cisco-NBAR-限制BT-电驴[整理]
2621-4M---router-fenghuo
2621-4M>en
Password:
2621-4M#sh run
Building configuration...
Current configuration : 1840 bytes !
version 12.3
service timestamps debug uptime service timestamps log uptime no service password-encryption !
hostname 2621-4M
!
boot-start-marker
boot-end-marker
!
enable password 1qaz2wsx !
no aaa new-model
ip subnet-zero
ip cef
!
ip nbar pdlm flash:bittorrent.pdlm ip nbar pdlm flash:eDonkey.pdlm
!
!
!
ip audit po max-events 100 no ip domain lookup no ftp-server write-enable !
!
!
!
!
class-map match-any bittorrent
match protocol bittorrent
match protocol edonkey !
!
policy-map drop-bittorrent
class bittorrent
drop
!
!
no crypto isakmp enable !
!
!
interface FastEthernet0/0
ip address 172.30.90.2 255.255.255.252
ip access-group 150 out
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 218.249.47.1 255.255.255.224
ip nbar protocol-discovery
service-policy input drop-bittorrent
service-policy output drop-bittorrent
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.90.1 no ip http server
no ip http secure-server !
!
access-list 150 deny icmp any any access-list 150 deny tcp any any eq 135 access-list 150 deny udp any any eq netbios-ns access-list 150 deny udp any eq netbios-ns any access-list 150 deny udp any any eq netbios-dgm access-list 150 deny udp any any eq netbios-ss access-list 150 deny tcp any any eq 4444 access-list 150 deny udp any any eq tftp access-list 150 deny tcp any any eq 138 access-list 150 deny tcp any any eq 139 access-list 150 deny tcp any any eq 445 access-list 150 deny tcp any any eq 455 access-list 150 deny tcp any any eq 9996 access-list 150 deny tcp any any eq 5554 access-list 150 permit ip any any
snmp-server engineID local 00000009020000036B64CD80 snmp-server community beyondsoft RO snmp-server enable traps tty
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco!@#
login
!
!
!
end
2621-4M#
Router 2M-电信通---bittorrent
BoYan#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(5d), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sat 02-Feb-02 03:36 by kellythw Image text-base: 0x80008088, data-base: 0x80989870
ROM: System Bootstrap, Version 12.2(6r), RELEASE SOFTWARE (fc1)
BoYan uptime is 30 minutes
System returned to ROM by power-on System image file is "flash:c2600-i-mz.122-5d.bin"
cisco 2621 (MPC860) processor (revision 0x00) with 27648K/5120K bytes of memory.
Processor board ID JAD061609X1 (2864591447) M860 processor: part number 0, mask 49 Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
BoYan#sh run
Building configuration...
Current configuration : 3480 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname BoYan
!
enable password 7 121A0C0411044D2469 !
ip subnet-zero
ip cef
!
ip nbar pdlm flash:bittorrent.pdlm ip nbar pdlm flash:eDonkey.pdlm ip nbar pdlm flash:kazaa2.pdlm ip nbar pdlm flash:fasttrack.pdlm !
no ip domain-lookup
!
!
class-map match-any bittorrent
match protocol bittorrent
match protocol edonkey
match protocol fasttrack
match protocol kazaa2 !
!
policy-map drop-bittorrent
class bittorrent
police 8000 1500 1500 conform-action drop exceed-action drop
!
!
!
!
interface FastEthernet0/0
ip address 219.238.227.129 255.255.255.224 secondary
ip address 211.167.253.161 255.255.255.248 secondary
ip address 211.101.47.97 255.255.255.240 secondary
ip address 219.234.220.145 255.255.255.240
ip access-group 102 in
ip access-group 102 out
ip accounting output-packets
ip nbar protocol-discovery
ip route-cache policy
ip route-cache flow
duplex auto
speed auto
service-policy input drop-bittorrent
no cdp enable
!
interface Serial0/0
ip address 172.31.106.214 255.255.255.252
no cdp enable
!
interface FastEthernet0/1
ip address 172.30.82.2 255.255.255.252
ip access-group 110 in
duplex auto
speed 100
no cdp enable
!
interface Serial0/1
description TO---DXT
no ip address
ip access-group 102 in
shutdown
no cdp enable
!
interface Serial0/2
description TO---CNC
no ip address
ip access-group 102 in
shutdown
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.82.1 no ip http server
no ip pim bidir-enable
!
access-list 102 deny icmp any any access-list 102 deny udp any any eq 1434 access-list 102 deny tcp any any eq 1434 access-list 102 deny udp any any eq 15584 access-list 102 deny udp any eq 15584 any access-list 102 deny tcp any eq 135 any access-list 102 deny tcp any any eq 135 access-list 102 deny udp any any eq tftp access-list 102 deny udp any eq tftp any access-list 102 deny tcp any any eq 4444 access-list 102 deny tcp any eq 4444 any access-list 102 deny udp any eq netbios-ns any access-list 102 deny udp any any eq netbios-ns access-list 102 deny udp any eq netbios-dgm any access-list 102 deny udp any any eq netbios-dgm access-list 102 deny udp any eq netbios-ss any access-list 102 deny udp any any eq netbios-ss access-list 102 deny tcp any eq 139 any access-list 102 deny tcp any any eq 139 access-list 102 deny tcp any eq 445 any
access-list 102 deny tcp any any eq 445 access-list 102 deny tcp any any eq 7626 access-list 102 permit ip any any access-list 110 deny ip host 219.149.223.188 any access-list 110 permit ip any any no cdp run
snmp-server community all-dxt-wan RO snmp-server community bskd RO snmp-server trap-source FastEthernet0/1 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps isdn chan-not-avail snmp-server enable traps hsrp
snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay snmp-server enable traps rtr
snmp-server enable traps syslog snmp-server host 102.168.0.229 bskd !
line con 0
line aux 0
line vty 0 4
password 7 121A0C0411044D24696F6116
login
!