=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.12.01 10:48:42 =~=~=~=~=~=~=~=~=~=~=~= ************************************************************** Global Knowledge Hands-On Labs Access Server Access is restricted to Global Knowledge CCIE Students ************************************************************** Please re-enter your password. (This is the same password you used to log onto the Lab website.) If you see a username prompt, please wait 40 seconds and try again. If the username prompt persists, please reset equipment from your "Pod x" link. User Access Verification Password: Password OK R7> R7>en R7# R7# R7# R7# R7# R7# R7# R7# RACK9AS>disc Closing connection to r7 [confirm] RACK9AS> [Resuming connection 6 to r6 ... ] S6# S6# S6# RACK9AS>4 [Resuming connection 4 to r4 ... ] R4#ping 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms R4#confi t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp ser 192.10.1                do sh clock *01:20:33.019 UTC Mon Mar 1 1993 R4(config)#' ntp ser 192.10.32.254 R4(config)# R4(config)# R4(config)# R4(config)#do sh clock *01:20:53.959 UTC Mon Mar 1 1993 R4(config)#do sh clock *01:20:55.271 UTC Mon Mar 1 1993 R4(config)#do sh clock *01:20:56.267 UTC Mon Mar 1 1993 R4(config)#do sh clock *01:20:57.315 UTC Mon Mar 1 1993 R4(config)#do sh clock *01:20:58.335 UTC Mon Mar 1 1993 R4(config)#do sh clock .19:01:28.615 UTC Fri Dec 1 2006 R4(config)# R4(config)# R4(config)# R4(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R4(config)#clock ti R4(config)#clock timezone EST ? <-23 - 23> Hours offset from UTC R4(config)#clock timezone EST -5 R4(config)#clock timezone EST -5do sh clock  14:01:49.575 EST Fri Dec 1 2006 R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp auth R4(config)#ntp authenticati R4(config)#ntp authentication-key ? <1-4294967295> Key number R4(config)#ntp authentication-key 1 > ? md5 MD5 authentication R4(config)#ntp authentication-key 1 m R4(config)#ntp authentication-key 1 md5 ? WORD Authentication key R4(config)#ntp authentication-key 1 md5 MyTime R4(config)#^Z R4# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)# R3(config)#ntp serv 180.40.7.98                  authe R3(config)#ntp authenticati R3(config)#ntp authentication-key 1 m R3(config)#ntp authentication-key 1 md5 MyTime R3(config)#ntp authentication-key 1 md5 MyTime                               ser 180.70.   40.7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp ser 180.40.7.98 ke R3(config)#ntp ser 180.40.7.98 key ? <0-4294967295> Peer key number R3(config)#ntp ser 180.40.7.98 key 1 ? prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp ser 180.40.7.98 key 1 R3(config)#^Z R3#conf *Mar 1 01:20:22.564: %SYS-5-CONFIG_I: Configured from console by console R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)# R3(config)#l cloc tim R3(config)#cloc timezone EST -5 R3(config)#^Z R3# Dec 1 19:03:21.045: %SYS-5-CONFIG_I: Configured from console by console R3# R3# R3#sh clock 14:03:27.868 EST Fri Dec 1 2006 R3# R3# R3# R3#sh ntp asss ^ % Invalid input detected at '^' marker. R3#sh ntp asss  address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 4 6 64 377 4.0 0.16 0.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass ? detail Show detail | Output modifiers R3#sh ntp ass de 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 4 ref ID 192.10.32.254, time C91AFAD6.C2DAD8CA (14:02:46.761 EST Fri Dec 1 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 225.72 msec, root disp 47.09, reach 377, sync dist 162.048 delay 4.03 msec, offset 0.1635 msec, dispersion 0.09 precision 2**18, version 3 org time C91AFAFF.FAB820F0 (14:03:27.979 EST Fri Dec 1 2006) rcv time C91AFAFF.FB3A4E7B (14:03:27.981 EST Fri Dec 1 2006) xmt time C91AFAFF.FA0E1004 (14:03:27.976 EST Fri Dec 1 2006) filtdelay = 4.14 4.03 4.06 4.23 4.10 4.10 4.12 4.07 filtoffset = 0.08 0.16 0.13 0.11 0.14 0.04 0.11 -0.03 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3#sh run i n   | i ntp ntp authentication-key 1 md5 112400311E1F0E 7 ntp server 180.40.7.98 key 1 R3# RACK9AS>4 [Resuming connection 4 to r4 ... ] Dec R4#sh run | i ntp ntp authentication-key 1 md5 0329423F0F0224 7 ntp server 192.10.32.254 R4# R4#conf t Enter configuration commands, one per line. End with CNTL/Z. R4(config)# R4(config)#ip access-list ex Prob2 R4(config-ext-nacl)#per udp any any eq ntp R4(config-ext-nacl)#per udp any any eq ntp per udp any any eq ntp no 10 R4(config-ext-nacl)#no 10per udp any any eq ntp any eq ntp  any eq ntp  any eq ntp h any eq ntpo any eq ntps any eq ntpt any eq ntp any eq ntp1 any eq ntp9 any eq ntp2 any eq ntp. any eq ntp1 any eq ntp0 any eq ntp. any eq ntp3 any eq ntp2 any eq ntp. any eq ntp2 any eq ntp5 any eq ntp4 any eq ntp R4(config-ext-nacl)#den ip any any log R4(config-ext-nacl)#exit R4(config)#ip in R4(config)#ip inspect ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip inspect name ? WORD Name of inspection defined R4(config)#ip inspect name Prob  2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 h323 R4(config)#ip inspect name Prob2 h323    tcp R4(config)#ip inspect name Prob2 tcp \   udp R4(config)#ip inspect name Prob2 udp int atm 1/0 R4(config-if)#ip acce e R4(config-if)#ip access-group Prob2 in R4(config-if)#ip ins R4(config-if)#ip inspect Prob2 ? in Inbound inspection out Outbound inspection R4(config-if)#ip inspect Prob2 out R4(config-if)# Dec 1 19:11:27.499: %SEC-6-IPACCESSLOGP: list Prob2 denied tcp 192.10.32.254(32029) -> 192.10.32.9(179), 1 packet R4(config-if)#^Z R4# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1>sh ? % Unrecognized command CR1>sh     RACK9AS>4 [Resuming connection 4 to r4 ... ] Dec R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list Prob2 permit tcp host 192.10.32.254 eq telnet host 192.10.32.9 eq 51629 (18 matches) 10 permit udp host 192.10.32.254 any eq ntp (6 matches) 20 deny ip any any log (1 match) R4#sh ip inst p R4#sh ip inspect ? all Inspection all available information config Inspection configuration interfaces Inspection interfaces name Inspection name sessions Inspection sessions R4#sh ip inspect all Session audit trail is disabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec Inspection Rule Configuration Inspection name Prob2 h323 alert is on audit-trail is off timeout 3600 tcp alert is on audit-trail is off timeout 3600 udp alert is on audit-trail is off timeout 30 Interface Configuration Interface ATM1/0 Inbound inspection rule is not set Outgoing inspection rule is Prob2 h323 alert is on audit-trail is off timeout 3600 tcp alert is on audit-trail is off timeout 3600 udp alert is on audit-trail is off timeout 30 Inbound access list is Prob2 Outgoing access list is not set --More--   Established Sessions Session 6306E9AC (180.40.7.129:51629)=>(192.10.32.254:23) tcp SIS_OPEN R4# R4# R4# R4# Dec 1 19:13:27.502: %SEC-6-IPACCESSLOGP: list Prob2 denied tcp 192.10.32.254(32043) -> 192.10.32.9(179), 1 packet R4# RACK9AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3# RACK9AS>4 [Resuming connection 4 to r4 ... ] R4#sh run | b ip in ip inspect name Prob2 h323 ip inspect name Prob2 tcp ip inspect name Prob2 udp ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 180.40.7.98 255.255.255.224 --More--   ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.9 255.255.255.0 ip access-group Prob2 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! --More--  ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob2 permit udp host 192.10.32.254 any eq ntp deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! --More--   R4# RACK9AS>1 [Resuming connection 1 to r1 ... ] R1# R1# R1# R1# R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)#user JoeUser R1(config)#user JoeUser        user JoeUsernuser JoeUserouser JoeUser user JoeUser R1(config)#no user JoeUseruser JoeUser  priv R1(config)#user JoeUser privilege 5 R1(config)#user JoeUser privilege 515 privilege 15  privilege 15  privilege 15  privilege 15  privilege 15  privilege 15 B privilege 15 R1(config)#privi R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   controller Controller configuration mode dhcp DHCP pool configuration mode enum_rule enum configuration mode ephone ephone configuration mode ephone-dn ephone-dn configuration mode exec Exec mode filterserver AAA filter server definitions flow-cache Flow aggregation cache config mode fr-fr FR/FR connection configuration mode frf5 FR/ATM Network IWF configuration mode frf8 FR/ATM Service IWF configuration mode gateway Gateway configuration mode gw-accounting-aaa Gateway accounting aaa configuration mode interface Interface configuration mode interface-dlci Frame Relay dlci configuration mode interface-range Interface range configuration mode ip-explicit-path IP explicit path configuration mode ip-vrf Configure IP VRF parameters ipenacl IP named extended access-list configuration mode ipsnacl IP named simple access-list configuration mode ipv6-router IPv6 router configuration mode ipv6acl IPv6 access-list configuration mode ipx-router IPX router configuration mode --More--   R1(config)#privilege exce  ec R1(config)#privilege exec ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege exec level 5 ? LINE Initial keywords of the command to modify R1(config)#privilege exec level 5 confi t R1(config)#do sh run | b privi username JoeUser privilege 5 username JB privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! ! ! ! privilege exec level 5 configure terminal privilege exec level 5 configure ! line con 0 exec-timeout 0 0 --More--   logging synchronous --More--  line aux 0 --More--  line vty 0 4 --More--   privilege level 15 --More--   no login --More--  ! --More--  ! --More--   R1(config)#snm R1(config)#snmp? snmp snmp-server R1(config)#snmp- R1(config)#snmp-server ? chassis-id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact drop Silently drop SNMP packets enable Enable SNMP Traps or Informs engineID Configure a local or remote SNMPv3 engineID group Define a User Security Model group host Specify hosts to receive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options location Text for mib object sysLocation manager Modify SNMP manager parameters packetsize Largest SNMP packet size queue-length Message queue length for each TRAP host source-interface Assign an source interface system-shutdown Enable use of the SNMP reload command tftp-server-list Limit TFTP servers used via SNMP trap SNMP trap options trap-source Assign an interface for the source address of all traps trap-timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv2 MIB view --More--   R1(config)#snmp-server x  com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community WORD ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string view Restrict this community to a named MIB view R1(config)#snmp-server community WORD RW  tw  rwpsnmp-server community WORD rwrsnmp-server community WORD rwisnmp-server community WORD rwvsnmp-server community WORD rwisnmp-server community WORD rw snmp-server community WORD rwcsnmp-server community WORD rwosnmp-server community WORD rwnsnmp-server community WORD rwfsnmp-server community WORD rwusnmp-server community WORD rwsnmp-server community WORD rw usnmp-server community WORD rwsnmp-server community WORD rw isnmp-server community WORD rwgsnmp-server community WORD rwusnmp-server community WORD rwrsnmp-server community WORD rw snmp-server community WORD rwlsnmp-server community WORD rwesnmp-server community WORD rwvsnmp-server community WORD rwesnmp-server community WORD rwlsnmp-server community WORD rw snmp-server community WORD rw4snmp-server community WORD rwsnmp-server community WORD rw 5snmp-server community WORD rw snmp-server community WORD rw R1(config)#do sh run | snmpprivi configur level 5 snmp-server community WORD rw R1(config)#privi configur level 5 snmp-server community WORD rw privi configur level 5 snmp-server community WORD rwdo sh run | b privi  username JoeUser privilege 5 username JB privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! ! ! ! privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure ! --More--   R1(config)# RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17,57.    .57.10. 0.1\ % Unknown command or computer name, or unable to find computer address S5#17.57.100.1\  Trying 17.57.100.1 ... Open R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int v line vty 0 4 ^ % Invalid input detected at '^' marker. R1(config)#int line vty 0 4int line vty 0 4  line vty 0 4  line vty 0 4  R1(config-line)#login loca R1(config-line)#^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh privi Current privilege level is 5 R1# R1# R1# R1#config ? terminal Configure from the terminal R1#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#snm R1(config)#snmp-server co R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test                            ^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5#^x   RACK9AS>1 [Resuming connection 1 to r1 ... ] *Ma R1(config)#do sh run | b priviprivi configur level 5 snmp-server community WORD rw do sh run | b privi privilege exec level 5 confi t       sh run R1(config)#^Z R1#x RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh run R1#sh running-config Building configuration... Current configuration : 53 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! ! end R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp-server com R1(config)#snmp-server community test R1(config)#^Z R1#confi tsh running-config Building configuration... Current configuration : 83 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! snmp-server community test RO ! end R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK9AS>1 [Resuming connection 1 to r1 ... ] *Mar % Ambiguous command: "x" R1#sh run | b U user username JoeUser privilege 5 username JB privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RO ! ! ! privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure --More--  privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local ! ! end R1# R1# RACK9AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)# R2(config)#tim R2(config)#time-range ? WORD Time range name R2(config)#time-range Prob4 R2(config-time-range)#per R2(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#periodic weekda R2(config-time-range)#periodic weekdays ? hh:mm Starting time R2(config-time-range)#periodic weekdays 10:30         9:00 to 17:00 R2(config-time-range)#exiy t R2(config)#ip access-list                line vty 0 4 R2(config-line)#acc R2(config-line)#access-class ? <1-199> IP access list <1300-2699> IP expanded access list WORD Access-list name R2(config-line)#access-class              exity ^ % Invalid input detected at '^' marker. R2(config-line)#exity  R2(config)#ip access-list ex R2(config)#ip access-list extended prob4rob4 Prob4 R2(config-ext-nacl)#a per ip any any tim R2(config-ext-nacl)#per ip any any time-range Prob4 R2(config-ext-nacl)#line vty 0 4 R2(config-line)#accc R2(config-line)#accc  R2(config-line)#access-class Prob4 in R2(config-line)#z ^Z R2#sh ac *Mar 1 01:46:01.675: %SYS-5-CONFIG_I: Configured from console by console R2#sh access % Ambiguous command: "sh access" R2#sh access-list Extended IP access list Prob4 10 permit ip any any time-range Prob4 (inactive) R2# R2# R2# R2# R2# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#180.40.7.2 Trying 180.40.7.2 ... % Connection refused by remote host R3# RACK9AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp ser 180.40.7.98 R2(config)#clock tim R2(config)#clock timezone EST -5 R2(config)#^Z R2# Dec 1 19:29:32.722: %SYS-5-CONFIG_I: Configured from console by console R2# R2#confi tsh access-list Extended IP access list Prob4 10 permit ip any any time-range Prob4 (active) R2# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#180.40.7.292.10.32.25480.40.7.2  Trying 180.40.7.2 ... Open R2#q [Connection to 180.40.7.2 closed by foreign host] R3# R3# RACK9AS>2 [Resuming connection 2 to r2 ... ] R2#sh run | acce    b ip access ip access-list extended Prob4 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class Prob4 in privilege level 15 no login ! ntp server 180.40.7.98 time-range Prob4 --More--   periodic weekdays 9:00 to 17:00 ! ! end R2# R2# RACK9AS>4 [Resuming connection 4 to r4 ... ] Dec R4#confi t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int atm 1/0 R4(config-if)#no ip insp R4(config-if)#no ip inspect Prob2 in  out R4(config-if)#no ip access R4(config-if)#no ip access-group Prog b2 out R4(config-if)#exit R4(config)#ip access-list ex P Dec 1 19:31:27.556: %SEC-6-IPACCESSLOGP: list Prob2 denied tcp 192.10.32.254(32169) -> 192.10.32.9(179), 1 packet R4(config)#ip access-list ex Probout5outout R4(config-ext-nacl)#do sh run int atm 1/0 Building configuration... Current configuration : 179 bytes ! interface ATM1/0 ip address 192.10.32.9 255.255.255.0 ip access-group Prob2 in ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! end R4(config-ext-nacl)#int at,   m 1/0 R4(config-if)#no ip access-group Prob2 in R4(config-if)#no ip access-group Prob2 inint atm 1/0 do sh run int atm 1/0 Building configuration... Current configuration : 153 bytes ! interface ATM1/0 ip address 192.10.32.9 255.255.255.0 ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! end R4(config-if)#do sh run int atm 1/0no ip access-group Prob2 inint atm 1/0 do sh run int atm 1/0ip access-list ex Prob5out R4(config-ext-nacl)#ip    per ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value reflect Create reflexive access list entry time-range Specify a time-range tos Match packets with given TOS value R4(config-ext-nacl)#per ip any any refl R4(config-ext-nacl)#per ip any any reflect ? WORD Access-list name R4(config-ext-nacl)#per ip any any reflect Prob5 R4(config-ext-nacl)#exit R4(config)#exitper ip any any reflect Prob5ip access-list ex Prob5out    in R4(config-ext-nacl)#per udp host 192.10.32.254 any eq ntp R4(config-ext-nacl)#ev R4(config-ext-nacl)#evaluate Prob5 R4(config-ext-nacl)#den ip any any log R4(config-ext-nacl)#int at,   m 1/0 R4(config-if)#ip access-list Prob5 out ^ % Invalid input detected at '^' marker. R4(config-if)#ip access-list Prob5 outout out out ^ % Invalid input detected at '^' marker. R4(config-if)#ip access-list Prob5out out Prob5out out  Prob5out out  Prob5out out  Prob5out out g Prob5out outr Prob5out out R4(config-if)#ip access-gr Prob5out out       in in R4(config-if)#^Z R4#sh i Dec 1 19:33:45.348: %SYS-5-CONFIG_I: Configured from console by console R4#sh ip access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list Prob2 10 permit udp host 192.10.32.254 any eq ntp (60 matches) 20 deny ip any any log (11 matches) Reflexive IP access list Prob5 Extended IP access list Prob5in 10 permit udp host 192.10.32.254 any eq ntp 20 evaluate Prob5 30 deny ip any any log Extended IP access list Prob5out 10 permit ip any any reflect Prob5 R4# R4# R4# R4# R4# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#180.40.7.292.10.32.254 Trying 192.10.32.254 ... Open CR1> RACK9AS>4 [Resuming connection 4 to r4 ... ] R4#sh ip access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list Prob2 10 permit udp host 192.10.32.254 any eq ntp (60 matches) 20 deny ip any any log (11 matches) Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.9 eq 23218 (33 matches) (time left 296) Extended IP access list Prob5in 10 permit udp host 192.10.32.254 any eq ntp 20 evaluate Prob5 30 deny ip any any log Extended IP access list Prob5out 10 permit ip any any reflect Prob5 (17 matches) R4#sh ruh |     n | b 1/0 interface ATM1/0 ip address 192.10.32.9 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob2 permit udp host 192.10.32.254 any eq ntp deny ip any any log ip access-list extended Prob5in permit udp host 192.10.32.254 any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5out permit ip any any reflect Prob5 ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 --More-- Dec 1 19:35:27.568: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(32197) -> 192.10.32.9(179), 1 packet --More--   R4# RACK9AS>1 [Resuming connection 1 to r1 ... ] R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server host ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server host 17.57.100.99 ? R1(config)#tacacs-server host 17.57.100.99 R1(config)#tacacs-server host 17.57.100.99                     k R1(config)#tacacs-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key MyKey ? LINE R1(config)#tacacs-server key MyKey   R1(config)#sh    aaa new R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication lo R1(config)#aaa authentication login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login default none R1(config)#aaa authen R1(config)#aaa authentication lo R1(config)#aaa authentication login Prob6 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 gr R1(config)#aaa authentication login Prob6 group tac R1(config)#aaa authentication login Prob6 group tacacs+ lo R1(config)#aaa authentication login Prob6 group tacacs+ local ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. none NO authentication. R1(config)#aaa authentication login Prob6 group tacacs+ local R1(config)#line vty 0 4 R1(config-line)#login atueh R1(config-line)#login atueh~     iuth    uthe R1(config-line)#login authentication Prob6 ? R1(config-line)#login authentication Prob6 R1(config-line)#^Z R1# RACK9AS>5 [Resuming connection 5 to r5 ... ] 17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1#sh privi Current privilege level is 15 R1#sh run | b line line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login authentication Prob6 ! ! end R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#no privilege level 15 R1(config-line)# R1(config-line)#^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1> R1> R1> R1> R1>q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK9AS>1 [Resuming connection 1 to r1 ... ] *M R1#sh run | b aaa aaa new-model ! ! aaa authentication login default none aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! ! ! --More--  username JoeUser privilege 5 username JB privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request tacacs-server key MyKey snmp-server community test RO ! ! ! privilege configure level 5 snmp-server community --More--  privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login authentication Prob6 ! ! end R1# R1# R1# R1# R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)#aa  a R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication user R1(config)#aaa authentication username-prompt ? WORD Text of prompt R1(config)#aaa authentication username-prompt CCIE    "CCIE Wantabe  : " R1(config)#aaa authentication username-prompt "CCIE Wantabe: "                                pas R1(config)#aaa authentication password-prompt "Ya Right: " R1(config)# RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE Wantabe: JoeUser Ya Right: R1> R1> R1>q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK9AS>1 [Resuming connection 1 to r1 ... ] R1(config)#sh r    ^Z R1#sh run *Mar 1 01:59:39.717: %SYS-5-CONFIG_I: Configured from console by console R1#sh run ~  | b aaa aaa new-model ! ! aaa authentication password-prompt "Ya Right: " aaa authentication username-prompt "CCIE Wantabe: " aaa authentication login default none aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! --More--   R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)#aa  a R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication ban R1(config)#aaa authentication banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authentication banner # Enter TEXT message. End with the character '#'. Keep out This is my router!!! # R1(config)# RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE Wantabe: JoeUser Ya Right: R1> R1> R1>q [Connection to 17.57.100.1 closed by foreign host] S5# RACK9AS>1 [Resuming connection 1 to r1 ... ] R1(config)#line vty 0 4 R1(config-line)#aaa ? % Unrecognized command R1(config-line)#aaa ? % Unrecognized command R1(config-line)#aaa ? % Unrecognized command R1(config-line)#aaa     login authen  R1(config-line)#login authentication ? WORD Use an authentication list with this name. default Use the default authentication list. R1(config-line)#login authentication Prob6 ? R1(config-line)#login authentication Prob6                            exity ^ % Invalid input detected at '^' marker. R1(config-line)#exity  R1(config)#ban R1(config)#banner ? LINE c banner-text c, where 'c' is a delimiting character exec Set EXEC process creation banner incoming Set incoming terminal line banner login Set login banner motd Set Message of the Day banner prompt-timeout Set Message for login authentication timeout slip-ppp Set Message for SLIP/PPP R1(config)#banner login % Enter TEXT message. End with the character '%'. The   is is a test... % R1(config)# R1(config)# R1(config)# RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open This is a test... CCIE Wantabe: JoeUser Ya Right: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# S5#17.57.100.1 Trying 17.57.100.1 ... Open This is a test... CCIE Wantabe: CCIE Wantabe: CCIE Wantabe: [Connection to 17.57.100.1 closed by foreign host] S5# RACK9AS>1 [Resuming connection 1 to r1 ... ] R1(config)#ex R1(config)#ex? exception exit R1(config)#ex  line vty 0 4 R1(config-line)#exec? exec exec-banner exec-character-bits exec-timeout R1(config-line)#exec  - R1(config-line)#exec-b R1(config-line)#exec-banner ? R1(config-line)#exec-banner R1(config-line)#^Z R1# RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open This is a test... CCIE Wantabe: JoeUser Ya Right: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK9AS>1 [Resuming connection 1 to r1 ... ] *Ma R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no bann loin  gin R1(config)#^Z R1# RACK9AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE Wantabe: CCIE Wantabe: CCIE Wantabe: RACK9AS>1 [Resuming connection 1 to r1 ... ] *M R1#confi gt ^ % Invalid input detected at '^' marker. R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#line vty 0 4no bann loginexec-banner nexec-banner oexec-banner  exec-banner  R1(config-line)#exiy ^ % Invalid input detected at '^' marker. R1(config-line)#exiy ^ % Invalid input detected at '^' marker. R1(config-line)#exity ^ % Invalid input detected at '^' marker. R1(config-line)#exity  R1(config)#do sh run In  | b line line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 no exec-banner login authentication Prob6 ! ! end R1(config)#line vty 0 4 R1(config-line)#line vty 0 4do sh run | b lineexit yy no exec-banner no exec-banner  exec-banner  R1(config-line)#exit R1(config)#bann login ^ Enter TEXT message. End with the character '^'. Keep out ^ R1(config)#no aaa ba R1(config)#no aaa ba  authen R1(config)#no aaa authentication ba R1(config)#no aaa authentication banner R1(config)#^Z R1#sh run | b *Mar 1 02:06:52.550: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b a bann banner login ^C Keep out ^C privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login authentication Prob6 ! ! end R1# R1# RACK9AS>3 [Resuming connection 3 to r3 ... ] [Connection to 192.10.32.254 closed by foreign host] R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#user Gero org    orge pass bosco R3(config)#user George pass bosco            auto R3(config)#user George autocommand ? LINE Command to be automatically issued after the user logs in R3(config)#user George autocommand access-enable host time 2 R3(config)#line vty 0 4 R3(config-line)#login local R3(config-line)#exit R3(config)#acce    ip access-list ex *ro   Prob9 R3(config-ext-nacl)#per udp any any eq ntp R3(config-ext-nacl)#per ospf any any R3(config-ext-nacl)#dy R3(config-ext-nacl)#dynamic ? WORD Name of a Dynamic list R3(config-ext-nacl)#dynamic Prob9 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#dynamic Prob9 tim R3(config-ext-nacl)#dynamic Prob9 timeout ? <1-9999> Maximum time to live R3(config-ext-nacl)#dynamic Prob9 timeout 60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#dynamic Prob9 timeout 60 per                              per tcp 180.40.7.128 0.0.0.31 180.40.7.129 eq telnet ^ % Invalid input detected at '^' marker. R3(config-ext-nacl)#per tcp 180.40.7.128 0.0.0.31 180.40.7.129 eq telneth180.40.7.129 eq telneto180.40.7.129 eq telnet 180.40.7.129 eq telnets180.40.7.129 eq telnett180.40.7.129 eq telnet 180.40.7.129 eq telnet180.40.7.129 eq telnet 180.40.7.129 eq telnet 180.40.7.129 eq telnet 180.40.7.129 eq telnet s180.40.7.129 eq telnett180.40.7.129 eq telnet 180.40.7.129 eq telnet R3(config-ext-nacl)#dy R3(config-ext-nacl)#dynamic ? WORD Name of a Dynamic list R3(config-ext-nacl)#dynamic Prob9  a ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#dynamic Prob9a tim R3(config-ext-nacl)#dynamic Prob9a timeout 60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#dynamic Prob9a timeout 60 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config-ext-nacl)#dynamic Prob9a timeout 60 per ip any any R3(config-ext-nacl)#den ip any any log R3(config-ext-nacl)#int fa 0/1 R3(config-if)#ip acc R3(config-if)#ip acces R3(config-if)#ip access-group Prob8 9 in R3(config-if)#^Z R3# RACK9AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK9AS>3 [Resuming connection 3 to r3 ... ] Dec 1 R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (4 matches) 20 permit ospf any any (6 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9a permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 112) 50 deny ip any any log (5 matches) R3# R3# R3# R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (4 matches) 20 permit ospf any any (9 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9a permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 91) 50 deny ip any any log (5 matches) R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (4 matches) 20 permit ospf any any (9 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9a permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 89) 50 deny ip any any log (5 matches) R3# RACK9AS>6 [Resuming connection 6 to r6 ... ] ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms S6# RACK9AS>3 [Resuming connection 3 to r3 ... ] sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (5 matches) 20 permit ospf any any (10 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9a permit ip any any permit ip host 180.40.7.130 any (10 matches) (time left 116) 50 deny ip any any log (5 matches) R3# R3# R3# R3# R3# R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip access   R3(config)#ip access-list ex R3(config)#ip access-list extended Prob9 R3(config-ext-nacl)#no 50 R3(config-ext-nacl)#50 den ip 180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#60 per ip any any R3(config-ext-nacl)#^Z R3# Dec 1 19:59:07.602: %SYS-5-CONFIG_I: Configured from console by console R3# RACK9AS>4 [Resuming connection 4 to r4 ... ] Dec R4#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms R4# Dec 1 19:59:27.632: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(32365) -> 192.10.32.9(179), 1 packet R4# R4# R4# R4# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#sh run | b user username George password 0 bosco username George autocommand access-enable host time 2 ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group Prob9 in --More--   R3#3#sh run | b user ^ % Invalid input detected at '^' marker. R3#sh run | b ip access ip access-group Prob9 in duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 --More--   no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server --More--  ! ip access-list extended Prob9 permit udp any any eq ntp permit ospf any any permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet dynamic Prob9a timeout 60 permit ip any any deny ip 180.40.7.128 0.0.0.31 any permit ip any any ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 --More--   R3# RACK9AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip access-list ex Prob10 R2(config-ext-nacl)#per tco   p any 17.57.11 -01   01.0 0.0.0.255 R2(config-ext-nacl)#exit R2(config)#ip tcp ? async-mobility Configure async-mobility chunk-size TCP chunk size intercept Enable TCP intercepting mss TCP initial maximum segment size path-mtu-discovery Enable path-MTU discovery on new TCP connections queuemax Maximum queue of outgoing TCP packets selective-ack Enable TCP selective-ACK synwait-time Set time to wait on new TCP connections timestamp Enable TCP timestamp option window-size TCP window size R2(config)#ip tcp in R2(config)#ip tcp intercept ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp intercept list ? <100-199> Extended access list number for intercept WORD Access list name for intercept R2(config)#ip tcp intercept list Prob10 ? R2(config)#ip tcp intercept list Prob10 R2(config)#ip tcp        do sh ip tcp inter sh ip tcp inter ^ % Invalid input detected at '^' marker. R2(config)#^Z R2#sh ip Dec 1 20:02:38.497: %SYS-5-CONFIG_I: Configured from console by console R2#sh ip     t  tcp ? <0-70> Line number aux Auxiliary line brief Brief display console Primary terminal line intercept Intercept display statistics TCP protocol statistics tcb TCB address tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems | Output modifiers R2#sh tcp int R2#sh tcp intercept ? connections Connection information statistics Statistics R2#sh tcp intercept sta Intercepting new connections using access-list Prob10 0 incomplete, 0 established connections (total 0) 0 connection requests per minute R2#sh tcp intercept sta ? | Output modifiers R2#sh tcp intercept sta     con R2#sh tcp intercept connections ? | Output modifiers R2#sh tcp intercept connections Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode R2#sh ruh   n | i   b ip tcp ip tcp intercept list Prob10 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! --More--  ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 --More--   ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! --More--  interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! ip access-list extended Prob10 permit tcp any 17.57.101.0 0.0.0.255 ip access-list extended Prob4 permit ip any any time-range Prob4 ! ! --More--   R2#