interface Dialer0
description PlusNet
mtu 1492
ip address negotiated
ip access-group filter_incoming in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ppp authentication chap pap callin
ppp chap hostname martyw@plusdsl.net
ppp chap password 0 D0n0st1a
ppp pap sent-username martyw@plusdsl.net password 0 D0n0st1a
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
no ip classless
no ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip dns server
ip nat inside source list 10 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.10 10110 84.92.109.26 10110 extendable
ip nat inside source static tcp 10.10.10.50 10510 84.92.109.26 10510 extendable
ip ssh version 2
!
ip access-list standard ACCESS
permit 138.253.20.0 0.0.0.255
permit 10.10.10.0 0.0.0.255
permit 10.10.50.0 0.0.0.255
permit 10.10.100.0 0.0.0.255
deny any
!
dialer-list 1 protocol ip permit
ipv6 route ::/0 Tunnel0
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 permit 10.10.50.0 0.0.0.255
access-list 10 permit 10.10.90.0 0.0.0.255
access-list 10 deny any
access-list 101 deny ip 10.10.90.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.90.0 0.0.0.255 any
!
!
!
control-plane
!
!
banner login ^CCCC
THIS IS A PRIVATE SYSTEM. UNAUTHORISED ACCESS IS NOT
PERMITTED AND OFFENDERS ARE LIABLE TO PROSECUTION.
YOUR IP HAS BEEN LOGGED AND AN ALERT GENERATED
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication VTY
no modem enable
line aux 0
line vty 0 4
access-class ACCESS in
exec-timeout 0 0
logging synchronous
login authentication VTY
transport input ssh
!
scheduler max-task-time 5000
ntp master
ntp update-calendar
ntp server 62.253.202.249
ntp server 92.27.75.51
ntp server 85.199.214.99
I have an ASA 5520 setup at home, it is straight onto the internnet via PPPoE and its ste up with mulitple VLANs and is linked straight to my Juniper switch with sub interfaces.
The ASA also has DHCP scoopes set up for each VLAN. This is all working perfectly. The only issue is that i need to created some static IPs which I know the ASA cant do.
My idea is to somehow use my old 887VA router just as a DHCP server but i am unsure how to link this in with my current setup, I have set the DHCP scopes up on the 887VA just unsure how to link it in to the ASA.
ASA ConfigMartys-ASA# show run
: Saved
:
: Serial Number: JMX1607X0VU
: Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
:
ASA Version 9.1(7)7
!
hostname Martys-ASA
domain-name martynet
enable password fGOy1DeWiPMCxQS7 encrypted
names
!
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.10
vlan 10
nameif MartyNet
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
vlan 20
nameif KidsNet
security-level 90
ip address 10.10.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
vlan 30
nameif IoT
security-level 80
ip address 10.10.30.1 255.255.255.0
!
interface GigabitEthernet0/0.40
vlan 40
nameif GuestNet
security-level 80
ip address 10.10.40.1 255.255.255.0
!
interface GigabitEthernet0/0.90
vlan 90
nameif WiFi
security-level 100
ip address 10.10.90.1 255.255.255.0
!
interface GigabitEthernet0/0.100
vlan 100
nameif Network-Managment
security-level 100
ip address 10.10.100.1 255.255.255.0
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
nameif OUTSIDE
security-level 0
ip address pppoe setroute
!
interface Management0/0
management-only
nameif management
security-level 100
no ip address
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name martynet
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Emotech
host 82.32.27.76
object network Olly
host 10.10.10.128
object service Olly-SSH
service tcp source eq ssh
access-list OUTSIDE_access_in extended permit tcp object Emotech object Olly eq ssh
pager lines 24
logging enable
logging monitor informational
logging asdm warnings
logging mail errors
mtu MartyNet 1500
mtu KidsNet 1500
mtu IoT 1500
mtu GuestNet 1500
mtu WiFi 1500
mtu Network-Managment 1500
mtu OUTSIDE 1492
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (MartyNet,OUTSIDE) source static Olly interface service any Olly-SSH
nat (MartyNet,OUTSIDE) source dynamic any interface
nat (KidsNet,OUTSIDE) source dynamic any interface
nat (IoT,OUTSIDE) source dynamic any interface
nat (GuestNet,OUTSIDE) source dynamic any interface
access-group OUTSIDE_access_in in interface OUTSIDE
!
router ospf 1
network 10.10.10.0 255.255.255.0 area 0
network 10.10.20.0 255.255.255.0 area 0
network 10.10.30.0 255.255.255.0 area 0
network 10.10.40.0 255.255.255.0 area 0
network 10.10.90.0 255.255.255.0 area 0
network 10.10.100.0 255.255.255.0 area 0
log-adj-changes
!
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.10.100.0 255.255.255.0 management
http 10.10.10.0 255.255.255.0 MartyNet
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 10.10.100.0 255.255.255.0 Network-Managment
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group PLUSNET request dialout pppoe
vpdn group PLUSNET localname martyw@plusdsl.net
vpdn group PLUSNET ppp authentication chap
vpdn username martyw@plusdsl.net password ***** store-local
dhcpd dns 212.159.13.49 212.159.13.50
dhcpd lease 7200
!
dhcpd address 10.10.10.100-10.10.10.254 MartyNet
dhcpd dns 212.159.13.49 212.159.13.50 interface MartyNet
dhcpd lease 7200 interface MartyNet
dhcpd domain MartyNet interface MartyNet
dhcpd enable MartyNet
!
dhcpd address 10.10.20.100-10.10.20.254 KidsNet
dhcpd dns 212.159.13.49 212.159.13.50 interface KidsNet
dhcpd lease 7200 interface KidsNet
dhcpd domain KidsNet interface KidsNet
dhcpd enable KidsNet
!
dhcpd address 10.10.30.100-10.10.30.254 IoT
dhcpd dns 212.159.13.49 212.159.13.50 interface IoT
dhcpd lease 7200 interface IoT
dhcpd domain IoT interface IoT
dhcpd enable IoT
!
dhcpd address 10.10.40.100-10.10.40.254 IoT
dhcpd dns 212.159.13.49 212.159.13.50 interface IoT
dhcpd lease 7200 interface GuestNet
dhcpd domain GuestNet interface GuestNet
dhcpd enable GuestNet
!
dhcpd address 10.10.90.100-10.10.90.254 IoT
dhcpd dns 212.159.13.49 212.159.13.50 interface WiFi
dhcpd lease 7200 interface WiFi
dhcpd domain WiFi interface WiFi
dhcpd enable WiFi
!
dhcpd address 10.10.100.100-10.10.100.254 Network-Managment
dhcpd dns 212.159.13.49 212.159.13.50 interface Network-Managment
dhcpd lease 7200 interface Network-Managment
dhcpd domain Network-Managment interface Network-Managment
dhcpd enable Network-Managment
!
threat-detection basic-threat
threat-detection statistics host number-of-rate 3
threat-detection statistics port number-of-rate 3
threat-detection statistics protocol number-of-rate 3
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 127.127.1.1 prefer
username marty password mycDIbWM1shfIpnO encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:711f6064c8e24acb45c0ba7a67d55415
: end
887VA Config
version 15.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MartyNet
!
boot-start-marker
boot system flash c880data-universalk9-mz.154-3.M4.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default line
aaa authentication login CON local line
aaa authentication login VTY local line
aaa authorization exec default local if-authenticated
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-2188670562
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2188670562
revocation-check none
rsakeypair TP-self-signed-2188670562
!
!
crypto pki certificate chain TP-self-signed-2188670562
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.20
ip dhcp excluded-address 10.10.20.1 10.10.20.20
ip dhcp excluded-address 10.10.30.1 10.10.30.20
ip dhcp excluded-address 10.10.40.1 10.10.40.20
ip dhcp excluded-address 10.10.90.1 10.10.90.20
ip dhcp excluded-address 10.10.100.1 10.10.100.20
!
ip dhcp pool MartyNet
import all
network 10.10.10.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.10.1
lease 3
!
ip dhcp pool KidsNet
import all
network 10.10.20.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.20.1
lease 3
!
ip dhcp pool IoT
import all
network 10.10.30.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.30.1
lease 3
!
ip dhcp pool GuestNet
import all
network 10.10.40.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.40.1
lease 3
!
ip dhcp pool WiFi
import all
network 10.10.90.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.90.1
lease 3
!
ip dhcp pool Managment
import all
network 10.10.100.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 10.10.100.1
lease 3
!
!
!
no ip bootp server
no ip domain lookup
ip domain name martynet.co.uk
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
cts logging verbose
license udi pid CISCO887VA-SEC-K9 sn FCZ1601C3W9
!
!
username marty privilege 15 secret 5 $1$QDkM$TDkRQFbzAIY2XZ6gNKtUq.
username helen privilege 15 secret 5 $1$..DI$Oh.Lg4sbKyof.nlMjL0DP/
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
!
!
!
!
!
!
!
!
!
!
bba-group pppoe global
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F08:1244::2/64
ipv6 enable
tunnel source 84.92.109.26
tunnel mode ipv6ip
tunnel destination 216.66.80.26
!
interface Ethernet0
ip address 10.10.0.1 255.255.255.252
ip virtual-reassembly in
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description MartyNet
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:10::1/64
!
interface Vlan20
description KidsNet
ip address 10.10.20.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:20::1/64
!
interface Vlan30
description IoT
ip address 10.10.30.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
rate-limit output 5000000 78125 78125 conform-action transmit exceed-action drop
ipv6 address 2001:470:6E39:30::1/64
!
interface Vlan40
description GuestNet
ip address 10.10.40.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
rate-limit output 5000000 78125 78125 conform-action transmit exceed-action drop
ipv6 address 2001:470:6E39:40::1/64
!
interface Vlan90
description WiFi
ip address 10.10.90.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:90::1/64
!
interface Vlan100
description Management
ip address 10.10.100.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ipv6 address 2001:470:6E39:100::1/64
!
interface Dialer0
description PlusNet
mtu 1492
ip address negotiated
ip access-group filter_incoming in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ppp authentication chap pap callin
ppp chap hostname martyw@plusdsl.net
ppp chap password 0 D0n0st1a
ppp pap sent-username martyw@plusdsl.net password 0 D0n0st1a
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
no ip classless
no ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip dns server
ip nat inside source list 10 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.10 10110 84.92.109.26 10110 extendable
ip nat inside source static tcp 10.10.10.50 10510 84.92.109.26 10510 extendable
ip ssh version 2
!
ip access-list standard ACCESS
permit 138.253.20.0 0.0.0.255
permit 10.10.10.0 0.0.0.255
permit 10.10.50.0 0.0.0.255
permit 10.10.100.0 0.0.0.255
deny any
!
dialer-list 1 protocol ip permit
ipv6 route ::/0 Tunnel0
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 permit 10.10.50.0 0.0.0.255
access-list 10 permit 10.10.90.0 0.0.0.255
access-list 10 deny any
access-list 101 deny ip 10.10.90.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.90.0 0.0.0.255 any
!
!
!
control-plane
!
!
banner login ^CCCC
THIS IS A PRIVATE SYSTEM. UNAUTHORISED ACCESS IS NOT
PERMITTED AND OFFENDERS ARE LIABLE TO PROSECUTION.
YOUR IP HAS BEEN LOGGED AND AN ALERT GENERATED
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication VTY
no modem enable
line aux 0
line vty 0 4
access-class ACCESS in
exec-timeout 0 0
logging synchronous
login authentication VTY
transport input ssh
!
scheduler max-task-time 5000
ntp master
ntp update-calendar
ntp server 62.253.202.249
ntp server 92.27.75.51
ntp server 85.199.214.99
Any help is appreciated
Share this post
Link to post
Share on other sites