In the words of Triumph, the insult comic dog
"I am a huge nerd"
gibson-1811#sh run service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption <---- yep. Because service password-encryption = password 7, which cracks like a bad plaster wall ! hostname gibson-1811 ! ip cef table adjacency-prefix validate ip cef no ip dhcp use vrf connected ip dhcp excluded-address 172.17.0.1 ip dhcp excluded-address 172.17.1.200 172.17.1.255 ! ip dhcp pool gibsonusers network 172.17.0.0 255.255.254.0 domain-name hsd1.dc.comcast.net default-router 172.17.0.1 dns-server 68.87.71.226 lease 0 12 ! ! ip domain name hsd1.dc.comcast.net ip name-server 68.87.71.226 ip ssh version 2 ! ipv6 unicast-routing no ipv6 source-route ipv6 cef ! crypto (snipped, duh...) ! ! ! ! class-map match-all ICMP match protocol icmp class-map match-any PEER2PEER match protocol fasttrack match protocol edonkey match protocol gnutella match protocol kazaa2 match protocol bittorrent match protocol napster class-map match-any WEB match protocol http match protocol secure-http ! ! policy-map curious2 <---- I'm not going to block this stuff, but I'm curious how much there is. class WEB class PEER2PEER class ICMP class class-default policy-map curious class WEB set dscp cs3 class PEER2PEER set dscp default class ICMP set dscp cs1 class class-default set dscp cs2 ! interface Tunnel6 no ip address no ip redirects no ip unreachables no ip proxy-arp ipv6 address 2001:470:1F06:AE::/64 eui-64 <----- the money shot ipv6 enable tunnel source FastEthernet1 tunnel destination 209.51.161.14 <--- The ipv6.he.net Tunnel Broker tunnel mode ipv6ip <-- not GRE - take notice! ! interface FastEthernet1 ip address 74.92.149.90 255.255.255.248 secondary <--- left over from when AJ (frog) lived here - I set him up with a static IP address, and does he let me win at Civilization?? No ip address 74.92.149.89 255.255.255.248 ip access-group protect-wan in <--- block regular crap-virus ports. Not a single complaint, ever. ip nbar protocol-discovery <--- CPU intensive, but worth it. ip nat outside ip nat allow-static-host ip nat enable ip virtual-reassembly load-interval 30 duplex auto speed auto service-policy input curious2 <--- here's where I get all snoopy and stuff service-policy output curious ! interface FastEthernet2 <---- I snipped all the other identical ports switchport access vlan 69 ! interface FastEthernet8 switchport access vlan 666 <--- yes, this is a bad, bad vlan. No one should ever use it. ! interface FastEthernet9 switchport access vlan 666 <--- it's still bad. ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$ no ip address ip tcp adjust-mss 1452 shutdown <---- and you thought I'd get suckered into using VLAN1, which is home to CDP and all the other default cisco crap... ! interface Vlan69 <--- (Butt-Head: huh huh huh) ip address 66.160.4.129 255.255.255.128 secondary <--- the old gibson address range from CavTel: I don't feel like renumbering the APs, and this nicely puts them on a non-routable block. ip address 192.168.69.1 255.255.255.248 secondary <--- More of AJ's stuff ip address 172.17.0.1 255.255.254.0 ip nbar protocol-discovery ip nat inside ip nat enable ip virtual-reassembly ipv6 address 2001:470:1F07:AE::/64 eui-64 <--- here's the IPv6 address you'll get at the Gibson ipv6 enable ipv6 nd prefix 2001:470:1F07:AE::/64 infinite infinite <-- There's no reason to age out the ND advertisements ipv6 flow ingress <--- because life is better with statistics ipv6 flow egress ! no ip forward-protocol nd <--- Because I don't want IPv6 ND packets going across the IPv4 link. ip route 0.0.0.0 0.0.0.0 74.92.149.94 <--- default to Comcast ! ip nat pool gibson-over 74.92.149.89 74.92.149.89 prefix-length 29 add-route ip nat source list 1 interface FastEthernet1 overload ip nat inside source static 192.168.69.2 74.92.149.90 <--- and here's the static NAT ! ip access-list extended protect-wan permit udp host 74.92.149.91 any eq snmp <--- allow my own MRTG deny udp any any eq snmp deny udp any any eq netbios-dgm deny udp any any eq netbios-ns deny udp any any eq netbios-ss deny udp any any eq 445 deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 445 permit ip any any ! access-list 1 permit 172.17.0.0 0.0.1.255 no cdp run ! ! ipv6 route ::/0 Tunnel6 <--- Here's where you get the IPv6 connectivity gibson-1811#
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
thegameiam) wrote,
geeky
