博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 2089|回复: 1

原创(刚配置完的一个ASA5505上实现的PPPOE)

[复制链接]
发表于 2008-10-13 22:05:21 | 显示全部楼层 |阅读模式
原创(刚配置完的一个ASA5505上实现的PPPOE)


刚实施完的PPPOE配置,里面还有一些上网时间的限制和针对个别用户和个别协议的限制,拿出来和大家分享一下
TCL(config)#
TCL# show run
: Saved
:ASA Version 7.2(3)
!hostname TCL
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
*********定义IP地址和客户端的映射,或者是对IP地址的命名********************
names
name 192.168.1.9 bgs1
name 192.168.1.27 bgs2
name 192.168.1.11 licm
name 192.168.1.7 liuxb
name 192.168.1.10 FileServer
name 192.168.1.62 changjh
………………………
………………………..
!
*************定义内网接口********************
interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0
!
*************定义外网接口********************

interface Vlan2

nameif outside

security-level 0

ip address pppoe setroute
!
interface Ethernet0/0
!
************将端口0/1加入到VLAN1中******************
interface Ethernet0/1

switchport access vlan 2
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd ************** encrypted
!
**************客户端上网时间的限制********************************
time-range everyday

periodic daily 7:50 to 21:00
!
time-range weekdays

periodic weekdays 7:50 to 18:10
!
ftp mode passive
dns server-group DefaultDNS

domain-name default.domain.invalid
*****************定义不同的策略网络主机组****************************
object-group network high1

network-object host FileServer
object-group network high2

network-object host licm

network-object host cw1

network-object host lizl
********************定义不同的策略服务组************************
object-group service tcp1 tcp

port-object range www www

port-object range 81 81
object-group service tcp_dns tcp

port-object range pop3 pop3

port-object range smtp smtp

port-object range domain domain
object-group service udp_dns udp

port-object range domain domain
object-group service tcp2 tcp

port-object range https https

port-object range 445 445

port-object range 465 465

port-object range www www

port-object range 81 81

port-object range 995 995
 楼主| 发表于 2008-10-13 22:05:48 | 显示全部楼层
*************针对上面的用户和服务组(类)制定访问控制策略****************

access-list inside_access_in extended permit tcp any any object-group tcp_dns log disable

access-list inside_access_in extended permit udp any any object-group udp_dns log disable

access-list inside_access_in extended permit tcp object-group high1 any object-group tcp1 log disable

access-list inside_access_in extended permit tcp object-group high2 any object-group tcp2 log disable time-range everyday

access-list inside_access_in extended permit tcp object-group high3 any object-group tcp2 log disable time-range everyday

access-list inside_access_in extended permit ip object-group normal1 any log disable time-range everyday

access-list inside_access_in extended permit tcp object-group normal2 any object-group tcp1 log disable time-range everyday

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-523.bin

no asdm history enable

*******************ip地址和MAC地址绑定*******************************

arp inside 192.168.1.150 000d.87c5.9876

arp inside xuerx1 0002.a59b.453b

arp inside 192.168.1.115 0013.d3de.4376

arp inside gaoyf 00c0.9f26.f0da

arp inside guopy 0009.6be3.25f4

arp inside hehx 00c0.9f26.ee16

…………..

………………

arp timeout 14400

*************配置NAT转换*********************************

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

******************配置默认路由*******************

route outside 0.0.0.0 0.0.0.0 118.81.66.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

*************配置客户端管理ASDM*******************************

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 10

ssh timeout 5

console timeout 0

*******************配置PPPOE*****************************************

vpdn group adsl request dialout pppoe

vpdn group adsl localname *******

vpdn group adsl ppp authentication pap

vpdn username gslr password *********

dhcpd auto_config outside

!



!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

username root password ************* encrypted privilege 15

prompt hostname context

Cryptochecksum:**************f

: end

TCL#
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-24 07:39 , Processed in 0.084106 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表