- Posts: 29
- Thank you received: 0
problem with IAS
17 years 10 months ago #19495
by netbaba
Admin of Wellage Community
www.wellage.net
Replied by netbaba on topic Re: problem with IAS
This is the configuration generated with Cisco SDM
[code:1]no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authentication login sdm_vpn_xauth_ml_2 group radius local
aaa authentication login sdm_vpn_xauth_ml_3 group radius local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 group radius
aaa authorization network sdm_vpn_group_ml_2 group radius
aaa authorization network sdm_vpn_group_ml_3 local
!
aaa session-id common
!
resource policy
!
ip cef
no ip domain lookup
ip name-server 151.99.125.2
!
!
crypto pki trustpoint TP-self-signed-1109663261
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1109663261
revocation-check none
rsakeypair TP-self-signed-1109663261
!
!
crypto pki certificate chain TP-self-signed-1109663261
certificate self-signed 01 nvram:IOS-Self-Sig#3108.cer
username xxxxx privilege 15 secret 5 xxxxx
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxx
key xxxxx
dns 192.168.1.101 192.168.1.102
domain xxxxx.xxx
pool SDM_POOL_1
max-users 10
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA2
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_3
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
bandwidth 1280
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.1.201 192.168.1.210
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.1.0 255.255.255.0 192.168.2.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip nat inside source route-map SDM_RMAP_2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.102 22 xxx.xxx.xxx.xxx 22 route-map SDM_RMAP_9 extendable
ip nat inside source static tcp 192.168.1.102 25 xxx.xxx.xxx.xxx 25 route-map SDM_RMAP_5 extendable
ip nat inside source static tcp 192.168.1.102 80 xxx.xxx.xxx.xxx 80 route-map SDM_RMAP_10 extendable
ip nat inside source static tcp 192.168.1.102 443 xxx.xxx.xxx.xxx 443 route-map SDM_RMAP_7 extendable
ip nat inside source static tcp 192.168.1.102 993 xxx.xxx.xxx.xxx 993 route-map SDM_RMAP_6 extendable
ip nat inside source static tcp 192.168.1.102 995 xxx.xxx.xxx.xxx route-map SDM_RMAP_4 extendable
ip nat inside source static tcp 192.168.1.104 80 xxx.xxx.xxx.xxx route-map SDM_RMAP_3 extendable
ip nat inside source static tcp 192.168.1.101 3389 xxx.xxx.xxx.xxx 3389 route-map SDM_RMAP_8 extendable
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=16
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 192.168.1.201
access-list 100 deny ip any host 192.168.1.202
access-list 100 deny ip any host 192.168.1.203
access-list 100 deny ip any host 192.168.1.204
access-list 100 deny ip any host 192.168.1.205
access-list 100 deny ip any host 192.168.1.206
access-list 100 deny ip any host 192.168.1.207
access-list 100 deny ip any host 192.168.1.208
access-list 100 deny ip any host 192.168.1.209
access-list 100 deny ip any host 192.168.1.210
access-list 100 deny ip host 192.168.1.102 any
access-list 100 deny ip host 192.168.1.104 any
access-list 100 deny ip host 192.168.1.101 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip any host 192.168.1.201
access-list 101 deny ip any host 192.168.1.202
access-list 101 deny ip any host 192.168.1.203
access-list 101 deny ip any host 192.168.1.204
access-list 101 deny ip any host 192.168.1.205
access-list 101 deny ip any host 192.168.1.206
access-list 101 deny ip any host 192.168.1.207
access-list 101 deny ip any host 192.168.1.208
access-list 101 deny ip any host 192.168.1.209
access-list 101 deny ip any host 192.168.1.210
access-list 101 deny ip host 192.168.1.102 any
access-list 101 deny ip host 192.168.1.104 any
access-list 101 deny ip host 192.168.1.101 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip host 192.168.1.104 host 192.168.1.210
access-list 102 deny ip host 192.168.1.104 host 192.168.1.209
access-list 102 deny ip host 192.168.1.104 host 192.168.1.208
access-list 102 deny ip host 192.168.1.104 host 192.168.1.207
access-list 102 deny ip host 192.168.1.104 host 192.168.1.206
access-list 102 deny ip host 192.168.1.104 host 192.168.1.205
access-list 102 deny ip host 192.168.1.104 host 192.168.1.204
access-list 102 deny ip host 192.168.1.104 host 192.168.1.203
access-list 102 deny ip host 192.168.1.104 host 192.168.1.202
access-list 102 deny ip host 192.168.1.104 host 192.168.1.201
access-list 102 permit ip host 192.168.1.104 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip host 192.168.1.102 host 192.168.1.210
access-list 103 deny ip host 192.168.1.102 host 192.168.1.209
access-list 103 deny ip host 192.168.1.102 host 192.168.1.208
access-list 103 deny ip host 192.168.1.102 host 192.168.1.207
access-list 103 deny ip host 192.168.1.102 host 192.168.1.206
access-list 103 deny ip host 192.168.1.102 host 192.168.1.205
access-list 103 deny ip host 192.168.1.102 host 192.168.1.204
access-list 103 deny ip host 192.168.1.102 host 192.168.1.203
access-list 103 deny ip host 192.168.1.102 host 192.168.1.202
access-list 103 deny ip host 192.168.1.102 host 192.168.1.201
access-list 103 permit ip host 192.168.1.102 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 192.168.1.102 host 192.168.1.210
access-list 104 deny ip host 192.168.1.102 host 192.168.1.209
access-list 104 deny ip host 192.168.1.102 host 192.168.1.208
access-list 104 deny ip host 192.168.1.102 host 192.168.1.207
access-list 104 deny ip host 192.168.1.102 host 192.168.1.206
access-list 104 deny ip host 192.168.1.102 host 192.168.1.205
access-list 104 deny ip host 192.168.1.102 host 192.168.1.204
access-list 104 deny ip host 192.168.1.102 host 192.168.1.203
access-list 104 deny ip host 192.168.1.102 host 192.168.1.202
access-list 104 deny ip host 192.168.1.102 host 192.168.1.201
access-list 104 permit ip host 192.168.1.102 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 192.168.1.102 host 192.168.1.210
access-list 105 deny ip host 192.168.1.102 host 192.168.1.209
access-list 105 deny ip host 192.168.1.102 host 192.168.1.208
access-list 105 deny ip host 192.168.1.102 host 192.168.1.207
access-list 105 deny ip host 192.168.1.102 host 192.168.1.206
access-list 105 deny ip host 192.168.1.102 host 192.168.1.205
access-list 105 deny ip host 192.168.1.102 host 192.168.1.204
access-list 105 deny ip host 192.168.1.102 host 192.168.1.203
access-list 105 deny ip host 192.168.1.102 host 192.168.1.202
access-list 105 deny ip host 192.168.1.102 host 192.168.1.201
access-list 105 permit ip host 192.168.1.102 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 192.168.1.102 host 192.168.1.210
access-list 106 deny ip host 192.168.1.102 host 192.168.1.209
access-list 106 deny ip host 192.168.1.102 host 192.168.1.208
access-list 106 deny ip host 192.168.1.102 host 192.168.1.207
access-list 106 deny ip host 192.168.1.102 host 192.168.1.206
access-list 106 deny ip host 192.168.1.102 host 192.168.1.205
access-list 106 deny ip host 192.168.1.102 host 192.168.1.204
access-list 106 deny ip host 192.168.1.102 host 192.168.1.203
access-list 106 deny ip host 192.168.1.102 host 192.168.1.202
access-list 106 deny ip host 192.168.1.102 host 192.168.1.201
access-list 106 permit ip host 192.168.1.102 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny ip host 192.168.1.101 host 192.168.1.210
access-list 107 deny ip host 192.168.1.101 host 192.168.1.209
access-list 107 deny ip host 192.168.1.101 host 192.168.1.208
access-list 107 deny ip host 192.168.1.101 host 192.168.1.207
access-list 107 deny ip host 192.168.1.101 host 192.168.1.206
access-list 107 deny ip host 192.168.1.101 host 192.168.1.205
access-list 107 deny ip host 192.168.1.101 host 192.168.1.204
access-list 107 deny ip host 192.168.1.101 host 192.168.1.203
access-list 107 deny ip host 192.168.1.101 host 192.168.1.202
access-list 107 deny ip host 192.168.1.101 host 192.168.1.201
access-list 107 permit ip host 192.168.1.101 any
access-list 108 remark SDM_ACL Category=2
access-list 108 deny ip host 192.168.1.102 host 192.168.1.210
access-list 108 deny ip host 192.168.1.102 host 192.168.1.209
access-list 108 deny ip host 192.168.1.102 host 192.168.1.208
access-list 108 deny ip host 192.168.1.102 host 192.168.1.207
access-list 108 deny ip host 192.168.1.102 host 192.168.1.206
access-list 108 deny ip host 192.168.1.102 host 192.168.1.205
access-list 108 deny ip host 192.168.1.102 host 192.168.1.204
access-list 108 deny ip host 192.168.1.102 host 192.168.1.203
access-list 108 deny ip host 192.168.1.102 host 192.168.1.202
access-list 108 deny ip host 192.168.1.102 host 192.168.1.201
access-list 108 permit ip host 192.168.1.102 any
access-list 109 remark SDM_ACL Category=2
access-list 109 deny ip host 192.168.1.102 host 192.168.1.210
access-list 109 deny ip host 192.168.1.102 host 192.168.1.209
access-list 109 deny ip host 192.168.1.102 host 192.168.1.208
access-list 109 deny ip host 192.168.1.102 host 192.168.1.207
access-list 109 deny ip host 192.168.1.102 host 192.168.1.206
access-list 109 deny ip host 192.168.1.102 host 192.168.1.205
access-list 109 deny ip host 192.168.1.102 host 192.168.1.204
access-list 109 deny ip host 192.168.1.102 host 192.168.1.203
access-list 109 deny ip host 192.168.1.102 host 192.168.1.202
access-list 109 deny ip host 192.168.1.102 host 192.168.1.201
access-list 109 permit ip host 192.168.1.102 any
no cdp run
route-map SDM_RMAP_10 permit 1
match ip address 109
!
route-map SDM_RMAP_4 permit 1
match ip address 103
!
route-map SDM_RMAP_5 permit 1
match ip address 104
!
route-map SDM_RMAP_6 permit 1
match ip address 105
!
route-map SDM_RMAP_7 permit 1
match ip address 106
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
route-map SDM_RMAP_3 permit 1
match ip address 102
!
route-map SDM_RMAP_8 permit 1
match ip address 107
!
route-map SDM_RMAP_9 permit 1
match ip address 108
!
radius-server host 192.168.1.101 auth-port 1812 acct-port 1813 key xxxxx
control-plane
end [/code:1]
[code:1]no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authentication login sdm_vpn_xauth_ml_2 group radius local
aaa authentication login sdm_vpn_xauth_ml_3 group radius local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 group radius
aaa authorization network sdm_vpn_group_ml_2 group radius
aaa authorization network sdm_vpn_group_ml_3 local
!
aaa session-id common
!
resource policy
!
ip cef
no ip domain lookup
ip name-server 151.99.125.2
!
!
crypto pki trustpoint TP-self-signed-1109663261
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1109663261
revocation-check none
rsakeypair TP-self-signed-1109663261
!
!
crypto pki certificate chain TP-self-signed-1109663261
certificate self-signed 01 nvram:IOS-Self-Sig#3108.cer
username xxxxx privilege 15 secret 5 xxxxx
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxx
key xxxxx
dns 192.168.1.101 192.168.1.102
domain xxxxx.xxx
pool SDM_POOL_1
max-users 10
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA2
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_3
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
bandwidth 1280
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.1.201 192.168.1.210
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.1.0 255.255.255.0 192.168.2.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip nat inside source route-map SDM_RMAP_2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.102 22 xxx.xxx.xxx.xxx 22 route-map SDM_RMAP_9 extendable
ip nat inside source static tcp 192.168.1.102 25 xxx.xxx.xxx.xxx 25 route-map SDM_RMAP_5 extendable
ip nat inside source static tcp 192.168.1.102 80 xxx.xxx.xxx.xxx 80 route-map SDM_RMAP_10 extendable
ip nat inside source static tcp 192.168.1.102 443 xxx.xxx.xxx.xxx 443 route-map SDM_RMAP_7 extendable
ip nat inside source static tcp 192.168.1.102 993 xxx.xxx.xxx.xxx 993 route-map SDM_RMAP_6 extendable
ip nat inside source static tcp 192.168.1.102 995 xxx.xxx.xxx.xxx route-map SDM_RMAP_4 extendable
ip nat inside source static tcp 192.168.1.104 80 xxx.xxx.xxx.xxx route-map SDM_RMAP_3 extendable
ip nat inside source static tcp 192.168.1.101 3389 xxx.xxx.xxx.xxx 3389 route-map SDM_RMAP_8 extendable
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=16
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 192.168.1.201
access-list 100 deny ip any host 192.168.1.202
access-list 100 deny ip any host 192.168.1.203
access-list 100 deny ip any host 192.168.1.204
access-list 100 deny ip any host 192.168.1.205
access-list 100 deny ip any host 192.168.1.206
access-list 100 deny ip any host 192.168.1.207
access-list 100 deny ip any host 192.168.1.208
access-list 100 deny ip any host 192.168.1.209
access-list 100 deny ip any host 192.168.1.210
access-list 100 deny ip host 192.168.1.102 any
access-list 100 deny ip host 192.168.1.104 any
access-list 100 deny ip host 192.168.1.101 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip any host 192.168.1.201
access-list 101 deny ip any host 192.168.1.202
access-list 101 deny ip any host 192.168.1.203
access-list 101 deny ip any host 192.168.1.204
access-list 101 deny ip any host 192.168.1.205
access-list 101 deny ip any host 192.168.1.206
access-list 101 deny ip any host 192.168.1.207
access-list 101 deny ip any host 192.168.1.208
access-list 101 deny ip any host 192.168.1.209
access-list 101 deny ip any host 192.168.1.210
access-list 101 deny ip host 192.168.1.102 any
access-list 101 deny ip host 192.168.1.104 any
access-list 101 deny ip host 192.168.1.101 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip host 192.168.1.104 host 192.168.1.210
access-list 102 deny ip host 192.168.1.104 host 192.168.1.209
access-list 102 deny ip host 192.168.1.104 host 192.168.1.208
access-list 102 deny ip host 192.168.1.104 host 192.168.1.207
access-list 102 deny ip host 192.168.1.104 host 192.168.1.206
access-list 102 deny ip host 192.168.1.104 host 192.168.1.205
access-list 102 deny ip host 192.168.1.104 host 192.168.1.204
access-list 102 deny ip host 192.168.1.104 host 192.168.1.203
access-list 102 deny ip host 192.168.1.104 host 192.168.1.202
access-list 102 deny ip host 192.168.1.104 host 192.168.1.201
access-list 102 permit ip host 192.168.1.104 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip host 192.168.1.102 host 192.168.1.210
access-list 103 deny ip host 192.168.1.102 host 192.168.1.209
access-list 103 deny ip host 192.168.1.102 host 192.168.1.208
access-list 103 deny ip host 192.168.1.102 host 192.168.1.207
access-list 103 deny ip host 192.168.1.102 host 192.168.1.206
access-list 103 deny ip host 192.168.1.102 host 192.168.1.205
access-list 103 deny ip host 192.168.1.102 host 192.168.1.204
access-list 103 deny ip host 192.168.1.102 host 192.168.1.203
access-list 103 deny ip host 192.168.1.102 host 192.168.1.202
access-list 103 deny ip host 192.168.1.102 host 192.168.1.201
access-list 103 permit ip host 192.168.1.102 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 192.168.1.102 host 192.168.1.210
access-list 104 deny ip host 192.168.1.102 host 192.168.1.209
access-list 104 deny ip host 192.168.1.102 host 192.168.1.208
access-list 104 deny ip host 192.168.1.102 host 192.168.1.207
access-list 104 deny ip host 192.168.1.102 host 192.168.1.206
access-list 104 deny ip host 192.168.1.102 host 192.168.1.205
access-list 104 deny ip host 192.168.1.102 host 192.168.1.204
access-list 104 deny ip host 192.168.1.102 host 192.168.1.203
access-list 104 deny ip host 192.168.1.102 host 192.168.1.202
access-list 104 deny ip host 192.168.1.102 host 192.168.1.201
access-list 104 permit ip host 192.168.1.102 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 192.168.1.102 host 192.168.1.210
access-list 105 deny ip host 192.168.1.102 host 192.168.1.209
access-list 105 deny ip host 192.168.1.102 host 192.168.1.208
access-list 105 deny ip host 192.168.1.102 host 192.168.1.207
access-list 105 deny ip host 192.168.1.102 host 192.168.1.206
access-list 105 deny ip host 192.168.1.102 host 192.168.1.205
access-list 105 deny ip host 192.168.1.102 host 192.168.1.204
access-list 105 deny ip host 192.168.1.102 host 192.168.1.203
access-list 105 deny ip host 192.168.1.102 host 192.168.1.202
access-list 105 deny ip host 192.168.1.102 host 192.168.1.201
access-list 105 permit ip host 192.168.1.102 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 192.168.1.102 host 192.168.1.210
access-list 106 deny ip host 192.168.1.102 host 192.168.1.209
access-list 106 deny ip host 192.168.1.102 host 192.168.1.208
access-list 106 deny ip host 192.168.1.102 host 192.168.1.207
access-list 106 deny ip host 192.168.1.102 host 192.168.1.206
access-list 106 deny ip host 192.168.1.102 host 192.168.1.205
access-list 106 deny ip host 192.168.1.102 host 192.168.1.204
access-list 106 deny ip host 192.168.1.102 host 192.168.1.203
access-list 106 deny ip host 192.168.1.102 host 192.168.1.202
access-list 106 deny ip host 192.168.1.102 host 192.168.1.201
access-list 106 permit ip host 192.168.1.102 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny ip host 192.168.1.101 host 192.168.1.210
access-list 107 deny ip host 192.168.1.101 host 192.168.1.209
access-list 107 deny ip host 192.168.1.101 host 192.168.1.208
access-list 107 deny ip host 192.168.1.101 host 192.168.1.207
access-list 107 deny ip host 192.168.1.101 host 192.168.1.206
access-list 107 deny ip host 192.168.1.101 host 192.168.1.205
access-list 107 deny ip host 192.168.1.101 host 192.168.1.204
access-list 107 deny ip host 192.168.1.101 host 192.168.1.203
access-list 107 deny ip host 192.168.1.101 host 192.168.1.202
access-list 107 deny ip host 192.168.1.101 host 192.168.1.201
access-list 107 permit ip host 192.168.1.101 any
access-list 108 remark SDM_ACL Category=2
access-list 108 deny ip host 192.168.1.102 host 192.168.1.210
access-list 108 deny ip host 192.168.1.102 host 192.168.1.209
access-list 108 deny ip host 192.168.1.102 host 192.168.1.208
access-list 108 deny ip host 192.168.1.102 host 192.168.1.207
access-list 108 deny ip host 192.168.1.102 host 192.168.1.206
access-list 108 deny ip host 192.168.1.102 host 192.168.1.205
access-list 108 deny ip host 192.168.1.102 host 192.168.1.204
access-list 108 deny ip host 192.168.1.102 host 192.168.1.203
access-list 108 deny ip host 192.168.1.102 host 192.168.1.202
access-list 108 deny ip host 192.168.1.102 host 192.168.1.201
access-list 108 permit ip host 192.168.1.102 any
access-list 109 remark SDM_ACL Category=2
access-list 109 deny ip host 192.168.1.102 host 192.168.1.210
access-list 109 deny ip host 192.168.1.102 host 192.168.1.209
access-list 109 deny ip host 192.168.1.102 host 192.168.1.208
access-list 109 deny ip host 192.168.1.102 host 192.168.1.207
access-list 109 deny ip host 192.168.1.102 host 192.168.1.206
access-list 109 deny ip host 192.168.1.102 host 192.168.1.205
access-list 109 deny ip host 192.168.1.102 host 192.168.1.204
access-list 109 deny ip host 192.168.1.102 host 192.168.1.203
access-list 109 deny ip host 192.168.1.102 host 192.168.1.202
access-list 109 deny ip host 192.168.1.102 host 192.168.1.201
access-list 109 permit ip host 192.168.1.102 any
no cdp run
route-map SDM_RMAP_10 permit 1
match ip address 109
!
route-map SDM_RMAP_4 permit 1
match ip address 103
!
route-map SDM_RMAP_5 permit 1
match ip address 104
!
route-map SDM_RMAP_6 permit 1
match ip address 105
!
route-map SDM_RMAP_7 permit 1
match ip address 106
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
route-map SDM_RMAP_3 permit 1
match ip address 102
!
route-map SDM_RMAP_8 permit 1
match ip address 107
!
route-map SDM_RMAP_9 permit 1
match ip address 108
!
radius-server host 192.168.1.101 auth-port 1812 acct-port 1813 key xxxxx
control-plane
end [/code:1]
Admin of Wellage Community
www.wellage.net
Time to create page: 0.112 seconds