In newsgroup dk.edb.netvaerk wrote, Gorm Jorgensen, this, the Sun, 07
Jan 2001 19:14:18 GMT:
Hello Gorm Jorgensen,
>Hvis du forventer nogen skal kunne hjælpe så post en kopi af 'sh running'
>på din router, og udlad passwords og etc.
version 12.1
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AIP11667
no logging console
no logging monitor
enable secret 5 <removed>
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip source-route
no ip finger
ip domain-name krautwald.dk
ip name-server <ServerIPAdresse>
!
no ip bootp server
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Ethernet_0 tcp
ip inspect name Ethernet_0 udp
!
interface Loopback0
no ip address
!
interface Ethernet0
ip address <EthernetIPAdresse> <mask>
ip access-group 100 in
no ip proxy-arp
ip inspect Ethernet_0 in
no cdp enable
!
interface ATM0
no ip address
no ip proxy-arp
load-interval 30
atm vc-per-vp 4096
no atm ilmi-keepalive
!
interface ATM0.101 point-to-point
bandwidth 512
ip address <ATM Ipadresse> <mask>
ip access-group 101 in
pvc 0/101
vbr-nrt 512 512 1
encapsulation aal5mux ip
!
!
router eigrp 100
redistribute static
network <netipadresse>
auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.101
no ip http server
!
logging trap debugging
logging <ServerIPAdresse>
access-list 100 permit ip any any
access-list 101 deny ip <netværkipadresse> 0.0.0.7 any log
access-list 101 deny tcp any any eq 139
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 permit icmp any any
access-list 101 permit udp any host <ServerIPAdresse> eq domain
access-list 101 permit tcp any host <ServerIPAdresse> eq domain
access-list 101 permit tcp any host <ServerIPAdresse> range ftp-data ftp
access-list 101 permit tcp any host <ServerIPAdresse> eq www log
access-list 101 permit tcp any host <ServerIPAdresse> eq smtp
access-list 101 permit udp any host <ATM Ipadresse> eq ntp
access-list 101 permit udp any host <ServerIPAdresse> eq syslog
access-list 101 deny ip any any log
no cdp run
line con 0
password 7 <removed>
login
transport input none
line vty 0 4
password 7 <removed>
login
transport input telnet
!
ntp clock-period 17042105
ntp server 193.162.145.130
ntp server 193.162.159.194
end
Dertil ville jeg sætte dette ind
rate-limit output access-group 103 512000 16000 16000 conform-action
set-prec-continue 2 exceed-action drop
access-list 103 permit tcp any any range ftp-data ftp
Cisco beskriver ellers fint hvad man skal gøre på:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qccar.htm
Desuden skriver de ligeledes at CAR is supported on these platforms:
Cisco 2600 series
Cisco 3600 series
Cisco 4500 series
Cisco 4700 series
Cisco 7200 series
Men deres hjemmeside omkring Cisco 1401 skriver noget andet :
http://www.cisco.com/warp/public/cc/pd/rt/1400/prodlit/14bcr_ds.htm
Desuden har jeg prøvet med flere IOS versioner, med eller uden Firewall
Feature Set osv. men med samme resultat, at det ikke virker!
Har jeg overset noget, eller virker det bare ikke?
--
Med venlig hilsen
Kristian Krautwald <kristian@krautwald.dk>
http://www.krautwald.dk