=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.02.24 11:08:54 =~=~=~=~=~=~=~=~=~=~=~= R7 con0 is now available Press RETURN to get started. RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#9 192.10.32.254 Trying 192.10.32.254 ... Open CR1>ping ? WORD Ping destination address or hostname apollo Apollo echo appletalk Appletalk echo clns CLNS echo decnet DECnet echo ip IP echo ipx Novell/IPX echo srb srb echo tag Tag encapsulated IP echo vines Vines echo xns XNS echo CR1>ping      q [Connection to 192.10.32.254 closed by foreign host] R4#CONFIG        sh clock *02:02:56.575 UTC Mon Mar 1 1993 R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp ser 192.10.32.254 R4(config)#^Z R4#config tsh clock *02:03:13.643 UTC Mon Mar 1 1993 R4# *Mar 1 02:03:11.859: %SYS-5-CONFIG_I: Configured from console by console R4#sh clock *02:03:16.283 UTC Mon Mar 1 1993 R4#sh clock *02:03:17.363 UTC Mon Mar 1 1993 R4#sh clock *02:03:18.151 UTC Mon Mar 1 1993 R4#sh clock .20:57:04.939 UTC Fri Feb 24 2006 R4# R4# R4# R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp auth R4(config)#ntp authenticati R4(config)#ntp authentication-key ? <1-4294967295> Key number R4(config)#ntp authentication-key 1 ? md5 MD5 authentication R4(config)#ntp authentication-key 1 md R4(config)#ntp authentication-key 1 md5 ? WORD Authentication key R4(config)#ntp authentication-key 1 md5 MyK Y tIME    Time R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp ^Z % Incomplete command. R4# Feb 24 20:58:06.143: %SYS-5-CONFIG_I: Configured from console by console R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#confifg t ^ % Invalid input detected at '^' marker. R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp aut R3(config)#ntp authenticati R3(config)#ntp authentication-key 1 MyTime ^ % Invalid input detected at '^' marker. R3(config)#ntp authentication-key 1 MyTimenMyTimeMyTime kMyTimeMyTime mMyTime MyTime R3(config)#ntp serv R3(config)#ntp server 180.40.7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp server 180.40.7.98 key ? <0-4294967295> Peer key number R3(config)#ntp server 180.40.7.98 key 1 ? prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp server 180.40.7.98 key 1 R3(config)#do sh ntp asss sh ntp asss ^ % Invalid input detected at '^' marker. R3(config)#do sh ntp asss  address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 1 4.1 -0.11 15875. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 7 4.1 -0.11 3875.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 17 4.1 0.05 1875.2 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3(config)#do sh ntp ass ^Z R3#sh Feb 24 20:59:06.631: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ? associations NTP associations status NTP status R3#sh ntp sta ? | Output modifiers R3#sh ntp sta Clock is synchronized, stratum 6, reference is 180.40.7.98 nominal freq is 249.5901 Hz, actual freq is 249.5901 Hz, precision is 2**18 reference time is C7A9F21F.7592A5B2 (20:59:11.459 UTC Fri Feb 24 2006) clock offset is 0.1542 msec, root delay is 112.85 msec root dispersion is 77.50 msec, peer dispersion is 0.08 msec R3# R3# R3# R3# R3# R3#sh ntp sta     ass ? detail Show detail | Output modifiers R3#sh ntp ass det 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7A9F1EF.75F1A227 (20:58:23.460 UTC Fri Feb 24 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 108.80 msec, root disp 77.27, reach 377, sync dist 133.743 delay 4.06 msec, offset 0.1435 msec, dispersion 0.05 precision 2**18, version 3 org time C7A9F221.743D0301 (20:59:13.454 UTC Fri Feb 24 2006) rcv time C7A9F221.74B8E528 (20:59:13.455 UTC Fri Feb 24 2006) xmt time C7A9F221.7390F907 (20:59:13.451 UTC Fri Feb 24 2006) filtdelay = 4.06 4.07 4.06 4.06 4.38 4.03 4.10 4.09 filtoffset = 0.14 0.10 0.15 0.11 -0.13 0.08 0.12 0.06 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3#q deb ntp ? adjust NTP clock adjustments authentication NTP authentication events NTP events loopfilter NTP loop filter packets NTP packets params NTP clock parameters refclock NTP reference clocks select NTP clock selection sync NTP clock synchronization validity NTP peer clock validity R3#deb ntp auth NTP authentication debugging is on R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#do sh ntp asssntp server 180.40.7.98 key 1 nntp server 180.40.7.98 key 1 ontp server 180.40.7.98 key 1  ntp server 180.40.7.98 key 1  R3(config)#no ntp server 180.40.7.98 key 1 do sh ntp ass sntp server 180.40.7.98 key 1 R3(config)#deb ntp eve ^ % Invalid input detected at '^' marker. R3(config)# .Feb 24 21:00:11.454: Authentication key 1 R3(config)#deb ntp eve Feb 24 21:00:12.467: Authentication key 1 Feb 24 21:00:13.453: Authentication key 1 R3(config)#deb ntp eve  Feb 24 21:00:14.455: Authentication key 1 Feb 24 21:00:15.452: Authentication key 1 R3(config)# Feb 24 21:00:16.454: Authentication key 1 Feb 24 21:00:17.456: Authentication key 1 R3(config)# Feb 24 21:00:18.453: Authentication key 1 Feb 24 21:00:19.455: Authentication key 1 R3(config)# Feb 24 21:00:20.453: Authentication key 1 Feb 24 21:00:21.454: Authentication key 1 R3(config)#do u all All possible debugging has been turned off R3(config)# Feb 24 21:00:22.456: Authentication key 1 Feb 24 21:00:23.453: Authentication key 1 R3(config)#^Z R3# Feb 24 21:00:24.968: %SYS-5-CONFIG_I: Configured from console by console R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp authentication-key 1 md5 MyTimemntp authentication-key 1 md5 MyTimenntp authentication-key 1 md5 MyTimetp authentication-key 1 md5 MyTime ntp authentication-key 1 md5 MyTime nntp authentication-key 1 md5 MyTimeontp authentication-key 1 md5 MyTime ntp authentication-key 1 md5 MyTime R4(config)# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#do u alleb ntp eventp server 180.40.7.98 key 1 nntp server 180.40.7.98 key 1 ontp server 180.40.7.98 key 1  ntp server 180.40.7.98 key 1  R3(config)#do deb ntp ev NTP events debugging is on R3(config)#do deb ntp ev  authen NTP authentication debugging is on R3(config)#do deb ntp authenev no ntp server 180.40.7.98 key 1 do u all eb ntp eventp server 180.40.7.98 key 1 R3(config)# .Feb 24 21:01:21.453: NTP: 180.40.7.98 reachable Feb 24 21:01:21.453: NTP: sync change Feb 24 21:01:21.453: NTP: peer stratum change R3(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 377 4.0 2.19 0.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3(config)#do sh ntp ass det 180.40.7.98 configured, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7A9F2AF.769127C1 (21:01:35.463 UTC Fri Feb 24 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 108.54 msec, root disp 78.61, reach 377, sync dist 134.949 delay 3.97 msec, offset 2.1925 msec, dispersion 0.09 precision 2**18, version 3 org time C7A9F2B0.74677B11 (21:01:36.454 UTC Fri Feb 24 2006) rcv time C7A9F2B0.74768414 (21:01:36.454 UTC Fri Feb 24 2006) xmt time C7A9F2B0.733AAFB4 (21:01:36.450 UTC Fri Feb 24 2006) filtdelay = 4.56 4.07 4.03 3.97 4.12 4.10 4.17 4.14 filtoffset = 2.05 2.27 2.18 2.19 2.23 2.22 2.14 2.06 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3(config)# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4(config)#no ntp authentication-key 1 md5 MyTimetp authentication-key 1 md5 MyTime R4(config)#^Z R4# Feb 24 21:02:07.823: %SYS-5-CONFIG_I: Configured from console by console R4#^x3 % Unknown command or computer name, or unable to find computer address R4# R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3(config)#do sh ntp ass det ntp server 180.40.7.98 key 1 do deb ntp authen ntp server 180.40.7.98 key 1 nntp server 180.40.7.98 key 1 ontp server 180.40.7.98 key 1  ntp server 180.40.7.98 key 1  R3(config)#no ntp server 180.40.7.98 key 1 do sh ntp ass det  ntp server 180.40.7.98 key 1 do deb ntp authen ev no ntp server 180.40.7.98 key 1 do u all eb ntp eventp server 180.40.7.98 key 1 o ntp server 180.40.7.98 key 1 do sh ntp ass sntp server 180.40.7.98 key 1 authentication-key 1 m MyTimenntp authentication-key 1 m MyTimeontp authentication-key 1 m MyTime ntp authentication-key 1 m MyTime R3(config)#do shg    deb NTP: NTP events debugging is on NTP authentication debugging is on R3(config)#do sh debno ntp authentication-key 1 m MyTimeserver 180.40.7.98 key 1 do sh ntp ass det  ntp server 180.40.7.98 key 1         R3(config)# .Feb 24 21:02:56.453: NTP: 180.40.7.98 reachable Feb 24 21:02:56.453: NTP: sync change Feb 24 21:02:56.457: NTP: peer stratum change R3(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 5 64 377 4.2 3.56 0.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3(config)#do sh ntp ass det 180.40.7.98 configured, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7A9F2EF.7626BA4E (21:02:39.461 UTC Fri Feb 24 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 107.47 msec, root disp 67.21, reach 377, sync dist 123.108 delay 4.15 msec, offset 3.5564 msec, dispersion 0.09 precision 2**18, version 3 org time C7A9F30F.74BA1F5E (21:03:11.455 UTC Fri Feb 24 2006) rcv time C7A9F30F.74600125 (21:03:11.454 UTC Fri Feb 24 2006) xmt time C7A9F30F.733B2AD2 (21:03:11.450 UTC Fri Feb 24 2006) filtdelay = 4.35 4.15 4.17 4.15 4.20 4.32 4.41 4.33 filtoffset = 3.55 3.56 3.49 3.51 3.54 3.46 3.42 3.28 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3(config)#do sh ntp ass det ntp server 180.40.7.98do sh deb no ntp authentication-key 1 m MyTimeno ntp authentication-key 1 m MyTime ntp authentication-key 1 m MyTime tp authentication-key 1 m MyTime  R3(config)#ntp authentication-key 1 m MyTimedo sh ntp ass det  ntp server 180.40.7.98 key 1 R3(config)#^Z R3# Feb 24 21:03:46.335: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ass det 180.40.7.98 configured, our_master, sane, valid, stratum 16 ref ID 192.10.32.254, time C7A9F2EF.7626BA4E (21:02:39.461 UTC Fri Feb 24 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 107.47 msec, root disp 67.21, reach 377, sync dist 123.108 delay 4.15 msec, offset 3.5564 msec, dispersion 0.09 precision 2**18, version 3 org time C7A9F30F.74BA1F5E (21:03:11.455 UTC Fri Feb 24 2006) rcv time C7A9F30F.74600125 (21:03:11.454 UTC Fri Feb 24 2006) xmt time C7A9F30F.733B2AD2 (21:03:11.450 UTC Fri Feb 24 2006) filtdelay = 4.35 4.15 4.17 4.15 4.20 4.32 4.41 4.33 filtoffset = 3.55 3.56 3.49 3.51 3.54 3.46 3.42 3.28 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3#q config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)# R3(config)#ntp server 180.40.7.98 key 1authentication-key 1 m MyTimeserver 180.40.7.98 key 1 nntp server 180.40.7.98 key 1ontp server 180.40.7.98 key 1 ntp server 180.40.7.98 key 1 R3(config)# .Feb 24 21:04:15.467: Authentication key 1 R3(config)#no ntp server 180.40.7.98 key 1tp server 180.40.7.98 key 1 authentication-key 1 m MyTimeserver 180.40.7.98 key 1  R3(config)#^Z R3# .Feb 24 21:04:21.569: %SYS-5-CONFIG_I: Configured from console by console R3# .Feb 24 21:04:26.457: Authentication key 1 .Feb 24 21:04:26.457: NTP: 180.40.7.98 reachable Feb 24 21:04:26.457: NTP: sync change Feb 24 21:04:26.457: NTP: peer stratum change Feb 24 21:04:27.455: Authentication key 1 R3# Feb 24 21:04:28.456: Authentication key 1 Feb 24 21:04:29.454: Authentication key 1 R3# Feb 24 21:04:30.456: Authentication key 1 Feb 24 21:04:31.457: Authentication key 1 R3# Feb 24 21:04:32.455: Authentication key 1 Feb 24 21:04:33.457: Authentication key 1 R3#u all All possible debugging has been turned off R3# Feb 24 21:04:34.454: Authentication key 1 R3#sh clock 21:04:51.190 UTC Fri Feb 24 2006 R3#sh run | b i ntp ntp authentication-key 1 md5 0722387847041C 7 ntp clock-period 17208079 ntp server 180.40.7.98 key 1 R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#sh run | i ntp ntp authentication-key 1 md5 04761232062C49 7 ntp clock-period 17179871 ntp server 192.10.32.254 R4# R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#access-list             do sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 20 permit 17.0.0.0, wildcard bits 0.255.255.255 R4(config)#config t        access-list 100 per udp any any eq ntp R4(config)#access-list 100 den ip any na  any log R4(config)#ip in R4(config)#ip inspect ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip inspect tcp ? block-non-session Block non-session TCP traffic finwait-time Specify timeout for TCP connections after a FIN idle-time Specify idle timeout for tcp connections max-incomplete Specify max half-open connection per host synwait-time Specify timeout for TCP connections after a SYN and no further data R4(config)#ip inspect tcp     name ? WORD Name of inspection defined R4(config)#ip inspect name Prob2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 tcp R4(config)#ip inspect name Prob2 tcp     udp R4(config)#ip inspect name Prob2 udp   h3232 ^ % Invalid input detected at '^' marker. R4(config)#ip inspect name Prob2 h3232 ip inspect name Prob2 h3232  R4(config)#ip inspect name Prob2 h323    icmp R4(config)#int fa 0/0 R4(config-if)#ip in R4(config-if)#ip ins R4(config-if)#ip inspect ? WORD Name of inspection defined R4(config-if)#ip inspect Prob2 ? in Inbound inspection out Outbound inspection R4(config-if)#ip inspect Prob2 in R4(config-if)#^Z R4# Feb 24 21:10:11.138: %SYS-5-CONFIG_I: Configured from console by console R4#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 17.0.0.0/24 is subnetted, 2 subnets O 17.57.100.0 [110/793] via 180.40.7.97, 02:11:07, FastEthernet0/0 O 17.57.101.0 [110/784] via 180.40.7.97, 02:11:07, FastEthernet0/0 C 192.10.32.0/24 is directly connected, ATM1/0 180.40.0.0/16 is variably subnetted, 6 subnets, 2 masks O 180.40.7.128/27 [110/2] via 180.40.7.97, 02:11:07, FastEthernet0/0 O 180.40.7.0/27 [110/783] via 180.40.7.97, 02:11:07, FastEthernet0/0 O 180.40.7.35/32 [110/783] via 180.40.7.97, 02:11:07, FastEthernet0/0 O 180.40.7.34/32 [110/783] via 180.40.7.97, 02:11:08, FastEthernet0/0 O 180.40.7.33/32 [110/2] via 180.40.7.97, 02:11:08, FastEthernet0/0 C 180.40.7.96/27 is directly connected, FastEthernet0/0 R4#   RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 17.0.0.0/24 is subnetted, 2 subnets O 17.57.100.0 [110/791] via 180.40.7.34, 02:11:19, Serial1/0 O 17.57.101.0 [110/782] via 180.40.7.2, 02:11:19, Serial1/2 [110/782] via 180.40.7.35, 02:11:19, Serial1/0 O 192.10.32.0/24 [110/3] via 180.40.7.130, 02:11:19, FastEthernet0/1 180.40.0.0/16 is variably subnetted, 6 subnets, 2 masks C 180.40.7.128/27 is directly connected, FastEthernet0/1 C 180.40.7.0/27 is directly connected, Serial1/2 O 180.40.7.35/32 [110/781] via 180.40.7.2, 02:11:21, Serial1/2 [110/781] via 180.40.7.35, 02:11:21, Serial1/0 O 180.40.7.34/32 [110/781] via 180.40.7.34, 02:11:21, Serial1/0 C 180.40.7.32/27 is directly connected, Serial1/0 O 180.40.7.96/27 [110/2] via 180.40.7.130, 02:11:21, FastEthernet0/1 R3#  telnet      192.10.32.1 254 Trying 192.10.32.254 ... Open CR1> RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp 20 deny ip any any log R4# R4# R4# R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int atm 0. /1 ^ % Invalid input detected at '^' marker. R4(config)#int atm 0/1   1/0 R4(config-if)#ip acc R4(config-if)#ip accc R4(config-if)#ip accc es R4(config-if)#ip access-group 100 in R4(config-if)#^Z R4# Feb 24 21:11:30.663: %SYS-5-CONFIG_I: Configured from console by console R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1> RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#config tsh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 permit tcp host 192.10.32.254 eq telnet host 192.10.32.13 eq 36963 (7 matches) 10 permit udp any any eq ntp 20 deny ip any any log R4# R4# R4# R4# R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int fa 0/0 R4(config-if)#int fa 0/0p access-group 100 innt atm 1/0 0/1p inspect Prob2 innip inspect Prob2 inoip inspect Prob2 in ip inspect Prob2 in R4(config-if)#int atm 1/09  R4(config-if)#int atm 1/0no ip inspect Prob2 inint fa 0/0 no ip inspect Prob2 in  out Feb 24 21:12:44.956: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(35728) -> 192.10.32.13(179), 1 packet R4(config-if)#no ip inspect Prob2 outno ip inspect Prob2 out  ip inspect Prob2 out  R4(config-if)# RACK13AS>3 [Resuming connection 3 to r3 ... ] 192.10.32.254 Trying 192.10.32.254 ... Open CR1> RACK13AS>4 [Resuming connection 4 to r4 ... ] R4(config-if)#^Z R4#sh Feb 24 21:12:58.336: %SYS-5-CONFIG_I: Configured from console by console R4#sh aconfig tsh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (3 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 permit tcp host 192.10.32.254 eq telnet host 192.10.32.13 eq 42109 (8 matches) 10 permit udp any any eq ntp (3 matches) 20 deny ip any any log (1 match) R4#192.10.32.254 Trying 192.10.32.254 ... Feb 24 21:14:08.320: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(23) -> 192.10.32.13(54578), 1 packet % Connection reset by user R4#p[  ping 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: Feb 24 21:14:33.865: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 192.10.32.254 -> 192.10.32.13 (0/0), 1 packet.. Success rate is 0 percent (0/2) R4#xping 192.10.32.254 sou 180.40.7.98 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: Packet sent with a source address of 180.40.7.98 Feb 24 21:14:44.965: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(35740) -> 192.10.32.13(179), 1 packet..... Success rate is 0 percent (0/5) R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#route     ^Z R4# Feb 24 21:15:38.497: %SYS-5-CONFIG_I: Configured from console by console R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3# R3# R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] Feb R4# Feb 24 21:16:44.970: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(35752) -> 192.10.32.13(179), 1 packet R4#sh run | b ip in ip inspect name Prob2 tcp ip inspect name Prob2 udp ip inspect name Prob2 h323 ip inspect name Prob2 icmp ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 --More--   ip address 180.40.7.98 255.255.255.224 ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.13 255.255.255.0 ip access-group 100 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless --More--  ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 04761232062C49 7 --More--   R4# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#priv R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   controller Controller configuration mode dhcp DHCP pool configuration mode enum_rule enum configuration mode ephone ephone configuration mode ephone-dn ephone-dn configuration mode exec Exec mode filterserver AAA filter server definitions flow-cache Flow aggregation cache config mode fr-fr FR/FR connection configuration mode frf5 FR/ATM Network IWF configuration mode frf8 FR/ATM Service IWF configuration mode gateway Gateway configuration mode gw-accounting-aaa Gateway accounting aaa configuration mode interface Interface configuration mode interface-dlci Frame Relay dlci configuration mode interface-range Interface range configuration mode ip-explicit-path IP explicit path configuration mode ip-vrf Configure IP VRF parameters ipenacl IP named extended access-list configuration mode ipsnacl IP named simple access-list configuration mode ipv6-router IPv6 router configuration mode ipv6acl IPv6 access-list configuration mode ipx-router IPX router configuration mode --More--   R1(config)#privilege exec ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege exec level 5 ? LINE Initial keywords of the command to modify R1(config)#privilege exec level 5 ? LINE Initial keywords of the command to modify R1(config)#privilege exec level 5 conf t R1(config)#do sh run | i privi privilege exec level 5 configure terminal privilege exec level 5 configure privilege level 15 R1(config)#do sh run | i privi     privilege exec level 5 conf t      sh run R1(config)#privilege exec level 5 sh rundo sh run | i privi  privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1(config)#do sh run | i priviprivilege exec level 5 sh run                   con R1(config)#privilege conf R1(config)#privilege config R1(config)#privilege config? config-rtr-http-rr configure R1(config)#privilege configu R1(config)#privilege configure ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege configure level 5                             sn R1(config)#snm R1(config)#snmp? snmp snmp-server R1(config)#snmp- R1(config)#snmp-server  ? chassis-id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact drop Silently drop SNMP packets enable Enable SNMP Traps or Informs engineID Configure a local or remote SNMPv3 engineID group Define a User Security Model group host Specify hosts to receive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options location Text for mib object sysLocation manager Modify SNMP manager parameters packetsize Largest SNMP packet size queue-length Message queue length for each TRAP host source-interface Assign an source interface system-shutdown Enable use of the SNMP reload command tftp-server-list Limit TFTP servers used via SNMP trap SNMP trap options trap-source Assign an interface for the source address of all traps trap-timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv2 MIB view --More--   R1(config)#snmp-server om  com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community WORD ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string view Restrict this community to a named MIB view R1(config)#snmp-server community WORD R1(config)#privi confg iug  gu ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privi configu lvel 5 ? % Unrecognized command R1(config)#privi configu lvel 5 evel 5 vel 5 ? LINE Initial keywords of the command to modify R1(config)#privi configu level 5 snmp-server community WORD R1(config)#privi configu level 5 snmp-server community WORDsnmp-server community WORD do sh run | i privi  privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1(config)#no privilege configure level 5 snmp-server community R1(config)#no privilege configure level 5 snmp-server R1(config)#no privilege configure level 5 snmp-server communitydo sh run | i privi privi configu level 5 snmp-server community WORD      R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.    RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#user jb pass cisco ? LINE R1(config)#user jb pass cisco            priv R1(config)#user jb privilege ? <0-15> User privilege level R1(config)#user jb privilege 16 5 pass cisco R1(config)#user JoeUser priv 5 pass cisco R1(config)#line vty 0 4 R1(config-line)#logiu n local R1(config-line)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh privi Current privilege level is 5 R1#confifg t         ? Exec commands: <1-99> Session number to resume access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface clear Reset functions configure Enter configuration mode connect Open a terminal connection disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lock Lock the terminal login Log in as a particular user logout Exit from the EXEC modemui Start a modem-like user interface mrinfo Request neighbor and version information from a multicast router mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection pad Open a X.29 PAD connection --More--   ping Send echo messages ppp Start IETF Point-to-Point Protocol (PPP) resume Resume an active network connection rlogin Open an rlogin connection show Show running system information slip Start Serial-line IP (SLIP) systat Display information about terminal lines tclquit Quit Tool Command Language shell telnet Open a telnet connection terminal Set terminal line parameters tn3270 Open a tn3270 connection traceroute Trace route to destination tunnel Open a tunnel connection udptn Open an udptn connection where List active connections x28 Become an X.28 PAD x3 Set X.3 parameters on PAD R1# config ? terminal Configure from the terminal R1# config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#snm R1(config)#snmp-server ? community Enable SNMP; set community string and access privs R1(config)#snmp-server com ? WORD SNMP community string R1(config)#snmp-server com test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server com test                      ^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] *M R1(config-line)#login localine vty 0 4user JoeUser priv 5 pass ciscojb privilege 15 pass ciscoprivi configu level 5 snmp-server community WORD R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp-server cxo  om R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server community test                             RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#do sh run | i privi username jb privilege 15 password 0 cisco username JoeUser privilege 5 password 0 cisco privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1(config)#no privilege configure level 5 snmp-server community R1(config)#no privilege configure level 5 snmp-server communitydo sh run | i privi privi configu level 5 snmp-server community WORD rw R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] R1(config)# R1(config)# R1(config)#snm R1(config)#snmp-server com R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test rw ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server community test rw     RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#privi configu level 5 snmp-server community WORD rwno privilege configure level 5 snmp-server communitydo sh run | i privi  username jb privilege 15 password 0 cisco username JoeUser privilege 5 password 0 cisco privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] R1(config)#snmp-server community test R1(config)#^Z R1#sh run Building configuration... Current configuration : 113 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! snmp-server community WORD RO snmp-server community test RO ! end R1# R1# R1# R1# R1# RACK13AS>1 [Resuming connection 1 to r1 ... ] *Ma R1(config)#privi e config ? % Ambiguous command: "privi config " R1(config)#privi config l          R1(config)#privilege config  u level 5 inter R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] sh run Building configuration... Current configuration : 244 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! interface Ethernet0/0 ! interface Serial0/0 ! interface Serial0/0.1 point-to-point ! interface Ethernet0/1 ! interface Serial0/1 ! snmp-server community WORD RO snmp-server community test RO ! --More--  end R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#privilege configu level 5 internprivilege configu level 5 interoprivilege configu level 5 inter privilege configu level 5 inter R1(config)#^Z R1# *Mar 1 02:31:58.206: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | u b u R1#sh run | b u   Building configuration... Current configuration : 1317 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! memory-size iomem 10 no aaa new-model ip subnet-zero ! ! no ip domain lookup ! ip cef ! --More--  ! ! ! ! ! ! ! ! ! ! username jb privilege 15 password 0 cisco username JoeUser privilege 5 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay --More--  ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! --More--  ! ! snmp-server community WORD RO snmp-server community test RO ! ! ! privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local ! ! --More--   R1# RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp     do sh clock *02:32:22.281 UTC Mon Mar 1 1993 R2(config)#tim R2(config)#time-range ? WORD Time range name R2(config)#time-range Prob4 R2(config-time-range)#per R2(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#periodic we R2(config-time-range)#periodic we  di R2(config-time-range)#periodic di ai R2(config-time-range)#periodic daily ? hh:mm Starting time R2(config-time-range)#periodic daily 8":  :30 ? to ending day and time R2(config-time-range)#periodic daily 8:30 to ? hh:mm Ending time - stays valid until beginning of next minute R2(config-time-range)#periodic daily 8:30 to 21:00 ? R2(config-time-range)#periodic daily 8:30 to 21:00 R2(config-time-range)#exit R2(config)#access-list 100 ip any any ? % Unrecognized command R2(config)#access-list 100 ip any any  pip any any eip any any rip any any  ip any any ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R2(config)#access-list 100 per ip any any tim R2(config)#access-list 100 per ip any any time-range Prob4 ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value tos Match packets with given TOS value R2(config)#access-list 100 per ip any any time-range Prob4   R2(config)#line vty 0 4 R2(config-line)#acc R2(config-line)#access-class 100 in R2(config-line)#^Z R2#sh *Mar 1 02:34:35.576: %SYS-5-CONFIG_I: Configured from console by console R2#sh clock *02:34:38.777 UTC Mon Mar 1 1993 R2#sh acces-li   s-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2# R2# R2# R2# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.101.1 Trying 17.57.101.1 ... % Connection refused by remote host S5# RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp ser 180.409.  .7.98 R2(config)#^Z R2# *Mar 1 02:35:13.762: %SYS-5-CONFIG_I: Configured from console by console R2#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 1 38.1 0.18 15875. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp assconfig t sh access-listclock  21:31:37.243 UTC Fri Feb 24 2006 R2#sh clock config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#tim R2(config)#time-range            clo R2(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R2(config)#clock tim ? WORD name of time zone R2(config)#clock tim PS  T ? <-23 - 23> Hours offset from UTC R2(config)#clock tim PST -8 R2(config)#^Z R2#config t Feb 24 21:32:00.264: %SYS-5-CONFIG_I: Configured from console by console R2#config tsh clock 13:32:02.172 PST Fri Feb 24 2006 R2#sh clockconfig tsh clockntp assconfig t sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.101.1 Trying 17.57.101.1 ... Open R2#q [Connection to 17.57.101.1 closed by foreign host] S5# RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#sh run | b access R2#sh run | b access    access-list 100 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp server 180.40.7.98 time-range Prob4 periodic daily 8:30 to 21:00 ! --More--  ! end R2#config t R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#tim R2(config)#time-range test R2(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit Exit from time-range configuration mode no Negate a command or set its defaults periodic periodic time and date R2(config-time-range)#ab R2(config-time-range)#absolute ? end ending time and date start starting time and date R2(config-time-range)#absolute en R2(config-time-range)#absolute end ? hh:mm Ending time - stays valid until beginning of next minute R2(config-time-range)#absolute end              ab R2(config-time-range)#absolute ? end ending time and date start starting time and date R2(config-time-range)#absolute st ? hh:mm Starting time R2(config-time-range)#absolute st 8:00 ? <1-31> Day of the month R2(config-time-range)#absolute st 8:00 13 ? MONTH Month of the year [eg: Jan for January, Jun for June] R2(config-time-range)#absolute st 8:00 13 fe ? % Unrecognized command R2(config-time-range)#absolute st 8:00 13 fe  b ? <1993-2035> Year R2(config-time-range)#absolute st 8:00 13 feb 2006 ? end ending time and date R2(config-time-range)#absolute st 8:00 13 feb 2006 end ? hh:mm Ending time - stays valid until beginning of next minute R2(config-time-range)#absolute st 8:00 13 feb 2006 end 21:00 ? <1-31> Day of the month R2(config-time-range)#absolute st 8:00 13 feb 2006 end 21:00 28 feb 2006 R2(config-time-range)#per R2(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#periodic we R2(config-time-range)#periodic week R2(config-time-range)#periodic weekb d R2(config-time-range)#periodic weekdays ? hh:mm Starting time R2(config-time-range)#periodic weekdays 8:00 to 21:00 R2(config-time-range)#do sh run | b time service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! clock timezone PST -8 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! --More--  ! --More--  ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 --More--   no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 --More--   ip address 180.40.7.2 255.255.255.224 clock rate 64000 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! --More--  router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 --More--  line vty 0 4 access-class 100 in privilege level 15 no login ! ntp clock-period 17208081 ntp server 180.40.7.98 time-range Prob4 periodic daily 8:30 to 21:00 ! time-range test absolute start 08:00 13 February 2006 end 21:00 28 February 2006 periodic weekdays 8:00 to 21:00 ! ! end R2(config-time-range)#^Z R2# Feb 24 21:36:28.947: %SYS-5-CONFIG_I: Configured from console by console R2# RACK13AS>4 [Resuming connection 4 to r4 ... ] Feb R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int atm 1/0 R4(config-if)#int atm 1/0 ip inspect Prob2 outn ip inspect Prob2 outo ip inspect Prob2 out ip inspect Prob2 out R4(config-if)#no access-list 100 R4(config)#no access-list 100 ip inspect Prob2 outint atm 1/0  R4(config-if)#no ip access-gr R4(config-if)#no ip access-group % Incomplete command. R4(config-if)#no ip access-group 100 in R4(config-if)#exit R4(config)#ip access R4(config)#ip access-list ex R4(config)#ip access-list extended Prob5in    out ? R4(config)#ip access-list extended Prob5out R4(config-ext-nacl)#? Ext Access List configuration commands: <1-2147483647> Sequence Number default Set a command to its defaults deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs evaluate Evaluate an access list exit Exit from access-list configuration mode no Negate a command or set its defaults permit Specify packets to forward remark Access list entry comment R4(config-ext-nacl)#per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R4(config-ext-nacl)#per ip      tcp ? A.B.C.D Source address any Any source host host A single source host R4(config-ext-nacl)#per tcp any any ? ack Match on the ACK bit dscp Match packets with given dscp value eq Match only packets on a given port number established Match established connections fin Match on the FIN bit fragments Check non-initial fragments gt Match only packets with a greater port number log Log matches against this entry log-input Log matches against this entry, including input interface lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value psh Match on the PSH bit range Match only packets in the range of port numbers reflect Create reflexive access list entry rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit R4(config-ext-nacl)#per tcp any any ref ? WORD Access-list name R4(config-ext-nacl)#per tcp any any ref Prob5 ? timeout Maximum time for Reflexive ACL to live R4(config-ext-nacl)#per tcp any any ref Prob5   R4(config-ext-nacl)#per tcp any any ref Prob5 per tcp any any ref Prob5p any any ref Prob5  any any ref Prob5  any any ref Prob5 u any any ref Prob5d any any ref Prob5p any any ref Prob5 R4(config-ext-nacl)#per icmp any any ? <0-255> ICMP message type administratively-prohibited Administratively prohibited alternate-address Alternate address conversion-error Datagram conversion dod-host-prohibited Host prohibited dod-net-prohibited Net prohibited dscp Match packets with given dscp value echo Echo (ping) echo-reply Echo reply fragments Check non-initial fragments general-parameter-problem Parameter problem host-isolated Host isolated host-precedence-unreachable Host unreachable for precedence host-redirect Host redirect host-tos-redirect Host redirect for TOS host-tos-unreachable Host unreachable for TOS host-unknown Host unknown host-unreachable Host unreachable information-reply Information replies information-request Information requests log Log matches against this entry log-input Log matches against this entry, including input --More--   interface mask-reply Mask replies mask-request Mask requests mobile-redirect Mobile host redirect net-redirect Network redirect net-tos-redirect Net redirect for TOS net-tos-unreachable Network unreachable for TOS net-unreachable Net unreachable network-unknown Network unknown no-room-for-option Parameter required but no room option-missing Parameter required but not present packet-too-big Fragmentation needed and DF set parameter-problem All parameter problems port-unreachable Port unreachable precedence Match packets with given precedence value precedence-unreachable Precedence cutoff protocol-unreachable Protocol unreachable reassembly-timeout Reassembly timeout redirect All redirects reflect Create reflexive access list entry router-advertisement Router discovery advertisements router-solicitation Router discovery solicitations source-quench Source quenches --More--   R4(config-ext-nacl)#per icmp any any ref R4(config-ext-nacl)#per icmp any any reflect ? WORD Access-list name R4(config-ext-nacl)#per icmp any any reflect Prob5 R4(config-ext-nacl)#exit R4(config)#exitper icmp any any reflect Prob5udp any any ref Prob5 tcp any any ref Prob5ip access-list extended Prob5out per tcp any any ref Prob5 ip access-list extended Prob5out     in R4(config-ext-nacl)#per udp any n any n eq ntp R4(config-ext-nacl)#p ev R4(config-ext-nacl)#evaluate ? WORD IP reflexive access list name R4(config-ext-nacl)#evaluate Prob5 R4(config-ext-nacl)#den ip any any log R4(config-ext-nacl)#int a t  t, 1   m 1/0 R4(config-if)#ip access R4(config-if)#ip access-group Prob5out out R4(config-if)#ip access-group Prob5out outt~        in in R4(config-if)#^Z R4# Feb 24 21:41:13.530: %SYS-5-CONFIG_I: Configured from console by console R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1> RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (5 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.13 eq 55462 (33 matches) (time left 294) Extended IP access list Prob5in 10 permit udp any any eq ntp 20 evaluate Prob5 30 deny ip any any log Extended IP access list Prob5out 10 permit tcp any any reflect Prob5 (17 matches) 20 permit udp any any reflect Prob5 30 permit icmp any any reflect Prob5 R4#sh run | b ATM interface ATM1/0 ip address 192.10.32.13 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob5in permit udp any any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5out permit tcp any any reflect Prob5 permit udp any any reflect Prob5 permit icmp any any reflect Prob5 ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login --More--   R4# Feb 24 21:42:45.043: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(35908) -> 192.10.32.13(179), 1 packet R4#sh run | b ATMaccess-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (5 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.13 eq 55462 (33 matches) (time left 180) Extended IP access list Prob5in 10 permit udp any any eq ntp (6 matches) 20 evaluate Prob5 30 deny ip any any log (1 match) Extended IP access list Prob5out 10 permit tcp any any reflect Prob5 (17 matches) 20 permit udp any any reflect Prob5 30 permit icmp any any reflect Prob5 R4# R4# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server host ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server host 17.58 7.100.99 ? R1(config)#tacacs-server host 17.57.100.99 R1(config)#tac R1(config)#tacacs-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key MyKey ? LINE R1(config)#tacacs-server key MyKey R1(config)#aaa new R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication login dee fault ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login default none R1(config)#aaa authentication login default none            Prob6 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou taca  R1(config)#aaa authentication login Prob6 grou tacacs+ ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou tacacs+ loca R1(config)#aaa authentication login Prob6 grou tacacs+ local? local local-case R1(config)#aaa authentication login Prob6 grou tacacs+ local ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou tacacs+ local R1(config)#line vty 0 4 R1(config-line)#login authen ? WORD Use an authentication list with this name. default Use the default authentication list. R1(config-line)#login authen Prob6 R1(config-line)#^Z R1# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.101.10.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1#sh priv Current privilege level is 15 R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] *Ma R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#privi R1(config-line)#privilege 5 ^ % Invalid input detected at '^' marker. R1(config-line)#privilege 5 lev 5 R1(config-line)#^Z R1# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: Jose  eUser Password: R1#sh privi Current privilege level is 5 R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: jb Password: R1#sh privi Current privilege level is 5 R1#en R1#enable le R1#enable le  15 % Error in authentication. R1#enable 15  ? <0-15> Enable level R1#enable 16 5 ? R1#enable 15 % Error in authentication. R1# RACK13AS>1 [Resuming connection 1 to r1 ... ] *Mar 1 02:52:20.867: %SYS-5-CONFIG_I: Configured from con R1#conmfig     nfig t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#privi exec ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privi exec level 5 enable ? LINE R1(config)#privi exec level 5 enable R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] R1#enable 15 % Error in authentication. R1# RACK13AS> [Resuming connection 5 to r5 ... ] R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#aaa authen ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authen p user R1(config)#aaa authen username-prompt ? WORD Text of prompt R1(config)#aaa authen username-prompt CCIE_Uer  ser: _  _ R1(config)#aaa authen username-prompt CCIE_User:_-prompt CCIE_User:_ -prompt CCIE_User:_ -prompt CCIE_User:_ -prompt CCIE_User:_ -prompt CCIE_User:_ -prompt CCIE_User:_ -prompt CCIE_User:_ -prompt CCIE_User:_ p-prompt CCIE_User:_a-prompt CCIE_User:_s-prompt CCIE_User:_s-prompt CCIE_User:_w-prompt CCIE_User:_o-prompt CCIE_User:_r-prompt CCIE_User:_d-prompt CCIE_User:_-prompt CCIE_User:_ :_ :_ :_ P:_a:_s:_s:_w:_o:_r:_d:_ R1(config)#aaa athe  uthen         authen ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authen ba R1(config)#aaa authen banner        login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authen login       login Prob5 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authen login Prob5               bann R1(config)#aaa authen banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authen banner # Enter TEXT message. End with the character '#'. Keep out Yo momma # R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE_User:_Ju oeUser CCIE_Password:_ R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#ban R1(config)#banner  R1(config)#banner motd # Enter TEXT message. End with the character '#'. Keep out  ....yo momma # R1(config)#^Z R1# *Mar 1 02:57:09.540: %SYS-5-CONFIG_I: Configured from console by console R1# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Keep out....yo momma CCIE_User:_ CCIE_User:_ CCIE_User:_ RACK13AS>1 [Resuming connection 1 to r1 ... ] R1#sh run | b aaa aaa new-model ! ! aaa authentication banner ^C Keep out Yo momma ^C aaa authentication password-prompt CCIE_Password:_ aaa authentication username-prompt CCIE_User:_ aaa authentication login default none aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef --More--  ! ! ! ! ! ! ! ! ! ! ! username jb privilege 15 password 0 cisco username JoeUser privilege 5 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address --More--   encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! --More--  ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request tacacs-server key MyKey snmp-server community WORD RO snmp-server community test RO ! ! ! banner motd ^C Keep out....yo momma ^C privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 enable privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show --More--  ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 5 login authentication Prob6 ! ! end R1# R1# RACK13AS>3 [Resuming connection 3 to r3 ... ] [Connection to 192.10.32.254 closed by foreign host] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#access-list 100 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R3(config)#access-list 100 dyn R3(config)#access-list 100 dynamic ? WORD Name of a Dynamic list R3(config)#access-list 100 dynamic Prob9 ? deny Specify packets to reject permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config)#access-list 100 dynamic Prob9 tim ? <1-9999> Maximum time to live R3(config)#access-list 100 dynamic Prob9 tim       ? deny Specify packets to reject permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config)#access-list 100 dynamic Prob9 pwe    er 180.0                       udp any any eq ntp ^ % Invalid input detected at '^' marker. R3(config)#access-list 100 udp any any eq ntppudp any any eq ntpeudp any any eq ntprudp any any eq ntp ^ % Invalid input detected at '^' marker. R3(config)#access-list 100 perudp any any eq ntp udp any any eq ntp R3(config)#do sh run       access-list Extended IP access list 100 10 permit udp any any eq ntp R3(config)#do sh access-list access-list 100 per udp any any eq ntp                      dyn per ip 180.40.7.0 0.0.0.31 any ^ % Invalid input detected at '^' marker. R3(config)#access-list 100 dyn per ip 180.40.7.0 0.0.0.31 any                             ? deny Specify packets to reject permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config)#access-list 100 dyn per     Prob9 per ip 180.40.7.0 128     128 0.0.0.31 any R3(config)#line vty 0 4 R3(config-line)#au R3(config-line)#autoc R3(config-line)#autocommand > ? LINE Appropriate EXEC command no-suppress-linenumber Display service linenumber message R3(config-line)#autocommand a              RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3(config-line)#int e fa 0/1 R3(config-if)#ip a access R3(config-if)#ip access-group 100 in R3(config-if)#^Z R3# Feb 24 21:57:38.91 RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6# RACK13AS>1 3 [Resuming connection 3 to r3 ... ] S-5-CONFIG_I: Configu R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip access-list exec 100 ^ % Invalid input detected at '^' marker. R3(config)#ip access-list exec 100        ? extended Extended Access List log-update Control access list log updates logging Control access list logging resequence Resequence Access List standard Standard Access List R3(config)#ip access-list ex R3(config)#ip access-list extended 100 Feb 24 21:58:14.689: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.130 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired R3(config)#ip access-list extended 100 R3(config-ext-nacl)#do sh access-list Extended IP access list 100 10 permit udp any any eq ntp (3 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#15 per ospf any any R3(config-ext-nacl)#^Z R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: 03:05:26: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.129 on FastEthernet0/3 from LOADING to FULL, Loading Done..... Success rate is 0 percent (0/5) S6#sh ping 180.40.7.2ping 180.40.7.2  180.40.7.2  180.40.7.2  180.40.7.2 s 180.40.7.2h 180.40.7.2 180.40.7.2i 180.40.7.2p 180.40.7.2 180.40.7.2r 180.40.7.2p 180.40.7.2t 180.40.7.2 180.40.7.2  180.40.7.2  180.40.7.2 o 180.40.7.2 180.40.7.2 r 180.40.7.2o 180.40.7.2u 180.40.7.2t 180.40.7.2e 180.40.7.2 Routing entry for 180.40.7.0/27 Known via "ospf 1", distance 110, metric 782, type intra area Last update from 180.40.7.129 on FastEthernet0/3, 00:00:05 ago Routing Descriptor Blocks: * 180.40.7.129, from 180.40.7.129, 00:00:05 ago, via FastEthernet0/3 Route metric is 782, traffic share count is 1 S6#180.40.7.129 Trying 180.40.7.129 ... % Destination unreachable; gateway or host down S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] Fe R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#line vt 0 4 R3(config-line)#autocom R3(config-line)#autocommand access-enable host R3(config-line)# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#180.40.7.129 Trying 180.40.7.129 ... % Destination unreachable; gateway or host down S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3(config-line)#co  exit R3(config)#exitautocommand access-enable hostline vt 0 4 15 per ospf any anydo sh access-list ip access-list extended 100 R3(config-ext-nacl)#16 per tcp 180.40.7   0.7.128 0.0.0.31 eq tel % Incomplete command. R3(config-ext-nacl)#16 per tcp 180.40.7.128 0.0.0.31 eq tel.0.31 aeq telneq telyeq tel eq tel R3(config-ext-nacl)# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#180.40.7.129 Trying 180.40.7.129 ... Open [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129sh ip route 180.40.7.2ping 180.40.7.2  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# S6# S6# S6# S6# S6# S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3(config-ext-nacl)#line vty 0 4 R3(config-line)#line vty 0 416 per tcp 180.40.7.128 0.0.0.31 any eq teleq tel ip access-list extended 100 16 per tcp 180.40.7.128 0.0.0.31 eq telany eq telline vty 0 4  login       do sh run ; li  | b line line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login autocommand access-enable host ! ntp authentication-key 1 md5 0722387847041C 7 ntp clock-period 17208181 ntp server 180.40.7.98 key 1 ! end R3(config-line)#q line    no autocommand access-enable host R3(config-line)# R3(config-line)# RACK13AS> [Resuming connection 3 to r3 ... ] R3(config-line)#int fa 0/1 R3(config-if)#shut R3(config-if)#d Feb 24 22:02:00.204: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.130 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached R3(config-if)#do sh acce Feb 24 22:02:02.203: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down Feb 24 22:02:03.205: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config-if)#do sh access-list Extended IP access list 100 10 permit udp any any eq ntp (15 matches) 15 permit ospf any any (31 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (27 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3(config-if)#do sh access-list Extended IP access list 100 10 permit udp any any eq ntp (15 matches) 15 permit ospf any any (31 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (27 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3(config-if)#do sh access-list Extended IP access list 100 10 permit udp any any eq ntp (15 matches) 15 permit ospf any any (31 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (27 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3(config-if)#do sh access-list Extended IP access list 100 10 permit udp any any eq ntp (15 matches) 15 permit ospf any any (31 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (27 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3(config-if)#no shut R3(config-if)#no shutdo sh access-listshut int fa 0/1no autocommand access-enable host Feb 24 22:02:28.050: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up R3(config-if)#no autocommand access-enable hostdo sh run | b line line vty 0 4 16 per tcp 180.40.7.128 0.0.0.31 any eq teleq tel ip access-list extended 100  R3(config-ext-nacl)#no 20 R3(config-ext-nacl)#20 Feb 24 22:02:37.810: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up R3(config-ext-nacl)#20 dyn Prob9 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config-ext-nacl)#20 dyn Prob9 per ip any any       180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#^Z R3#sh ac Feb 24 22:03:02.222: %SYS-5-CONFIG_I: Configured from console by console R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (15 matches) 15 permit ospf any any (35 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (27 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] 0 S6#ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open R3# 03:10:06: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.129 on FastEthernet0/3 from LOADING to FULL, Loading Done R3# R3#q [Connection to 180.40.7.129 closed by foreign host] S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] Feb R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#line vty 0 4 R3(config-line)# autocommand access-enable host R3(config-line)#login local R3(config-line)#exit R3(config)#user Geor  oge    rge b pass bosco R3(config)#^Z R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] Feb R3#sh run | b user username George password 0 bosco ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto --More--   speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown --More--  ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit udp any any eq ntp --More--  access-list 100 permit ospf any any access-list 100 permit tcp 180.40.7.128 0.0.0.31 any eq telnet access-list 100 dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local autocommand access-enable host ! ntp authentication-key 1 md5 0722387847041C 7 ntp clock-period 17208181 --More--   R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (20 matches) 15 permit ospf any any (60 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (159 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#user George pass boscoexit login local autocommand access-enable hostline vty 0 4 20 dyn Prob9 per ip 180.40.7.128 0.0.0.31 anyno 20 ip access-list extended 100 R3(config-ext-nacl)#ip access-list extended 100user George pass bosco exit login local autocommand access-enable hostline vty 0 4 20 dyn Prob9 per ip 180.40.7.128 0.0.0.31 any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config-ext-nacl)#20 dyn Prob9 per ip 180.40.7.128 0.0.0.31 any                       n20 dyn Prob9 per ip 180.o20 dyn Prob9 per ip 180. 20 dyn Prob9 per ip 180. R3(config-ext-nacl)#no 20 dyn Prob9 per ip 180.ip access-list extended 100user George pass bosco exit login local autocommand access-enable hostline vty 0 4 20 dyn Prob9 per ip 180.40.7.128 0.0.0.31 any                                  ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#20 dyn Prob9 tim R3(config-ext-nacl)#20 dyn Prob9 timeout ? <1-9999> Maximum time to live R3(config-ext-nacl)#20 dyn Prob9 timeout 60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#20 dyn Prob9 timeout 60 per 180.40.7.128 0.0.0.31 any ? % Unrecognized command R3(config-ext-nacl)#20 dyn Prob9 timeout 60 per 180.40.7.128 0.0.0.31 any i180.40.7.128 0.0.0.31 any p180.40.7.128 0.0.0.31 any  180.40.7.128 0.0.0.31 any 180.40.7.128 0.0.0.31 any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config-ext-nacl)#20 dyn Prob9 timeout 60 per ip 180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#^Z R3#sh Feb 24 22:06:54.347: %SYS-5-CONFIG_I: Configured from console by console R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (27 matches) 15 permit ospf any any (70 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (159 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U. Success rate is 0 percent (0/4) S6#ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6# RACK13AS> [Resuming connection 6 to r6 ... ] S6#~180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username:  Username: Username: Username: Username: Username: Username: Username: Username: wedfg Password: % Login invalid Username: dfg Password: % Login invalid Username: Geog rge Password: % List#100-Prob9 already contains this IP address pair [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2180.40.7.129 ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (28 matches) 15 permit ospf any any (74 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (432 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3#sh acce    run | b acccess    ess-list access-list 100 permit udp any any eq ntp access-list 100 permit ospf any any access-list 100 permit tcp 180.40.7.128 0.0.0.31 any eq telnet access-list 100 dynamic Prob9 timeout 60 permit ip 180.40.7.128 0.0.0.31 any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local autocommand access-enable host ! ntp authentication-key 1 md5 0722387847041C 7 --More--   R3#sh run | b access-listaccess-list  Extended IP access list 100 10 permit udp any any eq ntp (32 matches) 15 permit ospf any any (78 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (432 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) R3#sh access-list ? <1-2699> ACL number WORD ACL name rate-limit Show rate-limit access lists | Output modifiers R3#sh access-list                config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#line vt  y 0 4 R3(config-line)#line vty 0 420 dyn Prob9 timeout 60 per ip 180.40.7.128 0.0.0.31 any no 20 dyn Prob9 per ip 180. ip access-list extended 100user George pass bosco exit login local autocommand access-enable host ? LINE R3(config-line)# autocommand access-enable host 2 R3(config-line)#^Z R3#sh Feb 24 22:12:06.302: %SYS-5-CONFIG_I: Configured from console by console R3#sh RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#configt Translating "configt" Translating "configt" % Unknown command or computer name, or unable to find computer address R2#configt % Unknown command or computer name, or unable to find computer address R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) (2 matches) R2(config)#config t        access-list 101 per tcp any 17.57.101.0 0.0.0.255 R2(config)#ip tcp ? async-mobility Configure async-mobility chunk-size TCP chunk size intercept Enable TCP intercepting mss TCP initial maximum segment size path-mtu-discovery Enable path-MTU discovery on new TCP connections queuemax Maximum queue of outgoing TCP packets selective-ack Enable TCP selective-ACK synwait-time Set time to wait on new TCP connections timestamp Enable TCP timestamp option window-size TCP window size R2(config)#ip tcp in ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp in le is ? <100-199> Extended access list number for intercept WORD Access list name for intercept R2(config)#ip tcp in lis 101 ? R2(config)#ip tcp in lis 101 R2(config)#^Z R2# Feb 24 22:15:11.013: %SYS-5-CONFIG_I: Configured from console by console R2#sh run | i ip tcp ip tcp intercept list 101 R2#ah    sh run | i access-list 101 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 R2# R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#access-list per icmp any any ech ^ % Invalid input detected at '^' marker. R2(config)#access-list per icmp any any echp sh    do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) (2 matches) Extended IP access list 101 10 permit tcp any 17.57.101.0 0.0.0.255 R2(config)#accessdo sh access-listaccess-list per icmp any any ech per icmp any any ech1 per icmp any any ech0 per icmp any any ech2 per icmp any any ech R2(config)#access-list 102 per icmp any any ech R2(config)#access-list 102 per icmp any any echo- R2(config)#access-list 102 per icmp any any echo-reply R2(config)#cry R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto is R2(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R2(config)#crypto isakmp key ? WORD pre-shared key R2(config)#crypto isakmp key cisco ? address define shared key with IP address hostname define shared key with hostname R2(config)#crypto isakmp key cisco add 180.40.7.3 R2(config)#do sp  pin 18-0  0.40.7.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms R2(config)#cry ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#cry ip ? client Configure a client df-bit Handling of encapsulated DF bit. fragmentation Handling of fragmentation of near-MTU sized packets nat-transparency IPsec NAT transparency model optional Enable optional encryption for IPSec profile Configure an ipsec policy profile security-association Security association parameters transform-set Define transform and settings R2(config)#cry ip tra ? WORD Transform set tag R2(config)#cry ip tra Prob11 ? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#cry ip tra Prob11 ah ? comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#cry ip tra Prob11 ah   R2(config)#cry ip tra Prob11 ah-h R2(config)#cry ip tra Prob11 ah-h R2(config)#cry ip tra Prob11 ah-h m R2(config)#cry ip tra Prob11 ah-md5-hmac ? comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#cry ip tra Prob11 ah-md5-hmac R2(cfg-crypto-trans)#cry ? % Unrecognized command R2(cfg-crypto-trans)#cry     exit R2(config)#cry R2(config)#crypto is R2(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R2(config)#crypto isakmp po R2(config)#crypto isakmp policy ? <1-10000> Priority of protection suite R2(config)#crypto isakmp policy 10 ? R2(config)#crypto isakmp policy 10 R2(config-isakmp)#? ISAKMP commands: authentication Set authentication method for protection suite default Set a command to its defaults encryption Set encryption algorithm for protection suite exit Exit from ISAKMP protection suite configuration mode group Set the Diffie-Hellman group hash Set hash algorithm for protection suite lifetime Set lifetime for ISAKMP security association no Negate a command or set its defaults R2(config-isakmp)#auth ? pre-share Pre-Shared Key rsa-encr Rivest-Shamir-Adleman Encryption rsa-sig Rivest-Shamir-Adleman Signature R2(config-isakmp)#auth pre ? R2(config-isakmp)#auth pre R2(config-isakmp)#exit R2(config)#i cry mapo R2(config)#cry mapo  R2(config)#cry map ? WORD Crypto map tag R2(config)#cry map Prob11 ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R2(config)#cry map Prob11 is R2(config)#cry map Prob11 isakmp? isakmp isakmp-profile R2(config)#cry map Prob11 isakmp ? authorization Authorization parameters. R2(config)#cry map Prob11 isakmp            10 ? ipsec-isakmp IPSEC w/ISAKMP ipsec-manual IPSEC w/manual keying R2(config)#cry map Prob11 10 ip R2(config)#cry map Prob11 10 ipsec-i R2(config)#cry map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R2(config-crypto-map)#match a ? address Match address of packets to encrypt. R2(config-crypto-map)#match add ? <100-199> IP access-list number <2000-2699> IP access-list number (expanded range) WORD Access-list name R2(config-crypto-map)#match add 102 R2(config-crypto-map)#set ope   peer ? Hostname or A.B.C.D IP address/hostname of peer R2(config-crypto-map)#set peer 180.40.7  .3 R2(config-crypto-map)#set ter  r R2(config-crypto-map)#set transform-set ? WORD Proposal tag R2(config-crypto-map)#set transform-set Prob11   R2(config-crypto-map)#exit R2(config)#int s 1/2 R2(config-if)#cry   R2(config-if)#crypto P ? ipsec Set IPSec parameters map Assign a Crypto Map R2(config-if)#crypto map ? WORD Crypto Map tag R2(config-if)#crypto map Prob11 ? redundancy enable redundancy R2(config-if)#crypto map Prob11   R2(config-if)# Feb 24 22:21:42.584: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2(config-if)# RACK13AS> [Resuming connection 2 to r2 ... ] R2(config-if)#^Z R2# Feb 24 22:21:48.385: %SYS-5-CONFIG_I: Configured from console by console R2#sh ru |  n |   cry ^ % Invalid input detected at '^' marker. R2#sh run | cry sh run | crybcry cry no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! clock timezone PST -8 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip tcp intercept list 101 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! --More--  ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.3 --More--   set transform-set Prob11 --More--   match address 102 --More--  ! --More--  ! --More--  ! --More--  ! --More--   R2#sh run | b access-list 102 access-list 102 permit icmp any any echo access-list 102 permit icmp any any echo-reply ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp clock-period 17208161 ntp server 180.40.7.98 time-range Prob4 --More--   R2# RACK13AS>3 [Resuming connection 3 to r3 ... ] % Type "show ?" for a list of subcommands R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#crypto isakmp policy 10 R3(config-isakmp)# authentication pre-share R3(config-isakmp)#crypto isakmp key cisco address 180.40.7.2 R3(config)#! R3(config)#! R3(config)#crypto ipsec transform-set Prob11 ah-md5-hmac R3(cfg-crypto-trans)#! R3(cfg-crypto-trans)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R3(config-crypto-map)# set peer 180.40.7.2 R3(config-crypto-map)# set transform-set Prob11 R3(config-crypto-map)# match address 102 R3(config-crypto-map)# R3(config-crypto-map)#access-list 102 permit icmp any any echo R3(config)#access-list 102 permit icmp any any echo-reply R3(config)#! int s 1/2 R3(config-if)#cry map Prob11 R3(config-if)#^Z R3# Feb 24 22:23:22.027: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R3# Feb 24 22:23:22.988: %SYS-5-CONFIG_I: Configured from console by console R3#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R3#sh cry is sa dst src state conn-id slot 180.40.7.2 180.40.7.3 QM_IDLE 1 0 R3#sh cry is sa    p sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 5, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 0 inbound esp sas: inbound ah sas: --More--   inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: R3# RACK13AS> [Resuming connection 3 to r3 ... ] R3#cofi  nfig t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#access-list 102 per ip any any R3(config)# RACK13AS>2 [Resuming connection 2 to r2 ... ] Feb R2#confifg t ^ % Invalid input detected at '^' marker. R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#access-list 102 per ip any n any R2(config)#\  RACK13AS>3 [Resuming connection 3 to r3 ... ] Feb R3(config)#^Z R3#config tsh cry ip sas sa Feb 24 22:24:45.638: %SYS-5-CONFIG_I: Configured from console by console R3#sh cry is saping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R3#ping 180.40.7.2config t sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 0 inbound esp sas: inbound ah sas: --More--   inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 10, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 --More--   current outbound spi: FFA9C668 inbound esp sas: inbound ah sas: spi: 0x62685472(1651004530) transform: ah-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4493144/3583) replay detection support: Y inbound pcp sas: outbound esp sas: outbound ah sas: spi: 0xFFA9C668(4289316456) transform: ah-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4493144/3583) replay detection support: Y --More-- Feb 24 22:25:07.202: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.35 on Serial1/2 from FULL to DOWN, Neighbor Down: Dead timer expired --More--   outbound pcp sas: R3#sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 1F81CBA7 inbound esp sas: inbound ah sas: --More--   R3#[Ash cry ip saping 180.40.7.2q  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R3#sh    deb cry ? ber decode ASN.1 BER data engine Crypto Engine Debug ipsec IPSEC processing isakmp ISAKMP Key Management mib IPSEC Management Transactions pki PKI Client socket Crypto Secure Socket Debug verbose verbose decode R3#deb cry Feb 24 22:25:37.203: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /224.0.0.5, src_addr= 180.40.7.2, prot= 89 R3#deb cry          RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#^Z R3#sh run | Feb 24 22:26:22.795: %SYS-5-CONFIG_I: Configured from console by console R3#sh run | b crypt no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! --More--  ! ! ! ! ! ! ! username George password 0 bosco ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 --More--   R3# R3# R3# R3# R3# R3# R3# Feb 24 22:26:37.207: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /224.0.0.5, src_addr= 180.40.7.2, prot= 89 R3# R3#sh run | b crypt no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! --More--  ! ! ! ! ! ! ! username George password 0 bosco ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 --More--   match address 102 ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 --More--   encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address --More--   shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit udp any any eq ntp access-list 100 permit ospf any any access-list 100 permit tcp 180.40.7.128 0.0.0.31 any eq telnet access-list 100 dynamic Prob9 timeout 60 permit ip 180.40.7.128 0.0.0.31 any --More-- Feb 24 22:27:37.211: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /224.0.0.5, src_addr= 180.40.7.2, prot= 89 --More--   R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2         7.57.101               RACK13AS>2 [Resuming connection 2 to r2 ... ] Feb R2(config)#config      ip access-list 1 ex 102 R2(config-ext-nacl)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) (2 matches) Extended IP access list 101 10 permit tcp any 17.57.101.0 0.0.0.255 Extended IP access list 102 10 permit icmp any any echo 20 permit icmp any any echo-reply 30 permit ip any any (73 matches) R2(config-ext-nacl)#5 den ospf any any R2(config-ext-nacl)#^Z R2# Feb 24 22:28:28.107: %SYS-5-CONFIG_I: Configured from console by console R2# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip acccess    ess-list ex Feb 24 22:28:37.215: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /224.0.0.5, src_addr= 180.40.7.2, prot= 89 R3(config)#ip access-list ex 102 R3(config-ext-nacl)#5 den ospf any any R3(config-ext-nacl)#^Z R3# Feb 24 22:28:45.793: %SYS-5-CONFIG_I: Configured from console by console R3# Feb 24 22:28:47.339: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.35 on Serial1/2 from LOADING to FULL, Loading Done R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (108 matches) 15 permit ospf any any (210 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (432 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (10 matches) Extended IP access list 102 5 deny ospf any any 10 permit icmp any any echo (20 matches) 20 permit icmp any any echo-reply 30 permit ip any any (75 matches) R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#180.40.7.129ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: George Password: Line has invalid autocommand "access-enable host 2" [Connection to 180.40.7.129 closed by foreign host] S6# S6#ping 17.57.1-1/1 % Unrecognized host or address, or protocol not running. S6#ping 17.57.1-1/1180.40.7.129 ping 17.57.1-1/1/1  1 011.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.101.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 17.0.0.0/24 is subnetted, 2 subnets O 17.57.100.0 [110/791] via 180.40.7.34, 00:00:35, Serial1/0 O 17.57.101.0 [110/782] via 180.40.7.35, 00:00:35, Serial1/0 [110/782] via 180.40.7.2, 00:00:35, Serial1/2 O 192.10.32.0/24 [110/3] via 180.40.7.130, 00:00:35, FastEthernet0/1 180.40.0.0/16 is variably subnetted, 6 subnets, 2 masks C 180.40.7.128/27 is directly connected, FastEthernet0/1 C 180.40.7.0/27 is directly connected, Serial1/2 O 180.40.7.35/32 [110/781] via 180.40.7.35, 00:00:37, Serial1/0 [110/781] via 180.40.7.2, 00:00:37, Serial1/2 O 180.40.7.34/32 [110/781] via 180.40.7.34, 00:00:37, Serial1/0 C 180.40.7.32/27 is directly connected, Serial1/0 O 180.40.7.96/27 [110/2] via 180.40.7.130, 00:00:37, FastEthernet0/1 R3#q config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int s 1/0 R3(config-if)#shut R3(config-if)#^Z R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 17.57.101.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.101.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] Fe R3#co  a sh access-list Extended IP access list 100 10 permit udp any any eq ntp (115 matches) 15 permit ospf any any (220 matches) 16 permit tcp 180.40.7.128 0.0.0.31 any eq telnet (519 matches) 20 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (20 matches) Extended IP access list 102 5 deny ospf any any 10 permit icmp any any echo (25 matches) 20 permit icmp any any echo-reply 30 permit ip any any (80 matches) R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#shutint s 1/05 den ospf any anyip access-list ex 102 R3(config-ext-nacl)#^Z R3# Feb 24 22:30:32.290: %SYS-5-CONFIG_I: Configured from console by console R3# RACK13AS>2 [Resuming connection 2 to r2 ... ] Feb R2#deb cry ? ber decode ASN.1 BER data engine Crypto Engine Debug ipsec IPSEC processing isakmp ISAKMP Key Management mib IPSEC Management Transactions pki PKI Client socket Crypto Secure Socket Debug verbose verbose decode R2#deb cry         u   deb ip icmp ICMP packet debugging is on R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#b logg buff R2(config)# RACK13AS>6 [Resuming connection 6 to r6 ... ] ping 17.57.101.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.101.1, timeout is 2 seconds: RACK13AS>2 [Resuming connection 2 to r2 ... ] R2(config)#^Z R2#sh ac Feb 24 22:31:12.948: %SYS-5-CONFIG_I: Configured from console by console R2#sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) (2 matches) Extended IP access list 101 10 permit tcp any 17.57.101.0 0.0.0.255 Extended IP access list 102 5 deny ospf any any 10 permit icmp any any echo 20 permit icmp any any echo-reply 30 permit ip any any (96 matches) R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#logg buff5 den ospf any anydo sh access-list ip access-list ex 102 R2(config-ext-nacl)#no 10 R2(config-ext-nacl)#no 10  20 R2(config-ext-nacl)#^Z R2# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip access-list ex 102shut int s 1/0shut ip access-list ex 102 ip access-list ex 102 R3(config-ext-nacl)#no 10 R3(config-ext-nacl)#no 20 R3(config-ext-nacl)#^Z R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] ..ping 17.57.101.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.101.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 44/44/44 ms S6# S6# S6# S6# S6#ping 17.57.101.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 17.57.101.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] Fe R3#sh cry ip sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 11, #pkts encrypt: 0, #pkts digest 11 #pkts decaps: 11, #pkts decrypt: 0, #pkts verify 11 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 2, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: CDACEBB9 inbound esp sas: inbound ah sas: --More--   spi: 0x7C458F7D(2084933501) --More--   transform: ah-md5-hmac , --More--   in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4556149/3546) replay detection support: Y inbound pcp sas: outbound esp sas: outbound ah sas: spi: 0xCDACEBB9(3450661817) transform: ah-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4556149/3537) replay detection support: Y outbound pcp sas: R3# RACK13AS>12 % 12 is not an open connection RACK13AS> [Resuming connection 3 to r3 ... ] R3# RACK13AS>2 [Resuming connection 2 to r2 ... ] F R2#sh run | b cry no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging ! clock timezone PST -8 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip tcp intercept list 101 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! --More--  ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! crypto map Prob11 10 ipsec-isakmp --More--   set peer 180.40.7.3 set transform-set Prob11 match address 102 ! ! ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 --More--   no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address --More--   shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! --More--  access-list 100 permit ip any any time-range Prob4 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 access-list 102 deny ospf any any access-list 102 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp clock-period 17208174 --More--   R2# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh run | crypt R3#sh run | crypt ^ % Invalid input detected at '^' marker. R3#sh run | cryptbcrypt crypt no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! --More--  ! ! ! ! ! ! ! username George password 0 bosco ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 --More--   match address 102 ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 --More--   encapsulation frame-relay ip ospf network point-to-multipoint shutdown frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 --More--   no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit udp any any eq ntp access-list 100 permit ospf any any access-list 100 permit tcp 180.40.7.128 0.0.0.31 any eq telnet --More--  access-list 100 dynamic Prob9 timeout 60 permit ip 180.40.7.128 0.0.0.31 any access-list 102 deny ospf any any access-list 102 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local autocommand access-enable host 2 ! ntp authentication-key 1 md5 0722387847041C 7 ntp clock-period 17208239 --More--   R3#