Irfan Liaqat

Using 8564 out of 131072 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service internal service sequence-numbers ! hostname CISCO877W ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging message-counter syslog logging buffered 512000 logging console critical enable secret 5 *snipped* ! aaa new-model ! ! aaa authentication login default local ! ! aaa session-id common clock timezone PKT 5 ! crypto pki trustpoint TP-self-signed- enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate- revocation-check none rsakeypair TP-self-signed- ! ! crypto pki certificate chain TP-self-signed- certificate self-signed 01 nvram:IOS-Self-Sig#3B.cer dot11 syslog ! dot11 ssid *snipped* authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 *snipped* ! no ip source-route no ip gratuitous-arps ! ! ip dhcp excluded-address- ip dhcp excluded-address- ! ip dhcp pool LAN import all network- update dns override domain-name *snipped* default-router- dns-server- lease 90 update arp ! ip dhcp pool SmartTV import all network- default-router- dns-server- lease 90 update arp ! ! ip cef no ip bootp server ip domain round-robin ip domain name *snipped* ip host *snipped*- ip host *snipped* ns *snipped* ip host *snipped*- ip host *snipped*- ip host *snipped*- ip host *snipped*- ip host *snipped*- ip name-server 8.8.8.8 ip name-server 1.1.1.1 ip multicast-routing ip ddns update method NOIP HTTP add http-ip.com/nic/update?hostname=&myip= interval maximum 0 4 0 0 ! login block-for 30 attempts 3 within 30 no ipv6 cef ! multilink bundle-name authenticated ! ! ! username c877w privilege 15 secret 5 *snipped* ! ! ! archive log config hidekeys ! ! ! class-map type inspect match-all ClassTCP match protocol tcp class-map type inspect match-all ClassUDP match protocol udp class-map type inspect match-all ClassInvalidSource match access-group 101 class-map type inspect match-all ClassCCTV match access-group 102 class-map type inspect match-all ClassICMP match protocol icmp ! ! policy-map type inspect PolicyInsideToOutside class type inspect ClassInvalidSource drop log class type inspect ClassTCP inspect class type inspect ClassUDP inspect class type inspect ClassICMP inspect class class-default drop log policy-map type inspect PolicyOutsideToInside class type inspect ClassCCTV inspect class class-default drop log policy-map type inspect PolicySelfToOutside class type inspect ClassTCP inspect class type inspect ClassUDP inspect class type inspect ClassICMP inspect class class-default drop log ! zone security InZone zone security OutZone zone-pair security ZonePairInsideToOutside source InZone destination OutZone service-policy type inspect PolicyInsideToOutside zone-pair security ZonePairOutsideToInside source OutZone destination InZone service-policy type inspect PolicyOutsideToInside zone-pair security ZonePairSelfToOutside source self destination OutZone service-policy type inspect PolicySelfToOutside ! bridge irb ! ! interface ATM0 description PTCL_DSL no ip address no atm ilmi-keepalive dsl noise-margin 3 dsl bitswap both ! interface ATM0.1 point-to-point description ATM_8_81_PTCL_Internet pvc 8/81 pppoe-client dial-pool-number 1 ! ! interface ATM0.2 point-to-point description ATM_0_35_PTCL_SmartTV mtu 1500 ip pim sparse-dense-mode ip igmp unidirectional-link pvc 0/35 ! bridge-group 2 ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 switchport access vlan 2 spanning-tree portfast ! interface Dot11Radio0 no ip address shutdown ! encryption mode ciphers aes-ccm ! ssid *snipped* ! speed basic- station-role root access-point world-mode dot11d country PK both bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description LAN no ip address no autostate bridge-group 1 ! interface Vlan2 description SmartTV no ip address no autostate bridge-group 2 ! interface Dialer0 description PPP_PTCL_Internet ip ddns update hostname *snipped*.ddns.net ip ddns update NOIP ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip mtu 1492 ip nat outside ip virtual-reassembly zone-member security OutZone encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username *snipped* password 7 *snipped* ppp ipcp dns request ! interface BVI1 description LAN ip address- ip access-group 103 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly zone-member security InZone ip tcp adjust-mss 1452 ! interface BVI2 description SmartTV mtu 1500 ip address- ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip pim sparse-dense-mode ip nat inside ip virtual-reassembly zone-member security InZone ip tcp adjust-mss 1452 ip igmp helper-address udl ATM0.2 ip igmp proxy-service ! ip forward-protocol nd ip route- Dialer0 no ip http server no ip http secure-server ! ! ip dns server ip dns primary *snipped* soa *snipped* *snipped*- ip nat translation tcp-timeout 600 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp- interface Dialer0 8000 ip nat inside source static tcp- interface Dialer0 9091 ip nat inside source static tcp- interface Dialer0 9092 ! ! logging source-interface BVI1 logging- access-list 1 remark NAT access-list 1 permit- access-list 1 permit- access-list 2 remark DeviceAccess access-list 2 permit- access-list 2 deny any log access-list 100 remark For VLAN2 access-list 100 deny ip- any access-list 100 deny ip host- any access-list 100 deny ip any- access-list 100 permit ip any any access-list 101 remark For ClassInvalidSource access-list 101 deny ip- any access-list 101 deny ip- any access-list 101 deny ip- any access-list 101 deny ip- any access-list 101 deny ip host- any access-list 101 deny ip host 0.0.0.0 any access-list 102 remark For Firewall - CCTV DVR Traffic access-list 102 permit tcp any any eq 8000 access-list 102 permit tcp any any eq 9091 access-list 102 permit tcp any any eq 9092 access-list 103 remark For VLAN1 access-list 103 deny ip- any access-list 103 deny ip host- any access-list 103 permit ip any any dialer-list 1 protocol ip permit no cdp run ! ! ! ! snmp-server community public RO 2 snmp-server location *snipped* snmp-server contact *snipped* ! control-plane ! bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip banner login ^C ***************************************************** * UNAUTHORISED ACCESS TO THIS DEVICE IS PROHIBITED! * ***************************************************** ^C ! line con 0 privilege level 15 no modem enable transport output all line aux 0 privilege level 15 transport output all line vty 0 4 access-class 2 in privilege level 15 transport input telnet ssh transport output all ! scheduler max-task-time 5000 sntp server- end