cisco-NBAR-限制BT-电驴[整理]

cisco-NBAR-限制BT-电驴[整理] 2621-4M---router-fenghuo 2621-4M>en Password: 2621-4M#sh run Building configuration... Current configuration : 1840 bytes ! version 12.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 2621-4M ! boot-start-marker boot-end-marker ! enable password 1qaz2wsx ! no aaa new-model ip subnet-zero ip cef ! ip nbar pdlm flash:bittorrent.pdlm ip nbar pdlm flash:eDonkey.pdlm ! ! ! ip audit po max-events 100 no ip domain lookup no ftp-server write-enable ! ! ! ! ! class-map match-any bittorrent match protocol bittorrent match protocol edonkey ! ! policy-map drop-bittorrent class bittorrent drop ! ! no crypto isakmp enable ! ! ! interface FastEthernet0/0 ip address 172.30.90.2 255.255.255.252 ip access-group 150 out duplex auto speed auto ! interface FastEthernet0/1 ip address 218.249.47.1 255.255.255.224 ip nbar protocol-discovery service-policy input drop-bittorrent service-policy output drop-bittorrent duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 172.30.90.1 no ip http server no ip http secure-server ! ! access-list 150 deny icmp any any access-list 150 deny tcp any any eq 135 access-list 150 deny udp any any eq netbios-ns access-list 150 deny udp any eq netbios-ns any access-list 150 deny udp any any eq netbios-dgm access-list 150 deny udp any any eq netbios-ss access-list 150 deny tcp any any eq 4444 access-list 150 deny udp any any eq tftp access-list 150 deny tcp any any eq 138 access-list 150 deny tcp any any eq 139 access-list 150 deny tcp any any eq 445 access-list 150 deny tcp any any eq 455 access-list 150 deny tcp any any eq 9996 access-list 150 deny tcp any any eq 5554 access-list 150 permit ip any any snmp-server engineID local 00000009020000036B64CD80 snmp-server community beyondsoft RO snmp-server enable traps tty ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 password cisco!@# login ! ! ! end 2621-4M# Router 2M-电信通---bittorrent BoYan#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.2(5d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sat 02-Feb-02 03:36 by kellythw Image text-base: 0x80008088, data-base: 0x80989870 ROM: System Bootstrap, Version 12.2(6r), RELEASE SOFTWARE (fc1) BoYan uptime is 30 minutes System returned to ROM by power-on System image file is "flash:c2600-i-mz.122-5d.bin" cisco 2621 (MPC860) processor (revision 0x00) with 27648K/5120K bytes of memory. Processor board ID JAD061609X1 (2864591447) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 1 Serial network interface(s)2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 BoYan#sh run Building configuration... Current configuration : 3480 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname BoYan ! enable password 7 121A0C0411044D2469 ! ip subnet-zero ip cef ! ip nbar pdlm flash:bittorrent.pdlm ip nbar pdlm flash:eDonkey.pdlm ip nbar pdlm flash:kazaa2.pdlm ip nbar pdlm flash:fasttrack.pdlm ! no ip domain-lookup ! ! class-map match-any bittorrent match protocol bittorrent match protocol edonkey match protocol fasttrack match protocol kazaa2 ! ! policy-map drop-bittorrent class bittorrent police 8000 1500 1500 conform-action drop exceed-action drop ! ! ! ! interface FastEthernet0/0 ip address 219.238.227.129 255.255.255.224 secondary ip address 211.167.253.161 255.255.255.248 secondary ip address 211.101.47.97 255.255.255.240 secondary ip address 219.234.220.145 255.255.255.240 ip access-group 102 in ip access-group 102 out ip accounting output-packets ip nbar protocol-discovery ip route-cache policy ip route-cache flow duplex auto speed auto service-policy input drop-bittorrent no cdp enable ! interface Serial0/0 ip address 172.31.106.214 255.255.255.252 no cdp enable ! interface FastEthernet0/1 ip address 172.30.82.2 255.255.255.252 ip access-group 110 in duplex auto speed 100 no cdp enable ! interface Serial0/1 description TO---DXT no ip address ip access-group 102 in shutdown no cdp enable ! interface Serial0/2 description TO---CNC no ip address ip access-group 102 in shutdown no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 172.30.82.1 no ip http server no ip pim bidir-enable ! access-list 102 deny icmp any any access-list 102 deny udp any any eq 1434 access-list 102 deny tcp any any eq 1434 access-list 102 deny udp any any eq 15584 access-list 102 deny udp any eq 15584 any access-list 102 deny tcp any eq 135 any access-list 102 deny tcp any any eq 135 access-list 102 deny udp any any eq tftp access-list 102 deny udp any eq tftp any access-list 102 deny tcp any any eq 4444 access-list 102 deny tcp any eq 4444 any access-list 102 deny udp any eq netbios-ns any access-list 102 deny udp any any eq netbios-ns access-list 102 deny udp any eq netbios-dgm any access-list 102 deny udp any any eq netbios-dgm access-list 102 deny udp any eq netbios-ss any access-list 102 deny udp any any eq netbios-ss access-list 102 deny tcp any eq 139 any access-list 102 deny tcp any any eq 139 access-list 102 deny tcp any eq 445 any access-list 102 deny tcp any any eq 445 access-list 102 deny tcp any any eq 7626 access-list 102 permit ip any any access-list 110 deny ip host 219.149.223.188 any access-list 110 permit ip any any no cdp run snmp-server community all-dxt-wan RO snmp-server community bskd RO snmp-server trap-source FastEthernet0/1 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps isdn chan-not-avail snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp snmp-server enable traps ipmulticast snmp-server enable traps msdp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps rtr snmp-server enable traps syslog snmp-server host 102.168.0.229 bskd ! line con 0 line aux 0 line vty 0 4 password 7 121A0C0411044D24696F6116 login !