=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2005.12.23 09:02:40 =~=~=~=~=~=~=~=~=~=~=~= RACK1AS>4 [Resuming connection 4 to r4 ... ] R4#sh ip int brie Interface IP-Address OK? Method Status Protocol FastEthernet0/0 180.40.7.98 YES manual up up ATM1/0 192.10.32.1 YES manual up up R4#ping 10   92.10.32.24 54 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms R4#sh clock *00:14:40.303 UTC Mon Mar 1 1993 R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp ser 192.10.32.254 R4(config)#do sh clock .17:08:57.604 UTC Fri Dec 23 2005 R4(config)#ntp authen R4(config)#ntp authenticati R4(config)#ntp authentication-key 1 ? md5 MD5 authentication R4(config)#ntp authentication-key 1 Mt yTime      md5 MyTime R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp tru R4(config)#ntp trusted-key 1 ? R4(config)#ntp trusted-key 1   R4(config)# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#PING 10 80 R3#PING 180.40.7.98 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.98, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp serv 180.40.7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp serv 180.40.7.98 key ? <0-4294967295> Peer key number R3(config)#ntp serv 180.40.7.98 key 1 ? prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp serv 180.40.7.98 key 1   R3(config)#ntp   atuhern  n R3(config)#ntp atuhenti R3(config)#ntp atuhenti       uthe R3(config)#ntp authenticatti  io R3(config)#ntp authentication-key 1 md5 ? WORD Authentication key R3(config)#ntp authentication-key 1 md5 MyTime R3(config)#do sh clock 17:11:45.677 UTC Fri Dec 23 2005 R3(config)#^Z R3#s Dec 23 17:11:47.452: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 46 64 377 4.1 -0.26 0.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#\\\\     R3# R3# R3# R3#sh ntp status Clock is synchronized, stratum 6, reference is 180.40.7.98 nominal freq is 249.5901 Hz, actual freq is 249.5901 Hz, precision is 2**18 reference time is C756AE68.0A06F864 (17:12:08.039 UTC Fri Dec 23 2005) clock offset is -1.1507 msec, root delay is 109.74 msec root dispersion is 91.23 msec, peer dispersion is 0.93 msec R3# R3# R3# R3# R3# R3#sh ntp status ? | Output modifiers R3#sh ntp status        ? associations NTP associations status NTP status R3#sh ntp ass ? detail Show detail | Output modifiers R3#sh ntp ass det R3#sh ntp ass detail 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C756AE38.660A9EC0 (17:11:20.398 UTC Fri Dec 23 2005) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 105.58 msec, root disp 89.14, reach 377, sync dist 144.943 delay 4.17 msec, offset -1.1507 msec, dispersion 0.93 precision 2**18, version 3 org time C756AE68.0932C81E (17:12:08.035 UTC Fri Dec 23 2005) rcv time C756AE68.0A06F864 (17:12:08.039 UTC Fri Dec 23 2005) xmt time C756AE68.08D75962 (17:12:08.034 UTC Fri Dec 23 2005) filtdelay = 4.17 4.06 4.04 4.12 4.03 4.18 4.03 4.15 filtoffset = -1.15 -0.26 -0.21 -0.28 -0.17 -0.16 -0.16 -0.10 filterror = 0.02 0.99 1.01 1.02 1.04 1.05 1.07 1.08 R3#sh run | i ntp ntp authentication-key 1 md5 1063102D0C1A17 7 ntp clock-period 17208077 ntp server 180.40.7.98 key 1 R3# RACK1AS>4 [Resuming connection 4 to r4 ... ] R4(config)#^Z R4# Dec 23 17:14:49.208: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | i ntp ntp authentication-key 1 md5 112400311E1F0E 7 ntp trusted-key 1 ntp server 192.10.32.254 R4# R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ip in R4(config)#ip inspect ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip inspect tcp ? block-non-session Block non-session TCP traffic finwait-time Specify timeout for TCP connections after a FIN idle-time Specify idle timeout for tcp connections max-incomplete Specify max half-open connection per host synwait-time Specify timeout for TCP connections after a SYN and no further data R4(config)#ip inspect tcp % Incomplete command. R4(config)#ip inspect tcp       name ? WORD Name of inspection defined R4(config)#ip inspect name Prob2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 tcp ? alert Turn on/off alert audit-trail Turn on/off audit trail timeout Specify the inactivity timeout time R4(config)#ip inspect name Prob2 tcp R4(config)#ip inspect name Prob2 tcp p     udp R4(config)#ip inspect name Prob2 udp   h323 R4(config)#ip inspect name Prob2 h323 access-list 100 per udp any any eq ntp R4(config)#access-list 100 per udp any any eq ntp                      den ip anuy    y any log R4(config)#int atm 1/0 R4(config-if)#ip in R4(config-if)#ip ins R4(config-if)#ip inspect ? WORD Name of inspection defined R4(config-if)#ip inspect Pod  rob2 ? in Inbound inspection out Outbound inspection R4(config-if)#ip inspect Prob2 out R4(config-if)#in po  acces R4(config-if)#ip access-group 100 in R4(config-if)#^Z R4#sh acc Dec 23 17:18:34.612: %SYS-5-CONFIG_I: Configured from console by console R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp 20 deny ip any any log R4# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1> RACK1AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 permit tcp host 192.10.32.254 eq telnet host 192.10.32.1 eq 38714 (8 matches) 10 permit udp any any eq ntp (3 matches) 20 deny ip any any log R4# Dec 23 17:19:12.556: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(40336) -> 192.10.32.1(179), 1 packet R4#sh run int atm 1./  /0 Building configuration... Current configuration : 199 bytes ! interface ATM1/0 ip address 192.10.32.1 255.255.255.0 ip access-group 100 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! end R4#sh run | i ip insp ip inspect name Prob2 tcp ip inspect name Prob2 udp ip inspect name Prob2 h323 ip inspect Prob2 out R4#sh run | b   u   i access-list ip access-list standard IPNAT access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log R4# R4# RACK1AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# RACK1AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#privi R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   R1(config)#privilege configure ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege configure level 3 ? LINE Initial keywords of the command to modify R1(config)#privilege configure level 3 snmp-server community WORD ro R1(config)#privilege configure level 3 snmp-server community WORD ro w R1(config)#prin vi R1(config)#privilege exec level 3 % Incomplete command. R1(config)#privilege exec level 3 shp ow rt unning-config R1(config)#prin  R1(config)#pri ivi R1(config)#privilege exec level 3 configure terminal R1(config)#user JoeUser ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser privi R1(config)#user JoeUser privilege 3 ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser privilege 3 pass c is   isco R1(config)#line vty 0 4 R1(config-line)#login local R1(config-line)#^Z R1# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#con R1#config ? terminal Configure from the terminal R1#config ter R1#config terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#snm R1(config)#snmp-server ? community Enable SNMP; set community string and access privs R1(config)#snmp-server com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string R1(config)#snmp-server community test ro R1(config)#^Z R1#sh run Building configuration... Current configuration : 83 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! snmp-server community test RO ! end R1# R1# R1# R1# R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] *Mar 1 R1#sh run | i p b user R1#sh run | i b user b user  username JoeUser privilege 3 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! --More--  interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RO ! ! ! privilege configure level 3 snmp-server community privilege configure level 3 snmp-server privilege exec level 3 configure terminal privilege exec level 3 configure privilege exec level 3 show running-config --More--  privilege exec level 3 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local ! ! end R1# R1# RACK1AS>2 [Resuming connection 2 to r2 ... ] R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp     tim R2(config)#time-range ? WORD Time range name R2(config)#time-range Prob4 ? R2(config)#time-range Prob4 R2(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit Exit from time-range configuration mode no Negate a command or set its defaults periodic periodic time and date R2(config-time-range)#per R2(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#periodic we R2(config-time-range)#periodic wee R2(config-time-range)#periodic weekk  R2(config-time-range)#periodic weekd R2(config-time-range)#periodic weekdays ? hh:mm Starting time R2(config-time-range)#periodic weekdays 07:00 ? to ending day and time R2(config-time-range)#periodic weekdays 07:00 to ? hh:mm Ending time - stays valid until beginning of next minute R2(config-time-range)#periodic weekdays 07:00 to 17:00 R2(config-time-range)#exit R2(config)#access-list 100 per ip any any tim R2(config)#access-list 100 per ip any any time-range Prob4 R2(config)#line vty 0 4 R2(config-line)#acc R2(config-line)#access-class ? <1-199> IP access list <1300-2699> IP expanded access list WORD Access-list name R2(config-line)#access-class 100 in R2(config-line)#exit R2(config)#exit R2#sh ac *Mar 1 00:34:03.420: %SYS-5-CONFIG_I: Configured from console by console R2#sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2# R2# R2# R2# R2#sh clock *00:34:16.418 UTC Mon Mar 1 1993 R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntyp    p ser 180.40.7.98 key 1 R2(config)#ntp authen R2(config)#ntp authenticatti  io R2(config)#ntp authentication-key 1 md5 MyTi, me R2(config)#^Z R2#sh .Dec 23 17:31:11.887: %SYS-5-CONFIG_I: Configured from console by console R2#sh ntp asds\   s address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 77 58.9 0.11 375.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh clock 17:31:21.026 UTC Fri Dec 23 2005 R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#time R2(config)#time-range ntp authentication-key 1 md5 MyTimeser 180.40.7.98 key 1 exit access-class 100 inline vty 0 4 access-list 100 per ip any any time-range Prob4exit periodic weekdays 07:00 to 17:00time-range Prob4  R2(config-time-range)#time-range Prob4 ntp authentication-key 1 md5 MyTimeser 180.40.7.98 key 1 exit access-class 100 inline vty 0 4 access-list 100 per ip any any time-range Prob4exit periodic weekdays 07:00 to 17:00     18:00 R2(config-time-range)#^Z R2# Dec 23 17:31:52.401: %SYS-5-CONFIG_I: Configured from console by console R2#sh config tsh clockntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 32 64 377 58.9 -0.06 0.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp assconfig t sh clockntp assconfig t sh clockaccess-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2# R2# R2# R2# R2# R2# R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#tim R2(config)#time-range            ^Z R2# Dec 23 17:32:59.772: %SYS-5-CONFIG_I: Configured from console by console R2#sh run | b access-list access-list 100 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp authentication-key 1 md5 00290A320D560E 7 ntp server 180.40.7.98 key 1 time-range Prob4 periodic weekdays 7:00 to 17:00 --More--   periodic weekdays 7:00 to 18:00 ! ! end R2# R2#^x4 % Unknown command or computer name, or unable to find computer address R2# R2# RACK1AS>4 [Resuming connection 4 to r4 ... ] Dec R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#do sh run int atm 1/0 Building configuration... Current configuration : 199 bytes ! interface ATM1/0 ip address 192.10.32.1 255.255.255.0 ip access-group 100 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! end R4(config)#no ip inspect Prob2 out ^ % Invalid input detected at '^' marker. R4(config)#int atm 1/0 R4(config-if)#int atm 1/0no ip inspect Prob2 out R4(config-if)#no ip access-group 100 in R4(config-if)#exit R4(config)#ip acces R4(config)#ip access-list ex Prob5Out R4(config-ext-nacl)#per ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value reflect Create reflexive access list entry time-range Specify a time-range tos Match packets with given TOS value R4(config-ext-nacl)#per ip any any ref R4(config-ext-nacl)#per ip any any reflect ? WORD Access-list name R4(config-ext-nacl)#per ip any any reflect Prob5 R4(config-ext-nacl)#exit R4(config)#exitper ip any any reflect Prob5 ip access-list ex Prob5Out    In R4(config-ext-nacl)#per udp any any eq ntp R4(config-ext-nacl)#deny ip any any               any ip        den ip any any log R4(config-ext-nacl)#ev R4(config-ext-nacl)#evaluate Prob5 R4(config-ext-nacl)#int atm 1/0 R4(config-if)#ip acces R4(config-if)#ip access-group Prob5Out out R4(config-if)#ip access-group Prob5Out out       In in R4(config-if)#^Z R4#sh a Dec 23 17:35:55.942: %SYS-5-CONFIG_I: Configured from console by console R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp (45 matches) 20 deny ip any any log (8 matches) Reflexive IP access list Prob5 Extended IP access list Prob5In 10 permit udp any any eq ntp 20 deny ip any any log 30 evaluate Prob5 Extended IP access list Prob5Out 10 permit ip any any reflect Prob5 R4# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254sh run | i ntp192.10.32.254  Trying 192.10.32.254 ... RACK1AS>4 [Resuming connection 4 to r4 ... ] De R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp (45 matches) 20 deny ip any any log (8 matches) Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.1 eq 16574 (4 matches) (time left 293) Extended IP access list Prob5In 10 permit udp any any eq ntp 20 deny ip any any log (4 matches) 30 evaluate Prob5 Extended IP access list Prob5Out 10 permit ip any any reflect Prob5 (4 matches) R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ip access-group Prob5In inOut outnt atm 1/0 evaluate Prob5den ip any any logper udp any any eq ntpip access-list ex Prob5In R4(config-ext-nacl)# Dec 23 17:37:12.606: %SEC-6-IPACCESSLOGP: list Prob5In denied tcp 192.10.32.254(40427) -> 192.10.32.1(179), 1 packet R4(config-ext-nacl)#no 30 R4(config-ext-nacl)# Dec 23 17:37:16.186: %SEC-6-IPACCESSLOGP: list Prob5In denied tcp 192.10.32.254(23) -> 192.10.32.1(16574), 3 packets R4(config-ext-nacl)#15 evaluate Prob5 R4(config-ext-nacl)#^Z R4# RACK1AS>3 [Resuming connection 3 to r3 ... ] % R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1> RACK1AS>4 [Resuming connection 4 to r4 ... ] Dec R4#config tsh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (3 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp (45 matches) 20 deny ip any any log (8 matches) Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.1 eq 54916 (31 matches) (time left 295) permit tcp host 192.10.32.254 eq telnet host 192.10.32.1 eq 16574 (4 matches) (time left 239) Extended IP access list Prob5In 10 permit udp any any eq ntp (3 matches) 15 evaluate Prob5 20 deny ip any any log (5 matches) Extended IP access list Prob5Out 10 permit ip any any reflect Prob5 (19 matches) R4#sh run | b interface ATM interface ATM1/0 ip address 192.10.32.1 255.255.255.0 ip access-group Prob5In in ip access-group Prob5Out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob5In permit udp any any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5Out permit ip any any reflect Prob5 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login --More-- RACK1AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key MyKey ? LINE R1(config)#tacacs-server key MyKey   R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server host ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server host 17.57.100.99 ? R1(config)#tacacs-server host 17.57.100.99 R1(config)#aa R1(config)#aaa R1(config)#aaa n R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication log R1(config)#aaa authentication login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login Prob6 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou ? WORD Server-group name radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. R1(config)#aaa authentication login Prob6 grou tac R1(config)#aaa authentication login Prob6 grou tacacs+ ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou tacacs+ lo R1(config)#aaa authentication login Prob6 grou tacacs+ local? local local-case R1(config)#aaa authentication login Prob6 grou tacacs+ local ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou tacacs+ local R1(config)#line vt 0 4 R1(config-line)#login auth R1(config-line)#login authentication Prob6 R1(config-line)# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: J JoeUser Password: R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] R1(config-line)#^Z R1#sh run | *Mar 1 00:45:31.469: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b aaa aaa new-model ! ! aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! ! ! username JoeUser privilege 3 password 0 cisco --More--  ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! interface Serial0/1 --More--   no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request tacacs-server key MyKey snmp-server community test RO ! ! ! privilege configure level 3 snmp-server community privilege configure level 3 snmp-server privilege exec level 3 configure terminal --More--  privilege exec level 3 configure privilege exec level 3 show running-config privilege exec level 3 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login authentication Prob6 ! ! end R1# R1#CONFIG T Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa   auth R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication pass R1(config)#aaa authentication password-prompt ? WORD Text of prompt R1(config)#aaa authentication password-prompt CCIE-Password: R1(config)#aaa authentication password-prompt CCIE-Password: : : : : : : : : W: a: n: t: o: a: b: e: t CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe:  CCIE-Wantoabe: u CCIE-Wantoabe: s CCIE-Wantoabe: e CCIE-Wantoabe: r CCIE-Wantoabe: n CCIE-Wantoabe: a CCIE-Wantoabe: m CCIE-Wantoabe: e CCIE-Wantoabe: - CCIE-Wantoabe: p CCIE-Wantoabe: r CCIE-Wantoabe: o CCIE-Wantoabe:  R1(config)#^Z R1# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE-Wantoabe:JoeUser CCIE-Password: R1# R1# R1# R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] *Ma R1#sh run | i aaa aaa new-model aaa authentication password-prompt CCIE-Password: aaa authentication username-prompt CCIE-Wantoabe: aaa authentication login Prob6 group tacacs+ local aaa session-id common R1# R1# RACK1AS>s % Type "show ?" for a list of subcommands RACK1AS> [Resuming connection 1 to r1 ... ] R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aa ? % Ambiguous command: "aa " R1(config)#aa  a ? accounting Accounting configurations parameters. authentication Authentication configurations parameters. authorization Authorization configurations parameters. cache AAA cache definitions configuration Authorization configuration parameters. dnis Associate certain AAA parameters to a specific DNIS number group AAA group definitions nas NAS specific configuration new-model Enable NEW access control commands and functions.(Disables OLD commands.) pod POD processing route Static route downloading session-id AAA Session ID session-mib AAA session MIB options traceback Traceback recording user AAA user definitions R1(config)#aaa at uthen ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authen ban R1(config)#aaa authen banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authen banner # $ # Enter TEXT message. End with the character '#'. Kep ep out # R1(config)# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE-Wantoabe:JoeUser CCIE-Password: R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] R1(config)##Keep outaaa authen banner #Keep out #  ^Z R1#sh run | *Mar 1 00:50:03.899: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b aaa aaa new-model ! ! aaa authentication banner ^C Keep out ^C aaa authentication password-prompt CCIE-Password: aaa authentication username-prompt CCIE-Wantoabe: aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! --More--   R1# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE-Wantoabe:~ CCIE-Password: % Authentication failed. CCIE-Wantoabe: CCIE-Wantoabe: [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#bann R1(config)#banner motd ? LINE c banner-text c, where 'c' is a delimiting character R1(config)#banner motd # Enter TEXT message. End with the character '#'. Yo momma # R1(config)# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Yo momma CCIE-Wantoabe: CCIE-Wantoabe: CCIE-Wantoabe: [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] R1(config)#^Z R1# *Mar 1 00:52:05.074: %SYS-5-CONFIG_I: Configured from console by console R1#sh =    config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa authen R1(config)#aaa authentication login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login       ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication banner # Enter TEXT message. End with the character '#'. YoYo # R1(config)# RACK1AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Yo momma CCIE-Wantoabe:JoeUser CCIE-Password: R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK1AS>1 [Resuming connection 1 to r1 ... ] R1(config)#^Z R1#sh *Mar 1 00:53:10.930: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b aaaa  aaa new-model ! ! aaa authentication banner ^C YoYo ^C aaa authentication password-prompt CCIE-Password: aaa authentication username-prompt CCIE-Wantoabe: aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup --More--   R1# RACK1AS>3 [Resuming connection 3 to r3 ... ] [Connection to 192.10.32.254 closed by foreign host] R3# R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#do sh access-list R3(config)#access-list 100 per tcp any any eq tel R3(config)#access-list 100 per tcp any any eq telbaccess-list 100 per tcp any any eq telaccess-list 100 per tcp any any eq tel naccess-list 100 per tcp any any eq teloaccess-list 100 per tcp any any eq tel access-list 100 per tcp any any eq tel R3(config)#no access-list 100 per tcp any any eq telaccess-list 100 per tcp any any eq tel  any eq tel  any eq tel  any eq tel a any eq teln any eq tely any eq tel any eq tel  eq tel  eq tel h eq telo eq tels eq telt eq tel eq tel1 eq tel9 eq tel- eq tel0 eq tel eq tel  eq tel 8 eq tel0 eq tel eq tel  eq tel  eq tel 8 eq tel0 eq tel. eq tel4 eq tel0 eq tel. eq tel7 eq tel. eq tel1 eq tel2 eq tel9 eq tel R3(config)#access-list 100 per tcp any host 180.40.7.129 eq tel   ntpeq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp eq ntp aeq ntpneq ntpyeq ntp eq ntpr tcp any any eq ntp  any any eq ntp  any any eq ntp u any any eq ntpd any any eq ntpp any any eq ntp R3(config)#access-list 100 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R3(config)#access-list 100 dy R3(config)#access-list 100 dynamic ? WORD Name of a Dynamic list R3(config)#access-list 100 dynamic Prob9 ? deny Specify packets to reject permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config)#access-list 100 dynamic Prob9 tim ? <1-9999> Maximum time to live R3(config)#access-list 100 dynamic Prob9 tim 60 ? deny Specify packets to reject permit Specify packets to forward R3(config)#access-list 100 dynamic Prob9 tim 60 > per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config)#access-list 100 dynamic Prob9 tim 60 per jip     ip ? A.B.C.D Source address any Any source host host A single source host R3(config)#access-list 100 dynamic Prob9 tim 60 per ip any ? A.B.C.D Destination address any Any destination host host A single destination host R3(config)#access-list 100 dynamic Prob9 tim 60 per ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config)#access-list 100 dynamic Prob9 tim 60 per ip any any R3(config)#int     line vty 0 4 R3(config-line)#au R3(config-line)#auto? autobaud autocommand autocommand-options autohangup autoselect R3(config-line)#autocom R3(config-line)#autocommand ? LINE Appropriate EXEC command no-suppress-linenumber Display service linenumber message R3(config-line)#autocommand access-enable ? LINE R3(config-line)#autocommand access-enable host timeout ? LINE R3(config-line)#autocommand access-enable host timeout 2   R3(config-line)#int fa 0/1 R3(config-if)#access-list 100               ip acc R3(config-if)#ip access R3(config-if)#ip access-group 100 in R3(config-if)# RACK1AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180/.  .40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180.40.7.129 Trying 180.40.7.129 ... Open [Connection to 180.40.7.129 closed by foreign host] S6# RACK1AS>3 [Resuming connection 3 to r3 ... ] Dec R3(config-if)#line con 0      Dec 23 17:55:33.788: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.130 on FastEthernet0/1 from LOADING to FULL, Loading Done R3(config-if)#line vty 0 4 R3(config-line)#do sh run     access-list Extended IP access list 100 10 permit tcp any host 180.40.7.129 eq telnet (27 matches) 20 permit udp any any eq ntp (1 match) 30 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (12 matches) (time left 113) R3(config-line)#cpo   ip access ex 100 R3(config-ext-nacl)#25 per ospf any any R3(config-ext-nacl)#line vty 0 4 R3(config-line)#priv R3(config-line)#privi R3(config-line)#privilege 15 ^ % Invalid input detected at '^' marker. R3(config-line)#privilege 15  leve 15 R3(config-line)#login       login local R3(config-line)#exu it R3(config)#user Geou rge  pass bosco R3(config)# RACK1AS>6 [Resuming connection 6 to r6 ... ] 01:0180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: % List#100-Prob9 already contains this IP address pair [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2en ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# S6# S6# S6# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3(config)#^Z R3#sh acc Dec 23 17:57:26.255: %SYS-5-CONFIG_I: Configured from console by consolee R3#sh access-list Extended IP access list 100 10 permit tcp any host 180.40.7.129 eq telnet (114 matches) 20 permit udp any any eq ntp (9 matches) 25 permit ospf any any (8 matches) 30 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (19 matches) (time left 110) R3# R3# R3# R3# R3#sh run | b user username George password 0 bosco ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto --More--   speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown --More--  ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit tcp any host 180.40.7.129 eq telnet --More--  access-list 100 permit udp any any eq ntp access-list 100 permit ospf any any access-list 100 dynamic Prob9 timeout 60 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local autocommand access-enable host timeout 2 ! ntp authentication-key 1 md5 1063102D0C1A17 7 ntp clock-period 17208026 --More--   R3# RACK1AS>2 [Resuming connection 2 to r2 ... ] R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2(config)#access-list 1 per 17.57.101.0 0.0.0.255 R2(config)#tcp ? % Unrecognized command R2(config)#tcp     ip tcp ? async-mobility Configure async-mobility chunk-size TCP chunk size intercept Enable TCP intercepting mss TCP initial maximum segment size path-mtu-discovery Enable path-MTU discovery on new TCP connections queuemax Maximum queue of outgoing TCP packets selective-ack Enable TCP selective-ACK synwait-time Set time to wait on new TCP connections timestamp Enable TCP timestamp option window-size TCP window size R2(config)#ip tcp inT R2(config)#ip tcp inTercept ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp inTercept LIST >? WORD R2(config)#ip tcp inTercept LIST > ? <100-199> Extended access list number for intercept WORD Access list name for intercept R2(config)#ip tcp inTercept LIST 1 % Invalid access list name. R2(config)#101     ip tcp inTercept LIST 101 R2(config)#no access-list 1 R2(config)#access-list 101 per ip any        tcp any 17.57.101.0 0.03~  .0.255 R2(config)#^Z R2# Dec 23 18:02:15.525: %SYS-5-CONFIG_I: Configured from console by console R2#sh t ip tcp  R2#sh ip tcp ? header-compression TCP/IP header-compression statistics R2#sh ip tcp     ? access-lists List IP access lists accounting The active IP accounting database aliases IP alias table arp IP ARP table as-path-access-list List AS path access lists audit IDS (Intrusion Detection System) information auth-proxy Authentication Proxy information bgp BGP information cache IP fast-switching route cache cef Cisco Express Forwarding community-list List community-list dhcp Show items in the DHCP database director Director agent dns Show DNS zone information drp Director response protocol dvmrp DVMRP information eigrp IP-EIGRP show commands explicit-paths Show IP explicit paths extcommunity-list List extended-community list flow NetFlow switching helper-address helper-address table http HTTP information --More--   R2#sh ip    tc? tcp R2#sh tc ? <0-70> Line number aux Auxiliary line brief Brief display console Primary terminal line intercept Intercept display statistics TCP protocol statistics tcb TCB address tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems | Output modifiers R2#sh tc in R2#sh tc intercept ? connections Connection information statistics Statistics R2#sh tc intercept co Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode R2# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#sh ip route 17.57.101.0 Routing entry for 17.57.101.0/24 Known via "ospf 1", distance 110, metric 782, type intra area Last update from 180.40.7.35 on Serial1/0, 00:07:16 ago Routing Descriptor Blocks: * 180.40.7.2, from 180.40.7.35, 00:07:16 ago, via Serial1/2 Route metric is 782, traffic share count is 1 180.40.7.35, from 180.40.7.35, 00:07:16 ago, via Serial1/0 Route metric is 782, traffic share count is 1 R3#17.57.101.2 Trying 17.57.101.2 ... Open S5# RACK1AS>2 [Resuming connection 2 to r2 ... ] R2#sh tc intercept co Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode 180.40.7.3:20278 17.57.101.2:23 ESTAB 00:00:06 23:59:53 I R2# R2# R2# R2# R2#sh tc intercept co  st Intercepting new connections using access-list 101 0 incomplete, 1 established connections (total 1) 0 connection requests per minute R2# RACK1AS>3 [Resuming connection 3 to r3 ... ] S5#q [Connection to 17.57.101.2 closed by foreign host] R3# R3# RACK1AS>2 [Resuming connection 2 to r2 ... ] R2#sh run | i ip tcp ip tcp intercept list 101 R2#sh run | in access-list access-list 100 permit ip any any time-range Prob4 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 R2# R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#access-list 102 per ip any any              deny ospf any any R2(config)#access-list 102 deny ospf any any                 poer   er ip any any R2(config)#cry R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto is R2(config)#crypto isakmp po R2(config)#crypto isakmp policy ? <1-10000> Priority of protection suite R2(config)#crypto isakmp policy 10 R2(config-isakmp)#? ISAKMP commands: authentication Set authentication method for protection suite default Set a command to its defaults encryption Set encryption algorithm for protection suite exit Exit from ISAKMP protection suite configuration mode group Set the Diffie-Hellman group hash Set hash algorithm for protection suite lifetime Set lifetime for ISAKMP security association no Negate a command or set its defaults R2(config-isakmp)#auth R2(config-isakmp)#authentication pr R2(config-isakmp)#authentication pre-share ? R2(config-isakmp)#authentication pre-share R2(config-isakmp)#exit R2(config)#cry R2(config)#crypto is R2(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R2(config)#crypto isakmp key cisc >  o ? address define shared key with IP address hostname define shared key with hostname R2(config)#crypto isakmp key cisco add ? A.B.C.D Peer IP address R2(config)#crypto isakmp key cisco add 180.40.7.3 ? A.B.C.D Peer IP subnet mask no-xauth Bypasses XAuth for this peer R2(config)#crypto isakmp key cisco add 180.40.7.3   R2(config)#cry R2(config)#crypto ip R2(config)#crypto ipsec ? client Configure a client df-bit Handling of encapsulated DF bit. fragmentation Handling of fragmentation of near-MTU sized packets nat-transparency IPsec NAT transparency model optional Enable optional encryption for IPSec profile Configure an ipsec policy profile security-association Security association parameters transform-set Define transform and settings R2(config)#crypto ipsec tr R2(config)#crypto ipsec transform-set ? WORD Transform set tag R2(config)#crypto ipsec transform-set Prob11 ? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#crypto ipsec transform-set Prob11 a R2(config)#crypto ipsec transform-set Prob11 ah-sh R2(config)#crypto ipsec transform-set Prob11 ah-sha-hmac ? comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#crypto ipsec transform-set Prob11 ah-sha-hmac R2(cfg-crypto-trans)#exit R2(config)#cry R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto map ? WORD Crypto map tag R2(config)#crypto map Prob11 ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R2(config)#crypto map Prob11 10 ? ipsec-isakmp IPSEC w/ISAKMP ipsec-manual IPSEC w/manual keying R2(config)#crypto map Prob11 10 ip R2(config)#crypto map Prob11 10 ipsec-i R2(config)#crypto map Prob11 10 ipsec-isakmp ? dynamic Enable dynamic crypto map support profile Enable crypto map as a crypto-profile R2(config)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R2(config-crypto-map)#mat R2(config-crypto-map)#match 102 ? % Unrecognized command R2(config-crypto-map)#match 102     ? address Match address of packets to encrypt. R2(config-crypto-map)#match add ? <100-199> IP access-list number <2000-2699> IP access-list number (expanded range) WORD Access-list name R2(config-crypto-map)#match add 102 R2(config-crypto-map)#set peer ? Hostname or A.B.C.D IP address/hostname of peer R2(config-crypto-map)#set peer 180.40.7.3 R2(config-crypto-map)#? Crypto Map configuration commands: default Set a command to its defaults description Description of the crypto map statement policy dialer Dialer related commands exit Exit from crypto map configuration mode match Match values. no Negate a command or set its defaults qos Quality of Service related commands reverse-route Reverse Route Injection. set Set values for encryption/decryption R2(config-crypto-map)#set tr R2(config-crypto-map)#set transform-set ? WORD Proposal tag R2(config-crypto-map)#set transform-set Prob11 R2(config-crypto-map)#int s 1/2 R2(config-if)#c r  yr R2(config-if)#cyr  R2(config-if)#cy  cery\    ry R2(config-if)#crypto map Prob11 R2(config-if)# Dec 23 18:08:58.684: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2(config-if)#^Z R2# RACK1AS> [Resuming connection 2 to r2 ... ] Dec 23 18:09:00.591: %SYS-5-CONFIG_I: Configured from console by console R2# R2#sh run Building configuration... Current configuration : 2172 bytes ! ! Last configuration change at 18:09:00 UTC Fri Dec 23 2005 ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip tcp intercept list 101 --More--  ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 authentication pre-share --More--  crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-sha-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.3 set transform-set Prob11 match address 102 ! ! ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 --More--   R2#sh run | b access access-list 100 permit ip any any time-range Prob4 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 access-list 102 deny ospf any any access-list 102 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp authentication-key 1 md5 00290A320D560E 7 --More--   R2#sh run int s 1/2 Building configuration... Current configuration : 103 bytes ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 crypto map Prob11 end R2# R2# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#crypto isakmp policy 10 R3(config-isakmp)# authentication pre-share R3(config-isakmp)#crypto isakmp key cisco address 180.40.7.2 R3(config)#! R3(config)#! R3(config)#crypto ipsec transform-set Prob11 ah-sha-hmac R3(cfg-crypto-trans)#! R3(cfg-crypto-trans)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R3(config-crypto-map)# set peer 180.40.7.2 R3(config-crypto-map)# set transform-set Prob11 R3(config-crypto-map)# match address 102 R3(config-crypto-map)#! R3(config-crypto-map)#interface Serial1/2 R3(config-if)# ip address 180.40.7.3 255.255.255.224 R3(config-if)# clock rate 64000 %Error: This command applies only to DCE interfaces R3(config-if)# crypto map Prob11 R3(config-if)# R3(config-if)# R3(config-if)#access-list 102 deny ospf any any R3(config)#access-list 102 permit ip any any R3(config)# Dec 23 18:10:47.629: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R3(config)# R3(config)# R3(config)#^Z R3# Dec 23 18:10:50.959: %SYS-5-CONFIG_I: Configured from console by console R3#sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 0 inbound esp sas: inbound ah sas: --More--   inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: R3# RACK1AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 48/51/52 ms S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/52 ms S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 ms S6# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 19, #pkts encrypt: 0, #pkts digest 19 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: B943F52 inbound esp sas: inbound ah sas: --More--   R3# RACK1AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2         7  .57.100.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.100.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms S6#ping 17.57.100.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.100.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms S6#ping 17.57.100.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.100.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms S6# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 19, #pkts encrypt: 0, #pkts digest 19 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: B943F52 inbound esp sas: inbound ah sas: --More--   spi: 0x15892C21(361311265) transform: ah-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4488511/3543) replay detection support: Y inbound pcp sas: outbound esp sas: outbound ah sas: spi: 0xB943F52(194264914) transform: ah-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4488508/3536) replay detection support: Y outbound pcp sas: R3# RACK1AS>2 [Resuming connection 2 to r2 ... ] R2#sh ip  cry  ip sa % Ambiguous command: "sh cr ip sa" R2#sh cr ip say ip sa ips sae sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.2 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.3:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 19, #pkts decrypt: 0, #pkts verify 19 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.2, remote crypto endpt.: 180.40.7.3 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 15892C21 inbound esp sas: inbound ah sas: --More--   R2#sh ip route 180-  0.40.7.130 Routing entry for 180.40.7.128/27 Known via "ospf 1", distance 110, metric 76, type intra area Last update from 17.57.101.2 on FastEthernet0/0, 00:17:26 ago Routing Descriptor Blocks: * 17.57.101.2, from 180.40.7.130, 00:17:26 ago, via FastEthernet0/0 Route metric is 76, traffic share count is 1 R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#p ip route 180.40.7.130 255.255.255.255 s 1/2 R2(config)#^Z R2# RACK1AS>6 [Resuming connection 6 to r6 ... ] ping 17.57.100.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.100.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms S6# RACK1AS>3 [Resuming connection 3 to r3 ... ] R3#sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 19, #pkts encrypt: 0, #pkts digest 19 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: B943F52 inbound esp sas: inbound ah sas: --More--   R3# RACK1AS> [Resuming connection 3 to r3 ... ] R3#sh cry ip saconfig t 17.57.101.2sh ip route 17.57.101.0run | b user  RACK1AS>6 [Resuming connection 6 to r6 ... ] S6#ping 17.57.100.280.40.7.2  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms S6# RACK1AS>3 [Resuming connection 3 to r3 ... ] username George password 0 bosco ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-sha-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 match address 102 ! ! ! ! interface FastEthernet0/0 no ip address --More--   R3#[A % Unknown command or computer name, or unable to find computer address R3# R3# R3# R3# R3#[Ash run | b usercry ip sa  interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 34, #pkts encrypt: 0, #pkts digest 34 #pkts decaps: 15, #pkts decrypt: 0, #pkts verify 15 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: B943F52 inbound esp sas: inbound ah sas: --More--   R3# RACK1AS>2 [Resuming connection 2 to r2 ... ] Dec R2#sh run b   | v b cry no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip tcp intercept list 101 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! --More--  ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-sha-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.3 set transform-set Prob11 --More--   match address 102 ! ! ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay --More--  ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! --More--  interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ip route 180.40.7.130 255.255.255.255 Serial1/2 ! no ip http server no ip http secure-server ! access-list 100 permit ip any any time-range Prob4 --More--  access-list 101 permit tcp any 17.57.101.0 0.0.0.255 access-list 102 deny ospf any any access-list 102 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp authentication-key 1 md5 00290A320D560E 7 ntp clock-period 17208029 --More--   R2#