[cisco-nas] AS5200 conf

Rodolfo Estrada restrada at linuxmail.org
Sun Jan 11 01:13:45 EST 2004 

Hi!

 I have an as5200 running 24 lines through a channelized T1.
The problem that I have is that it starts dropping the connections
after 15 or more lines are being used.

I applied the suggestions being offered i.e. deny access to 135, etc.
  I got an improvement but not as expected?.

I will appreciate any suggestions. Here is my current conf:

Using 3404 out of 126968 bytes
!
version 12.0
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname as5200
!
no logging buffered
no logging console
no logging monitor
aaa new-model
aaa authentication login default radius local
aaa authentication login console enable
aaa authentication ppp default radius
aaa accounting update newinfo
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
aaa accounting network ppp start-stop radius
enable secret 5 <passwd>
enable password 7 <passwd>
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip domain-name <domain>
ip name-server <ip>
ip name-server <ip>
isdn switch-type primary-5ess
clock timezone MDT -7
clock summer-time MDT recurring
!
!
controller T1 0
 framing esf
 clock source internal
 linecode b8zs
 cas-group 0 timeslots 1-24 type e&m-immediate-start
!
controller T1 1
 framing esf
 clock source line primary
 linecode b8zs
 cas-group 0 timeslots 1-24 type e&m-immediate-start
!
!
interface Loopback0
 no ip address
 no ip directed-broadcast
!
interface Ethernet0
 ip address <ip> 255.255.255.0
 ip access-group 109 out
 no ip unreachables
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 no cdp enable
!
interface Serial0
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 shutdown
 no cdp enable
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
 no cdp enable
!
interface Group-Async1
 ip unnumbered Ethernet0
 ip access-group 109 in
 no ip unreachables
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 async mode interactive
 peer default ip address pool setup_pool
 no fair-queue
 no cdp enable
 ppp authentication chap pap
 group-range 1 48
!
ip local pool setup_pool <ip range>
ip default-gateway <ip>
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
!
logging trap warnings
logging facility local6
logging <ip>
access-list 60 permit <ip>
access-list 60 permit <ip>
access-list 60 permit <ip>
access-list 109 deny   icmp any any echo
access-list 109 deny   icmp any any echo-reply
access-list 109 deny   tcp any any eq 135
access-list 109 deny   udp any any eq 135
access-list 109 deny   udp any any eq tftp
access-list 109 deny   udp any any eq netbios-ns
access-list 109 deny   tcp any any eq 137
access-list 109 deny   tcp any any eq 138
access-list 109 deny   udp any any eq netbios-dgm
access-list 109 deny   udp any any eq netbios-ss
access-list 109 deny   tcp any any eq 139
access-list 109 deny   tcp any any eq 445
access-list 109 deny   tcp any any eq 593
access-list 109 deny   tcp any any eq 707
access-list 109 deny   tcp any any eq 4444
access-list 109 permit ip any any
no cdp run
snmp-server community <comunity> RO
snmp-server community <cumunity> RW
snmp-server community <comunity> RW 60
radius-server host <host-ip> auth-port 1812 acct-port 1813
radius-server host <host-ip> auth-port 1812 acct-port 1813
radius-server timeout 3
radius-server key <key>
!
line con 0
 transport input none
line 1 48
 exec-timeout 0 0
 autoselect during-login
 autoselect ppp
 modem InOut
 transport input all
line aux 0
line vty 0 4
 password 7 <deleted>
end


Regards,


Rodolfo Estrada
restrada at linuxmail.org

More information about the cisco-nas mailing list