=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.08.25 13:03:10 =~=~=~=~=~=~=~=~=~=~=~= R7# R7# R7# RACK12AS>4 [Resuming connection 4 to r4 ... ] R4#sh clock *16:18:22.531 UTC Mon Mar 1 1993 R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)# R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp ser ? Hostname or A.B.C.D IP address of peer vrf VPN Routing/Forwarding Information R4(config)#ntp ser 192.10.32.254 R4(config)#do sh cls ock *16:18:44.531 UTC Mon Mar 1 1993 R4(config)#do sh clock *16:18:46.303 UTC Mon Mar 1 1993 R4(config)#do sh clock *16:18:47.135 UTC Mon Mar 1 1993 R4(config)#do sh clock .20:04:01.303 UTC Fri Aug 25 2006 R4(config)# R4(config)# R4(config)# R4(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~192.10.32.254 172.16.1.20 3 0 64 77 5.1 0.04 375.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#tim R4(config)#time-range            dat R4(config)#dat   clo R4(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R4(config)#clock tim ? WORD name of time zone R4(config)#clock tim PDT ? <-23 - 23> Hours offset from UTC R4(config)#clock tim PDT -8 R4(config)#do sh clock 12:05:55.343 PDT Fri Aug 25 2006 R4(config)#do sh clockclock tim PDT -8 7DT -7 ADT -7 R4(config)#clock tim ADT -7DT -7 mDT -7DT -7 MDT -7 R4(config)#clock tim MDT -7ADT -7do sh clock  13:06:28.311 MDT Fri Aug 25 2006 R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp au R4(config)#ntp authenticati R4(config)#ntp authentication-key ? <1-4294967295> Key number R4(config)#ntp authentication-key 1 ? md5 MD5 authentication R4(config)#ntp authentication-key 1 m R4(config)#ntp authentication-key 1 md5 ? WORD Authentication key R4(config)#ntp authentication-key 1 md5 MyTime R4(config)# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#c sh clock *16:19:29.879 UTC Mon Mar 1 1993 R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp au R3(config)#ntp authenticati R3(config)#ntp authentication-key 1 m` R3(config)#ntp authentication-key 1 m`  R3(config)#ntp authentication-key 1 md5 MyTi,e  me R3(config)#ntp ser ? Hostname or A.B.C.D IP address of peer vrf VPN Routing/Forwarding Information R3(config)#ntp ser 180.40.8.  7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp ser 180.40.7.98 ke R3(config)#ntp ser 180.40.7.98 key 1 ? prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp ser 180.40.7.98 key 1 R3(config)#^Z R3#sh *Mar 1 16:20:07.545: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 192.10.32.254 4 0 64 0 4.1 425533 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 4 0 64 3 4.0 0.04 7875.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 4 0 64 7 4.0 0.04 3875.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3# R3# R3# R3# R3#sh ntp ass ? detail Show detail | Output modifiers R3#sh ntp ass de R3#sh ntp ass detail 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 4 ref ID 192.10.32.254, time C899D700.0890B41D (20:07:28.033 UTC Fri Aug 25 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 232.64 msec, root disp 41.37, reach 377, sync dist 159.882 delay 3.91 msec, offset 0.0473 msec, dispersion 0.24 precision 2**18, version 3 org time C899D721.01DBACF1 (20:08:01.007 UTC Fri Aug 25 2006) rcv time C899D721.0253AC7D (20:08:01.009 UTC Fri Aug 25 2006) xmt time C899D721.01285209 (20:08:01.004 UTC Fri Aug 25 2006) filtdelay = 4.12 4.06 4.12 4.09 4.10 3.91 4.12 4.21 filtoffset = 0.23 0.20 0.12 0.17 0.17 0.05 0.10 0.07 filterror = 0.02 0.05 0.06 0.08 0.09 0.11 0.12 0.14 R3#deb ntp ? adjust NTP clock adjustments authentication NTP authentication events NTP events loopfilter NTP loop filter packets NTP packets params NTP clock parameters refclock NTP reference clocks select NTP clock selection sync NTP clock synchronization validity NTP peer clock validity R3#deb ntp ev NTP events debugging is on R3#deb ntp ev  pa R3#deb ntp pa % Ambiguous command: "deb ntp pa" R3#deb ntp pac R3#deb ntp packets NTP packets debugging is on R3#conif gt ^ % Invalid input detected at '^' marker. R3#conif  fig t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#no tp ser 180.40.7.98 key 1 authentication-key 1 md5 MyTimeser 180.40.7.98 key 1 bntp ser 180.40.7.98 key 1 ntp ser 180.40.7.98 key 1 nntp ser 180.40.7.98 key 1 ontp ser 180.40.7.98 key 1  ntp ser 180.40.7.98 key 1  R3(config)#no ntp ser 180.40.7.98 key 1 no ntp ser 180.40.7.98 key 1  ntp ser 180.40.7.98 key 1  R3(config)#do sh log Syslog logging: enabled (9 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled) Console logging: level debugging, 48 messages logged, xml disabled Monitor logging: level debugging, 0 messages logged, xml disabled Buffer logging: disabled, xml disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 54 message lines logged R3(config)# .Aug 25 20:08:51.980: NTP: xmit packet to 180.40.7.98: .Aug 25 20:08:51.980: leap 3, mode 3, version 3, stratum 0, ppoll 64 .Aug 25 20:08:51.980: rtdel 3C96 (236.664), rtdsp 0AAE (41.718), refid B4280762 (180.40.7.98) .Aug 25 20:08:51.980: ref C899D725.FD9F6BAB (20:08:05.990 UTC Fri Aug 25 2006) .Aug 25 20:08:51.980: org 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900) .Aug 25 20:08:51.980: rec 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900) .Aug 25 20:08:51.980: xmt C899D753.FAFD37BE (20:08:51.980 UTC Fri Aug 25 2006) .Aug 25 20:08:51.984: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: .Aug 25 20:08:51.984: leap 0, mode 4, version 3, stratum 4, ppoll 64 .Aug 25 20:08:51.984: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) .Aug 25 20:08:51.984: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) .Aug 25 20:08:51.984: org C899D753.FAFD37BE (20:08:51.980 UTC Fri Aug 25 2006) .Aug 25 20:08:51.984: rec C8 R3(config)#99D753.FBCF8FE0 (20:08:51.983 UTC Fri Aug 25 2006) .Aug 25 20:08:51.988: xmt C899D753.FBED101F (20:08:51.984 UTC Fri Aug 25 2006) .Aug 25 20:08:51.988: inp C899D753.FC381425 (20:08:51.985 UTC Fri Aug 25 2006) .Aug 25 20:08:51.988: NTP: 180.40.7.98 reachable Aug 25 20:08:51.988: NTP: sync change Aug 25 20:08:51.988: NTP: peer stratum change Aug 25 20:08:52.981: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:52.981: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:52.981: rtdel 3CA9 (236.954), rtdsp FEAFA (15917.877), refid B4280762 (180.40.7.98) Aug 25 20:08:52.981: ref C899D753.FC381425 (20:08:51.985 UTC Fri Aug 25 2006) Aug 25 20:08:52.981: org C899D753.FBED101F (20:08:51.984 UTC Fri Aug 25 2006) Aug 25 20:08:52.981: rec C899D753.FC381425 (20:08:51.985 UTC Fri Aug 25 2006) Aug 25 20:08:52.981: xmt C899D754.FB69B5D5 (20:08:52.982 UTC Fri Aug 25 2006) Aug 25 20:08:52.985: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:52.985: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:52.985: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:52.985: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:52.985: org C899D754.FB69B5D5 (20:08:52.982 UTC Fri Aug 25 2006) Aug 25 20:08:52.985: rec C899D754.FC3C1679 (20:08:52.985 UTC Fri Aug 25 2006) Aug 25 20:08:52.989: xmt C899D754.FC599A13 (20:08:52.985 UTC Fri Aug 25 2006) Aug 25 20:08:52.989: inp C899D754.FCA8FBC5 (20:08:52.986 UTC Fri Aug 25 2006) Aug 25 20:08:53.983: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:53.983: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:53.983: rtdel 3CA9 (236.954), rtdsp 7EAFC (7917.908), refid B4280762 (180.40.7.98) Aug 25 20:08:53.983: ref C899D754.FCA8FBC5 (20:08:52.986 UTC Fri Aug 25 2006) Aug 25 20:08:53.983: org C899D754.FC599A13 (20:08:52.985 UTC Fri Aug 25 2006) Aug 25 20:08:53.983: rec C899D754.FCA8FBC5 (20:08:52.986 UTC Fri Aug 25 2006) Aug 25 20:08:53.983: xmt C899D755.FBD594B9 (20:08:53.983 UTC Fri Aug 25 2006) Aug 25 20:08:53.987: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:53.987: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:53.987: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:53.987: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:53.987: org C899D755.FBD594B9 (20:08:53.983 UTC Fri Aug 25 2006) Aug 25 20:08:53.987: rec C899D755.FCA3980B (20:08:53.986 UTC Fri Aug 25 2006) Aug 25 20:08:53.991: xmt C899D755.FCC0D52F (20:08:53.987 UTC Fri Aug 25 2006) Aug 25 20:08:53.991: inp C899D755.FD13FE45 (20:08:53.988 UTC Fri Aug 25 2006) Aug 25 20:08:54.981: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:54.981: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:54.981: rtdel 3CAD (237.015), rtdsp 3EAF8 (3917.847), refid B4280762 (180.40.7.98) Aug 25 20:08:54.981: ref C899D755.FD13FE45 (20:08:53.988 UTC Fri Aug 25 2006) Aug 25 20:08:54.981: org C899D755.FCC0D52F (20:08:53.987 UTC Fri Aug 25 2006) Aug 25 20:08:54.981: rec C899D755.FD13FE45 (20:08:53.988 UTC Fri Aug 25 2006) Aug 25 20:08:54.981: xmt C899D756.FB3A042B (20:08:54.981 UTC Fri Aug 25 2006) Aug 25 20:08:54.985: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:54.985: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:54.985: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:54.985: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:54.985: org C899D756.FB3A042B (20:08:54.981 UTC Fri Aug 25 2006) Aug 25 20:08:54.985: rec C899D756.FC0C402C (20:08:54.984 UTC Fri Aug 25 2006) Aug 25 20:08:54.989: xmt C899D756.FC2F25B1 (20:08:54.985 UTC Fri Aug 25 2006) Aug 25 20:08:54.989: inp C899D756.FC7CBBAA (20:08:54.986 UTC Fri Aug 25 2006) Aug 25 20:08:55.982: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:55.982: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:55.982: rtdel 3CAB (236.984), rtdsp 1EAFB (1917.892), refid B4280762 (180.40.7.98) Aug 25 20:08:55.982: ref C899D756.FC7CBBAA (20:08:54.986 UTC Fri Aug 25 2006) Aug 25 20:08:55.982: org C899D756.FC2F25B1 (20:08:54.985 UTC Fri Aug 25 2006) Aug 25 20:08:55.982: rec C899D756.FC7CBBAA (20:08:54.986 UTC Fri Aug 25 2006) Aug 25 20:08:55.982: xmt C899D757.FBA9549E (20:08:55.983 UTC Fri Aug 25 2006) Aug 25 20:08:55.986: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:55.986: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:55.986: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:55.986: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:55.986: org C899D757.FBA9549E (20:08:55.983 UTC Fri Aug 25 2006) Aug 25 20:08:55.986: rec C899D757.FC72B45C (20:08:55.986 UTC Fri Aug 25 2006) Aug 25 20:08:55.990: xmt C899D757.FC9017AB (20:08:55.986 UTC Fri Aug 25 2006) Aug 25 20:08:55.990: inp C899D757.FCF05A12 (20:08:55.988 UTC Fri Aug 25 2006) Aug 25 20:08:56.980: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:56.980: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:56.980: rtdel 3CAB (236.984), rtdsp EAFD (917.923), refid B4280762 (180.40.7.98) Aug 25 20:08:56.980: ref C899D757.FCF05A12 (20:08:55.988 UTC Fri Aug 25 2006) Aug 25 20:08:56.980: org C899D757.FC9017AB (20:08:55.986 UTC Fri Aug 25 2006) Aug 25 20:08:56.980: rec C899D757.FCF05A12 (20:08:55.988 UTC Fri Aug 25 2006) Aug 25 20:08:56.980: xmt C899D758.FB0C0B49 (20:08:56.980 UTC Fri Aug 25 2006) Aug 25 20:08:56.984: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:56.984: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:56.984: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:56.984: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:56.984: org C899D758.FB0C0B49 (20:08:56.980 UTC Fri Aug 25 2006) Aug 25 20:08:56.984: rec C899D758.FBDADE07 (20:08:56.983 UTC Fri Aug 25 2006) Aug 25 20:08:56.988: xmt C899D758.FBF85FF4 (20:08:56.984 UTC Fri Aug 25 2006) Aug 25 20:08:56.988: inp C899D758.FC507B90 (20:08:56.985 UTC Fri Aug 25 2006) Aug 25 20:08:57.982: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:57.982: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:57.982: rtdel 3CAB (236.984), rtdsp 6B00 (417.969), refid B4280762 (180.40.7.98) Aug 25 20:08:57.982: ref C899D758.FC507B90 (20:08:56.985 UTC Fri Aug 25 2006) Aug 25 20:08:57.982: org C899D758.FBF85FF4 (20:08:56.984 UTC Fri Aug 25 2006) Aug 25 20:08:57.982: rec C899D758.FC507B90 (20:08:56.985 UTC Fri Aug 25 2006) Aug 25 20:08:57.982: xmt C899D759.FB770DC9 (20:08:57.982 UTC Fri Aug 25 2006) Aug 25 20:08:57.986: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:57.986: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:57.986: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:57.986: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:57.986: org C899D759.FB770DC9 (20:08:57.982 UTC Fri Aug 25 2006) Aug 25 20:08:57.986: rec C899D759.FC4B2035 (20:08:57.985 UTC Fri Aug 25 2006) Aug 25 20:08:57.990: xmt C899D759.FC683DE5 (20:08:57.985 UTC Fri Aug 25 2006) Aug 25 20:08:57.990: inp C899D759.FCB2E229 (20:08:57.987 UTC Fri Aug 25 2006) Aug 25 20:08:58.979: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:58.979: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:58.979: rtdel 3CAA (236.969), rtdsp 2AFF (167.953), refid B4280762 (180.40.7.98) Aug 25 20:08:58.979: ref C899D759.FCB2E229 (20:08:57.987 UTC Fri Aug 25 2006) Aug 25 20:08:58.979: org C899D759.FC683DE5 (20:08:57.985 UTC Fri Aug 25 2006) Aug 25 20:08:58.979: rec C899D759.FCB2E229 (20:08:57.987 UTC Fri Aug 25 2006) Aug 25 20:08:58.979: xmt C899D75A.FADC599F (20:08:58.979 UTC Fri Aug 25 2006) Aug 25 20:08:58.983: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:58.983: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:58.983: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:58.983: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:58.983: org C899D75A.FADC599F (20:08:58.979 UTC Fri Aug 25 2006) Aug 25 20:08:58.983: rec C899D75A.FBB369B2 (20:08:58.983 UTC Fri Aug 25 2006) Aug 25 20:08:58.987: xmt C899D75A.FBD0D05B (20:08:58.983 UTC Fri Aug 25 2006) Aug 25 20:08:58.987: inp C899D75A.FC1B9F8F (20:08:58.984 UTC Fri Aug 25 2006) Aug 25 20:08:59.981: NTP: xmit packet to 180.40.7.98: Aug 25 20:08:59.981: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:08:59.981: rtdel 3CAD (237.015), rtdsp 0B01 (42.984), refid B4280762 (180.40.7.98) Aug 25 20:08:59.981: ref C899D75A.FC1B9F8F (20:08:58.984 UTC Fri Aug 25 2006) Aug 25 20:08:59.981: org C899D75A.FBD0D05B (20:08:58.983 UTC Fri Aug 25 2006) Aug 25 20:08:59.981: rec C899D75A.FC1B9F8F (20:08:58.984 UTC Fri Aug 25 2006) Aug 25 20:08:59.981: xmt C899D75B.FB4914E7 (20:08:59.981 UTC Fri Aug 25 2006) Aug 25 20:08:59.985: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:08:59.985: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:08:59.985: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:08:59.985: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:08:59.985: org C899D75B.FB4914E7 (20:08:59.981 UTC Fri Aug 25 2006) Aug 25 20:08:59.985: rec C899D75B.FC1A6868 (20:08:59.984 UTC Fri Aug 25 2006) Aug 25 20:08:59.989: xmt C899D75B.FC3D1691 (20:08:59.985 UTC Fri Aug 25 2006) Aug 25 20:08:59.989: inp C899D75B.FC885AD7 (20:08:59.986 UTC Fri Aug 25 2006) Aug 25 20:09:00.982: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:00.982: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:00.982: rtdel 3CA8 (236.938), rtdsp 0AFC (42.908), refid B4280762 (180.40.7.98) Aug 25 20:09:00.982: ref C899D75B.FC885AD7 (20:08:59.986 UTC Fri Aug 25 2006) Aug 25 20:09:00.982: org C899D75B.FC3D1691 (20:08:59.985 UTC Fri Aug 25 2006) Aug 25 20:09:00.982: rec C899D75B.FC885AD7 (20:08:59.986 UTC Fri Aug 25 2006) Aug 25 20:09:00.982: xmt C899D75C.FBB4F3CB (20:09:00.983 UTC Fri Aug 25 2006) Aug 25 20:09:00.986: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:00.986: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:00.986: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:00.986: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:00.986: org C899D75C.FBB4F3CB (20:09:00.983 UTC Fri Aug 25 2006) Aug 25 20:09:00.986: rec C899D75C.FC8B53B3 (20:09:00.986 UTC Fri Aug 25 2006) Aug 25 20:09:00.990: xmt C899D75C.FCA8A6A6 (20:09:00.986 UTC Fri Aug 25 2006) Aug 25 20:09:00.990: inp C899D75C.FCF0C82B (20:09:00.988 UTC Fri Aug 25 2006) Aug 25 20:09:01.980: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:01.980: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:01.980: rtdel 3CAA (236.969), rtdsp 0B01 (42.984), refid B4280762 (180.40.7.98) Aug 25 20:09:01.980: ref C899D75C.FCF0C82B (20:09:00.988 UTC Fri Aug 25 2006) Aug 25 20:09:01.980: org C899D75C.FCA8A6A6 (20:09:00.986 UTC Fri Aug 25 2006) Aug 25 20:09:01.980: rec C899D75C.FCF0C82B (20:09:00.988 UTC Fri Aug 25 2006) Aug 25 20:09:01.980: xmt C899D75D.FB1A3F80 (20:09:01.980 UTC Fri Aug 25 2006) Aug 25 20:09:01.984: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:01.984: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:01.984: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:01.984: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:01.984: org C899D75D.FB1A3F80 (20:09:01.980 UTC Fri Aug 25 2006) Aug 25 20:09:01.984: rec C899D75D.FBED9B72 (20:09:01.984 UTC Fri Aug 25 2006) Aug 25 20:09:01.988: xmt C899D75D.FC0AFD7E (20:09:01.984 UTC Fri Aug 25 2006) Aug 25 20:09:01.988: inp C899D75D.FC58A90C (20:09:01.985 UTC Fri Aug 25 2006) Aug 25 20:09:02.982: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:02.982: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:02.982: rtdel 3CAD (237.015), rtdsp 0AFC (42.908), refid B4280762 (180.40.7.98) Aug 25 20:09:02.982: ref C899D75D.FC58A90C (20:09:01.985 UTC Fri Aug 25 2006) Aug 25 20:09:02.982: org C899D75D.FC0AFD7E (20:09:01.984 UTC Fri Aug 25 2006) Aug 25 20:09:02.982: rec C899D75D.FC58A90C (20:09:01.985 UTC Fri Aug 25 2006) Aug 25 20:09:02.982: xmt C899D75E.FB854200 (20:09:02.982 UTC Fri Aug 25 2006) Aug 25 20:09:02.986: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:02.986: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:02.986: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:02.986: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:02.986: org C899D75E.FB854200 (20:09:02.982 UTC Fri Aug 25 2006) Aug 25 20:09:02.986: rec C899D75E.FC62F6BB (20:09:02.985 UTC Fri Aug 25 2006) Aug 25 20:09:02.990: xmt C899D75E.FC804795 (20:09:02.986 UTC Fri Aug 25 2006) Aug 25 20:09:02.990: inp C899D75E.FCC2CF28 (20:09:02.987 UTC Fri Aug 25 2006) Aug 25 20:09:03.979: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:03.979: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:03.979: rtdel 3CAC (237.000), rtdsp 0B0D (43.167), refid B4280762 (180.40.7.98) Aug 25 20:09:03.979: ref C899D75E.FCC2CF28 (20:09:02.987 UTC Fri Aug 25 2006) Aug 25 20:09:03.979: org C899D75E.FC804795 (20:09:02.986 UTC Fri Aug 25 2006) Aug 25 20:09:03.979: rec C899D75E.FCC2CF28 (20:09:02.987 UTC Fri Aug 25 2006) Aug 25 20:09:03.979: xmt C899D75F.FAEA8D8F (20:09:03.980 UTC Fri Aug 25 2006) Aug 25 20:09:03.983: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:03.983: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:03.983: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:03.983: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:03.983: org C899D75F.FAEA8D8F (20:09:03.980 UTC Fri Aug 25 2006) Aug 25 20:09:03.983: rec C899D75F.FBC19B4E (20:09:03.983 UTC Fri Aug 25 2006) Aug 25 20:09:03.987: xmt C899D75F.FBDEDA8B (20:09:03.983 UTC Fri Aug 25 2006) Aug 25 20:09:03.987: inp C899D75F.FC273E53 (20:09:03.984 UTC Fri Aug 25 2006) Aug 25 20:09:04.981: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:04.981: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:04.981: rtdel 3CAB (236.984), rtdsp 0B02 (42.999), refid B4280762 (180.40.7.98) Aug 25 20:09:04.981: ref C899D75F.FC273E53 (20:09:03.984 UTC Fri Aug 25 2006) Aug 25 20:09:04.981: org C899D75F.FBDEDA8B (20:09:03.983 UTC Fri Aug 25 2006) Aug 25 20:09:04.981: rec C899D75F.FC273E53 (20:09:03.984 UTC Fri Aug 25 2006) Aug 25 20:09:04.981: xmt C899D760.FB5748D7 (20:09:04.981 UTC Fri Aug 25 2006) Aug 25 20:09:04.985: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:04.985: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:04.985: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:04.985: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:04.985: org C899D760.FB5748D7 (20:09:04.981 UTC Fri Aug 25 2006) Aug 25 20:09:04.985: rec C899D760.FC358C35 (20:09:04.985 UTC Fri Aug 25 2006) Aug 25 20:09:04.989: xmt C899D760.FC52AA51 (20:09:04.985 UTC Fri Aug 25 2006) Aug 25 20:09:04.989: inp C899D760.FC90880B (20:09:04.986 UTC Fri Aug 25 2006) Aug 25 20:09:05.983: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:05.983: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:05.983: rtdel 3CA8 (236.938), rtdsp 0B0F (43.198), refid B4280762 (180.40.7.98) Aug 25 20:09:05.983: ref C899D760.FC90880B (20:09:04.986 UTC Fri Aug 25 2006) Aug 25 20:09:05.983: org C899D760.FC52AA51 (20:09:04.985 UTC Fri Aug 25 2006) Aug 25 20:09:05.983: rec C899D760.FC90880B (20:09:04.986 UTC Fri Aug 25 2006) Aug 25 20:09:05.983: xmt C899D761.FBC24B57 (20:09:05.983 UTC Fri Aug 25 2006) Aug 25 20:09:05.987: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:05.987: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:05.987: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:05.987: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:05.987: org C899D761.FBC24B57 (20:09:05.983 UTC Fri Aug 25 2006) Aug 25 20:09:05.987: rec C899D761.FC953275 (20:09:05.986 UTC Fri Aug 25 2006) Aug 25 20:09:05.991: xmt C899D761.FCB26299 (20:09:05.987 UTC Fri Aug 25 2006) Aug 25 20:09:05.991: inp C899D761.FD00B4E3 (20:09:05.988 UTC Fri Aug 25 2006) Aug 25 20:09:06.980: NTP: xmit packet to 180.40.7.98: Aug 25 20:09:06.980: leap 0, mode 3, version 3, stratum 5, ppoll 64 Aug 25 20:09:06.980: rtdel 3CA8 (236.938), rtdsp 0B13 (43.259), refid B4280762 (180.40.7.98) Aug 25 20:09:06.980: ref C899D761.FD00B4E3 (20:09:05.988 UTC Fri Aug 25 2006) Aug 25 20:09:06.980: org C899D761.FCB26299 (20:09:05.987 UTC Fri Aug 25 2006) Aug 25 20:09:06.980: rec C899D761.FD00B4E3 (20:09:05.988 UTC Fri Aug 25 2006) Aug 25 20:09:06.980: xmt C899D762.FB294FF4 (20:09:06.981 UTC Fri Aug 25 2006) Aug 25 20:09:06.984: NTP: rcv packet from 180.40.7.98 to 180.40.7.129 on FastEthernet0/1: Aug 25 20:09:06.984: leap 0, mode 4, version 3, stratum 4, ppoll 64 Aug 25 20:09:06.984: rtdel 3B8C (232.605), rtdsp 0AB5 (41.824), refid C00A20FE (192.10.32.254) Aug 25 20:09:06.984: ref C899D740.08AEA7F5 (20:08:32.033 UTC Fri Aug 25 2006) Aug 25 20:09:06.984: org C899D762.FB294FF4 (20:09:06.981 UTC Fri Aug 25 2006) Aug 25 20:09:06.984: rec C899D762.FC03B7D2 (20:09:06.984 UTC Fri Aug 25 2006) Aug 25 20:09:06.988: xmt C899D762.FC211039 (20:09:06.984 UTC Fri Aug 25 2006) Aug 25 20:09:06.988: inp C899D762.FC6600B9 (20:09:06.985 UTC Fri Aug 25 2006) R3(config)#do u all All possible debugging has been turned off R3(config)#^Z R3# R3# R3# R3# R3# R3# R3# R3# R3# R3#^Z R3# Aug 25 20:09:14.497: %SYS-5-CONFIG_I: Configured from console by console R3#deb ntp ? adjust NTP clock adjustments authentication NTP authentication events NTP events loopfilter NTP loop filter packets NTP packets params NTP clock parameters refclock NTP reference clocks select NTP clock selection sync NTP clock synchronization validity NTP peer clock validity R3#deb ntp au R3#deb ntp authentication NTP authentication debugging is on R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#do u allsh log ntp ser 180.40.7.98 key 1 no ntp ser 180.40.7.98 key 1 R3(config)#no ntp ser 180.40.7.98 key 1 do u all sh log ntp ser 180.40.7.98 key 1 R3(config)#^Z R3# .Aug 25 20:09:49.462: %SYS-5-CONFIG_I: Configured from console by console R3#u all .Aug 25 20:09:59.983: Authentication key 1 Aug 25 20:10:00.985: Authentication key 1 R3#u all All possible debugging has been turned off R3# Aug 25 20:10:01.987: Authentication key 1 Aug 25 20:10:02.984: Authentication key 1 R3#sh run | h b ntp ntp authentication-key 1 md5 143A0B3F05092F 7 ntp server 180.40.7.98 key 1 ! end R3# R3# RACK12AS>4 [Resuming connection 4 to r4 ... ] R4(config)#^Z R4#sh run | b Aug 25 20:11:26.762: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | b ntp ntp authentication-key 1 md5 112400311E1F0E 7 ntp clock-period 17179873 ntp server 192.10.32.254 ! end R4# R4#192.10.32.254 Trying 192.10.32.254 ... Open CR1>sh ? % Unrecognized command CR1>sh   CR1>sh? % Unrecognized command CR1>sh  ? Exec commands: <1-99> Session number to resume clear Reset functions disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC lock Lock the terminal login Log in as a particular user logout Exit from the EXEC name-connection Name an existing network connection ping Send echo messages resume Resume an active network connection set Set system parameter (not config) systat Display information about terminal lines terminal Set terminal line parameters traceroute Trace route to destination where List active connections access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface connect Open a terminal connection --More--   help Description of the interactive help system lat Open a lat connection mls exec mls router commands mrinfo Request neighbor and version information from a multicast router mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source pad Open a X.29 PAD connection ppp Start IETF Point-to-Point Protocol (PPP) rlogin Open an rlogin connection slip Start Serial-line IP (SLIP) tclquit Quit Tool Comand Language shell tclsh Tool Comand Language a shell telnet Open a telnet connection tn3270 Open a tn3270 connection tunnel Open a tunnel connection udptn Open an udptn connection x28 Become an X.28 PAD x3 Set X.3 parameters on PAD xremote Enter XRemote mode CR1>q [Connection to 192.10.32.254 closed by foreign host] R4# R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#access-list             do a sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 20 permit 17.0.0.0, wildcard bits 0.255.255.255 R4(config)#access-list 1 % Incomplete command. R4(config)#access-list 1 per 17.57.100.1 R4(config)#access-list 1 per 17.57.100.1  2  2 R4(config)#access-list 1 per 17.57.100.21 .1 1.1  R4(config)#access-list 1 per 17.57.101.1   2 R4(config)#access-list 1 per 17.57.101.2          80.40.7.34 R4(config)#access-list 1 per 180.40.7.34 4 R4(config)#access-list 1 per 180.40.7.34 5 R4(config)#access-list 1 per 180.40.7.35 6 R4(config)#access-list 1 per 180.40.7.36  33 R4(config)#access-list 1 per 180.40.7.33  R4(config)#access-list 1 per 180.40.7.3 2 R4(config)#access-list 1 per 180.40.7.2 129 R4(config)#access-list 1 per 180.40.7.129  30 R4(config)#access-list 1 per 180.40.7.130   98 R4(config)#access-list 1 per 180.40.7.98 7 R4(config)#ip acces R4(config)#ip access-list st R4(config)#ip access-list standard 1 R4(config-std-nacl)#do sh access-list Standard IP access list 1 120 permit 180.40.7.130 110 permit 180.40.7.129 30 permit 17.57.101.1 10 permit 17.57.100.1 20 permit 17.57.100.2 40 permit 17.57.101.2 90 permit 180.40.7.3 100 permit 180.40.7.2 60 permit 180.40.7.35 50 permit 180.40.7.34 80 permit 180.40.7.33 70 permit 180.40.7.36 130 permit 180.40.7.98 140 permit 180.40.7.97 Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 20 permit 17.0.0.0, wildcard bits 0.255.255.255 R4(config-std-nacl)#no 70 R4(config-std-nacl)#exit R4(config)#ip in ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip in name ? WORD Name of inspection defined R4(config)#ip in name Prob2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip in name Prob2 h3232  ? alert Turn on/off alert audit-trail Turn on/off audit trail timeout Specify the inactivity timeout time R4(config)#ip in name Prob2 h323 R4(config)#ip in name Prob2 h323              Prob 2   b2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip in name Prob2              ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip in tcp ? block-non-session Block non-session TCP traffic finwait-time Specify timeout for TCP connections after a FIN idle-time Specify idle timeout for tcp connections max-incomplete Specify max half-open connection per host synwait-time Specify timeout for TCP connections after a SYN and no further data R4(config)#ip in tcp        exitip in name Prob2 h323      do sh                        do sh run | i ip ins ip inspect name Prob2 h323 R4(config)#do sh run | i ip ins     ip in name Prob2 h323      tcp R4(config)#ip in name Prob2 tcp   d udp R4(config)#ip in name Prob2 udp   icmp R4(config)#int atm 1/0 R4(config-if)#ip in R4(config-if)#ip ins R4(config-if)#ip inspect Prov b22~ % Incomplete command. R4(config-if)#ip inspect Prob22~   % Incomplete command. R4(config-if)# ip inspect Prob2 out R4(config-if)#? Interface configuration commands: access-expression Build a bridge boolean access expression arp Set arp type (arpa, probe, snap) or timeout atm Modify ATM parameters backup Modify backup parameters bandwidth Set bandwidth informational parameter bgp-policy Apply policy propagated by bgp community string bridge-group Transparent bridging interface parameters bundle Configure ATM VC Bundle carrier-delay Specify delay for interface transitions cdp CDP interface subcommands class-int Configure default vc-class name crypto Encryption/Decryption commands dampening Enable event dampening default Set a command to its defaults delay Specify interface throughput delay description Interface specific description diffserv diffserv (Provisioning) dspu Down Stream PU exit Exit from interface configuration mode fras DLC Switch Interface Command h323-gateway Configure H323 Gateway --More--   R4(config-if)#a int fa 0/0 R4(config-if)#ip access R4(config-if)#ip access-group 1 in R4(config-if)#exity ^ % Invalid input detected at '^' marker. R4(config-if)#exit R4(config)#ip    access-list 100 per ntp     a udp any any eq ntpo  R4(config)#do sh ip porot    rot Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.10.32.12 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 0.0.0.0 255.255.255.255 area 0 Routing Information Sources: Gateway Distance Last Update 180.40.7.130 110 16:32:12 180.40.7.129 110 16:32:12 17.57.101.2 110 16:32:12 180.40.7.35 110 16:32:12 180.40.7.34 110 16:32:12 Distance: (default is 110) R4(config)#do sh ip protaccess-list 100 per udp any any eq ntp                  ip any any                  den ip any any log R4(config)#int at,   m 1/0 R4(config-if)#ip access R4(config-if)#ip access-group 100 in R4(config-if)#^Z R4# Aug 25 20:23:50.309: %SYS-5-CONFIG_I: Configured from console by console R4#sh     Aug 25 20:24:05.741: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(32790) -> 192.10.32.12(179), 1 packet R4# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#192.19 0.32.254 Trying 192.10.32.254 ... Open CR1>4 % 4 is not an open connection CR1> CR1> RACK12AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list 1 120 permit 180.40.7.130 110 permit 180.40.7.129 (27 matches) 30 permit 17.57.101.1 10 permit 17.57.100.1 20 permit 17.57.100.2 40 permit 17.57.101.2 90 permit 180.40.7.3 100 permit 180.40.7.2 60 permit 180.40.7.35 50 permit 180.40.7.34 80 permit 180.40.7.33 130 permit 180.40.7.98 140 permit 180.40.7.97 (23 matches) Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list 100 permit tcp host 192.10.32.254 eq telnet host 192.10.32.12 eq 57088 (13 matches) 10 permit udp any any eq ntp 20 deny ip any any log (1 match) R4# RACK12AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3# RACK12AS>4 [Resuming connection 4 to r4 ... ] R4#sh run | b ip ins ip inspect name Prob2 h323 ip inspect name Prob2 tcp ip inspect name Prob2 udp ip inspect name Prob2 icmp ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 --More--   ip address 180.40.7.98 255.255.255.224 ip access-group 1 in ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.12 255.255.255.0 ip access-group 100 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server --More--  ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 access-list 1 permit 180.40.7.130 access-list 1 permit 180.40.7.129 access-list 1 permit 17.57.101.1 access-list 1 permit 17.57.100.1 access-list 1 permit 17.57.100.2 access-list 1 permit 17.57.101.2 access-list 1 permit 180.40.7.3 access-list 1 permit 180.40.7.2 access-list 1 permit 180.40.7.35 access-list 1 permit 180.40.7.34 access-list 1 permit 180.40.7.33 access-list 1 permit 180.40.7.98 access-list 1 permit 180.40.7.97 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! --More--  ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 112400311E1F0E 7 ntp clock-period 17179892 ntp server 192.10.32.254 ! end R4# R4# RACK12AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp  ? snmp snmp-server R1(config)#snmp- R1(config)#snmp-server ? chassis-id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact drop Silently drop SNMP packets enable Enable SNMP Traps or Informs engineID Configure a local or remote SNMPv3 engineID group Define a User Security Model group host Specify hosts to receive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options location Text for mib object sysLocation manager Modify SNMP manager parameters packetsize Largest SNMP packet size queue-length Message queue length for each TRAP host source-interface Assign an source interface system-shutdown Enable use of the SNMP reload command tftp-server-list Limit TFTP servers used via SNMP trap SNMP trap options trap-source Assign an interface for the source address of all traps trap-timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv2 MIB view --More--   R1(config)#snmp-server com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community WORD ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string view Restrict this community to a named MIB view R1(config)#snmp-server community WORD rw ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server community WORD rw R1(config)#snmp-server community WORD rw nsnmp-server community WORD rw osnmp-server community WORD rw  snmp-server community WORD rw  R1(config)#priv R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   controller Controller configuration mode dhcp DHCP pool configuration mode enum_rule enum configuration mode ephone ephone configuration mode ephone-dn ephone-dn configuration mode exec Exec mode filterserver AAA filter server definitions flow-cache Flow aggregation cache config mode fr-fr FR/FR connection configuration mode frf5 FR/ATM Network IWF configuration mode frf8 FR/ATM Service IWF configuration mode gateway Gateway configuration mode gw-accounting-aaa Gateway accounting aaa configuration mode interface Interface configuration mode interface-dlci Frame Relay dlci configuration mode interface-range Interface range configuration mode ip-explicit-path IP explicit path configuration mode ip-vrf Configure IP VRF parameters ipenacl IP named extended access-list configuration mode ipsnacl IP named simple access-list configuration mode ipv6-router IPv6 router configuration mode ipv6acl IPv6 access-list configuration mode ipx-router IPX router configuration mode --More--   R1(config)#privilege confi R1(config)#privilege configure ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege configure level ? <0-15> Privilege level R1(config)#privilege configure level 5 ? LINE Initial keywords of the command to modify R1(config)#privilege configure level 5 snmp-server community WORD rw R1(config)#privilege exec ;eve;         lve  evel 6 5 config t R1(config)#do sh run | b   i priv privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege level 15 R1(config)#privi R1(config)#privilege level       exec level 5 show run R1(config)#privilege exec level 5 show rundo sh run | i priv  privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show privilege level 15 R1(config)#user JoeUser ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser pri R1(config)#user JoeUser privilege ? <0-15> User privilege level R1(config)#user JoeUser privilege 5 ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser privilege 5 pass ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password R1(config)#user JoeUser privilege 5 pass cisco R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.`100    100.1 Trying 17.57.100.1 ... Open R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK12AS>1 [Resuming connection 1 to r1 ... ] R1(config)#int lin vty 0               user jb priv R1(config)#user jb privilege 15 R1(config)#l;ine    ine vty 0 4 R1(config-line)#login loca R1(config-line)# RACK12AS>5 [Resuming connection 5 to r5 ... ] 17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh privi Current privilege level is 5 R1#sh run Building configuration... Current configuration : 53 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! ! end R1#confiug     ? terminal Configure from the terminal R1#confi Configuring from terminal, memory, or network [terminal]? m Invalid privileges R1#mconfi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#atm ? slm Service Level Management R1(config)#atm slm ? statistics Statistics R1(config)#atm slm st ? R1(config)#atm slm st R1(config)#snm R1(config)#snmp-server ? community Enable SNMP; set community string and access privs R1(config)#snmp-server ci om R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test rw R1(config)#end R1#sh run Building configuration... Current configuration : 102 bytes ! boot-start-marker boot-end-marker ! ! ! atm slm statistics ! ! snmp-server community test RW ! end R1# RACK12AS>1 [Resuming connection 1 to r1 ... ] *M R1(config-line)#do sh run | b privi username JoeUser privilege 5 password 0 cisco username jb privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RW ! ! ! privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure --More--  privilege exec level 5 show running-config --More--  privilege exec level 5 show --More--  ! --More--  line con 0 --More--   exec-timeout 0 0 --More--   R1(config-line)#exit R1(config)#no privilege configure level 5 snmp-server community R1(config)#no privilege configure level 5 snmp-server community privilege configure level 5 snmp-server community R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] R1#configt Translating "configt" Translating "configt" % Unknown command or computer name, or unable to find computer address R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)#endsnmp-server community test rw       ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test                            end R1#en % No password set R1#exit [Connection to 17.57.100.1 closed by foreign host] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp-server com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test                             RACK12AS>1 [Resuming connection 1 to r1 ... ] *Ma R1(config)#privilege configure level 5 snmp-server communityno privilege configure level 5 snmp-server community R1(config)#no privilege configure level 5 snmp-server community          R1(config)#do sh run | b pi rivi username JoeUser privilege 5 password 0 cisco username jb privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RW ! ! ! privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show --More--  ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local ! ! end R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] R1(config)#^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK12AS>1 [Resuming connection 1 to r1 ... ] *Mar R1(config)#do sh run | b privino privilege configure level 5 snmp-server communityno\ privilege configure level 5 snmp-server community privilege configure level 5 snmp-server community  privilege configure level 5 snmp-server community  privilege configure level 5 snmp-server community  R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp-server com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test                            ^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK12AS> [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh ? aaa Show AAA values aal2 Show commands for AAL2 access-expression List access expression access-lists List access lists adjacency Adjacent nodes alarm-interface Display information about a specific Alarm Interface Card aliases Display alias commands alps Alps information arp ARP table async Information on terminal lines used as router interfaces auto Show Automation Template backhaul-session-manager Backhaul Session Manager information backup Backup status bgp BGP information bridge Bridge Forwarding/Filtering Database [verbose] bsc BSC interface information bstun BSTUN interface information buffers Buffer pool statistics c2600 Show c2600 information call Show call --More--   R1#sh sh    int Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 0002.fd79.c2a0 (bia 0002.fd79.c2a0) Internet address is 17.57.100.1/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 2000 bits/sec, 3 packets/sec 5 minute output rate 2000 bits/sec, 3 packets/sec 7937 packets input, 1027521 bytes, 0 no buffer Received 7383 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 13866 packets output, 1357652 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 3 deferred 0 lost carrier, 0 no carrier --More--   R1# RACK12AS>1 [Resuming connection 1 to r1 ... ] *Mar R1(config)#^Z R1#sh run | *Mar 1 16:49:21.212: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b priv username JoeUser privilege 5 password 0 cisco username jb privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RW ! ! ! privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure --More--  privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local ! ! end R1# R1# RACK12AS>2 [Resuming connection 2 to r2 ... ] [Connection to r2 closed by foreign host] RACK12AS> [Resuming connection 1 to r1 ... ] R1# R1# R1# R1# R1# R1# RACK12AS>sh sess Conn Host Address Byte Idle Conn Name * 1 r1 1.1.1.1 0 0 r1 3 r3 1.1.1.1 0 14 r3 4 r4 1.1.1.1 14 13 r4 5 r5 1.1.1.1 0 3 r5 6 r6 1.1.1.1 0 36 r6 7 r7 1.1.1.1 6 35 r7 RACK12AS>3 [Resuming connection 3 to r3 ... ] R3# R3# RACK12AS>4 [Resuming connection 4 to r4 ... ] Aug 25 20:26 R4# R4# R4# RACK12AS>5 [Resuming connection 5 to r5 ... ] R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# S5# RACK12AS>6 [Resuming connection 6 to r6 ... ] S6# S6# RACK12AS>7 [Resuming connection 7 to r7 ... ] R7> R7> R7> R7> RACK12AS>r2 Translating "r2" Trying R2 (1.1.1.1, 2002)... Open ************************************************************** Global Knowledge Hands-On Labs Access Server Access is restricted to Global Knowledge CCIE Students ************************************************************** Please re-enter your password. (This is the same password you used to log onto the Lab website.) If you see a username prompt, please wait 40 seconds and try again. If the username prompt persists, please reset equipment from your "Pod x" link. User Access Verification Password: Password OK R2>en R2# R2# R2# R2# R2# R2#sh    sh access-list R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp 180.40.7.             a time   R2(config)#time-range Prob4 ? R2(config)#time-range Prob4 R2(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit Exit from time-range configuration mode no Negate a command or set its defaults periodic periodic time and date R2(config-time-range)#per ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#per DA  wee R2(config-time-range)#per weekk ay R2(config-time-range)#per weekay  day R2(config-time-range)#per weekdays ? hh:mm Starting time R2(config-time-range)#per weekdays 10:00       8:00 ? to ending day and time R2(config-time-range)#per weekdays 8:00 to ? hh:mm Ending time - stays valid until beginning of next minute R2(config-time-range)#per weekdays 8:00 to 18:00 ? R2(config-time-range)#per weekdays 8:00 to 18:00 R2(config-time-range)#exit R2(config)#acce ess-list 100 per tcp     ip any any tim R2(config)#access-list 100 per ip any any time-range Prob4 R2(config)#line vty 0 4 R2(config-line)#acc R2(config-line)#access-class ? <1-199> IP access list <1300-2699> IP expanded access list WORD Access-list name R2(config-line)#access-class 100 in R2(config-line)#exit R2(config)#do sh acess   cess-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2(config)# R2(config)# R2(config)# R2(config)# R2(config)#do sh clock *16:55:00.355 UTC Mon Mar 1 1993 R2(config)#ntp 18   s  ser 180.40.7.98 R2(config)#ntp ser 180.40.7.98do sh clock  20:42:59.706 UTC Fri Aug 25 2006 R2(config)#do sh clock do sh clockntp ser 180.40.7.98do sh clock access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2(config)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2(config)# R2(config)# R2(config)# R2(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R2(config)#clock tim R2(config)#clock timezone ? WORD name of time zone R2(config)#clock timezone MST    DT ? <-23 - 23> Hours offset from UTC R2(config)#clock timezone MDT -7 R2(config)#clock timezone MDT -7do sh access-list clock access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2(config)#^Z R2#sh run | bv Aug 25 20:43:41.198: %SYS-5-CONFIG_I: Configured from console by console R2#sh run | bv    access-list access-list 100 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp server 180.40.7.98 time-range Prob4 periodic weekdays 8:00 to 18:00 ! --More--  ! end R2# R2# RACK12AS>4 [Resuming connection 4 to r4 ... ] Aug R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)# R4(config)#34~qeprokjpweorjgpsfegpsofegopsdfgpo'iefgroiefgopiregopiergqoeirj5$weorjgpsfegpsofegopsdfgpo'iefgroiefgopiregopiergqoeirj5i iiiiiiiiigpsofegopsdfgpo'iefgroiefgopiregopiergqoeirj5iiiiiiiiiii iiiiiiiiidfgpo'iefgroiefgopiregopiergqoeirj5iiiiiiiiiiiiiiiiiiiii iiiiiiiiiroiefgopiregopiergqoeirj5iiiiiiiiiiiiiiiiiiiiiiiiiiiiiii iiiiiiiiiegopiergqoeirj5iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii iiiiiiiiiirj5iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii i                                                         egopiergq         roiefgopi         dfgpo'ief         gpsofegop         weorjgpsf         34~qeprokj          int atm 1/0 R4(config-if)#no ip ins R4(config-if)#no ip inspect Aug 25 20:46:06.199: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(32966) -> 192.10.32.12(179), 1 packet R4(config-if)#no ip inspect Prob2 i out R4(config-if)#no access-list 100 in R4(config)#int at  fa 0/0 R4(config-if)#no ip acces           no ip access-gr R4(config-if)#no ip access-group 1 in R4(config-if)#int at, m 1/0 R4(config-if)#no ip access-gro 100 in R4(config-if)#exit R4(config)#access-list 100 per ip any a ny     ny ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R4(config)#access-list 100 per ip any any                                ip access-list Prob5  out ^ % Invalid input detected at '^' marker. R4(config)#ip access-list Prob5oututeProb5outxProb5out Prob5out R4(config-ext-nacl)#per tcp any any ref R4(config-ext-nacl)#per tcp any any reflect Prob5 R4(config-ext-nacl)#per tcp any any reflect Prob5 any any reflect Prob5  any any reflect Prob5  any any reflect Prob5 u any any reflect Prob5d any any reflect Prob5p any any reflect Prob5 R4(config-ext-nacl)#per udp any any reflect Prob5p any any reflect Prob5  any any reflect Prob5  any any reflect Prob5 i any any reflect Prob5c any any reflect Prob5m any any reflect Prob5p any any reflect Prob5 any any reflect Prob5any any reflect Prob5  R4(config-ext-nacl)#do sh run | b access-l ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob5out permit tcp any any reflect Prob5 permit udp any any reflect Prob5 permit icmp any any reflect Prob5 access-list 1 permit 180.40.7.130 access-list 1 permit 180.40.7.129 access-list 1 permit 17.57.101.1 access-list 1 permit 17.57.100.1 access-list 1 permit 17.57.100.2 access-list 1 permit 17.57.101.2 access-list 1 permit 180.40.7.3 access-list 1 permit 180.40.7.2 access-list 1 permit 180.40.7.35 access-list 1 permit 180.40.7.34 access-list 1 permit 180.40.7.33 access-list 1 permit 180.40.7.98 access-list 1 permit 180.40.7.97 ! ! --More--   R4(config-ext-nacl)#[B  exit R4(config)#exitdo sh run | b access-lper icmp any any reflect Prob5udp any any reflect Prob5 tcp any any reflect Prob5ip access-list ex Prob5out    in R4(config-ext-nacl)#per udp any any eq ntp R4(config-ext-nacl)#ev R4(config-ext-nacl)#evaluate Prob5 ? R4(config-ext-nacl)#evaluate Prob5 R4(config-ext-nacl)#de ip any any log R4(config-ext-nacl)#do sh ip ospf nei Neighbor ID Pri State Dead Time Address Interface 180.40.7.130 1 FULL/BDR 00:00:34 180.40.7.97 FastEthernet0/0 R4(config-ext-nacl)#int atm 1/0 R4(config-if)#ip access R4(config-if)#ip access-group Prob5out out R4(config-if)#ip access-group Prob5out out       in in R4(config-if)#^Z R4# Aug 25 20:50:13.808: %SYS-5-CONFIG_I: Configured from console by console R4#sh access-list Standard IP access list 1 120 permit 180.40.7.130 110 permit 180.40.7.129 (98 matches) 30 permit 17.57.101.1 (57 matches) 10 permit 17.57.100.1 20 permit 17.57.100.2 40 permit 17.57.101.2 90 permit 180.40.7.3 100 permit 180.40.7.2 60 permit 180.40.7.35 50 permit 180.40.7.34 80 permit 180.40.7.33 130 permit 180.40.7.98 140 permit 180.40.7.97 (166 matches) Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Reflexive IP access list Prob5 Extended IP access list Prob5in 10 permit udp any any eq ntp 20 evaluate Prob5 30 deny ip any any log Extended IP access list Prob5out --More--   10 permit tcp any any reflect Prob5 20 permit udp any any reflect Prob5 30 permit icmp any any reflect Prob5 R4# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1> CR1> CR1> CR1> CR1> CR1> CR1>^x4 % Unknown command or computer name, or unable to find computer address CR1> CR1> RACK12AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list 1 120 permit 180.40.7.130 110 permit 180.40.7.129 (98 matches) 30 permit 17.57.101.1 (57 matches) 10 permit 17.57.100.1 20 permit 17.57.100.2 40 permit 17.57.101.2 90 permit 180.40.7.3 100 permit 180.40.7.2 60 permit 180.40.7.35 50 permit 180.40.7.34 80 permit 180.40.7.33 130 permit 180.40.7.98 140 permit 180.40.7.97 (166 matches) Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.12 eq 28500 (101 matches) (time left 297) Extended IP access list Prob5in 10 permit udp any any eq ntp 20 evaluate Prob5 --More--   30 deny ip any any log Extended IP access list Prob5out 10 permit tcp any any reflect Prob5 (47 matches) 20 permit udp any any reflect Prob5 30 permit icmp any any reflect Prob5 R4# RACK12AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3#192.10.32.254p192.10.32.254 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms R3#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms R3# RACK12AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list 1 120 permit 180.40.7.130 110 permit 180.40.7.129 (98 matches) 30 permit 17.57.101.1 (57 matches) 10 permit 17.57.100.1 20 permit 17.57.100.2 40 permit 17.57.101.2 90 permit 180.40.7.3 100 permit 180.40.7.2 60 permit 180.40.7.35 50 permit 180.40.7.34 80 permit 180.40.7.33 130 permit 180.40.7.98 140 permit 180.40.7.97 (166 matches) Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (29 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Reflexive IP access list Prob5 permit icmp host 192.10.32.254 host 192.10.32.12 (171 matches) (time left 296) Extended IP access list Prob5in 10 permit udp any any eq ntp (3 matches) 20 evaluate Prob5 --More--   30 deny ip any any log Extended IP access list Prob5out 10 permit tcp any any reflect Prob5 (60 matches) 20 permit udp any any reflect Prob5 30 permit icmp any any reflect Prob5 (81 matches) R4# Aug 25 20:52:06.326: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(33014) -> 192.10.32.12(179), 1 packet R4#sh run | b 1/0 interface ATM1/0 ip address 192.10.32.12 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob5in permit udp any any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5out permit tcp any any reflect Prob5 permit udp any any reflect Prob5 permit icmp any any reflect Prob5 access-list 1 permit 180.40.7.130 access-list 1 permit 180.40.7.129 access-list 1 permit 17.57.101.1 access-list 1 permit 17.57.100.1 access-list 1 permit 17.57.100.2 access-list 1 permit 17.57.101.2 access-list 1 permit 180.40.7.3 access-list 1 permit 180.40.7.2 access-list 1 permit 180.40.7.35 access-list 1 permit 180.40.7.34 access-list 1 permit 180.40.7.33 access-list 1 permit 180.40.7.98 access-list 1 permit 180.40.7.97 --More--  ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 112400311E1F0E 7 ntp clock-period 17179932 ntp server 192.10.32.254 ! end R4# R4# RACK12AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server host ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server host 17.57.100.99 ? R1(config)#tacacs-server host 17.57.100.99 R1(config)#tacacs-server host 17.57.100.99                   ke R1(config)#tacacs-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key 1 MyKey R1(config)#aaa new R1(config)#aaa new-model ? R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication Pr    ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication lo R1(config)#aaa authentication login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login Prob6 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 t grou R1(config)#aaa authentication login Prob6 group t R1(config)#aaa authentication login Prob6 group tacacs+ ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 group tacacs+ lo R1(config)#aaa authentication login Prob6 group tacacs+ local? local local-case R1(config)#aaa authentication login Prob6 group tacacs+ local ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. none NO authentication. R1(config)#aaa authentication login Prob6 group tacacs+ local R1(config)#aaa authentication login Prob6 group tacacs+ local                           default ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login default ;pca    loval   cal R1(config)#lint vty 0 4 ^ % Invalid input detected at '^' marker. R1(config)#lint vty 0 4 vty 0 4 e vty 0 4 R1(config-line)#login authe R1(config-line)#login authentication Prob6 R1(config-line)# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1#sh privi Current privilege level is 15 R1#sh run | b line line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login authentication Prob6 ! ! end R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int     line vty 0 4 R1(config-line)#privi R1(config-line)#privilege l R1(config-line)#privilege level 0 R1(config-line)#^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1>? Exec commands: <1-99> Session number to resume disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system logout Exit from the EXEC R1>en % Error in authentication. R1>en R1>enable ? <0-15> Enable level R1>enable 15 % Error in authentication. R1> RACK12AS>1 [Resuming connection 1 to r1 ... ] *Mar R1(config-line)#exut  it R1(config)#en R1(config)#ena R1(config)#enable paa R1(config)#enable paa  R1(config)#enable password cisco R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] R1>ena R1>enable Password: R1#disc R1#disconnect         a R1#disable R1>q [Connection to 17.57.100.1 closed by foreign host] S5#^x   RACK12AS>1 [Resuming connection 1 to r1 ... ] R1(config)#enable password cisconenable password ciscooenable password cisco enable password cisco ^ % Invalid input detected at '^' marker. R1(config)#no enable password cisco      R1(config)#^Z R1#sh run | *Mar 1 17:11:55.051: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b aaa aaa new-model ! ! aaa authentication login default local aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! ! ! --More--  atm slm statistics username JoeUser privilege 5 password 0 cisco username jb privilege 15 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown --More--   half-duplex ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request tacacs-server key MyKey snmp-server community test RW ! ! ! --More--  privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 0 login authentication Prob6 ! ! end R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication pass R1(config)#aaa authentication password-prompt "CCIe wantabe password  : " R1(config)#aaa authentication password-prompt "CCIe wantabe password: ""                                         U user R1(config)#aaa authentication username-prompt "CCIE intraining username :  : " R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE intraining username: Jou eUser CCIe wantabe password: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# RACK12AS>1 [Resuming connection 1 to r1 ... ] R1(config)#aaa authentication username-prompt "CCIE intraining username: """ ^ % Invalid input detected at '^' marker. R1(config)#aaa authentication username-prompt "CCIE intraining username: ""  \# "" R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE intraining username: " CCIE intraining username: " CCIE intraining username: " RACK12AS>1 [Resuming connection 1 to r1 ... ] R1(config)#aaa authentication username-prompt "CCIE intraining username: \""     ? Warning: Assumed end-quote for quoted string WORD R1(config)#aaa authentication username-prompt "CCIE intraining username? Warning: Assumed end-quote for quoted string WORD R1(config)#aaa authentication username-prompt "CCIE intraining username? " R1(config)# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE intraining username? CCIE intraining username? CCIE intraining username? RACK12AS>1 [Resuming connection 1 to r1 ... ] R1(config)#^Z R1#sh ru n|     *Mar 1 17:17:25.953: %SYS-5-CONFIG_I: Configured from console by console R1#sh ru  n | b aaa aaa new-model ! ! aaa authentication password-prompt "CCIe wantabe password: " aaa authentication username-prompt "CCIE intraining username? " aaa authentication login default local aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! --More--   R1#CONFI GT ^ % Invalid input detected at '^' marker. R1#A config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa ? accounting Accounting configurations parameters. authentication Authentication configurations parameters. authorization Authorization configurations parameters. cache AAA cache definitions configuration Authorization configuration parameters. dnis Associate certain AAA parameters to a specific DNIS number group AAA group definitions nas NAS specific configuration new-model Enable NEW access control commands and functions.(Disables OLD commands.) pod POD processing route Static route downloading session-id AAA Session ID session-mib AAA session MIB options traceback Traceback recording user AAA user definitions R1(config)#aaa authen ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authen ban R1(config)#aaa authen banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authen banner                   bann motd ? LINE c banner-text c, where 'c' is a delimiting character R1(config)#bann motd # Enter TEXT message. End with the character '#'. Keep out # R1(config)#^Z R1# RACK12AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Keep out CCIE intraining username? CCIE intraining username? CCIE intraining username? [Connection to 17.57.100.1 closed by foreign host] S5# RACK12AS>1 [Resuming connection 1 to r1 ... ] *Ma R1#sh run | b banner banner motd ^C Keep out ^C privilege configure level 5 snmp-server community privilege configure level 5 snmp-server privilege exec level 5 configure terminal privilege exec level 5 configure privilege exec level 5 show running-config privilege exec level 5 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 0 login authentication Prob6 ! ! --More--   R1# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#c sh access-list R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#access-list 100 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R3(config)#access-list 100 per ospf any any R3(config)#access-list 100 per ospf any any            udp ntp     any any eq ntp R3(config)#access-list 100 per udp any any eq ntp                  tcp 180.40.7.128 0.0.0.31 10 80.40.7.129 1 h180.40.7.129 i180.40.7.129 o180.40.7.129 180.40.7.129 180.40.7.129 o180.40.7.129 s180.40.7.129 t180.40.7.129  180.40.7.129 180.40.7.129 e$ 100 per tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq  telnet R3(config)#access-list 100 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment R3(config)#access-list 100 dyna R3(config)#access-list 100 dynamic ? WORD Name of a Dynamic list R3(config)#access-list 100 dynamic Prob9 % Incomplete command. R3(config)#~access-list 100 dynamic Prob9 ? deny Specify packets to reject permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config)#access-list 100 dynamic Prob9 tim R3(config)#access-list 100 dynamic Prob9 timeout         per       tim  R3(config)#access-list 100 dynamic Prob9 tim   R3(config)#access-list 100 dynamic Prob9 timeout ? <1-9999> Maximum time to live R3(config)#access-list 100 dynamic Prob9 timeout 60 ? deny Specify packets to reject permit Specify packets to forward R3(config)#access-list 100 dynamic Prob9 timeout 60 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config)#access-list 100 dynamic Prob9 timeout 60 per ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config)#access-list 100 dynamic Prob9 timeout 60 per ip any any R3(config)#access-list 100 den ip 180.40.7.128 0.0.0.31 any R3(config)#access-list 100 den ip 180.40.7.128 0.0.0.31 any  access-list 100 per ip any any R3(config)#user jb pass      priv R3(config)#user jb privilege 15 R3(config)#user George pass bosco aut R3(config)#user George pass bosco aut? LINE R3(config)#user George pass bosco aut     R3(config)#user George pass bosco          auto R3(config)#user George autocommand ? LINE Command to be automatically issued after the user logs in R3(config)#user George autocommand access-enable ? LINE R3(config)#user George autocommand access-enable timout ? LINE R3(config)#user George autocommand access-enable timout        host ? LINE R3(config)#user George autocommand access-enable host timeout 2 ? LINE R3(config)#user George autocommand access-enable host timeout 2 R3(config)#line vty 0 4 R3(config-line)#login local R3(config-line)# RACK12AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK12AS>c 3 [Resuming connection 3 to r3 ... ] R3(config-line)#int fa 0/1 R3(config-if)#ip acces-list       s  -list 100 in ^ % Invalid input detected at '^' marker. R3(config-if)#ip access-list 100 in100 in 100 in 100 in 100 in 100 in g100 inr100 ino100 inu100 in 100 in R3(config-if)# RACK12AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3(config-if)#^Z R3#sh r ~ Aug 25 21:13:47.735: %SYS-5-CONFIG_I: Configured from console by console R3#sh ~a  aa cces- slist ^ % Invalid input detected at '^' marker. R3#sh accesslist-list Extended IP access list 100 10 permit ospf any any (4 matches) 20 permit udp any any eq ntp 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (93 matches) 40 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 108) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any R3# R3# R3# R3#sh access-list sh access-list Extended IP access list 100 10 permit ospf any any (7 matches) 20 permit udp any any eq ntp (4 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (93 matches) 40 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 80) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any R3#sh access-list Extended IP access list 100 10 permit ospf any any (7 matches) 20 permit udp any any eq ntp (4 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (93 matches) 40 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 77) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any R3#sh access-list Extended IP access list 100 10 permit ospf any any (7 matches) 20 permit udp any any eq ntp (4 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (93 matches) 40 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (5 matches) (time left 76) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any R3# RACK12AS>6 [Resuming connection 6 to r6 ... ] ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK12AS>3 [Resuming connection 3 to r3 ... ] sh access-list Extended IP access list 100 10 permit ospf any any (8 matches) 20 permit udp any any eq ntp (4 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (93 matches) 40 Dynamic Prob9 permit ip any any permit ip host 180.40.7.130 any (10 matches) (time left 117) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any R3#sh run|    | b            ^x   RACK12AS>4 [Resuming connection 4 to r4 ... ] A R4#180.40.7.`19   129 Trying 180.40.7.129 ... Open User Access Verification Username: jb Password: R3# R3# R3# R3# R3#q [Connection to 180.40.7.129 closed by foreign host] R4# R4# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#sh run|    | b user username jb privilege 15 username George password 0 bosco username George autocommand access-enable host timeout 2 ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 --More--   ip access-group 100 in duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 --More--   no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server --More--  ! access-list 100 permit ospf any any access-list 100 permit udp any any eq ntp access-list 100 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet access-list 100 dynamic Prob9 timeout 60 permit ip any any access-list 100 deny ip 180.40.7.128 0.0.0.31 any access-list 100 permit ip any any ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login local --More--  ! ntp authentication-key 1 md5 143A0B3F05092F 7 ntp clock-period 17208216 ntp server 180.40.7.98 key 1 ! end R3# R3# RACK12AS>2 [Resuming connection 2 to r2 ... ] R2#confi grt ^ % Invalid input detected at '^' marker. R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2(config)#access-list 101 per tcmp    p       any 17.57.101.0 0.0.0.255 ^ % Invalid input detected at '^' marker. R2(config)#access-list 101 per any 17.57.101.0 0.0.0.255 iany 17.57.101.0 0.0.0.255pany 17.57.101.0 0.0.0.255 any 17.57.101.0 0.0.0.255 R2(config)#ip tcp in R2(config)#ip tcp intercept ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp intercept list ? <100-199> Extended access list number for intercept WORD Access list name for intercept R2(config)#ip tcp intercept list `10   101 ? R2(config)#ip tcp intercept list 101 R2(config)#^Z R2#sh r Aug 25 21:18:23.988: %SYS-5-CONFIG_I: Configured from console by console R2#sh run \         RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#17.57.101.2 Trying 17.57.101.2 ... Open S5# S5# S5# S5# S5#^x2 % Unknown command or computer name, or unable to find computer address S5# S5# RACK12AS>2 [Resuming connection 2 to r2 ... ] R2#sh ip tcp in R2#sh ip tcp in R2#sh ip tcp in R2#sh ip tcp in R2#sh ip tcp in? % Unrecognized command R2#sh ip tcp in         TCP ? <0-70> Line number aux Auxiliary line brief Brief display console Primary terminal line intercept Intercept display statistics TCP protocol statistics tcb TCB address tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems | Output modifiers R2#sh TCP in R2#sh TCP intercept ? connections Connection information statistics Statistics R2#sh TCP intercept st Intercepting new connections using access-list 101 0 incomplete, 1 established connections (total 1) 0 connection requests per minute R2# R2# R2# R2#sh TCP intercept st ? | Output modifiers R2#sh TCP intercept st      ? connections Connection information statistics Statistics R2#sh TCP intercept con R2#sh TCP intercept connections ? | Output modifiers R2#sh TCP intercept connections Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode 180.40.7.3:44757 17.57.101.2:23 ESTAB 00:00:33 23:59:30 I R2# R2# R2# R2# R2#confi gt ^ % Invalid input detected at '^' marker. R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#^Z R2# Aug 25 21:19:36.889: %SYS-5-CONFIG_I: Configured from console by console R2# R2# R2# R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip tic  cp in R2(config)#ip tcp intercept mo R2(config)#ip tcp intercept mode ? intercept Intercept connections watch Watch connections R2(config)#ip tcp intercept mode in ? R2(config)#ip tcp intercept mode in    wa R2(config)#ip tcp intercept mode watch ? R2(config)#ip tcp intercept mode watch            ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp intercept dro ? oldest Drop oldest incomplete connection random Drop random incomplete connection R2(config)#ip tcp intercept dro ran ? R2(config)#ip tcp intercept dro ran     ol ? R2(config)#ip tcp intercept dro ol                         ^Z R2# Aug 25 21:21:11.610: %SYS-5-CONFIG_I: Configured from console by console R2# R2# R2# R2# R2# R2# R2#sh run | b ip tcp ip tcp intercept list 101 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! --More--  ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 --More--   ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! --More--  interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! access-list 100 permit ip any any time-range Prob4 access-list 101 permit ip any 17.57.101.0 0.0.0.255 ! ! ! ! --More--   R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) Extended IP access list 101 10 permit ip any 17.57.101.0 0.0.0.255 (2 matches) R2(config)# R2(config)# R2(config)# R2(config)# R2(config)#accc    ip acce ess ex Prob11 R2(config-ext-nacl)#den ospf any any R2(config-ext-nacl)#per ip any any R2(config-ext-nacl)#exit R2(config)#cry R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto is R2(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R2(config)#crypto isakmp k R2(config)#crypto isakmp ke? keepalive key R2(config)#crypto isakmp ke ey ? WORD pre-shared key R2(config)#crypto isakmp key cisco ? address define shared key with IP address hostname define shared key with hostname R2(config)#crypto isakmp key cisco host    add ? A.B.C.D Peer IP address R2(config)#crypto isakmp key cisco add 180.40.7.3 ? A.B.C.D Peer IP subnet mask no-xauth Bypasses XAuth for this peer R2(config)#crypto isakmp key cisco add 180.40.7.3 R2(config)#cry R2(config)#crypto is R2(config)#crypto isakmp po R2(config)#crypto isakmp policy ? <1-10000> Priority of protection suite R2(config)#crypto isakmp policy 10 ? R2(config)#crypto isakmp policy 10 R2(config-isakmp)#? ISAKMP commands: authentication Set authentication method for protection suite default Set a command to its defaults encryption Set encryption algorithm for protection suite exit Exit from ISAKMP protection suite configuration mode group Set the Diffie-Hellman group hash Set hash algorithm for protection suite lifetime Set lifetime for ISAKMP security association no Negate a command or set its defaults R2(config-isakmp)#authen R2(config-isakmp)#authentication ? pre-share Pre-Shared Key rsa-encr Rivest-Shamir-Adleman Encryption rsa-sig Rivest-Shamir-Adleman Signature R2(config-isakmp)#authentication pre R2(config-isakmp)#authentication pre-share ? R2(config-isakmp)#authentication pre-share R2(config-isakmp)#exit R2(config)#cry R2(config)#crypto ip R2(config)#crypto ipsec > ? client Configure a client df-bit Handling of encapsulated DF bit. fragmentation Handling of fragmentation of near-MTU sized packets nat-transparency IPsec NAT transparency model optional Enable optional encryption for IPSec profile Configure an ipsec policy profile security-association Security association parameters transform-set Define transform and settings R2(config)#crypto ipsec tr R2(config)#crypto ipsec transform-set ? WORD Transform set tag R2(config)#crypto ipsec transform-set Proi b11 ? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#crypto ipsec transform-set Prob11 a R2(config)#crypto ipsec transform-set Prob11 ah-s R2(config)#crypto ipsec transform-set Prob11 ah-sha-hmac ? comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R2(config)#crypto ipsec transform-set Prob11 ah-sha-hmac R2(cfg-crypto-trans)#? Crypto transform configuration commands: default Set a command to its defaults exit Exit from crypto transform configuration mode mode encapsulation mode (transport/tunnel) no Negate a command or set its defaults R2(cfg-crypto-trans)#mode ? transport transport (payload encapsulation) mode tunnel tunnel (datagram encapsulation) mode R2(cfg-crypto-trans)#mode \      exit R2(config)#cry R2(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R2(config)#crypto map ? WORD Crypto map tag R2(config)#crypto map Prob11 ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R2(config)#crypto map Prob11 is R2(config)#crypto map Prob11 isakmp ? authorization Authorization parameters. R2(config)#crypto map Prob11 isakmp          10 ? ipsec-isakmp IPSEC w/ISAKMP ipsec-manual IPSEC w/manual keying R2(config)#crypto map Prob11 10 ip R2(config)#crypto map Prob11 10 ipsec-i R2(config)#crypto map Prob11 10 ipsec-isakmp ? dynamic Enable dynamic crypto map support profile Enable crypto map as a crypto-profile R2(config)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R2(config-crypto-map)# R2(config-crypto-map)# R2(config-crypto-map)# R2(config-crypto-map)#match ? address Match address of packets to encrypt. R2(config-crypto-map)#match add ? <100-199> IP access-list number <2000-2699> IP access-list number (expanded range) WORD Access-list name R2(config-crypto-map)#match add Proi b11 R2(config-crypto-map)#set ? identity Identity restriction. isakmp-profile Specify isakmp Profile peer Allowed Encryption/Decryption peer. pfs Specify pfs settings security-association Security association parameters transform-set Specify list of transform sets in priority order R2(config-crypto-map)#set tr R2(config-crypto-map)#set transform-set 1 Prob11 R2(config-crypto-map)#set ? identity Identity restriction. isakmp-profile Specify isakmp Profile peer Allowed Encryption/Decryption peer. pfs Specify pfs settings security-association Security association parameters transform-set Specify list of transform sets in priority order R2(config-crypto-map)#set peer ? Hostname or A.B.C.D IP address/hostname of peer R2(config-crypto-map)#set peer 180.40/.  .7.3 R2(config-crypto-map)#int s 1/2 R2(config-if)#cry R2(config-if)#crypto m R2(config-if)#crypto map Prob11 R2(config-if)# Aug 25 21:26:43.110: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2(config-if)#^Z R2#sh run Aug 25 21:26:54.380: %SYS-5-CONFIG_I: Configured from console by console R2#sh run | b cry no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! clock timezone MDT -7 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ip tcp intercept list 101 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! --More--  ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-sha-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.3 --More--   set transform-set Prob11 --More--   match address Prob11 --More--  ! --More--  ! --More--  ! --More--  ! --More--  interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 203 --More--  ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 --More--   no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! ip access-list extended Prob11 deny ospf any any permit ip any any ! access-list 100 permit ip any any time-range Prob4 access-list 101 permit ip any 17.57.101.0 0.0.0.255 ! --More--  ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp clock-period 17208132 ntp server 180.40.7.98 time-range Prob4 periodic weekdays 8:00 to 18:00 ! ! --More--   R2# Aug 25 21:28:53.514: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 180.40.7.3 failed its sanity check or is malformed R2# RACK12AS>3 [Resuming connection 3 to r3 ... ] R3#sh sess Conn Host Address Byte Idle Conn Name * 1 17.57.101.2 17.57.101.2 0 0 17.57.101.2 R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#crypto isakmp policy 10 R3(config-isakmp)# authentication pre-share R3(config-isakmp)#crypto isakmp key cisco address 180.40.7.2 R3(config)#! R3(config)#! R3(config)#crypto ipsec transform-set Prob11 ah-sha-hmac R3(cfg-crypto-trans)#! R3(cfg-crypto-trans)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R3(config-crypto-map)# set peer 180.40.7.2 R3(config-crypto-map)# set transform-set Prob11 R3(config-crypto-map)# match address Prob11 R3(config-crypto-map)#! R3(config-crypto-map)#interface Serial1/2 R3(config-if)# clock rate 64000 %Error: This command applies only to DCE interfaces R3(config-if)# crypto map Prob11 R3(config-if)#! R3(config-if)#ip access-list extended Prob11 R3(config-ext-nacl)# deny ospf any any R3(config-ext-nacl)# permit ip any any R3(config-ext-nacl)# Aug 25 21:30:10.032: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R3(config-ext-nacl)# R3(config-ext-nacl)# R3(config-ext-nacl)# R3(config-ext-nacl)#^Z R3# [Resuming connection 1 to 17.57.101.2 ... ] Aug 25 21:30:16.643: %SYS-5-CONFIG_I: Configured from console by console R3#disc Closing connection to 17.57.101.2 [confirm] R3#sh    sh cry ip R3#sh cry ipsec sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 0 inbound esp sas: inbound ah sas: --More--   R3#sh cry ipsec sa       s R3#sh cry isakmp sa dst src state conn-id slot 180.40.7.3 180.40.7.2 MM_NO_STATE 2 0 180.40.7.3 180.40.7.2 MM_NO_STATE 1 0 R3#poi  ing 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms R3#ping 180.40.7.2sh cry isakmp saping 180.40.7.2  sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 17.0.0.0/24 is subnetted, 2 subnets O 17.57.100.0 [110/791] via 180.40.7.34, 17:40:34, Serial1/0 O 17.57.101.0 [110/782] via 180.40.7.2, 17:40:34, Serial1/2 [110/782] via 180.40.7.35, 17:40:34, Serial1/0 O 192.10.32.0/24 [110/3] via 180.40.7.130, 17:40:34, FastEthernet0/1 180.40.0.0/16 is variably subnetted, 6 subnets, 2 masks C 180.40.7.128/27 is directly connected, FastEthernet0/1 C 180.40.7.0/27 is directly connected, Serial1/2 O 180.40.7.35/32 [110/781] via 180.40.7.2, 17:40:36, Serial1/2 [110/781] via 180.40.7.35, 17:40:36, Serial1/0 O 180.40.7.34/32 [110/781] via 180.40.7.34, 17:40:36, Serial1/0 C 180.40.7.32/27 is directly connected, Serial1/0 O 180.40.7.96/27 [110/2] via 180.40.7.130, 17:40:36, FastEthernet0/1 R3#sh ip route sh ip route sh ip routeping 180.40.7.2sh cry isakmp sa dst src state conn-id slot 180.40.7.3 180.40.7.2 QM_IDLE 3 0 180.40.7.3 180.40.7.2 MM_NO_STATE 2 0 (deleted) 180.40.7.3 180.40.7.2 MM_NO_STATE 1 0 (deleted) R3#sh cry isakmp saip route ping 180.40.7.2sh cry isakmp sapsec sa  interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 5, #pkts encrypt: 0, #pkts digest 5 #pkts decaps: 5, #pkts decrypt: 0, #pkts verify 5 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 9DE8F044 inbound esp sas: inbound ah sas: --More--   R3#sh cry ipsec sasakmp saip route ping 180.40.7.2sh cry isakmp saping 180.40.7.2 sh cry isakmp sapsec sa disc config tsh sess 17.57.101.2 Trying 17.57.101.2 ... Open S5# S5# S5# S5# S5# S5# S5# R3#17.57.101.2sh cry ipsec sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 5, #pkts encrypt: 0, #pkts digest 5 #pkts decaps: 26, #pkts decrypt: 0, #pkts verify 26 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 9DE8F044 inbound esp sas: inbound ah sas: --More--   R3#sh cry ipsec sa17.57.101.2 sh cry ipsec sasakmp saip route ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms R3#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms R3#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms R3#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms R3#ping 180.40.7.2sh cry ipsec sa17.57.101.2 sh cry ipsec sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 25, #pkts encrypt: 0, #pkts digest 25 #pkts decaps: 46, #pkts decrypt: 0, #pkts verify 46 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 9DE8F044 inbound esp sas: inbound ah sas: --More--   R3# [Resuming connection 1 to 17.57.101.2 ... ] S5#q [Connection to 17.57.101.2 closed by foreign host] R3# R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int s 1/0 R3(config-if)#shut R3(config-if)#^Z R3# Aug 25 21:33:22.609: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.35 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached Aug 25 21:33:22.609: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.34 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached R3#config tsh cry ipsec sa Aug 25 21:33:23.655: %SYS-5-CONFIG_I: Configured from console by console Aug 25 21:33:24.604: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down R3#sh cry ipsec saping 180.40.7.2sh cry ipsec sa Aug 25 21:33:25.606: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down R3#sh cry ipsec sa17.57.101.2  Trying 17.57.101.2 ... Open S5# S5# S5# S5# S5# S5# R3#17.57.101.2config t sh cry ipsec sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.3 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.2:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 47, #pkts encrypt: 0, #pkts digest 47 #pkts decaps: 73, #pkts decrypt: 0, #pkts verify 73 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 180.40.7.3, remote crypto endpt.: 180.40.7.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 9DE8F044 inbound esp sas: inbound ah sas: --More--   R3#q (You have open connections) [confirm]^C R3# [Resuming connection 1 to 17.57.101.2 ... ] S5#q [Connection to 17.57.101.2 closed by foreign host] R3# R3#sh run | isak ^ % Invalid input detected at '^' marker. R3#sh run | isakbisak isak crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-sha-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 match address Prob11 ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address --More--