=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.03.03 12:31:56 =~=~=~=~=~=~=~=~=~=~=~= RACK5AS>6 [Resuming connection 6 to r6 ... ] S6#config t Enter configuration commands, one per line. End with CNTL/Z. S6(config)#cry S6(config)#crypto ? ca Certification authority key Long term key operations pki Public Key components S6(config)#crypto        ^Z S6# RACK5AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#cry R4(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R4(config)#crypto        int ut      tu -0         ^Z R4# *Mar 1 17:40:34.291: %SYS-5-CONFIG_I: Configured from console by console R4#sh access-list ? <1-2699> ACL number WORD ACL name rate-limit Show rate-limit access lists | Output modifiers R4#sh access-list 1000  ? | Output modifiers R4#sh access-list 100                    sh ip ? access-lists List IP access lists accounting The active IP accounting database aliases IP alias table arp IP ARP table as-path-access-list List AS path access lists audit IDS (Intrusion Detection System) information auth-proxy Authentication Proxy information bgp BGP information cache IP fast-switching route cache casa display casa information cef Cisco Express Forwarding community-list List community-list dhcp Show items in the DHCP database dns Show DNS zone information drp Director response protocol dvmrp DVMRP information eigrp IP-EIGRP show commands extcommunity-list List extended-community list flow NetFlow switching helper-address helper-address table http HTTP information igmp IGMP information --More--   R4#sh ip       config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp serv 192.10.32.254 R4(config)#do sh l clock *18:01:15.083 UTC Mon Mar 1 1993 R4(config)#do sh clock 20:58:29.092 UTC Fri Mar 3 2006 R4(config)#do sh clock 20:58:30.228 UTC Fri Mar 3 2006 R4(config)# R4(config)# R4(config)# R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp auth R4(config)#ntp authenticati R4(config)#ntp authentication-key ? <1-4294967295> Key number R4(config)#ntp authentication-key 1 ? md5 MD5 authentication R4(config)#ntp authentication-key 1 md ? WORD Authentication key R4(config)#ntp authentication-key 1 md Mt Y yTime R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp tru R4(config)#ntp trusted-key ? <1-4294967295> Key number R4(config)#ntp trusted-key 1 R4(config)#ntp trusted-key 1authentication-key 1 md MyTimetrusted-key 1 nntp trusted-key 1ontp trusted-key 1 ntp trusted-key 1 R4(config)#x  RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp ser 180.40.7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp ser 180.40.7.98                 atu  iut   i uthe R3(config)#ntp authenticati R3(config)#ntp authentication-key 1 md MyTiu me R3(config)#ntp serv 180.40.7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp serv 180.40.7.98 key ? <0-4294967295> Peer key number R3(config)#ntp serv 180.40.7.98 key 1 R3(config)#^Z R3#sh clo *Mar 1 18:00:28.114: %SYS-5-CONFIG_I: Configured from console by console R3#sh clock *18:00:30.482 UTC Mon Mar 1 1993 R3#sh clock .21:00:14.326 UTC Fri Mar 3 2006 R3# R3# R3# R3#sh ntp ass de 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7B32CC2.D253B6A5 (20:59:46.821 UTC Fri Mar 3 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 105.50 msec, root disp 80.96, reach 377, sync dist 135.788 delay 4.14 msec, offset -0.0309 msec, dispersion 0.02 precision 2**18, version 3 org time C7B32CE6.2E892CF4 (21:00:22.181 UTC Fri Mar 3 2006) rcv time C7B32CE6.2F12CE8D (21:00:22.183 UTC Fri Mar 3 2006) xmt time C7B32CE6.2DE69D31 (21:00:22.179 UTC Fri Mar 3 2006) filtdelay = 4.14 4.09 4.12 4.12 4.20 4.09 4.14 4.07 filtoffset = -0.03 -0.04 -0.05 -0.01 -0.07 -0.03 -0.07 -0.03 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3#deb ntp ? adjust NTP clock adjustments authentication NTP authentication events NTP events loopfilter NTP loop filter packets NTP packets params NTP clock parameters refclock NTP reference clocks select NTP clock selection sync NTP clock synchronization validity NTP peer clock validity R3#deb ntp auth NTP authentication debugging is on R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp serv 180.40.7.98 key 1 authentication-key 1 md MyTimeserv 180.40.7.98 key 1 nntp serv 180.40.7.98 key 1 ontp serv 180.40.7.98 key 1  ntp serv 180.40.7.98 key 1  R3(config)#no ntp serv 180.40.7.98 key 1 tp serv 180.40.7.98 key 1 authentication-key 1 md MyTimeserv 180.40.7.98 key 1  R3(config)#^Z R3# .Mar 3 21:00:48.482: %SYS-5-CONFIG_I: Configured from console by console R3# .Mar 3 21:00:51.182: Authentication key 1 Mar 3 21:00:52.184: Authentication key 1 R3# Mar 3 21:00:53.181: Authentication key 1 Mar 3 21:00:54.183: Authentication key 1 R3# Mar 3 21:00:55.181: Authentication key 1 Mar 3 21:00:56.182: Authentication key 1 R3#u Mar 3 21:00:57.180: Authentication key 1 R3#u   Mar 3 21:00:58.182: Authentication key 1 Mar 3 21:00:59.183: Authentication key 1 R3#u all All possible debugging has been turned off R3#sh run | b ntp ntp authentication-key 1 md5 13280E26020101 7 ntp server 180.40.7.98 key 1 ! end R3# R3# RACK5AS>4 [Resuming connection 4 to r4 ... ] R4(config)#^Z R4#sh Mar 3 21:02:20.271: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | b ntp ntp authentication-key 1 md5 112400311E1F0E 7 ntp server 192.10.32.254 ! end R4# R4#shj    ntp ass address ref clock st when poll reach delay offset disp *~192.10.32.254 172.16.1.20 4 38 64 377 5.2 -0.51 0.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4# R4# R4# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#sh ntp stat Clock is synchronized, stratum 6, reference is 180.40.7.98 nominal freq is 249.5901 Hz, actual freq is 249.5901 Hz, precision is 2**18 reference time is C7B32DD2.2EBF0817 (21:04:18.182 UTC Fri Mar 3 2006) clock offset is -0.6163 msec, root delay is 109.51 msec root dispersion is 85.69 msec, peer dispersion is 0.21 msec R3#sh ntp stat    ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 2 64 377 4.4 -0.86 0.4 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3# RACK5AS>4 [Resuming connection 4 to r4 ... ] R4#sh clock 21:05:45.995 UTC Fri Mar 3 2006 R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)# R4(config)#tim R4(config)#time-range            clo R4(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R4(config)#clock tim ? WORD name of time zone R4(config)#clock tim PST ? <-23 - 23> Hours offset from UTC R4(config)#clock tim PST -8 ? <0-59> Minutes offset from UTC R4(config)#clock tim PST -8 R4(config)# R4# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#clock tim PST -8 R3(config)#^Z R3#config tsh ntp ass Mar 3 21:06:30.346: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp assstatass config t  sh clock 13:06:37.021 PST Fri Mar 3 2006 R3# R3# R3# R3# R3# RACK5AS>4 [Resuming connection 4 to r4 ... ] Ma R4#cojnfig t ^ % Invalid input detected at '^' marker. R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ip    do sh run\      n | b ip nat ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.5 255.255.255.0 ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! --More--  ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 112400311E1F0E 7 ntp clock-period 17179867 ntp server 192.10.32.254 ! end R4(config)#ip in R4(config)#ip inspect ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip inspect tcp ? block-non-session Block non-session TCP traffic finwait-time Specify timeout for TCP connections after a FIN idle-time Specify idle timeout for tcp connections max-incomplete Specify max half-open connection per host synwait-time Specify timeout for TCP connections after a SYN and no further data R4(config)#ip inspect tcp     an  name ? WORD Name of inspection defined R4(config)#ip inspect name Prob2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 TCP   tcp ? alert Turn on/off alert audit-trail Turn on/off audit trail timeout Specify the inactivity timeout time R4(config)#ip inspect name Prob2 tcp R4(config)#ip inspect name Prob2 tcp     udp R4(config)#ip inspect name Prob2 udp   h323 R4(config)#ip inspect name Prob2 h323    icmp R4(config)#access-list             do    access-list 100 per udp any any eq ntp R4(config)#int atm 1/0 R4(config-if)#ip access- R4(config-if)#ip access-group 100 in R4(config-if)#ip in R4(config-if)#ip insp R4(config-if)#ip inspect Prob2 out R4(config-if)#^Z R4# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#ping 182.   92.10. % Unrecognized host or address, or protocol not running. R3#ping 192.10.32.252 4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms R3# R3# R3# R3# RACK5AS>4 [Resuming connection 4 to r4 ... ] Mar R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 permit icmp host 192.10.32.254 host 192.10.32.5 echo-reply (5 matches) permit icmp any host 192.10.32.5 time-exceeded permit icmp any host 192.10.32.5 unreachable 10 permit udp any any eq ntp (3 matches) R4# R4# R4# R4#sh runn | b   | b  | b ip insp ip inspect name Prob2 tcp ip inspect name Prob2 udp ip inspect name Prob2 h323 ip inspect name Prob2 icmp ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 --More--   ip address 180.40.7.98 255.255.255.224 ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.5 255.255.255.0 ip access-group 100 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless --More--  ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 access-list 100 permit udp any any eq ntp ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 112400311E1F0E 7 ntp clock-period 17179867 --More--   R4# RACK5AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#kmaskaskdfasdkmf                pri R1(config)#priv R1(config)#privilege con R1(config)#privilege config ? % Ambiguous command: "privilege config " R1(config)#privilege config        ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   R1(config)#privilege configure ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege configure level ? <0-15> Privilege level R1(config)#privilege configure level 5 ? LINE Initial keywords of the command to modify R1(config)#privilege configure level 5                             sn R1(config)#sn? sna snmp snmp-server R1(config)#snm R1(config)#snmp ? ifmib mib MIB commands R1(config)#snmp    R1(config)#snmp- R1(config)#snmp-server ? chassis-id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact drop Silently drop SNMP packets enable Enable SNMP Traps or Informs engineID Configure a local or remote SNMPv3 engineID group Define a User Security Model group host Specify hosts to receive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options location Text for mib object sysLocation manager Modify SNMP manager parameters packetsize Largest SNMP packet size queue-length Message queue length for each TRAP host source-interface Assign an source interface system-shutdown Enable use of the SNMP reload command tftp-server-list Limit TFTP servers used via SNMP trap SNMP trap options trap-source Assign an interface for the source address of all traps trap-timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv2 MIB view --More--   R1(config)#snmp-server om  com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community WORD ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string view Restrict this community to a named MIB view R1(config)#snmp-server community WORD                            pri configure level 5 snmp-server community % Ambiguous command: "pri configure level 5 snmp-server community " R1(config)#pri configure level 5 snmp-server community v configure level 5 snmp-server community  R1(config)#priv exec lvel 5eel 5l 5 evel 5vel 5 config t R1(config)#priv exec sho run ^ % Invalid input detected at '^' marker. R1(config)#priv exec sho runlevel 5 config tig t        sh run R1(config)#do sh run\    | i privi privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1(config)#user JoeUser ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser priv ? <0-15> User privilege level R1(config)#user JoeUser priv 5 ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser priv 5 pass cisco ? LINE R1(config)#user JoeUser priv 5 pass cisco   R1(config)#int l vty 0 4 ^ % Invalid input detected at '^' marker. R1(config)#int vty 0 4 vty 0 4  vty 0 4  vty 0 4 l vty 0 4i vty 0 4n vty 0 4e vty 0 4 vty 0 4 R1(config-line)#loc gin local R1(config-line)#exit R1(config)#user jb privi 15 R1(config)#user jb privi 15 pass ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password R1(config)#user jb privi 15 pass   ciscop  R1(config)# RACK5AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh privi Current privilege level is 5 R1# R1# R1# R1#sh run Building configuration... Current configuration : 53 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! ! end R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#snmp-server ? community Enable SNMP; set community string and access privs R1(config)#snmp-server com ? WORD SNMP community string R1(config)#snmp-server com test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server com test R1(config)#^Z R1#sh run Building configuration... Current configuration : 83 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! snmp-server community test RO ! end R1# RACK5AS>1 [Resuming connection 1 to r1 ... ] *M R1(config)#user jb privi 15 pass cisco exit login localine vty 0 4int vty 0 4 user JoeUser priv 5 pass ciscodo sh run | i privi priv exec level 5 sh runsho run level 5 config tconfigure level 5 snmp-server community WORD rw R1(config)# RACK5AS>5 [Resuming connection 5 to r5 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snmp-server com test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server com test rw                       ^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK5AS>5 1 [Resuming connection 1 to r1 ... ] *Mar R1(config)#^Z R1#sh run *Mar 1 18:21:08.347: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | i privi username JoeUser privilege 5 password 0 cisco username jb privilege 15 password 0 cisco privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1#sh run | b user username JoeUser privilege 5 password 0 cisco username jb privilege 15 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RO ! ! ! privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure --More--  privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local ! ! end R1# R1# RACK5AS>2 [Resuming connection 2 to r2 ... ] R2# R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#tim R2(config)#time-range ? WORD Time range name R2(config)#time-range Prob4 ? R2(config)#time-range Prob4 R2(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit Exit from time-range configuration mode no Negate a command or set its defaults periodic periodic time and date R2(config-time-range)#per ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#per dai R2(config-time-range)#per daily ? hh:mm Starting time R2(config-time-range)#per daily 07: R2(config-time-range)#per daily 07:00 ? to ending day and time R2(config-time-range)#per daily 07:00 to 20:00 R2(config-time-range)#exit R2(config)#access-list 1             do sh access-list R2(config)#acec  cess-list ipo     ip any any tim R2(config)#access-list ip any any time R2(config)#access-list ip any any time? % Unrecognized command R2(config)#access-list ip any any time1ip any any time0ip any any time ip any any timeip any any time 0ip any any time ip any any timepip any any timeeip any any timerip any any time ip any any timeip any any time R2(config)#access-list 100 per ip any any time-range Prob4 R2(config)#line vty 0 41 R2(config-line)#line vty 0 41  R2(config-line)#acc R2(config-line)#access-class 100 in R2(config-line)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2(config-line)# R2(config-line)# R2(config-line)# R2(config-line)# R2(config-line)#do sh clock *18:26:16.785 UTC Mon Mar 1 1993 R2(config-line)#^Z R2# *Mar 1 18:26:21.360: %SYS-5-CONFIG_I: Configured from console by console R2#clock set ? hh:mm:ss Current Time R2#clock set 00:00:00 ? <1-31> Day of the month MONTH Month of the year R2#clock set 00:00:00 23 may 2009 R2#clock set 00:00:00 23 may 2009onfig t lock set 00:00:00 23 may 2009 sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp ser 182.10     80.40.7.98 R2(config)#^Z R2#sh May 23 00:00:27.889: %SYS-5-CONFIG_I: Configured from console by console R2#sh clock 00:00:30.125 UTC Sat May 23 2009 R2#sh clock 00:00:31.663 UTC Sat May 23 2009 R2#sh clock 00:00:32.717 UTC Sat May 23 2009 R2#sh clock 00:00:33.903 UTC Sat May 23 2009 R2#sh clock 00:00:35.041 UTC Sat May 23 2009 R2#sh clock 00:00:36.063 UTC Sat May 23 2009 R2#sh clock 00:00:37.040 UTC Sat May 23 2009 R2#sh clock 00:00:39.360 UTC Sat May 23 2009 R2#ping 180.40.7.98 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.98, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/61 ms R2#ping 180.40.7.98sh clock  21:27:02.914 UTC Fri Mar 3 2006 R2# R2# R2# R2#sh clockping 180.40.7.98sh clock config tsh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R2(config)#clock tim PST -9 8 R2(config)#^Z R2#config tsh access-list Mar 3 21:27:22.542: %SYS-5-CONFIG_I: Configured from console by console R2#sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2# R2# R2#sh run | b access-list access-list 100 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login line vty 5 41 login ! ntp server 180.40.7.98 time-range Prob4 --More--   periodic daily 7:00 to 20:00 ! ! end R2# R2# RACK5AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#do sh acccss   ess-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp (51 matches) R4(config)#access-list 100 den ip any any lopg   g og R4(config)#^Z R4# Mar 3 21:28:53.421: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | b access-list ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 112400311E1F0E 7 ntp clock-period 17179865 ntp server 192.10.32.254 ! --More--   R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int atm 1/0 R4(config-if)#nm o ip int Mar 3 21:30:11.713: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(28330) -> 192.10.32.5(179), 1 packet R4(config-if)#no ip int sp R4(config-if)#no ip inspect Prob2 in  out R4(config-if)#no ac  ip access-li  grou 100 out R4(config-if)#exit R4(config)#acc   access-list 101 ip any any ? % Unrecognized command R4(config)#access-list 101 ip any any  ip any any p ip any any e ip any any r ip any any  ip any any  ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R4(config)#access-list 101 per ip any any                                 ip access-list ex Probout5outout R4(config-ext-nacl)#per tcp     ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value reflect Create reflexive access list entry time-range Specify a time-range tos Match packets with given TOS value R4(config-ext-nacl)#per ip any any ref R4(config-ext-nacl)#per ip any any reflect ? WORD Access-list name R4(config-ext-nacl)#per ip any any reflect Prob5 R4(config-ext-nacl)#exit R4(config)#exitper ip any any reflect Prob5ip access-list ex Prob5out exit ip access-list ex Prob5out   in R4(config-ext-nacl)#per udp any any eq ntp R4(config-ext-nacl)#eva R4(config-ext-nacl)#evaluate Prg b5    ob5 ? R4(config-ext-nacl)#evaluate Prob5   R4(config-ext-nacl)#deny ip any any Mar 3 21:32:11.757: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(28339) -> 192.10.32.5(179), 1 packet R4(config-ext-nacl)#deny ip any any log R4(config-ext-nacl)#int atm 1/0 R4(config-if)#ip access   R4(config-if)#ip access-group Prob5out out R4(config-if)#ip access-group Prob5out out       in in R4(config-if)#^Z R4# Mar 3 21:32:35.245: %SYS-5- RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#ping 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms R3# RACK5AS>4 [Resuming connection 4 to r4 ... ] CONFIG_I: Configured from console by console R4# R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (4 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 10 permit udp any any eq ntp (63 matches) 20 deny ip any any log (2 matches) Reflexive IP access list Prob5 permit icmp host 192.10.32.254 host 192.10.32.5 (19 matches) (time left 294) Extended IP access list Prob5in 10 permit udp any any eq ntp 20 evaluate Prob5 30 deny ip any any log Extended IP access list Prob5out 10 permit ip any any reflect Prob5 (9 matches) R4#sh Mar 3 21:34:11.797: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(28348) -> 192.10.32.5(179), 1 packet R4#sh run | b interfame  ce ATM interface ATM1/0 ip address 192.10.32.5 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob5in permit udp any any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5out permit ip any any reflect Prob5 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login --More--   R4# RACK5AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server host ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server host 17.57.100.99 ? R1(config)#tacacs-server host 17.57.100.99 R1(config)#tacacs-server host 17.57.100.99                   key R1(config)#tacacs-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key MyKey R1(config)#aaa R1(config)#aaa n R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login Prob6 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou ? WORD Server-group name radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. R1(config)#aaa authentication login Prob6 grou tac ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 grou tac local R1(config)#tac R1(config)#tacacs-server las R1(config)#tacacs-server last R1(config)#tacacs-server last    ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers host Specify a TACACS server key Set TACACS+ encryption key. packet Modify TACACS+ packet options timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server               aaa authentication login Prob6 grou tac localnew-model tacacs-server key MyKeyhost 17.57.100.99 priv configure level 5 snmp-server community WORD rwtacacs-server host 17.57.100.99 ntacacs-server host 17.57.100.99 otacacs-server host 17.57.100.99  tacacs-server host 17.57.100.99  R1(config)#tac R1(config)#tacacs-server las R1(config)#tacacs-server las? % Unrecognized command R1(config)#tacacs-server las                 no tacacs-server host 17.57.100.99 aaa authentication login Prob6 grou tac localnew-model tacacs-server key MyKeyhost 17.57.100.99 priv configure level 5 snmp-server community WORD rwuser jb privi 15 pass cisco priv configure level 5 snmp-server community WORD rwtacacs-server host 17.57.100.99 key MyKey ntacacs-server key MyKeyotacacs-server key MyKey tacacs-server key MyKey R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers host Specify a TACACS server key Set TACACS+ encryption key. packet Modify TACACS+ packet options timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server               no tacacs-server key MyKeyhost 17.57.100.99 no tacacs-server host 17.57.100.99  tacacs-server host 17.57.100.99  R1(config)# tacacs-server host 17.57.100.99 no tacacs-server key MyKey no tacacs-server key MyKey  tacacs-server key MyKey  R1(config)#line cty   vty 0 4 R1(config-line)#login authen Prob6 R1(config-line)# RACK5AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1#sh pribv  v Current privilege level is 15 R1# RACK5AS> [Resuming connection 5 to r5 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#i line vty 0 4 R1(config-line)#no privi ? level Assign default privilege level for line R1(config-line)#no privi lve 15 ^ % Invalid input detected at '^' marker. R1(config-line)#no privi lve 15eve 15 R1(config-line)#^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# RACK5AS>1 [Resuming connection 1 to r1 ... ] * R1(config-line)#^Z R1# *Mar 1 18:42:29.848: %SYS-5-CONFIG_I: Configured from console by console R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa aiut   uthen ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authen password-prompt ? WORD Text of prompt R1(config)#aaa authen password-prompt CCIE_User: R1(config)#aaa authen password-prompt CCIE_User: aaa authen password-prompt CCIE_User:     Password: R1(config)#aaa authen password-prompt CCIE_Password: aaa authen username-prompt CCIE_User: R1(config)# RACK5AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE_User:JoeUser CCIE_Password: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK5AS>1 [Resuming connection 1 to r1 ... ] R1(config)#aa authen ? % Ambiguous command: "aa authen " R1(config)#aa authen aaq authen  authen a authen  authen ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authen n ban R1(config)#aaa authen banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authen banner # Enter TEXT message. End with the character '#'. Testing this banner # R1(config)# RACK5AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE_User: CCIE_User: CCIE_User: [Connection to 17.57.100.1 closed by foreign host] S5# RACK5AS>1 [Resuming connection 1 to r1 ... ] R1(config)#bann login ? LINE c banner-text c, where 'c' is a delimiting character R1(config)#bann login # Enter TEXT message. End with the character '#'. Keep out CCIE in     's in training \ U Yo momma # R1(config)# RACK5AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Keep out CCIE's in training Yo momma CCIE_User: CCIE_User: CCIE_User: [Connection to 17.57.100.1 closed by foreign host] S5# RACK5AS>1 [Resuming connection 1 to r1 ... ] R1(config)#^Z R1# *Mar 1 18:46:02.737: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b aaa aaa new-model ! ! aaa authentication banner ^C Testing this banner ^C aaa authentication password-prompt CCIE_Password: aaa authentication username-prompt CCIE_User: aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! --More--  ! ! ! ! ! ! username JoeUser privilege 5 password 0 cisco username jb privilege 15 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint --More--   frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request --More--  tacacs-server key MyKey snmp-server community test RO ! ! ! banner login ^C Keep out CCIE's in training Yo momma ^C privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 --More--   logging synchronous line aux 0 line vty 0 4 login authentication Prob6 ! ! end R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1# *Mar 1 18:47:32.080: %SYS-5-CONFIG_I: Configured from console by console R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)# R1(config)# R1(config)# R1(config)# R1(config)#^C ? Configure commands: aaa Authentication, Authorization and Accounting. aal2-profile Configure AAL2 profile access-list Add an access list entry alarm-interface Configure a specific Alarm Interface Card alias Create command alias alps Configure Airline Protocol Support arp Set a static ARP entry async-bootp Modify system bootp parameters atm Enable ATM SLM Statistics backhaul-session-manager Configure Backhaul Session Manager banner Define a login banner bba-group Configure BBA Group boot Modify system boot parameters bridge Bridge Group. bstun BSTUN global configuration commands buffers Adjust system buffer pool parameters busy-message Display message when connection to host fails call Configure Call parameters call-history-mib Define call history mib parameters call-manager-fallback support call-manager fallback carrier-id Name of the carrier associated with this trunk --More--   R1(config)#? lafdkglskdgfj;j \                 ^Z R1# *Mar 1 18:48:14.926: %SYS-5-CONFIG_I: Configured from console by console R1# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#user George pass bosco R3(config)#in  lint vty 0 4 ^ % Invalid input detected at '^' marker. R3(config)#lint vty 0 4lint vty 0 4  R3(config-line)#login local R3(config-line)#auto % Ambiguous command: "auto" R3(config-line)#auto R3(config-line)#autoc R3(config-line)#autocommandac   R3(config-line)#autocommand access-enable host time 2 R3(config-line)#exit R3(config)#access-list             do sh access-list R3(config)#access-list 100 per udp any any eq ntp R3(config)#access-list 100 per 180.7 40.7.128 0.0.0.31 180.40.7.129 0.0.0.0. access-list 100 per t180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0c180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0p180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0 180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0$ 100 per tcp 180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0 eq 23 R3(config)#den   $ 100 per tcp 180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0 eq 23access-list 100 per udp any any eq ntp $ 100 per tcp 180.40.7.128 0.0.0.31 180.40.7.129 0.0.0.0 eq 233                          any 180.40.7.128 0.0.0.31 any  180.40.7.128 0.0.0.31 any  180.40.7.128 0.0.0.31 any i 180.40.7.128 0.0.0.31 anyp 180.40.7.128 0.0.0.31 any ip 180.40.7.128 0.0.0.31 any  ip 180.40.7.128 0.0.0.31 any  ip 180.40.7.128 0.0.0.31 any d ip 180.40.7.128 0.0.0.31 anye ip 180.40.7.128 0.0.0.31 anyn ip 180.40.7.128 0.0.0.31 anyy ip 180.40.7.128 0.0.0.31 any R3(config)#int     access-list 100 deny ip 180.40.7.128 0.0.0.31 any ip aacce    ccess-list ex 100 R3(config-ext-nacl)#do sh access-list Extended IP access list 100 10 permit udp any any eq ntp 20 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet 30 deny ip 180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#25 per ospf anyn  any R3(config-ext-nacl)#40 dyn R3(config-ext-nacl)#40 dynamic ? WORD Name of a Dynamic list R3(config-ext-nacl)#40 dynamic Prob9 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#40 dynamic Prob9 tim ? <1-9999> Maximum time to live R3(config-ext-nacl)#40 dynamic Prob9 tim 60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#40 dynamic Prob9 tim 60 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config-ext-nacl)#40 dynamic Prob9 tim 60 per ip ? A.B.C.D Source address any Any source host host A single source host R3(config-ext-nacl)#40 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 ? A.B.C.D Destination address any Any destination host host A single destination host R3(config-ext-nacl)#40 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#oint      int fa 0/1 R3(config-if)#ip addre    ccess R3(config-if)#ip access-group 100 in R3(config-if)#^Z R3# Mar 3 21:52:14.183: %SYS-5-CONFIG_I: Configured from console by console R3# RACK5AS>6 [Resuming connection 6 to r6 ... ] 17: S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (4 matches) 20 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (90 matches) 25 permit ospf any any (5 matches) 30 deny ip 180.40.7.128 0.0.0.31 any (22 matches) 40 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip access-group 100 innt fa 0/1 40 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any 25 per ospf any any do sh access-list ip access-list ex 100 R3(config-ext-nacl)#no 40 R3(config-ext-nacl)#no 40ip access-list ex 100group 100 innt fa 0/1 40 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any 40 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any  dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any 3 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any 5 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any  dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any  dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any 2 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any 7 dynamic Prob9 tim 60 per ip 180.40.7.128 0.0.0.31 any  R3(config-ext-nacl)#^Z R3#config tsh access-list Mar 3 21:53:44.899: %SYS-5-CONFIG_I: Configured from console by console R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (7 matches) 20 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (90 matches) 25 permit ospf any any (9 matches) 27 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any 30 deny ip 180.40.7.128 0.0.0.31 any (22 matches) R3# R3# R3# R3# RACK5AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list 100 10 permit udp any any eq ntp (8 matches) 20 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (180 matches) 25 permit ospf any any (12 matches) 27 Dynamic Prob9 permit ip 180.40.7.128 0.0.0.31 any permit ip host 180.40.7.130 any (5 matches) (time left 115) 30 deny ip 180.40.7.128 0.0.0.31 any (22 matches) R3#sh run ||    b U user username George password 0 bosco ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto --More--   speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown --More--  ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit udp any any eq ntp --More--  access-list 100 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet access-list 100 permit ospf any any access-list 100 dynamic Prob9 timeout 60 permit ip 180.40.7.128 0.0.0.31 any access-list 100 deny ip 180.40.7.128 0.0.0.31 any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local autocommand access-enable host time 2 ! ntp authentication-key 1 md5 13280E26020101 7 --More--  ntp clock-period 17208064 ntp server 180.40.7.98 key 1 ! end R3# R3# RACK5AS>2 [Resuming connection 2 to r2 ... ] R2#sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#access-list 101 per tcp any 17.57.100 1/ .0 0.0.0.255 R2(config)#ip tcp ? async-mobility Configure async-mobility chunk-size TCP chunk size intercept Enable TCP intercepting mss TCP initial maximum segment size path-mtu-discovery Enable path-MTU discovery on new TCP connections queuemax Maximum queue of outgoing TCP packets selective-ack Enable TCP selective-ACK synwait-time Set time to wait on new TCP connections timestamp Enable TCP timestamp option window-size TCP window size R2(config)#ip tcp in R2(config)#ip tcp intercept ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp intercept list 101 ? R2(config)#ip tcp intercept list 101 R2(config)#^Z R2# Mar 3 21:56:45.570: %SYS-5-CONFIG_I: Configured from console by console R2# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#17.57.101.2 Trying 17.57.101.2 ... Open S5# S5# S5# S5# S5# S5# RACK5AS>2 [Resuming connection 2 to r2 ... ] R2#sh ip tcp in ^ % Invalid input detected at '^' marker. R2#sh ip tcp in  ? header-compression TCP/IP header-compression statistics R2#sh ip tcp     ? access-lists List IP access lists accounting The active IP accounting database aliases IP alias table arp IP ARP table as-path-access-list List AS path access lists audit IDS (Intrusion Detection System) information auth-proxy Authentication Proxy information bgp BGP information cache IP fast-switching route cache cef Cisco Express Forwarding community-list List community-list dhcp Show items in the DHCP database director Director agent dns Show DNS zone information drp Director response protocol dvmrp DVMRP information eigrp IP-EIGRP show commands explicit-paths Show IP explicit paths extcommunity-list List extended-community list flow NetFlow switching helper-address helper-address table http HTTP information --More--   R2#sh ip    q tcp ? <0-107> Line number aux Auxiliary line brief Brief display console Primary terminal line intercept Intercept display statistics TCP protocol statistics tcb TCB address tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems | Output modifiers R2#sh tcp inter R2#sh tcp intercept ? connections Connection information statistics Statistics R2#sh tcp intercept con Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode 180.40.7.3:44857 17.57.101.2:23 ESTAB 00:00:23 23:59:39 I R2# R2# R2# R2#sh tcp intercept con   stat Intercepting new connections using access-list 101 0 incomplete, 1 established connections (total 1) 0 connection requests per minute R2#sh run | b ip tcp ip tcp intercept list 101 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! --More--  ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 --More--   ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! --More--  interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit ip any any time-range Prob4 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 ! ! ! ! --More--   R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#access-list 102 deny ospf any any R2(config)#access-list0 102 per ip any any ^ % Invalid input detected at '^' marker. R2(config)#access-list0 102 per ip any any0 102 per ip any any  R2(config)#cry R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto key ? generate Generate new keys pubkey-chain Peer public key chain management zeroize Remove keys R2(config)#crypto key      is R2(config)#cryptois   is R2(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R2(config)#crypto isakmp key ? WORD pre-shared key R2(config)#crypto isakmp key cisco ? address define shared key with IP address hostname define shared key with hostname R2(config)#crypto isakmp key cisco add ? A.B.C.D Peer IP address R2(config)#crypto isakmp key cisco add 180.40.7.33  ? A.B.C.D Peer IP subnet mask no-xauth Bypasses XAuth for this peer R2(config)#crypto isakmp key cisco add 180.40.7.3   R2(config)#cry is R2(config)#cry isakmp po R2(config)#cry isakmp policy ? <1-10000> Priority of protection suite R2(config)#cry isakmp policy 10 R2(config-isakmp)#? ISAKMP commands: authentication Set authentication method for protection suite default Set a command to its defaults encryption Set encryption algorithm for protection suite exit Exit from ISAKMP protection suite configuration mode group Set the Diffie-Hellman group hash Set hash algorithm for protection suite lifetime Set lifetime for ISAKMP security association no Negate a command or set its defaults R2(config-isakmp)#au R2(config-isakmp)#authentication ? pre-share Pre-Shared Key rsa-encr Rivest-Shamir-Adleman Encryption rsa-sig Rivest-Shamir-Adleman Signature R2(config-isakmp)#authentication pr R2(config-isakmp)#authentication pre-share ? R2(config-isakmp)#authentication pre-share R2(config-isakmp)#exit R2(config)#cry tra R2(config)#cry tra  tr   ip R2(config)#cry ipsec tr R2(config)#cry ipsec transform-set ? WORD Transform set tag R2(config)#cry ipsec transform-set Prob11 % Incomplete command. R2(config)#cry ipsec transform-set Prob11 ? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#cry ipsec transform-set Prob11 as h R2(config)#cry ipsec transform-set Prob11 ah-m R2(config)#cry ipsec transform-set Prob11 ah-md5-hmac ? comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#cry ipsec transform-set Prob11 ah-md5-hmac R2(cfg-crypto-trans)#exit R2(config)#do sh run |       cry ip tra Transform set Prob11: { ah-md5-hmac } will negotiate = { Tunnel, }, R2(config)#do sh cry ip traexit cry ipsec transform-set Prob11 ah-md5-hmac R2(cfg-crypto-trans)#? Crypto transform configuration commands: default Set a command to its defaults exit Exit from crypto transform configuration mode mode encapsulation mode (transport/tunnel) no Negate a command or set its defaults R2(cfg-crypto-trans)#mode tra R2(cfg-crypto-trans)#mode transport ? require Accept only the configured encapsulation mode. R2(cfg-crypto-trans)#mode transport R2(cfg-crypto-trans)#exit R2(config)#cry  R2(config)#cry   R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto map ? WORD Crypto map tag R2(config)#crypto map Prob11 ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R2(config)#crypto map Prob11 10 ? ipsec-isakmp IPSEC w/ISAKMP ipsec-manual IPSEC w/manual keying R2(config)#crypto map Prob11 10 ip R2(config)#crypto map Prob11 10 ipsec-is R2(config)#crypto map Prob11 10 ipsec-isakmp ? dynamic Enable dynamic crypto map support profile Enable crypto map as a crypto-profile R2(config)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R2(config-crypto-map)#match ? address Match address of packets to encrypt. R2(config-crypto-map)#match add ? <100-199> IP access-list number <2000-2699> IP access-list number (expanded range) WORD Access-list name R2(config-crypto-map)#match add 102 ? R2(config-crypto-map)#match add 102 R2(config-crypto-map)#set pe R2(config-crypto-map)#set peer ? Hostname or A.B.C.D IP address/hostname of peer R2(config-crypto-map)#set peer 180.40.7.3 R2(config-crypto-map)#set tra R2(config-crypto-map)#set transform-set Prob11 R2(config-crypto-map)#int s 1/2 R2(config-if)#cry map       R2(config-if)#crypto map R2(config-if)#crypto map Prob11 R2(config-if)# Mar 3 22:05:08.523: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2(config-if)#^Z R2# Mar 3 22:05:14.557: %SYS-5-CONFIG_I: Configured from console by console R2# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#disc Closing connection to 17.57.101.2 [confirm] R3#access-list 102 deny ospf any any ^ % Invalid input detected at '^' marker. R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#access-list 102 deny ospf any any R3(config)#access-list 102 deny ospf any any                 per ip any any R3(config)#cry is R3(config)#cry isakmp p R3(config)#cry isakmp pe re R3(config)#cry isakmp pre     ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R3(config)#cry isakmp key ? WORD pre-shared key R3(config)#cry isakmp key cisco add 180.40.7.2 R3(config)#crt y is pol 10 R3(config-isakmp)#auth pre R3(config-isakmp)#exit R3(config)#cry ip tra Prob11 ? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R3(config)#cry ip tra Prob11 ah R3(config)#cry ip tra Prob11 ah-m R3(config)#cry ip tra Prob11 ah-md5-hmac R3(cfg-crypto-trans)#t mod tra R3(cfg-crypto-trans)#exit R3(config)#cry ma p   ap ? WORD Crypto map tag R3(config)#cry map Prob11 ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R3(config)#cry map Prob11 1 Mar 3 22:07:05.701: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 180.40.7.2 R3(config)#cry map Prob11 10 ? ipsec-isakmp IPSEC w/ISAKMP ipsec-manual IPSEC w/manual keying R3(config)#cry map Prob11 10 ip R3(config)#cry map Prob11 10 ipsec-i R3(config)#cry map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R3(config-crypto-map)#match add 102 R3(config-crypto-map)#set tra Po rob11 R3(config-crypto-map)#set peer 180.40.7.2 R3(config-crypto-map)#^Z R3# Mar 3 22:07:30.698: %SYS-5-CONFIG_I: Configured from console by console R3#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R3#sh cry ip sa No SAs found R3#sh cry ip sa     is   d sa dst src state conn-id slot 180.40.7.3 180.40.7.2 MM_NO_STATE 1 0 (deleted) R3#sh ru  n crt  ry ^ % Invalid input detected at '^' marker. R3#sh run cry|cry crybcry cry no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! clock timezone PST -8 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! --More-- Mar 3 22:08:26.453: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 180.40.7.2 --More--  ! ! ! ! ! ! ! ! username George password 0 bosco ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac mode transport ! crypto map Prob11 10 ipsec-isakmp --More--   set peer 180.40.7.2 set transform-set Prob11 match address 102 ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto speed auto ! --More--  interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 --More--   R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int s 1? / R3(config)#int s 12 /2 R3(config-if)#cry map Prob11 R3(config-if)#^Z R3# Mar 3 22:09:22.813: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R3#config t Mar 3 22:09:23.883: %SYS-5-CONFIG_I: Configured from console by console R3#config tsh run | b crycry cry is sa dst src state conn-id slot 180.40.7.3 180.40.7.2 MM_NO_STATE 2 0 (deleted) R3#sh cry is saconfig t sh run | b crycry cry is sap saping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms R3#ping 180.40.7.2sh cry is sa  dst src state conn-id slot 180.40.7.3 180.40.7.2 MM_NO_STATE 2 0 (deleted) 180.40.7.2 180.40.7.3 QM_IDLE 3 0 R3#sh cry is saping 180.40.7.2sh cry is sa config t sh run | b crycry cry is sap sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 6, #pkts encrypt: 0, #pkts digest 6 #pkts decaps: 6, #pkts decrypt: 0, #pkts verify 6 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 5CE5A927 inbound esp sas: inbound ah sas: --More--   spi: 0x1C55628A(475357834) transform: ah-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4605844/3581) replay detection support: Y inbound pcp sas: outbound esp sas: outbound ah sas: spi: 0x5CE5A927(1558554919) transform: ah-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: Prob11 sa timing: remaining key lifetime (k/sec): (4605844/3574) replay detection support: Y outbound pcp sas: R3# RACK5AS>2 [Resuming connection 2 to r2 ... ] Mar R2#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 18 64 377 48.9 0.32 0.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ip route 180.40.7.98 Routing entry for 180.40.7.96/27 Known via "ospf 1", distance 110, metric 77, type intra area Last update from 17.57.101.2 on FastEthernet0/0, 19:07:38 ago Routing Descriptor Blocks: * 17.57.101.2, from 192.10.32.5, 19:07:38 ago, via FastEthernet0/0 Route metric is 77, traffic share count is 1 R2#sh ip ospf nei Neighbor ID Pri State Dead Time Address Interface 180.40.7.129 0 FULL/ - 00:00:30 180.40.7.3 Serial1/2 180.40.7.129 0 FULL/ - 00:01:40 180.40.7.33 Serial1/0.1 17.57.101.2 1 FULL/BDR 00:00:31 17.57.101.2 FastEthernet0/0 R2#sh ip ospf nei Neighbor ID Pri State Dead Time Address Interface 180.40.7.129 0 FULL/ - 00:00:31 180.40.7.3 Serial1/2 180.40.7.129 0 FULL/ - 00:01:31 180.40.7.33 Serial1/0.1 17.57.101.2 1 FULL/BDR 00:00:32 17.57.101.2 FastEthernet0/0 R2#sh ip ospf neiroute 180.40.7.98 Routing entry for 180.40.7.96/27 Known via "ospf 1", distance 110, metric 77, type intra area Last update from 17.57.101.2 on FastEthernet0/0, 19:08:04 ago Routing Descriptor Blocks: * 17.57.101.2, from 192.10.32.5, 19:08:04 ago, via FastEthernet0/0 Route metric is 77, traffic share count is 1 R2#sh ip route 180.40.7.98ospf nei  Neighbor ID Pri State Dead Time Address Interface 180.40.7.129 0 FULL/ - 00:00:36 180.40.7.3 Serial1/2 180.40.7.129 0 FULL/ - 00:01:35 180.40.7.33 Serial1/0.1 17.57.101.2 1 FULL/BDR 00:00:37 17.57.101.2 FastEthernet0/0 R2#sh    sh run | b crypto crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac mode transport ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.3 set transform-set Prob11 match address 102 ! ! ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address --More--   shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 --More--   clock rate 64000 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! --More--  router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit ip any any time-range Prob4 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 access-list 102 deny ospf any any access-list 102 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 --More--   R2# RACK5AS>3 [Resuming connection 3 to r3 ... ] R3#sh run | b cryto R3#sh run | b crytoypto crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac mode transport ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 match address 102 ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 --More--   no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group 100 in duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 crypto map Prob11 --More--  ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes --More--   network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit udp any any eq ntp access-list 100 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet access-list 100 permit ospf any any access-list 100 dynamic Prob9 timeout 60 permit ip 180.40.7.128 0.0.0.31 any access-list 100 deny ip 180.40.7.128 0.0.0.31 any access-list 102 deny ospf any any access-list 102 permit ip any any ! ! ! ! ! ! ! ! ! --More--   R3#