=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2007.03.16 13:56:03 =~=~=~=~=~=~=~=~=~=~=~= RACK3AS>4 [Resuming connection 4 to r4 ... ] R4#sh int at,       run int atm 1/0 Building configuration... Current configuration : 153 bytes ! interface ATM1/0 ip address 192.10.32.3 255.255.255.0 ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! end R4#p 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms R4#sh clock *00:17:01.371 UTC Mon Mar 1 1993 R4#confi t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp serv 192.10.2 32.254 R4(config)#do sh ntr p ass address ref clock st when poll reach delay offset disp ~192.10.32.254 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#do sh ntp ass address ref clock st when poll reach delay offset disp ~192.10.32.254 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#do sh ntp ass address ref clock st when poll reach delay offset disp ~192.10.32.254 127.127.7.1 4 0 64 0 5.2 443134 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~192.10.32.254 127.127.7.1 4 0 64 3 5.2 -0.05 7875.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)# R4(config)# R4(config)# R4(config)# R4(config)#do sh clock 21:04:39.497 UTC Fri Mar 16 2007 R4(config)# R4(config)# R4(config)# R4(config)# R4(config)#time R4(config)#time-range            clo R4(config)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R4(config)#clock ti  su R4(config)#clock summer-time ? WORD name of time zone in summer R4(config)#clock summer-time PST / > ? date Configure absolute summer time recurring Configure recurring summer time R4(config)#clock summer-time PST red R4(config)#clock summer-time PST red? % Unrecognized command R4(config)#clock summer-time PST red c R4(config)#clock summer-time PST recurring ? <1-4> Week number to start first First week of the month last Last week of the month R4(config)#clock summer-time PST recurring                           ? summer-time Configure summer (daylight savings) time timezone Configure time zone R4(config)#clock tim R4(config)#clock timezone ? WORD name of time zone R4(config)#clock timezone PDST ? <-23 - 23> Hours offset from UTC R4(config)#clock timezone PDST -7 R4(config)#do sh clocl  14:05:57.553 PDST Fri Mar 16 2007 R4(config)#^Z R4#c Mar 16 21:06:22.101: %SYS-5-CONFIG_I: Configured from console by console R4#conf t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp authq  R4(config)#ntp authenticati R4(config)#ntp authentication-key ? <1-4294967295> Key number R4(config)#ntp authentication-key 1 ? md5 MD5 authentication R4(config)#ntp authentication-key 1 m R4(config)#ntp authentication-key 1 md5 ? WORD Authentication key R4(config)#ntp authentication-key 1 md5 MyTime R4(config)# RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#sh clock *00:17:30.869 UTC Mon Mar 1 1993 R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp ser     auth R3(config)#ntp authenticati R3(config)#ntp authentication-key 1 m R3(config)#ntp authentication-key 1 md5 MyTime R3(config)#bnt   ntp serv 180.40.8.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp serv 180.40.8.98 ke R3(config)#ntp serv 180.40.8.98 key ? <0-4294967295> Peer key number R3(config)#ntp serv 180.40.8.98 key 1 ? prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp serv 180.40.8.98 key 1 R3(config)#^Z R3#sh *Mar 1 00:18:06.756: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.8.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.8.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.8.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.8.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp serv 180.40.8.98 key 1 nntp serv 180.40.8.98 key 1 ontp serv 180.40.8.98 key 1  ntp serv 180.40.8.98 key 1  R3(config)#no ntp serv 180.40.8.98 key 1 tp serv 180.40.8.98 key 1 .98 key 1 7.98 key 1  R3(config)#^Z R3#conf tsh ntp ass *Mar 1 00:18:27.502: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 192.10.32.254 5 0 64 0 4.1 443134 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 3 4.1 -0.04 7875.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3# R3# R3# R3# R3# R3#sh ntp ass de R3#sh ntp ass detail 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C9A585AA.67330633 (21:07:54.403 UTC Fri Mar 16 2007) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 5.17 msec, root disp 0.58, reach 177, sync dist 130.356 delay 4.10 msec, offset 0.1187 msec, dispersion 125.14 precision 2**18, version 3 org time C9A585B4.F163CEFB (21:08:04.942 UTC Fri Mar 16 2007) rcv time C9A585B4.F1E2AD6B (21:08:04.944 UTC Fri Mar 16 2007) xmt time C9A585B4.F0B83779 (21:08:04.940 UTC Fri Mar 16 2007) filtdelay = 4.10 4.10 4.12 4.04 4.01 4.10 4.20 0.00 filtoffset = 0.12 -0.02 0.05 -0.01 -0.01 -0.04 -0.09 0.00 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 16000.0 R3#sh ntp ? associations NTP associations status NTP status R3#sh ntp st ? | Output modifiers R3#sh ntp st Clock is synchronized, stratum 6, reference is 180.40.7.98 nominal freq is 249.5901 Hz, actual freq is 249.5901 Hz, precision is 2**18 reference time is C9A585BC.F22A68CA (21:08:12.945 UTC Fri Mar 16 2007) clock offset is 0.2588 msec, root delay is 9.23 msec root dispersion is 0.89 msec, peer dispersion is 0.06 msec R3# R3# R3# R3#deb ntp ? adjust NTP clock adjustments authentication NTP authentication events NTP events loopfilter NTP loop filter packets NTP packets params NTP clock parameters refclock NTP reference clocks select NTP clock selection sync NTP clock synchronization validity NTP peer clock validity R3#deb ntp pa  atu R3#deb ntp atu ^ % Invalid input detected at '^' marker. R3#deb ntp atu  uth NTP authentication debugging is on R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp serv 180.40.7.98 key 1 nntp serv 180.40.7.98 key 1 ontp serv 180.40.7.98 key 1  ntp serv 180.40.7.98 key 1  R3(config)#no ntp serv 180.40.7.98 key 1 tp serv 180.40.7.98 key 1  R3(config)#^Z R3# .Mar 16 21:08:47.453: %SYS-5-CONFIG_I: Configured from console by console R3# .Mar 16 21:08:47.950: Authentication key 1 Mar 16 21:08:48.944: Authentication key 1 R3# Mar 16 21:08:49.945: Authentication key 1 Mar 16 21:08:50.943: Authentication key 1 R3# Mar 16 21:08:51.945: Authentication key 1 Mar 16 21:08:52.942: Authentication key 1 R3#u Mar 16 21:08:53.944: Authentication key 1 Mar 16 21:08:54.946: Authentication key 1 R3#u all All possible debugging has been turned off R3# Mar 16 21:08:55.943: Authentication key 1 R3#sh run | b i ntp ntp authentication-key 1 md5 062B161545430C 7 ntp server 180.40.7.98 key 1 R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#do sh clock 21:09:39.815 UTC Fri Mar 16 2007 R3(config)#clo R3(config)#clock ti R3(config)#clock timezone PDST ? <-23 - 23> Hours offset from UTC R3(config)#clock timezone PDST -7 R3(config)#^Z R3# Mar 16 21:09:56.783: %SYS-5-CONFIG_I: Configured from console by console R3#sh run | b clock clock timezone PDST -7 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! --More--  ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 duplex auto speed auto ! --More--  interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 --More--   no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! ! ! ! --More--  ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 062B161545430C 7 ntp server 180.40.7.98 key 1 ! end R3# RACK3AS>4 [Resuming connection 4 to r4 ... ] R4(config)#sh    ^Z R4#sh run | b Mar 16 21:10:30.761: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | b clock clock timezone PDST -7 no aaa new-model ip subnet-zero ! ! ip cef no ip domain lookup ! ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! --More--  ! ! ! interface FastEthernet0/0 ip address 180.40.7.98 255.255.255.224 ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.3 255.255.255.0 ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server --More--  no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 022B1D6F020B0A 7 --More--  ntp server 192.10.32.254 ! end R4#confi t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ip in R4(config)#ip inspect ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip inspect name ? WORD Name of inspection defined R4(config)#ip inspect name Prob2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 tcp R4(config)#ip inspect name Prob2 tcp   udp R4(config)#ip inspect name Prob2 udp   h323 R4(config)#ip access R4(config)#ip access-list ex Prob2in R4(config-ext-nacl)#per udp anyany        y any eq R4(config-ext-nacl)#per udp any any eq ntp R4(config-ext-nacl)#deny ip any any log R4(config-ext-nacl)#int at,m  m 1/0 R4(config-if)#ip acc R4(config-if)#ip acces R4(config-if)#ip access-group Prob2in in R4(config-if)#ip insp R4(config-if)#ip inspect Prob2 ? in Inbound inspection out Outbound inspection R4(config-if)#ip inspect Prob2 out R4(config-if)#^Z R4# Mar 16 21:14:14.230: %SYS-5-CONFIG_I: Configured from console by console R4# R4# R4# R4# R4# Mar 16 21:14:27.310: %SEC-6-IPACCESSLOGP: list Prob2in denied tcp 192.10.32.254(44502) -> 192.10.32.3(179), 1 packet R4# R4# R4# R4# RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#192.10.32.254 Trying 192.10.32.254 ... Open CR1> CR1> CR1> CR1> CR1> CR1> CR1> RACK3AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (1 match) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list Prob2in permit tcp host 192.10.32.254 eq telnet host 192.10.32.3 eq 14285 (20 matches) 10 permit udp any any eq ntp (3 matches) 20 deny ip any any log (1 match) R4# R4# R4# R4#sh run | b ip in ip inspect name Prob2 tcp ip inspect name Prob2 udp ip inspect name Prob2 h323 ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 180.40.7.98 255.255.255.224 --More-- Mar 16 21:16:27.318: %SEC-6-IPACCESSLOGP: list Prob2in denied tcp 192.10.32.254(44511) -> 192.10.32.3(179), 1 packet --More--   ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.3 255.255.255.0 ip access-group Prob2in in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! --More--  ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob2in permit udp any any eq ntp deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! --More-- RACK3AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3#192.10.32.254sh run | b clock192.10.32.254  Trying 192.10.32.254 ... Open CR1>sh ? alps Alps information atm ATM information backup Backup status c3600 Show c3600 information call Show Calls cca CCA information cdapi CDAPI information cef Cisco Express Forwarding class-map Show QoS Class Map clock Display the system clock cns CNS compress Show compression statistics connection Show Connection context Show context information about recent crash(s) crypto Encryption module dial-peer Dial Plan Mapping Table for, e.g. VoIP Peers dialer Dialer parameters and statistics drip DRiP DB dss DSS information exception exception informations flash: display information about flash: file system fras-host FRAS Host Information --More--   CR1>sh ip bgp sum BGP router identifier 212.12.18.254, local AS number 1000 BGP table version is 4, main routing table version 4 3 network entries and 3 paths using 405 bytes of memory 1 BGP path attribute entries using 52 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 3/18 prefixes, 3/0 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.10.32.1 4 1 50770 48064 0 0 0 3w5d Active 192.10.32.2 4 2 93940 79133 0 0 0 4d17h Active 192.10.32.3 4 3 90308 77158 0 0 0 4d17h Active 192.10.32.4 4 4 84195 73099 0 0 0 4d17h Active 192.10.32.5 4 5 101526 95793 0 0 0 4d17h Active 192.10.32.6 4 6 92291 83996 0 0 0 4d17h Active 192.10.32.7 4 7 92709 85570 0 0 0 1w0d Active 192.10.32.8 4 8 97548 57837 0 0 0 1w3d Active 192.10.32.9 4 9 129805 85032 0 0 0 4d17h Active 192.10.32.10 4 10 102629 77234 0 0 0 4w4d Active 192.10.32.11 4 11 39947 37619 0 0 0 4w5d Active 192.10.32.12 4 12 41271 39751 0 0 0 4w4d Active 192.10.32.13 4 13 116892 111028 0 0 0 1w4d Active 192.10.32.14 4 14 113177 107865 0 0 0 9w4d Active --More--  Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.10.32.15 4 15 83971 82210 0 0 0 5w0d Active 192.10.32.16 4 16 9651 4903 0 0 0 27w5d Active 192.10.32.17 4 17 27491 27385 0 0 0 17w4d Active 192.10.32.18 4 18 71591 66922 0 0 0 8w5d Active CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3# R3# R3# RACK3AS>1 [Resuming connection 1 to r1 ... ] R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#pri R1(config)#priv R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   R1(config)#privilege exec ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege exec lvel     evel 2 ? LINE Initial keywords of the command to modify R1(config)#privilege exec level 2 confi t R1(config)#do sh run | i priv privilege exec level 2 configure terminal privilege exec level 2 configure privilege level 15 R1(config)#do sh run | i privprivilege exec level 2 confi tdo sh run | i priv  snm R1(config)#snmp? snmp snmp-server R1(config)#snmp ? ifmib mib MIB commands R1(config)#snmp    R1(config)#snmpp - R1(config)#snmp-server ? chassis-id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact drop Silently drop SNMP packets enable Enable SNMP Traps or Informs engineID Configure a local or remote SNMPv3 engineID group Define a User Security Model group host Specify hosts to receive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options location Text for mib object sysLocation manager Modify SNMP manager parameters packetsize Largest SNMP packet size queue-length Message queue length for each TRAP host source-interface Assign an source interface system-shutdown Enable use of the SNMP reload command tftp-server-list Limit TFTP servers used via SNMP trap SNMP trap options trap-source Assign an interface for the source address of all traps trap-timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv2 MIB view --More--   R1(config)#snmp-server com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community WORD / ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string view Restrict this community to a named MIB view R1(config)#snmp-server community WORD                            privi R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   R1(config)#privilege configure ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege configure level 2 ? LINE Initial keywords of the command to modify R1(config)#privilege configure level 2 snmp-server community R1(config)#privilege configure level 2 snmp-server community  privilege configure level 2 snmp-server community do sh run | i priv privilege exec level 2 confi t       show run R1(config)#user JoeUser pa   R1(config)#user JoeUser prvi R1(config)#user JoeUser prvi  ivi R1(config)#user JoeUser privilege ? <0-15> User privilege level R1(config)#user JoeUser privilege 2 R1(config)#line vty 0 4 R1(config-line)#login local R1(config-line)# RACK3AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1# R1# R1# R1# R1# R1#sh pric vi Current privilege level is 2 R1# R1# R1# R1# R1#sh run Building configuration... Current configuration : 53 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! ! end R1# R1# R1# R1# R1# R1#conf ? terminal Configure from the terminal R1#conf Configuring from terminal, memory, or network [terminal]? m Invalid privileges R1#mconf Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#snm R1(config)#snmp-server ? community Enable SNMP; set community string and access privs R1(config)#snmp-server co R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server community test R1(config)#^Z R1#sh run Building configuration... Current configuration : 83 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! snmp-server community test RO ! end R1# R1# R1# R1# RACK3AS>1 [Resuming connection 1 to r1 ... ] *Mar R1(config-line)#login localine vty 0 4user JoeUser privilege 2 privilege exec level 2 show runconfigure level 2 snmp-server community WORD rw R1(config)# RACK3AS>5 [Resuming connection 5 to r5 ... ] R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string rw Read-write access with this community string R1(config)#snmp-server community test ^Z R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK3AS>1 [Resuming connection 1 to r1 ... ] *Mar R1(config)#^Z R1#sh run | *Mar 1 00:36:44.108: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | i privi username JoeUser privilege 2 privilege configure level 2 snmp-server community privilege configure level 2 snmp-server privilege exec level 2 configure terminal privilege exec level 2 configure privilege exec level 2 show running-config privilege exec level 2 show privilege level 15 R1#sh run | b vty line vty 0 4 privilege level 15 login local ! ! end R1# RACK3AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#i tim R2(config)#time-range ? WORD Time range name R2(config)#time-range Prob4 R2(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit Exit from time-range configuration mode no Negate a command or set its defaults periodic periodic time and date R2(config-time-range)#per R2(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#periodic weekd R2(config-time-range)#periodic weekdays ? hh:mm Starting time R2(config-time-range)#periodic weekdays 10:00       9:30 to ? hh:mm Ending time - stays valid until beginning of next minute R2(config-time-range)#periodic weekdays 9:30 to 16:30 ? R2(config-time-range)#periodic weekdays 9:30 to 16:30 R2(config-time-range)#exit R2(config)#acce    ip acce       line vty 0 4 R2(config-line)#ac R2(config-line)#acces R2(config-line)#access-class ? <1-199> IP access list <1300-2699> IP expanded access list WORD Access-list name R2(config-line)#access-class              exit R2(config)#ip access- R2(config)#ip access-list ex R2(config)#ip access-list extended Prob4 R2(config-ext-nacl)#per ip any any ti R2(config-ext-nacl)#per ip any any time-range Prob4 ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value reflect Create reflexive access list entry tos Match packets with given TOS value R2(config-ext-nacl)#per ip any any time-range Prob4 R2(config-ext-nacl)#line vty 0 4 R2(config-line)#acces R2(config-line)#access-class in R2(config-line)#access-class in  Prob2 in R2(config-line)#^Z R2#sh *Mar 1 00:40:37.182: %SYS-5-CONFIG_I: Configured from console by console R2#sh access-list Extended IP access list Prob4 10 permit ip any any time-range Prob4 (inactive) R2# R2# R2# R2# R2#cl  sh clock *00:40:46.497 UTC Mon Mar 1 1993 R2#co  confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#^Z R2# *Mar 1 00:41:03.733: %SYS-5-CONFIG_I: Configured from console by console R2# RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#180.40.7.2 Trying 180.40.7.2 ... Open R2#q [Connection to 180.40.7.2 closed by foreign host] R3# RACK3AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#access-class Prob2 in line vty 0 4 per ip any any time-range Prob4 ip access-list extended Prob4  R2(config-ext-nacl)#den ip ann y any R2(config-ext-nacl)#^Z R2# *Mar 1 00:41:50.358: %SYS-5-CONFIG_I: Configured from console by console R2#clock set 14:33:00 ? <1-31> Day of the month MONTH Month of the year R2#clock set 14:33:00 16 March 2007 R2#clock set 14:33:00 16 March 2007onfi t sh clockaccess-list Extended IP access list Prob4 10 permit ip any any time-range Prob4 (active) 20 deny ip any any R2#sh run | b time service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! --More--   R2#sh run | b time-ra permit ip any any time-range Prob4 deny ip any any ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class Prob2 in privilege level 15 no login ! time-range Prob4 periodic weekdays 9:30 to 16:30 --More--   R2#Prob4 Translating "Prob4" Translating "Prob4" % Unknown command or computer name, or unable to find computer address R2#Prob4sh run | b time-ra       Prob4 ip access-list extended Prob4 permit ip any any time-range Prob4 deny ip any any ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class Prob2 in privilege level 15 no login ! time-range Prob4 --More--   periodic weekdays 9:30 to 16:30 ! ! end R2# RACK3AS>4 [Resuming connection 4 to r4 ... ] Mar  ntp authentication-key 1 md5 022B1D6F020B0A 7 --More--   R4#confi t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ip access-list ex Prob5out R4(config-ext-nacl)#per ip any any refl R4(config-ext-nacl)#per ip any any reflect ? WORD Access-list name R4(config-ext-nacl)#per ip any any reflect Prob5 R4(config-ext-nacl)#exit R4(config)#exitper ip any any reflect Prob5ip access-list ex Prob5out inspect Prob2 out access-list ex Prob5out   in R4(config-ext-nacl)#per udp any any eq t ntp R4(config-ext-nacl)#ev R4(config-ext-nacl)#evaluate ? WORD IP reflexive access list name R4(config-ext-nacl)#evaluate Prob5 R4(config-ext-nacl)#den ip any any log R4(config-ext-nacl)#int atm 1/0 R4(config-if)#no ip ins R4(config-if)#no ip inspect Prob2 out R4(config-if)#ip access R4(config-if)#ip access-group Prob5out % Incomplete command. R4(config-if)#ip access-group Prob5out oiu  t ut R4(config-if)#ip access-group Prob5out out       in in R4(config-if)#^Z R4# Mar 16 21:36:15.452: %SYS-5-CONFIG_I: Configured from console by console R4# R4# R4# R4# R4# Mar 16 21:36:27.372: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(44601) -> 192.10.32.3(179), 1 packet R4# RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#180.40.7.2 Trying 180.40.7.2 ... Open R2#q [Connection to 180.40.7.2 closed by foreign host] R3#180.40.7.292.10.32.254 Trying 192.10.32.254 ... Open CR1> CR1> CR1> CR1> RACK3AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (3 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 Extended IP access list Prob2in 10 permit udp any any eq ntp (63 matches) 20 deny ip any any log (11 matches) Reflexive IP access list Prob5 permit tcp host 192.10.32.254 eq telnet host 192.10.32.3 eq 47411 (53 matches) (time left 295) Extended IP access list Prob5in 10 permit udp any any eq ntp (3 matches) 20 evaluate Prob5 30 deny ip any any log (1 match) Extended IP access list Prob5out 10 permit ip any any reflect Prob5 (25 matches) R4# R4# R4# R4#sh run | b ATM interface ATM1/0 ip address 192.10.32.3 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob2in permit udp any any eq ntp deny ip any any log ip access-list extended Prob5in permit udp any any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5out permit ip any any reflect Prob5 ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 --More-- RACK3AS>3 [Resuming connection 3 to r3 ... ] CR1>q [Connection to 192.10.32.254 closed by foreign host] R3# R3# RACK3AS>1 [Resuming connection 1 to r1 ... ] R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server host ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server host 17.57.100.99 ? R1(config)#tacacs-server host 17.57.100.99 R1(config)#yt  tac R1(config)#tacacs-server ke R1(config)#tacacs-server key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key 1   MyKey? LINE R1(config)#tacacs-server key MyKey   R1(config)#aaa new R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication lo R1(config)#aaa authentication login ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login df efault ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login default none R1(config)#aaa authentication login default none            Prob6 ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 gr R1(config)#aaa authentication login Prob6 group ta R1(config)#aaa authentication login Prob6 group tacacs+ ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login Prob6 group tacacs+ loc R1(config)#aaa authentication login Prob6 group tacacs+ local ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. none NO authentication. R1(config)#aaa authentication login Prob6 group tacacs+ local R1(config)#^Z R1# RACK3AS> [Resuming connection 1 to r1 ... ] *M R1# R1#confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#log R1(config-line)#logi R1(config-line)#login authe R1(config-line)#login authentication ? WORD Use an authentication list with this name. default Use the default authentication list. R1(config-line)#login authentication Prob6 R1(config-line)#^Z R1# *Mar 1 00:52:39.671: %SYS-5-CONFIG_I: Configured from console by console R1# RACK3AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK3AS>1 [Resuming connection 1 to r1 ... ] R1#sh run | b aaa aaa new-model ! ! aaa authentication login default none aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! ! ! --More--  username JoeUser privilege 2 ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! --More--  interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request tacacs-server key MyKey snmp-server community test RO ! ! ! privilege configure level 2 snmp-server community privilege configure level 2 snmp-server --More--  privilege exec level 2 configure terminal privilege exec level 2 configure privilege exec level 2 show running-config privilege exec level 2 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login authentication Prob6 ! ! end R1#q confi t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa authe R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication user R1(config)#aaa authentication username-prompt ? WORD Text of prompt R1(config)#aaa authentication username-prompt "CCIE Wantabe  : " R1(config)#aaa authen pas R1(config)#aaa authen password-prompt "Ya right  : " R1(config)# RACK3AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE Wantabe: JoeUser Ya right: R1#sh privi Current privilege level is 15 R1# R1# R1# R1# R1# R1#sh runb    | b aaa aaa new-model ! ! aaa authentication password-prompt "Ya right: " aaa authentication username-prompt "CCIE Wantabe: " aaa authentication login default none aaa authentication login Prob6 group tacacs+ local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! --More--   R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK3AS>1 [Resuming connection 1 to r1 ... ] R1(config)#bna  a R1(config)#bann R1(config)#banner motd % ^C Enter TEXT message. End with the character '^C'. keep out ^C R1(config)#^Z R1#sh run *Mar 1 01:00:29.821: %SYS-5-CONFIG_I: Configured from console by console R1#sh run Building configuration... Current configuration : 1649 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! memory-size iomem 10 aaa new-model ! ! aaa authentication password-prompt "Ya right: " aaa authentication username-prompt "CCIE Wantabe: " aaa authentication login default none aaa authentication login Prob6 group tacacs+ local aaa session-id common --More--  ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! ! ! username JoeUser privilege 2 ! ! ! ! interface Ethernet0/0 --More--   ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes --More--   network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! tacacs-server host 17.57.100.99 tacacs-server directed-request tacacs-server key MyKey snmp-server community test RO ! ! ! banner motd ^C --More--   --More--   keep out --More--   ^C privilege configure level 2 snmp-server community privilege configure level 2 snmp-server privilege exec level 2 configure terminal privilege exec level 2 configure privilege exec level 2 show running-config privilege exec level 2 show ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 login authentication Prob6 ! ! end --More--   R1#anner motd ^C ^ % Invalid input detected at '^' marker. R1#banner motd ^C ^ % Invalid input detected at '^' marker. R1# R1# RACK3AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open keep out CCIE Wantabe: JoeUSer Ya right: R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#access      ip access-li ex Prob9 R3(config-ext-nacl)#per udp any any eq ntp R3(config-ext-nacl)#per ospf any any R3(config-ext-nacl)#per tcp 180.40.7.128 0.0.0.31 1 hoist 180       st 180.40.7.129 eq 23 R3(config-ext-nacl)#per ip    ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config-ext-nacl)#per     exit R3(config)#no    access-liost 10-       st 100 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config)#access-list 100 per                     exitper tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq 23ospf any any udp any any eq ntpip access-li ex Prob9  R3(config-ext-nacl)#? Ext Access List configuration commands: <1-2147483647> Sequence Number default Set a command to its defaults deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs evaluate Evaluate an access list exit Exit from access-list configuration mode no Negate a command or set its defaults permit Specify packets to forward remark Access list entry comment R3(config-ext-nacl)#dy R3(config-ext-nacl)#dynamic ? WORD Name of a Dynamic list R3(config-ext-nacl)#dynamic Prob9 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#dynamic Prob9   9Dy ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#dynamic Prob9Dy tim R3(config-ext-nacl)#dynamic Prob9Dy timeout ? <1-9999> Maximum time to live R3(config-ext-nacl)#dynamic Prob9Dy timeout 60  ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#dynamic Prob9Dy timeout 60 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config-ext-nacl)#dynamic Prob9Dy timeout 60 per ip any an y  y ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config-ext-nacl)#dynamic Prob9Dy timeout 60 per ip any any R3(config-ext-nacl)#den ip 180.40.7.128 0.0.0.31 any R3(config-ext-nacl)#per ip any any R3(config-ext-nacl)#int fa 0/1 R3(config-if)#ip access R3(config-if)#ip access-group Prob9 in R3(config-if)#exit R3(config)#line vty 0 4 R3(config-line)#login local R3(config-line)#exit R3(config)#user   George pass bosco ? LINE R3(config)#user George pass bosco            ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R3(config)#user George pass bosco R3(config)#user George auto R3(config)#user George autocommand ? LINE Command to be automatically issued after the user logs in R3(config)#user George autocommand a access-enable timou  eout 2 R3(config)#user tech pass cisco R3(config)#^Z R3# RACK3AS>4 [Resuming connection 4 to r4 ... ] Ma  no login --More--   R4#p 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/46/48 ms R4# RACK3AS>6 [Resuming connection 6 to r6 ... ] S6#p 180.407~  .7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180.40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129p 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# S6# S6# S6#p 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/47/60 ms S6#p 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK3AS>3 [Resuming connection 3 to r3 ... ] Mar R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (9 matches) 20 permit ospf any any (15 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9Dy permit ip any any permit ip any any (15 matches) (time left 114) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any (5 matches) R3# R3# R3# R3# R3# R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (9 matches) 20 permit ospf any any (16 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9Dy permit ip any any permit ip any any (15 matches) (time left 106) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any (5 matches) R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (9 matches) 20 permit ospf any any (16 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9Dy permit ip any any permit ip any any (15 matches) (time left 102) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any (5 matches) R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (9 matches) 20 permit ospf any any (16 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9Dy permit ip any any permit ip any any (15 matches) (time left 100) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any (5 matches) R3# RACK3AS>6 [Resuming connection 6 to r6 ... ] p 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list Prob9 10 permit udp any any eq ntp (9 matches) 20 permit ospf any any (17 matches) 30 permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet (84 matches) 40 Dynamic Prob9Dy permit ip any any permit ip any any (20 matches) (time left 118) 50 deny ip 180.40.7.128 0.0.0.31 any (11 matches) 60 permit ip any any (5 matches) R3# R3# R3# R3# R3# R3#sh run | user ^ % Invalid input detected at '^' marker. R3#sh run | userbuser user username George password 0 bosco username George autocommand access-enable timeout 2 username tech password 0 cisco ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 --More--   ip access-group Prob9 in duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 --More--   no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server --More--  ! ip access-list extended Prob9 permit udp any any eq ntp permit ospf any any permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet dynamic Prob9Dy timeout 60 permit ip any any deny ip 180.40.7.128 0.0.0.31 any permit ip any any ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 --More--   R3# RACK3AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip acvces     ce cess  - R2(config)#ip access-list ex R2(config)#ip access-list extended Prob10 R2(config-ext-nacl)#per tcp any 17.57.101.0 0.0.0.255 R2(config-ext-nacl)#exit R2(config)#ip tcp ? async-mobility Configure async-mobility chunk-size TCP chunk size intercept Enable TCP intercepting mss TCP initial maximum segment size path-mtu-discovery Enable path-MTU discovery on new TCP connections queuemax Maximum queue of outgoing TCP packets selective-ack Enable TCP selective-ACK synwait-time Set time to wait on new TCP connections timestamp Enable TCP timestamp option window-size TCP window size R2(config)#ip tcp in R2(config)#ip tcp intercept ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp intercept li R2(config)#ip tcp intercept list ? <100-199> Extended access list number for intercept WORD Access list name for intercept R2(config)#ip tcp intercept list Prob10 ? R2(config)#ip tcp intercept list Prob10 R2(config)#^Z R2#sh ip t Mar 16 15:03:43.958: %SYS-5-CONFIG_I: Configured from console by console R2#sh ip tcp in R2#sh ip tcp in? % Unrecognized command R2#sh ip tcp in         tcp ? <0-70> Line number aux Auxiliary line brief Brief display console Primary terminal line intercept Intercept display statistics TCP protocol statistics tcb TCB address tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems | Output modifiers R2#sh tcp in R2#sh tcp intercept ? connections Connection information statistics Statistics R2#sh tcp intercept st R2#sh tcp intercept statistics Intercepting new connections using access-list Prob10 0 incomplete, 0 established connections (total 0) 0 connection requests per minute R2#sh tcp intercept statistics            con R2#sh tcp intercept connections Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode R2#sh tcp intercept connections   RACK3AS>3 [Resuming connection 3 to r3 ... ] R3#17.57.101.2 Trying 17.57.101.2 ... Open S5# RACK3AS>2 [Resuming connection 2 to r2 ... ] R2#sh tcp intercept connections Incomplete: Client Server State Create Timeout Mode Established: Client Server State Create Timeout Mode 180.40.7.3:14741 17.57.101.2:23 ESTAB 00:00:03 23:59:56 I R2# R2# R2# R2# R2#sh run | b ip tcp ip tcp intercept list Prob10 ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! --More--  ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 --More--   ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! --More--  interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! ip access-list extended Prob10 permit tcp any 17.57.101.0 0.0.0.255 ip access-list extended Prob4 permit ip any any time-range Prob4 deny ip any any ! --More--  ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class Prob2 in privilege level 15 no login ! time-range Prob4 periodic weekdays 9:30 to 16:30 ! ! end --More--   R2# RACK3AS>3 [Resuming connection 3 to r3 ... ] S5#q [Connection to 17.57.101.2 closed by foreign host] R3# R3# RACK3AS> [Resuming connection 3 to r3 ... ] R3# R3# R3#confi t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#cry R3(config)#crypto ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R3(config)#crypto is R3(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R3(config)#crypto isakmp po R3(config)#crypto isakmp policy ? <1-10000> Priority of protection suite R3(config)#crypto isakmp policy 10 R3(config-isakmp)#? ISAKMP commands: authentication Set authentication method for protection suite default Set a command to its defaults encryption Set encryption algorithm for protection suite exit Exit from ISAKMP protection suite configuration mode group Set the Diffie-Hellman group hash Set hash algorithm for protection suite lifetime Set lifetime for ISAKMP security association no Negate a command or set its defaults R3(config-isakmp)#auth R3(config-isakmp)#authentication ? pre-share Pre-Shared Key rsa-encr Rivest-Shamir-Adleman Encryption rsa-sig Rivest-Shamir-Adleman Signature R3(config-isakmp)#authentication pre R3(config-isakmp)#authentication pre-share ? R3(config-isakmp)#authentication pre-share R3(config-isakmp)#exit R3(config)#cry R3(config)#crypto k R3(config)#crypto key ? generate Generate new keys pubkey-chain Peer public key chain management zeroize Remove keys R3(config)#crypto key     ? ca Certification authority dynamic-map Specify a dynamic crypto map template identity Enter a crypto identity list ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations keyring Key ring commands map Enter a crypto map mib Configure Crypto-related MIB Parameters xauth X-Auth parameters R3(config)#crypto k R3(config)#crypto key? key keyring R3(config)#crypto keys R3(config)#crypto keys? % Unrecognized command R3(config)#crypto keys  \\    is R3(config)#crypto isakmp ? aggressive-mode Disable ISAKMP aggressive mode client Set client configuration policy enable Enable ISAKMP identity Set the identity which ISAKMP will use keepalive Set a keepalive interval for use with IOS peers key Set pre-shared key for remote peer nat Set a nat keepalive interval for use with IOS peers peer Set Peer Policy policy Set policy for an ISAKMP protection suite profile Define ISAKMP Profiles xauth Set Extended Authentication values R3(config)#crypto isakmp key ? WORD pre-shared key R3(config)#crypto isakmp key cisco ? address define shared key with IP address hostname define shared key with hostname R3(config)#crypto isakmp key cisco add 180.40.7.2 ? A.B.C.D Peer IP subnet mask no-xauth Bypasses XAuth for this peer R3(config)#crypto isakmp key cisco add 180.40.7.2 R3(config)#access      cy r R3(config)#crypto ip R3(config)#crypto ipsec ? client Configure a client df-bit Handling of encapsulated DF bit. fragmentation Handling of fragmentation of near-MTU sized packets nat-transparency IPsec NAT transparency model optional Enable optional encryption for IPSec profile Configure an ipsec policy profile security-association Security association parameters transform-set Define transform and settings R3(config)#crypto ipsec       map ? WORD Crypto map tag R3(config)#crypto map Prob11 ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R3(config)#crypto map Prob11 is R3(config)#crypto map Prob11 isakmp? isakmp isakmp-profile R3(config)#crypto map Prob11 isakmp  ? authorization Authorization parameters. R3(config)#crypto map Prob11 isakm       ? <1-65535> Sequence to insert into crypto map entry client Specify client configuration settings isakmp Specify isakmp configuration settings isakmp-profile Specify isakmp profile to use local-address Interface to use for local address for this crypto map R3(config)#crypto map Prob11 10 ? ipsec-isakmp IPSEC w/ISAKMP ipsec-manual IPSEC w/manual keying R3(config)#crypto map Prob11 10 ip R3(config)#crypto map Prob11 10 ipsec-i R3(config)#crypto map Prob11 10 ipsec-isakmp ? dynamic Enable dynamic crypto map support profile Enable crypto map as a crypto-profile R3(config)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R3(config-crypto-map)#? Crypto Map configuration commands: default Set a command to its defaults description Description of the crypto map statement policy dialer Dialer related commands exit Exit from crypto map configuration mode match Match values. no Negate a command or set its defaults qos Quality of Service related commands reverse-route Reverse Route Injection. set Set values for encryption/decryption R3(config-crypto-map)#match ? address Match address of packets to encrypt. R3(config-crypto-map)#match add ? <100-199> IP access-list number <2000-2699> IP access-list number (expanded range) WORD Access-list name R3(config-crypto-map)#match add Prob11 R3(config-crypto-map)#set peer 1803~.40.7.2 ^ % Invalid input detected at '^' marker. R3(config-crypto-map)#set peer 1803~.40.7.2.40.7.2 .40.7.2  R3(config-crypto-map)#sewt tra R3(config-crypto-map)#sewt tran R3(config-crypto-map)#sewt trant tran t tran R3(config-crypto-map)#set transform-set ? WORD Proposal tag R3(config-crypto-map)#set transform-set Prob11 ERROR: transform set with tag "Prob11" does not exist. R3(config-crypto-map)#eixt ^ % Invalid input detected at '^' marker. R3(config-crypto-map)#exit R3(config)#cr R3(config)#crypto ip R3(config)#crypto ipsec t R3(config)#crypto ipsec transform-set Prob11 ? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-sha-hmac ESP transform using HMAC-SHA auth R3(config)#crypto ipsec transform-set Prob11 ah R3(config)#crypto ipsec transform-set Prob11 ah-m R3(config)#crypto ipsec transform-set Prob11 ah-md5-hmac R3(cfg-crypto-trans)#exit R3(config)#exitcrypto ipsec transform-set Prob11 ah-md5-hmac exit ixtset transform-set Prob11peer 180.40.7.2 3~.40.7.2match add Prob11 crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R3(config-crypto-map)#crypto map Prob11 10 ipsec-isakmp exit crypto ipsec transform-set Prob11 ah-md5-hmac exit ixtset transform-set Prob11 R3(config-crypto-map)#exit R3(config)#ip access-list Prob11 ^ % Invalid input detected at '^' marker. R3(config)#ip access-list Prob11eProb11xProb11 Prob11 R3(config-ext-nacl)#den ospf any any R3(config-ext-nacl)#den tcp any any R3(config-ext-nacl)#den udp any any R3(config-ext-nacl)#per ip any any R3(config-ext-nacl)#oint      int s 1/2 R3(config-if)#cr R3(config-if)#crypto m R3(config-if)#crypto map Prob11 ? redundancy enable redundancy R3(config-if)#crypto map Prob11 R3(config-if)# Mar 16 22:10:23.675: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R3(config-if)#^Z R3# Mar 16 22:10:26.792: %SYS-5-CONFIG_I: Configured from console by console R3#sh run | b cryp no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! clock timezone PDST -7 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ! ! ! ip cef no ip domain lookup ip audit po max-events 100 ! ! ! ! --More--  ! ! ! ! ! ! ! ! username George password 0 bosco username George autocommand access-enable timeout 2 username tech password 0 cisco ! ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.2 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! --More--  crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.2 set transform-set Prob11 match address Prob11 ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group Prob9 in duplex auto speed auto --More--  ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown --More--  ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! ip access-list extended Prob11 --More--   deny ospf any any deny tcp any any deny udp any any permit ip any any ip access-list extended Prob9 permit udp any any eq ntp permit ospf any any permit tcp 180.40.7.128 0.0.0.31 host 180.40.7.129 eq telnet dynamic Prob9Dy timeout 60 permit ip any any deny ip 180.40.7.128 0.0.0.31 any permit ip any any ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 --More-- RACK3AS>2 [Resuming connection 2 to r2 ... ] R2#confi t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#crypto isakmp policy 10 R2(config-isakmp)# authentication pre-share R2(config-isakmp)#crypto isakmp key cisco address 180.40.7.3 R2(config)#! R2(config)#! R2(config)#crypto ipsec transform-set Prob11 ah-md5-hmac R2(cfg-crypto-trans)#! R2(cfg-crypto-trans)#crypto map Prob11 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R2(config-crypto-map)# set peer 180.40.7.3 R2(config-crypto-map)# set transform-set Prob11 R2(config-crypto-map)# match address Prob11 R2(config-crypto-map)#! R2(config-crypto-map)#interface Serial1/2 R2(config-if)# crypto map Prob11 R2(config-if)#! R2(config-if)#ip access-list extended Prob11 R2(config-ext-nacl)# deny ospf any any R2(config-ext-nacl)# deny tcp any any R2(config-ext-nacl)# deny udp any any R2(config-ext-nacl)# permit ip any any R2(config-ext-nacl)# Mar 16 15:12:41.475: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2(config-ext-nacl)# R2(config-ext-nacl)# R2(config-ext-nacl)# R2(config-ext-nacl)# R2(config-ext-nacl)#^Z R2#p Mar 16 15:12:54.461: %SYS-5-CONFIG_I: Configured from console by console R2#p 180.40.7.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.3, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 44/44/44 ms R2# R2# R2# R2# R2#sh cry ip R2#sh cry ipsec sa R2#sh cry ipsec sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.2 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.3:500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 4, #pkts encrypt: 0, #pkts digest 4 #pkts decaps: 4, #pkts decrypt: 0, #pkts verify 4 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.2, remote crypto endpt.: 180.40.7.3 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 7F5B119C inbound esp sas: inbound ah sas: --More--   R2#sh cry ipsec sa p 180.40.7.3  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/45 ms R2#p 180.40.7.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/45 ms R2#p 180.40.7.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/45 ms R2#p 180.40.7.3sh cry ipsec sa interface: Serial1/2 Crypto map tag: Prob11, local addr. 180.40.7.2 protected vrf: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer: 180.40.7.3:500 PERMIT, flags={origin_is_acl,} #pkts encaps: 19, #pkts encrypt: 0, #pkts digest 19 #pkts decaps: 19, #pkts decrypt: 0, #pkts verify 19 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 180.40.7.2, remote crypto endpt.: 180.40.7.3 path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2 current outbound spi: 7F5B119C inbound esp sas: inbound ah sas: --More--   R2#sh run | b crypto crypto isakmp policy 10 authentication pre-share crypto isakmp key cisco address 180.40.7.3 ! ! crypto ipsec transform-set Prob11 ah-md5-hmac ! crypto map Prob11 10 ipsec-isakmp set peer 180.40.7.3 set transform-set Prob11 match address Prob11 ! ! ! ! interface FastEthernet0/0 ip address 17.57.101.1 255.255.255.0 duplex auto speed auto ! interface BRI0/0 no ip address shutdown --More--  ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.1 multipoint ip address 180.40.7.35 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 203 ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.2 255.255.255.224 clock rate 64000 --More--   crypto map Prob11 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 --More--   log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! ip access-list extended Prob10 permit tcp any 17.57.101.0 0.0.0.255 ip access-list extended Prob11 deny ospf any any deny tcp any any deny udp any any permit ip any any ip access-list extended Prob4 permit ip any any time-range Prob4 deny ip any any ! ! ! ! ! --More--