diff --git a/CISCO ACL edit/Vollbild anzeigen.jpg b/CISCO ACL edit/Vollbild anzeigen.jpg new file mode 100644 index 0000000..6244599 Binary files /dev/null and b/CISCO ACL edit/Vollbild anzeigen.jpg differ diff --git a/CISCO ACL edit/aedit.exe b/CISCO ACL edit/aedit.exe new file mode 100644 index 0000000..440441a Binary files /dev/null and b/CISCO ACL edit/aedit.exe differ diff --git a/CISCO ACL edit/aedit.perlapp b/CISCO ACL edit/aedit.perlapp new file mode 100644 index 0000000..2de4154 --- /dev/null +++ b/CISCO ACL edit/aedit.perlapp @@ -0,0 +1,35 @@ +#!C:\Program Files (x86)\ActiveState Perl Dev Kit 9.0\bin\perlapp-gui.exe +PAP-Version: 1.0 +Packer: C:\Program Files (x86)\ActiveState Perl Dev Kit 9.0\bin\perlapp.exe +Script: aedit.pl +Cwd: G:\Skripte\cisco ACL edit +Bind: editor.exe[file=editor.exe,extract,mode=777] +Clean: 1 +Date: 2011-08-12 14:15:50 +Debug: +Dependent: 0 +Dyndll: 0 +Exe: aedit.exe +Force: 1 +Gui: 0 +Hostname: NETICFSYS03 +Icon: cisco.ico +Manifest: +No-Compress: 0 +No-Logo: 0 +Runlib: +Shared: none +Tmpdir: +Verbose: 0 +Version-Comments: +Version-CompanyName: +Version-FileDescription: +Version-FileVersion: 1.1 +Version-InternalName: aedit +Version-LegalCopyright: Andre Wisniewski +Version-LegalTrademarks: +Version-OriginalFilename: ACL Editor +Version-ProductName: aedit +Version-ProductVersion: 1.1 +Warnings: 0 +Xclude: 0 diff --git a/CISCO ACL edit/aedit.pl b/CISCO ACL edit/aedit.pl new file mode 100644 index 0000000..df9469c --- /dev/null +++ b/CISCO ACL edit/aedit.pl @@ -0,0 +1,183 @@ +#!/usr/bin/perl +use Net::Telnet::Cisco; +use Digest::MD5::File; +use Env qw(TEMP USERNAME PID); +use strict; + +AGAIN: +print "\n\nx beendet\n\n"; +print "IP:"; +my $HOST=; +chomp $HOST; + +exit if ($HOST eq "x"); + +my $session = Net::Telnet::Cisco->new(Host => "$HOST", Errmode=>'return'); +$session->login(Name => "batman", Password => "LTBTTTra25"); +my @rcon = $session->cmd('show running'); +$session->close; + +my @rconfig=(); # führende returns entfernen +foreach my $line (@rcon) { + chomp $line; + if ($line eq "") {next;} + elsif ($line =~ /^\n/) { + my ($l) = $line =~ /\n(.*)/; + push @rconfig,$l; + } + else { + push @rconfig,$line; + } +} + +my $inint=0; +my $intname=""; +my $inlist=""; +my $outlist=""; +my @INTERFACES=(); + +foreach my $line (@rconfig) { + chomp $line; + if ($inint==0) { + if ($line =~ /^[\s]*interface/) { + ($intname)=$line=~/interface (.*)/; + $inint=1; + #print "$line\n"; + } + } + else { + if ($line =~ /\bip access-group .* in$/) { + ($inlist)=$line=~/access-group (.*) in/; + } + if ($line =~ /\bip access-group .* out$/) { + ($outlist)=$line=~/access-group (.*) out/; + } + if ($line =~ /^[\s]*!/) { + if ($inlist ne "" or $outlist ne "") { + push @INTERFACES, "$intname#$inlist#$outlist"; + } + $intname=""; $inlist=""; $outlist=""; + $inint=0; + } + } +} + +#printf "%2s %20s %20s %20s\n", "ID", "Interface", "ACL in", "ACL out"; +my $i=0; +my @MENU=(); +print "\n"; +foreach (@INTERFACES) { + my ($int,$in,$out)=split /#/, $_; + if ($in ne "") { + printf "%2d %30s %30s (in)\n", $i, $int, $in; + push @MENU, "$int#$in#in"; + $i++; + + } + if ($out ne "") { + printf "%2d %30s %30s(out)\n", $i, $int, $out; + push @MENU, "$int#$out#out"; + $i++; + + } +} + +print "\nWhich ACL do you want to edit?"; +my $choice=; +chomp $choice; +exit if ($choice eq "x"); +print "\n"; + +my $int; +my $acl; +my $dir; +($int,$acl,$dir)=split/#/,$MENU[$choice]; + +my $rc; +$rc=join "\n",@rconfig; + +my $ACCESS=""; +my $CONTENT=""; #[\s]* +($ACCESS,$CONTENT)= $rc =~ /(ip access-list extended $acl\n(([\s]+[permit|deny|remark].*\n)*))/m; +my @CONT=split/\n/,$CONTENT; + +open TEMPF, ">temp$$.txt"; +foreach (@CONT) { + printf TEMPF "$_\n"; +} +close TEMPF; + +#print "$TEMP\\pdk-$USERNAME-$$\\"; ; + +my $olddigest = Digest::MD5::File::file_md5_hex("temp$$.txt"); +system "$TEMP\\pdk-$USERNAME-$$\\editor.exe temp$$.txt"; +#system "editor.exe temp$$.txt"; +my $newdigest = Digest::MD5::File::file_md5_hex("temp$$.txt"); + +if ($newdigest ne $olddigest) { + print "Save changes? YES saves!"; + my $save=; + chomp $save; + if ($save eq "YES") { + print "SAVING\n"; + # telnet + $session = Net::Telnet::Cisco->new(Host => "$HOST", Errmode=>'return'); + $session->login(Name => "batman", Password => "LTBTTTra25"); + + # conf t + $session->cmd('conf t'); + + # int $int + $session->cmd("interface $int"); + + # no ip access-group $acl $dir + $session->cmd("no ip access-group $acl $dir"); + + # exit + $session->cmd("exit"); + + # no ip access-l ext $acl + $session->cmd("no ip access-list extended $acl"); + + # ip access-l ext $acl + $session->cmd("ip access-list extended $acl"); + + # ; + close EDIT; + + foreach (@NEWACL) { + $session->cmd("$_"); + } + + # int $int + $session->cmd("interface $int"); + + # ip access-group $acl $dir + $session->cmd("ip access-group $acl $dir"); + + # end + $session->cmd("end"); + + # wr mem + $session->cmd("wr mem"); + + $session->close; + + print "SAVED"; + } + else { + print "CANCELED"; + } +} +else { + print "NO CHANGES"; +} +unlink "temp$$.txt"; +print "\n\nNochmal? (y)"; + +my $again=; +chomp $again; +exit if ($again ne "y"); +goto AGAIN if ($again eq "y"); \ No newline at end of file diff --git a/CISCO ACL edit/c5d65b9f57bb0eed58907f8e3743554e.ico b/CISCO ACL edit/c5d65b9f57bb0eed58907f8e3743554e.ico new file mode 100644 index 0000000..94978b9 Binary files /dev/null and b/CISCO ACL edit/c5d65b9f57bb0eed58907f8e3743554e.ico differ diff --git a/CISCO ACL edit/cisco.ico b/CISCO ACL edit/cisco.ico new file mode 100644 index 0000000..94978b9 Binary files /dev/null and b/CISCO ACL edit/cisco.ico differ diff --git a/CISCO ACL edit/editor.exe b/CISCO ACL edit/editor.exe new file mode 100644 index 0000000..32ffc3e Binary files /dev/null and b/CISCO ACL edit/editor.exe differ diff --git a/CISCO ASA VPN config-parser/asa-vpn-config-parser.sh b/CISCO ASA VPN config-parser/asa-vpn-config-parser.sh new file mode 100644 index 0000000..893c05b --- /dev/null +++ b/CISCO ASA VPN config-parser/asa-vpn-config-parser.sh @@ -0,0 +1,139 @@ +#!/bin/bash + +IFS= +HOSTNAME=/home/rancid/var/rancid/network/configs/$1 + +pho() +{ +echo "<"$1">" +} + +phc() +{ +echo "" +} + +get_object() +{ + OBJN=$1 + egrep -A 100 "$OBJN$" $HOSTNAME | egrep -m2 -B 100 "^[a-z]" | head -n -1 | tail -n +2 | while read -r LINE + do + echo $LINE "
" + if [[ "$LINE" =~ "group-object" ]] + then + OBJNN=$(echo $LINE | awk '{print $2}') + get_object $OBJNN + elif [[ "$LINE" =~ "network-object object" ]] + then + OBJNN=$(echo $LINE | awk '{print $3}') + get_object $OBJNN + else + I=1 + fi + done +} + +pho html +pho head +echo " + +" + +phc head +pho body +pho "table cellspacing=1 cellpadding=1" +# pick crypto map entry +egrep "crypto map .* set peer" $HOSTNAME | while read -r LINE ; do + NR=$(echo "$LINE" | awk '{print $4}') + CM=$(echo "$LINE" | awk '{print $3}') +pho tr + +pho "td valign=top style='white-space: nowrap'" + echo "Tunnel #"$NR +phc td; pho "td valign=top style='white-space: nowrap'" + echo "Crypto Map:

$CM" +phc td + +pho "td valign=top" + #get peer for cm entry +echo "Peer(s):

" + PEER=$(egrep "crypto map .* $NR set peer" $HOSTNAME | awk '{print $7 " " $8 " " $9}') + PEERIP=$PEER + echo $PEER | sed 's/ /
/g' +phc td + +pho "td valign=top style='white-space: nowrap'" + #get acl for cm entry + ACL=$(egrep "crypto map .* $NR match address" $HOSTNAME | awk '{print $7}') + echo "ACL:

" $ACL +phc td + +pho "td valign=top" + ACEl=$(egrep "access-list $ACL " $HOSTNAME | awk '{print $6 " " $7}') + echo "Lokal:

" + + echo $ACEl | while read -r LINEl + do + echo $LINEl "
" + if [[ "$LINEl" =~ "object" ]] + then + OBJN=$(echo $LINEl | awk '{print $2}') + get_object $OBJN + fi + echo "
" + done +phc td + +pho "td valign=top style='white-space: nowrap'" + ACEr=$(egrep "access-list $ACL " $HOSTNAME | awk '{print $8 " " $9}') + echo "Remote:

" + + echo $ACEr | while read -r LINEr + do + echo $LINEr "
" + if [[ "$LINEr" =~ "object" ]] + then + OBJN=$(echo $LINEr | awk '{print $2}') + get_object $OBJN + fi + echo "
" + done + +phc td +phc tr + +pho tr + +pho "td style='border-style: none'" +phc td + +pho "td colspan=5" +for IP in `echo $PEERIP | sed 's/ /\n/'` +do +IP=$(echo $IP | sed 's/ //') +grep -A 3 "tunnel-group $IP" $HOSTNAME | grep "isakmp keepalive" && pho br +done + +egrep "crypto map .* $NR " $HOSTNAME | grep pfs | awk '{print $6 " " $7 "
"}' +egrep "crypto map .* $NR " $HOSTNAME | grep security | awk '{print $6 " " $7i " " $8 " " $9 "
"}' +egrep "crypto map .* $NR " $HOSTNAME | grep transform | awk '{print $7 " " $8 "
"}' +phc td +phc tr +pho "tr height=20px" +phc tr +done + +phc table +phc body +phc html + diff --git a/CISCO Config Template Konverter/R6-confg b/CISCO Config Template Konverter/R6-confg new file mode 100644 index 0000000..2931cb1 --- /dev/null +++ b/CISCO Config Template Konverter/R6-confg @@ -0,0 +1,3 @@ + +! +end diff --git a/CISCO Config Template Konverter/cisconet.cfg b/CISCO Config Template Konverter/cisconet.cfg new file mode 100644 index 0000000..9d1487c --- /dev/null +++ b/CISCO Config Template Konverter/cisconet.cfg @@ -0,0 +1,2 @@ +do reload in 1 +end diff --git a/CISCO Config Template Konverter/ciscortr.cfg b/CISCO Config Template Konverter/ciscortr.cfg new file mode 100644 index 0000000..9d1487c --- /dev/null +++ b/CISCO Config Template Konverter/ciscortr.cfg @@ -0,0 +1,2 @@ +do reload in 1 +end diff --git a/CISCO Config Template Konverter/convert.cmd b/CISCO Config Template Konverter/convert.cmd new file mode 100644 index 0000000..28c856d --- /dev/null +++ b/CISCO Config Template Konverter/convert.cmd @@ -0,0 +1,3 @@ +@echo off +cls +perl convert.pl convert.txt network-confg \ No newline at end of file diff --git a/CISCO Config Template Konverter/convert.pl b/CISCO Config Template Konverter/convert.pl new file mode 100644 index 0000000..52ca564 --- /dev/null +++ b/CISCO Config Template Konverter/convert.pl @@ -0,0 +1,66 @@ +#!/bin/perl + +$i=@ARGV; +die "Zu wenige Parameter!\nconvert.pl " if $i<2; + +print "\n"; +print "Eingabedatei $ARGV[0]\n"; +print "Ausgabedatei $ARGV[1]\n"; + + +open IN, "<$ARGV[0]"; +open OUT, ">$ARGV[1]"; + + +@INF=; +foreach (@INF) { + chomp; + router() if ($_ =~ /^!!ROUTER/); + router() if ($_ =~ /^!!SWITCH/); + router() if ($_ =~ /^!!FIREWALL/); +} + +close IN; +close OUT; + +sub router { + $read_v=0; + + # Variablen lesen + foreach (@INF) { + $read_v=1 if ($_ =~ /^!!VARIABLEN/); + last if ($_ =~ /^!!CONFIG/); + next if ($_ =~ /^!/); + read_var($_) if ($read_v); + } + + # Konfig lesen + $read_c=0; + foreach (@INF) { + chomp; + $read_c=1 if ($_ =~ /^!!CONFIG/); + if ($read_c) { + if($_ =~ /<.*>/) { + ($vn)=$_=~/(<.*>)/; + $_ =~ s/$vn/$VARS{$vn}/; + next if ($VARS{$vn} eq ""); + } + # und schreiben + printf OUT "$_\n"; + } + } +} + +sub switch { +} + +sub firewall { +} + +sub read_var { + $l=$_[0]; + if ($l=~ /<.*>.*=.*/) { + ($vn, $vv) = $l =~/(<.*>).*=[\s]*(.*)/; + $VARS{$vn}=$vv; + } +} \ No newline at end of file diff --git a/CISCO Config Template Konverter/convert.txt b/CISCO Config Template Konverter/convert.txt new file mode 100644 index 0000000..f552e7c --- /dev/null +++ b/CISCO Config Template Konverter/convert.txt @@ -0,0 +1,153 @@ +Die Zeilen mit zwei Ausrufezeichen sind besondere Zeilen. Diese markieren neue Abschnitte in der Datei. +Diese Zeilen müssen am Anfang einer Zeile stehen und dürfen keine Leerzeichen beinhalten. +Darüberhinaus sind alle Zeichen groß zu schreiben. + +Als erstes muss !!ROUTER kommen, diese Zeile markiert den eigentlichen Anfang. Es passiert nichts bis !!VARIABLEN erscheint. +Ab dort erfolgt die Definition der Variablen. + +Ab !!CONFIG kommt die eigentliche Konfiguration. Alle im Abschnitt !!VARIABLEN definierten Werte werden im Abschnitt !!CONFIG eingesetzt. + +Ansonsten sind Zeilen die mit einem ! beginnen Kommentare (Cisco Syntax). + +!!ROUTER + +!!VARIABLEN + + = R6 + = tftp://172.23.210.222/x-confg + + = f0/0 +! = 192.1.1.2 255.255.255.0 + = DHCP + + = + + = con + = 5NMP-Wr1t3-(0mm + + = local1 + = + = errors + = 10.101.0.11 + = informational + + + = Mar 31 2013 2:00 Oct 27 2013 2:00 + = 90.200.31.21 + = 90.200.31.23 + +! PTB NTP Server +! ntp server 192.53.103.103 +! ntp server 192.53.103.108 +! ntp server 192.53.103.104 + + + = corp.conet.local + = LicherExport + +! Netze/IPs zur Administration, AdminText, AdminNetz + = extern 1 + = 195.20.133.6 + = extern 2 + = 212.202.166.58 + = Eschborner Ldstr 1 + = 192.168.88.0 0.0.0.255 + = Eschborner Ldstr 2 + = 172.23.210.0 0.0.0.255 + = Interxion + = 88.205.102.128 0.0.0.127 + = Initial Netz + = 192.1.1.0 0.0.0.255 + + +!!CONFIG + +boot network + +hostname + +int + ip address + no shut + + +ip route 0.0.0.0 0.0.0.0 + +! snmp +snmp-server community RO ACL_telnet_ssh_snmp +snmp-server community RW ACL_telnet_ssh_snmp + + +! syslog +logging facility +logging source-interface +logging +logging trap + +! lokales log +logging buffered 4096 +logging history +logging console +logging monitor + + +! ntp +clock timezone MEZ 1 +clock summer-time MESZ date + +ntp server prefer +ntp server + +! ssh +ip domain name +!crypto key generate rsa +!1024 +!ip ssh ver 2 +username admin priv 15 pass + + +! login +ip access-list standard ACL_telnet_ssh_snmp +remark +permit +remark +permit +remark +permit +remark +permit +remark +permit +remark +permit + + +line vty 0 4 + session-timeout 60 + access-class ACL_telnet_ssh_snmp in + exec-timeout 60 0 + login local + transport input all +line con 0 + login local +line aux 0 + login local + + +! services +service tcp-keepalives-in +service timestamps debug datetime localtime show-timezone +service timestamps log datetime localtime show-timezone +service password-encryption +service linenumber + + +! domain-lookup +no ip domain-lookup + + +! http +no ip http server + + +end diff --git a/CISCO Config Template Konverter/getit.conf b/CISCO Config Template Konverter/getit.conf new file mode 100644 index 0000000..7887404 --- /dev/null +++ b/CISCO Config Template Konverter/getit.conf @@ -0,0 +1 @@ +no username test password test \ No newline at end of file diff --git a/CISCO Config Template Konverter/network-confg b/CISCO Config Template Konverter/network-confg new file mode 100644 index 0000000..c429b8c --- /dev/null +++ b/CISCO Config Template Konverter/network-confg @@ -0,0 +1,89 @@ +!!CONFIG + +boot network tftp://172.23.210.222/x-confg + +hostname R6 + +int f0/0 + ip address DHCP + no shut + + + +! snmp +snmp-server community bross RO ACL_telnet_ssh_snmp +snmp-server community 5NMP-Wr1t3-(0mm RW ACL_telnet_ssh_snmp + + +! syslog +logging facility local1 +logging 10.101.2.113 +logging trap errors + +! lokales log +logging buffered 4096 informational +logging history informational +logging console informational +logging monitor informational + + +! ntp +clock timezone MEZ 1 +clock summer-time MESZ date Mar 31 2013 2:00 Oct 27 2013 2:00 + +ntp server 90.200.31.21 prefer +ntp server 90.200.31.23 + +! ssh +ip domain name corp.conet.local +!crypto key generate rsa +!1024 +!ip ssh ver 2 +username admin priv 15 pass LicherExport + + +! login +ip access-list standard ACL_telnet_ssh_snmp +remark extern 1 +permit 195.20.133.6 +remark extern 2 +permit 212.202.166.58 +remark Eschborner Ldstr 1 +permit 192.168.88.0 0.0.0.255 +remark Eschborner Ldstr 2 +permit 172.23.210.0 0.0.0.255 +remark Interxion +permit 88.205.102.128 0.0.0.127 +remark Initial Netz +permit 192.1.1.0 0.0.0.255 + + +line vty 0 4 + session-timeout 60 + access-class ACL_telnet_ssh_snmp in + exec-timeout 60 0 + login local + transport input all +line con 0 + login local +line aux 0 + login local + + +! services +service tcp-keepalives-in +service timestamps debug datetime localtime show-timezone +service timestamps log datetime localtime show-timezone +service password-encryption +service linenumber + + +! domain-lookup +no ip domain-lookup + + +! http +no ip http server + + +end diff --git a/CISCO Config Template Konverter/router-confg b/CISCO Config Template Konverter/router-confg new file mode 100644 index 0000000..9d1487c --- /dev/null +++ b/CISCO Config Template Konverter/router-confg @@ -0,0 +1,2 @@ +do reload in 1 +end diff --git a/CISCO Config Template Konverter/x-confg b/CISCO Config Template Konverter/x-confg new file mode 100644 index 0000000..d661158 --- /dev/null +++ b/CISCO Config Template Konverter/x-confg @@ -0,0 +1,138 @@ + +! +version 12.4 +service tcp-keepalives-in +service timestamps debug datetime localtime show-timezone +service timestamps log datetime localtime show-timezone +service password-encryption +service linenumber +! +hostname R6 +! +boot-start-marker +boot network tftp://172.23.210.222/x-confg +boot-end-marker +! +logging buffered 4096 informational +logging console informational +logging monitor informational +! +no aaa new-model +! +resource policy +! +clock timezone MEZ 1 +clock summer-time MESZ date Mar 31 2013 2:00 Oct 27 2013 2:00 +ip cef +! +! +! +! +no ip domain lookup +ip domain name corp.conet.local +! +! +! +! +! +! +! +! +! +! +! +! +! +! +! +username admin privilege 15 password 7 00281A050C5E19231731435C1D +! +! +! +! +! +! +! +interface FastEthernet0/0 + ip address dhcp + duplex auto + speed auto +! +interface FastEthernet0/1 + no ip address + shutdown + duplex auto + speed auto +! +interface FastEthernet1/0 + no ip address + shutdown + duplex auto + speed auto +! +interface FastEthernet1/1 + no ip address + shutdown + duplex auto + speed auto +! +no ip http server +no ip http secure-server +! +! +! +ip access-list standard ACL_telnet_ssh_snmp + remark extern 1 + permit 195.20.133.6 + remark extern 2 + permit 212.202.166.58 + remark Eschborner Ldstr 1 + permit 192.168.88.0 0.0.0.255 + remark Eschborner Ldstr 2 + permit 172.23.210.0 0.0.0.255 + remark Interxion + permit 88.205.102.128 0.0.0.127 + remark Initial Netz + permit 192.1.1.0 0.0.0.255 +! +logging history informational +logging alarm informational +logging trap errors +logging facility local1 +logging 10.101.2.113 +snmp-server community bross RO ACL_telnet_ssh_snmp +snmp-server community 5NMP-Wr1t3-(0mm RW ACL_telnet_ssh_snmp +! +! +! +! +! +! +control-plane +! +! +! +! +! +! +gatekeeper + shutdown +! +! +line con 0 + login local + stopbits 1 +line aux 0 + login local + stopbits 1 +line vty 0 4 + session-timeout 60 + access-class ACL_telnet_ssh_snmp in + exec-timeout 60 0 + login local + transport input all +! +ntp server 90.200.31.23 +ntp server 90.200.31.21 prefer +! +end diff --git a/CISCO Switchport als Access Port/snippet.txt b/CISCO Switchport als Access Port/snippet.txt new file mode 100644 index 0000000..c31d278 --- /dev/null +++ b/CISCO Switchport als Access Port/snippet.txt @@ -0,0 +1,44 @@ +!!!!!!!!! +! Core Switch +INTNAMEC= +VLAN= + +conf t +default int $INTNAMEC +! +int $INTNAMEC + shutdown + switchport access vlan $VLAN + switchport trunk encapsulation dot1q + switchport mode access + spanning-tree bpduguard enable + spanning-tree guard root +! +! +! +int $INTNAMEC + no shutdown + + + +!!!!!!!!! +! Access +INTNAMEA= + +conf t +default int $INTNAMEA +! +int $INTNAMEA + shutdown + switchport access vlan $VLAN + switchport trunk encapsulation dot1q + switchport mode access + spanning-tree bpdufilter enable +! +! +! +int $INTNAMEA + no shutdown + +int vlan $VLAN + ip address .... diff --git a/CISCO acl parse/parse-acl.pl b/CISCO acl parse/parse-acl.pl new file mode 100644 index 0000000..36ced5d --- /dev/null +++ b/CISCO acl parse/parse-acl.pl @@ -0,0 +1,25 @@ +#!/bin/perl + +open FILE, "; +close FILE; + + +#ip access-list extended +#ip access-list standard +#access-list + +#config durchlaufen und context merken - letzte zeile ohne " " am zeilenanfang. +#ip access-group in/out + +#access-class in/out + +#ip nat xxxxxxxxxxxxxxxxxxx list + +#match ip address + +# Konfigurierte ACL finden +foreach (@running) { + chomp; + if (/ip access-list extended ([0-9a-zA-Z]*) /) { + \ No newline at end of file diff --git a/CISCO acl parse/running.txt b/CISCO acl parse/running.txt new file mode 100644 index 0000000..f41a68e --- /dev/null +++ b/CISCO acl parse/running.txt @@ -0,0 +1,264 @@ +Building configuration... + +Current configuration : 8122 bytes +! +! Last configuration change at 10:09:28 sommer Thu Jul 9 2009 by robin +! NVRAM config last updated at 10:09:28 sommer Thu Jul 9 2009 by robin +! +version 12.4 +service tcp-keepalives-in +service timestamps debug datetime localtime +service timestamps log datetime localtime +service password-encryption +service linenumber +! +hostname RMT1-FR +! +boot-start-marker +boot-end-marker +! +logging buffered 4096 informational +logging console informational +enable secret 5 $1$QFxG$fNejdJjAg/6SfrBoi1kAS1 +! +no aaa new-model +clock timezone utc+1 1 +clock summer-time sommer date Mar 29 2009 2:00 Oct 25 2009 2:00 +ip cef +! +! +! +! +ip multicast-routing +! +username batman privilege 15 password 7 047727220A031F1D +username robin privilege 0 password 7 13293B3618285572 +! +! +! +! +! +interface FastEthernet0/0 + description connected to EthernetLAN_ICF + ip address 10.10.10.25 255.255.255.0 + ip access-group NO_IGMP_PIM in + ip pim sparse-dense-mode + ip route-cache flow + no ip mroute-cache + speed 100 + full-duplex + keepalive 30 + no cdp enable +! +interface FastEthernet0/1 + description connected to RMT1-FR Telekom 51X/2926 + bandwidth 2500 + ip address 170.45.1.2 255.255.255.0 + ip access-group NO_IGMP_2 in + ip access-group LIST_F0/1 out + ip accounting output-packets + ip pim sparse-dense-mode + ip route-cache flow + no ip mroute-cache + load-interval 30 + speed 10 + full-duplex + keepalive 2 + standby 100 ip 170.45.1.1 + standby 100 timers 1 3 + standby 100 priority 110 + standby 100 preempt + standby 100 track FastEthernet0/0 +! +router eigrp 1000 + redistribute static + network 10.10.10.0 0.0.0.255 + network 170.45.1.0 0.0.0.255 + no auto-summary +! +ip route 10.10.0.0 255.255.0.0 10.10.10.1 +ip route 10.10.12.42 255.255.255.255 10.10.10.1 +ip route 62.80.98.0 255.255.255.0 10.10.10.1 +ip route 69.184.0.0 255.255.0.0 10.10.10.1 +ip route 130.35.0.0 255.255.255.0 10.10.10.1 +ip route 192.165.211.56 255.255.255.255 10.10.10.1 +ip route 192.169.1.0 255.255.255.0 10.10.10.1 +ip route 193.154.172.0 255.255.255.0 10.10.10.1 +ip route 199.105.0.0 255.255.0.0 10.10.10.1 +ip route 205.183.246.0 255.255.255.0 10.10.10.1 +ip route 208.134.161.0 255.255.255.0 10.10.10.1 +ip flow-export source FastEthernet0/0 +ip flow-export version 5 +ip flow-export destination 10.10.12.36 8887 +! +no ip http server +! +ip access-list extended LIST_F0/1 + permit ip 170.45.1.0 0.0.0.255 any + remark >> Tradesignal + permit tcp 62.206.134.0 0.0.0.255 eq www any + permit tcp 62.206.134.0 0.0.0.255 eq 443 any + permit tcp 193.154.172.0 0.0.0.255 eq 2088 any + remark << Tradesignal + permit tcp host 10.10.10.32 any + permit tcp host 10.10.10.33 any + permit ip host 10.10.10.32 host 239.10.10.13 + permit ip host 10.10.10.32 host 239.10.10.14 + permit ip host 10.10.10.33 host 239.10.10.13 + permit ip host 10.10.10.33 host 239.10.10.14 + permit icmp any any + permit tcp host 130.35.0.95 eq 8080 any + permit tcp host 130.35.0.11 eq 8080 any + permit ip host 130.35.0.77 any + permit tcp host 10.10.10.77 any + permit ip host 130.35.0.205 any + permit ip host 130.35.0.92 any + permit tcp host 130.35.0.222 any + permit tcp host 10.10.30.61 any + permit tcp host 10.10.30.68 any + permit tcp host 130.35.0.114 any + permit tcp host 130.35.0.44 any eq 22 + permit tcp host 213.68.166.28 any + permit tcp host 130.35.0.223 any + permit ip host 130.35.0.104 any + permit ip host 130.35.0.85 any + permit tcp 212.162.51.0 0.0.0.255 any + permit ip host 10.10.10.67 any + permit tcp host 130.35.0.208 any + permit tcp host 130.35.0.170 eq 3128 any + permit tcp 199.105.181.0 0.0.0.255 any + permit tcp 199.105.176.0 0.0.0.255 any + permit tcp 199.105.184.0 0.0.0.255 any + permit tcp 208.22.56.0 0.0.0.255 any + permit tcp 160.43.0.0 0.0.0.255 any + permit tcp 206.156.53.0 0.0.0.255 any + permit tcp 205.216.112.0 0.0.0.255 any + permit udp 208.134.161.0 0.0.0.255 any + permit tcp host 130.35.0.134 any + permit tcp host 10.10.30.67 any + permit ip host 10.10.30.79 any + permit ip host 10.10.30.80 any + permit ip host 10.10.30.185 any + permit tcp host 217.110.39.0 eq smtp any + permit tcp host 217.110.39.0 eq pop3 any + permit tcp 62.80.98.64 0.0.0.63 eq smtp any + permit tcp 62.80.98.64 0.0.0.63 eq pop3 any + permit tcp host 212.47.180.32 eq 4800 any + permit tcp host 212.118.231.91 eq 4800 any + permit tcp host 212.47.180.32 eq 4720 any + permit ip 69.184.0.0 0.0.255.255 any + permit ip 199.105.0.0 0.0.255.255 any + permit ip 205.183.246.0 0.0.0.255 any + permit ip 208.134.161.0 0.0.0.255 any + permit tcp 217.5.135.0 0.0.0.255 host 170.45.1.41 + permit tcp 217.68.149.0 0.0.0.255 host 170.45.1.41 + permit tcp 193.201.94.0 0.0.0.255 host 170.45.1.41 + permit tcp 192.165.211.0 0.0.0.255 host 170.45.1.87 + permit tcp 192.165.211.0 0.0.0.255 host 170.45.1.22 + permit tcp 192.165.211.0 0.0.0.255 host 170.45.1.65 + permit tcp host 130.35.0.42 eq ftp any + permit tcp host 130.35.0.43 eq ftp any + permit tcp host 130.35.0.45 eq ftp any + permit tcp host 130.35.0.44 eq 22 any + permit tcp host 130.35.0.130 eq 8080 any + permit ip 10.10.12.32 0.0.0.15 any + permit tcp host 130.35.0.84 any + permit tcp host 10.10.20.40 eq www any + permit ip host 130.35.0.103 any + permit tcp host 130.35.0.160 eq domain any + permit tcp host 130.35.0.161 eq domain any + permit tcp host 130.35.0.162 eq domain any + permit udp host 130.35.0.160 eq domain any + permit udp host 130.35.0.161 eq domain any + permit udp host 130.35.0.162 eq domain any + permit tcp host 130.35.0.35 any range 1024 65535 + permit udp host 130.35.0.35 any range 1024 65535 + permit tcp host 130.35.0.36 any range 1024 65535 + permit udp host 130.35.0.36 any range 1024 65535 + permit udp host 130.35.0.35 eq ntp any + permit udp host 130.35.0.36 eq ntp any + permit tcp host 10.10.10.110 any + permit tcp host 10.10.30.90 any + permit tcp host 130.35.0.75 any + permit ip host 10.10.10.71 host 170.45.1.22 + permit tcp host 10.10.10.71 host 170.45.1.51 eq 9100 +ip access-list extended NO_IGMP_2 + permit ip 170.45.1.0 0.0.0.255 host 239.10.10.13 + permit ip 170.45.1.0 0.0.0.255 host 239.10.10.14 + permit ip host 170.45.1.4 any + deny ip any 224.0.0.0 15.255.255.255 + permit ip any any +ip access-list extended NO_IGMP_PIM + permit ip 10.10.10.0 0.0.0.255 host 239.10.10.13 + permit ip 10.10.10.0 0.0.0.255 host 239.10.10.14 + deny ip any 224.0.0.0 15.255.255.255 + permit ip any any +! +logging history informational +logging trap notifications +logging facility local1 +logging source-interface FastEthernet0/0 +logging 10.10.12.36 +logging 10.10.12.42 +access-list 99 remark ---- Solarwinds +access-list 99 permit 10.10.12.42 +access-list 99 remark ---- skripte +access-list 99 permit 10.10.12.36 +access-list 99 remark ---- WUP +access-list 99 permit 10.10.12.33 +access-list 99 remark ---- SA +access-list 99 permit 10.10.12.34 +access-list 99 remark ---- Zugang ueber Bismarck, Barschel, Hades +access-list 99 permit 62.80.98.68 +access-list 99 permit 62.80.98.69 +access-list 99 permit 62.80.98.81 +access-list 99 remark ---- AW +access-list 99 permit 130.35.0.205 +access-list 99 remark ---- ML +access-list 99 permit 130.35.0.77 +access-list 99 remark ---- AB +access-list 99 permit 130.35.0.84 +access-list 99 remark ---- MN +access-list 99 permit 130.35.0.92 +access-list 99 remark ---- Zugriff aus dem Netz in dem Router ist 248 - 254 +access-list 99 permit 0.0.0.248 255.255.255.7 +access-list 99 remark ---- Zugriff vom DGW +access-list 99 permit 0.0.0.1 255.255.255.0 +access-list 99 remark ---- Zugriff aus Transfernetz ueber DDV vom anderen Router +access-list 99 permit 192.168.20.0 0.0.0.255 +access-list 99 permit 192.168.21.0 0.0.0.255 +snmp-server community public RO +! +control-plane +! +banner login ^CC +********************************************************************* +**** +**** Property of ICF Systems AG +**** phone +49(0) 69 - 299 25 - 666 +**** +**** +**** Unauthorized access is prohibited +**** +**** You are connected to $(hostname) in Bad Vilbel via line $(line) +**** +********************************************************************* +^C +! +line con 0 + exec-timeout 0 0 + password 7 141B1D080D08 + login local +line aux 0 +line vty 0 4 + session-timeout 60 + access-class 99 in + exec-timeout 60 0 + password 7 1042061A041B + login local +! +scheduler allocate 20000 1000 +ntp clock-period 17178232 +ntp server 10.10.30.254 +end + diff --git a/CISCO add remove vlan to switches/vlan.sh b/CISCO add remove vlan to switches/vlan.sh new file mode 100644 index 0000000..68e6288 --- /dev/null +++ b/CISCO add remove vlan to switches/vlan.sh @@ -0,0 +1,86 @@ +FS="switch-nexus-1,switch-nexus-2,switch-nexus-3,switch-nexus-4,switch-catalyst-1,switch-catalyst-2,switch-catalyst-3,switch-catalyst-4,switch-catalyst-7" +HS="switch-nexus-1,switch-nexus-2,switch-nexus-3,switch-nexus-4,switch-catalyst-5" + +function doit { + case $action in + a) + if [ "$vname" == "" ] + then + cmd="echo conf t\nvlan $vlan\nend\ncopy run start\n\nnexit\n" + else + cmd="echo conf t\nvlan $vlan\nname $vname\nend\ncopy run start\n\nexit\n" + fi + ;; + r) + cmd="echo conf t\nno vlan $vlan\nend\ncopy run start\n\nexit\n" + ;; + esac + $cmd | cmc -n $SW +} + + +while [ "$action" != "a" ] && [ "$action" != "r" ] +do + read -p "Add or Remove VLAN [a|r]" action +done + +if [ "$action" == "a" ] +then + read -p "VLAN name:" vname +fi + +if [ "$vname" == "" ] +then + vname="no name" +fi + +while [ "$zone" != "f" ] && [ "$zone" != "h" ] +do + read -p "Finance oder Hosting? [f|h]" zone +done + +while [ "$vlok" != "1" ] +do + read -p "VLAN [1-4094]" vlan + if [[ $vlan =~ ^[0-9]*$ ]] + then + if [ "$vlan" -gt 0 ] && [ "$vlan" -lt 4095 ] + then + vlok=1 + else + echo "VLAN number out of valid range" + fi + else + echo "invalid characters" + fi +done +echo "" + +if [ "$action" == "a" ] +then + echo -n "add vlan $vlan ($vname) to " + if [ "$vname" == "no name" ] + then + vname="" + fi +else + echo -n "remove vlan $vlan from " +fi + +case $zone in +f) + echo "Finance" + SW=$FS + doit $SW $action $vlan +;; + +h) + echo "Hosting" + SW=$HS + doit $SW $action $vlan +;; + +*) + echo "" +esac + diff --git a/CISCO add user to WLC via Perl SNMP/add_user.pl b/CISCO add user to WLC via Perl SNMP/add_user.pl new file mode 100644 index 0000000..47bf9ee --- /dev/null +++ b/CISCO add user to WLC via Perl SNMP/add_user.pl @@ -0,0 +1,134 @@ +#!/usr/bin/perl + +use strict; +use SNMP_util; +use Net::SMTP; + +my $username = $ARGV[0]; +my $sponsorname = $ARGV[1]; +my $lifetime = $ARGV[2] * 3600 * 100; +my $usernamelength = length($username); +my $userpassword = randomPassword(8); +my @userchar = split("", $username); +my $usernameiso; +my $snmpcommunity = "flw"; +my $wlc = "10.140.8.200"; +my $snmpversion = "2c"; +my $emailending = "geisslermail.de"; +my $emailserver = "mscp.agadmin.de"; +my $mailfrom = "wireless.andre"; + +# Note that a email is send to sponsorname@emailending later in this script +# Sponsorname is also used in the comment field of the guest user in the WLC + +#OID used +# These are reversed engineered with wireshark. +# Note that each of these OID calls have to be prepended with OID+username_length+username_chars. +# Eg. username ABC will be OID.3.65.66.67 +# Make a short break between the OID calls as the WLC seems to need a bit of time to process the user creation + +# A undocumented xxx.24, if user exsist it fails, if user is new its okay, TYPE = i, On my WLC this value is 4 +my $bsnLocalNetUserUnknownOID = ".1.3.6.1.4.1.14179.2.5.10.1.24"; + +# TYPE = i, On my WLC this value is 1 +my $bsnLocalNetUserWlanId = ".1.3.6.1.4.1.14179.2.5.10.1.2"; + +# TYPE = s, a description of the user - should be the sponsor's first part of email +my $bsnLocalNetUserDescription = ".1.3.6.1.4.1.14179.2.5.10.1.4"; + +# TYPE = s, user password, will be generated automatic and send to sponsor's email +my $bsnLocalNetUserPassword = ".1.3.6.1.4.1.14179.2.5.10.1.3"; + +# TYPE = i, Value on shall be 24h == 8620921 +my $bsnLocalNetUserLifetime = ".1.3.6.1.4.1.14179.2.5.10.1.5"; + +# TYPE = i, Unknown Cisco specific username, On my WLC this value is 1 +my $cLWALocalNetUserIsGuest = ".1.3.6.1.4.1.9.9.515.2.3.1.1.2"; + +# TYPE = s, Cisco specific undocumented OID, Value on CPHGWC01 = default +my $cLWALocalNetUserIsUnknown = ".1.3.6.1.4.1.9.9.515.2.3.1.1.3"; + +foreach (@userchar) { +$usernameiso .= ".".ord($_); +} + +$bsnLocalNetUserUnknownOID = $bsnLocalNetUserUnknownOID.".".$usernamelength.$usernameiso; +$bsnLocalNetUserWlanId = $bsnLocalNetUserWlanId.".".$usernamelength.$usernameiso; +$bsnLocalNetUserDescription = $bsnLocalNetUserDescription.".".$usernamelength.$usernameiso; +$bsnLocalNetUserPassword = $bsnLocalNetUserPassword.".".$usernamelength.$usernameiso; +$bsnLocalNetUserLifetime = $bsnLocalNetUserLifetime.".".$usernamelength.$usernameiso; +$cLWALocalNetUserIsGuest = $cLWALocalNetUserIsGuest.".".$usernamelength.$usernameiso; +$cLWALocalNetUserIsUnknown = $cLWALocalNetUserIsUnknown.".".$usernamelength.$usernameiso; + +my ($response) = &snmpget("$snmpcommunity\@$wlc:161:5:1:1:$snmpversion", $bsnLocalNetUserUnknownOID); +if ($response) { + my ($extention) = &snmpset("$snmpcommunity\@$wlc:161:5:1:1:$snmpversion", $bsnLocalNetUserLifetime, "int", "$lifetime", + $bsnLocalNetUserPassword, "string", $userpassword + ); +} else { + my (@response) = &snmpset("$snmpcommunity\@$wlc:161:5:1:1:$snmpversion", + $bsnLocalNetUserUnknownOID, "int", "4", + $bsnLocalNetUserWlanId, "int", "1", + $bsnLocalNetUserDescription, "string", $sponsorname, + $bsnLocalNetUserPassword, "string", $userpassword + ); + + if (@response) { + print "SET part1: OK\n"; + } else { + print "$wlc did not respond to SNMP set\n"; + } + + my (@response) = &snmpset("$snmpcommunity\@$wlc:161:5:1:1:$snmpversion", + $cLWALocalNetUserIsGuest, "int", "1", + $cLWALocalNetUserIsUnknown, "string", "default", + $bsnLocalNetUserLifetime, "int", "$lifetime" + ); + + if (@response) { + print "SET part2: OK\n"; + } else { + print "$wlc did not respond to SNMP set\n"; + } +} + +#Create a new object with 'new'. +my $smtp = Net::SMTP->new($emailserver); + +#Send the MAIL command to the server. +#$smtp->mail("$mailfrom\@$emailending"); +$smtp->mail("andre\@geisslermail.de"); + +#Send the server the 'Mail To' address. +#$smtp->to("$sponsorname\@$emailending"); +$smtp->to("andre\@geisslermail.de"); + +#Start the message. +$smtp->data(); +#Send the subject +$smtp->datasend("Subject: regard the wireless user $username\n"); +#Send the message. +$smtp->datasend("Hello!\n\nThe user: $username with password: $userpassword\nhave a $ARGV[2]h access to wireless\n\nEnjoy\n\nNetwork Department"); +#End the message. +$smtp->dataend(); +#Close the connection to your server. +$smtp->quit(); + +print "The user: $username with password: $userpassword\nhave a $ARGV[2]h access to wireless"; + +#password generator from the internet +sub randomPassword { + my $password; + my $_rand; + my $password_length = $_[0]; + if (!$password_length) { + $password_length = 10; + } + my @chars = split(" ", "a b c d e f g h i j k l m n o p q r s t u v w x y z - _ % # | 0 1 2 3 4 5 6 7 8 9"); + srand; + for (my $i=0; $i <= $password_length ;$i++) { + $_rand = int(rand 41); + $password .= $chars[$_rand]; + } + return $password; +} \ No newline at end of file diff --git a/CISCO backup config via Perl telnet modul/router.pl b/CISCO backup config via Perl telnet modul/router.pl new file mode 100644 index 0000000..72d4278 --- /dev/null +++ b/CISCO backup config via Perl telnet modul/router.pl @@ -0,0 +1,122 @@ +#!/bin/perl + +use Net::Telnet::Cisco; + +$wait=""; +open RTR, ") { + next if ($_ =~ /^#/); + chomp; + ($ip,$user,$pass,$enable,$wait)=$_=~/^(.*),(.*),(.*),(.*),(.*)$/i; + $wait=5 if ($wait eq ""); + @routers=(@routers,[$ip,$user,$pass,$enable,$wait]); +} +close RTR; + +my $session; +my @output; + +my ($ss,$mm,$hh,$dd,$mon,$yy,$we,$doy,$st)=localtime; +$mon++; +$yy+=1900; +$dd = '0' . $dd if ($dd < 10); +$mon = '0' . $mon if ($mon < 10); +my $date=$yy . "-" . $mon . "-" . $dd; +mkdir $date; + +foreach my $router (@routers) { + print "$$router[0] connect\n"; + + next unless ($session = Net::Telnet::Cisco->new(Host => "$$router[0]", Errmode=>'return')); + + if ($$router[1] eq '') { + print "$$router[0] send pw\n"; + $session->login(Password => "$$router[2]"); + } + else { + print "$$router[0] send user, pw\n"; + $session->login(Name => "$$router[1]", Password => "$$router[2]"); + } + + print "$$router[0] enable\n"; + $session->cmd("enable\n$$router[3]") if ($$router[3] ne ""); + + print "$$router[0] sh runn\n"; + @output = $session->cmd('show running'); + + open OUT, ">$date\\$$router[0]_running.txt"; + print OUT @output; + close OUT; + + sleep($$router[4]); +} + + + + + + + +#$ok = $obj->login($username, $password);# +# +# $ok = $obj->login([Name => $username,] +# [Password => $password,] +# [Passcode => $passcode,] # for Secur-ID/XTACACS +# [Prompt => $match,] +# [Timeout => $secs,]); + + + +#$session = Net::Telnet::Cisco->new( +# [Autopage => $boolean,] # 1 +# [More_prompt => $matchop,] # '/(?m:^\s*--More--)/', +# [Always_waitfor_prompt => $boolean,] # 1 +# [Waitfor_pause => $milliseconds,] # 0.1 +# [Normalize_cmd => $boolean,] # 1 +# [Send_wakeup => $when,] # 0 +# [Ignore_warnings => $boolean,] # 0 +# [Warnings => $matchop,] # see docs +# +# # Net::Telnet arguments +# [Binmode => $mode,] +# [Cmd_remove_mode => $mode,] +# [Dump_Log => $filename,] +# [Errmode => $errmode,] +# [Fhopen => $filehandle,] +# [Host => $host,] +# [Input_log => $file,] +# [Input_record_separator => $char,] +# [Option_log => $file,] +# [Output_log => $file,] +# [Output_record_separator => $char,] +# [Port => $port,] +# [Prompt => $matchop,] # see docs +# [Telnetmode => $mode,] +# [Timeout => $secs,] +# ); + + + +#if ($session->enable("enable_password")) +#$session->errmsg; + + + +# my $protocol = ''; # default value +# my $ip = '10.0.0.1'; +# my $repeat = 10; +# my $datagram = 1500; +# my $timeout = ''; # default value +# my $extended = ''; # default value +# my $sweep = ''; # default value + +# $session->cmd( +# "ping +# $protocol +# $ip +# $repeat +# $datagram +# $timeout +# $extended +# $sweep +# "); \ No newline at end of file diff --git a/CISCO backup config via Perl telnet modul/router_list.txt b/CISCO backup config via Perl telnet modul/router_list.txt new file mode 100644 index 0000000..6c4e393 --- /dev/null +++ b/CISCO backup config via Perl telnet modul/router_list.txt @@ -0,0 +1,158 @@ +10.10.10.3,robin,LTBEsal37,prog, +10.10.10.4,robin,LTBEsal37,prog, +10.10.10.5,robin,LTBEsal37,prog, +10.10.10.6,robin,LTBEsal37,prog, +10.10.10.7,robin,LTBEsal37,prog, +10.10.10.8,robin,LTBEsal37,prog, +10.10.10.9,robin,LTBEsal37,prog, +10.10.10.12,robin,LTBEsal37,prog, +10.10.10.17,robin,LTBEsal37,prog, +10.10.10.18,robin,LTBEsal37,prog, +10.10.10.21,robin,LTBEsal37,prog, +10.10.10.23,robin,LTBEsal37,prog, +10.10.10.25,robin,LTBEsal37,prog, +10.10.10.26,robin,LTBEsal37,prog, +10.10.10.27,robin,LTBEsal37,prog, +10.10.10.29,robin,LTBEsal37,prog, +10.10.10.34,robin,LTBEsal37,prog, +10.10.10.35,robin,LTBEsal37,prog, +10.10.10.37,robin,LTBEsal37,prog, +10.10.10.46,robin,LTBEsal37,prog, +10.10.10.47,robin,LTBEsal37,prog, +10.10.10.48,robin,LTBEsal37,prog, +10.10.10.49,robin,LTBEsal37,prog, +10.10.10.50,robin,LTBEsal37,prog, +10.10.10.101,robin,LTBEsal37,prog, +10.10.10.102,robin,LTBEsal37,prog, +10.10.10.107,robin,LTBEsal37,prog, +10.10.10.108,robin,LTBEsal37,prog, +10.10.10.109,robin,LTBEsal37,prog, +10.10.10.125,robin,LTBEsal37,prog, +10.10.10.177,robin,LTBEsal37,prog, +10.10.10.250,robin,LTBEsal37,prog, +10.10.10.251,robin,LTBEsal37,prog, +10.10.10.252,robin,LTBEsal37,prog, +10.10.12.1,robin,LTBEsal37,prog, +10.10.12.251,robin,LTBEsal37,prog, +10.10.12.252,robin,LTBEsal37,prog, +10.10.12.253,robin,LTBEsal37,prog, +10.10.30.17,robin,LTBEsal37,prog, +10.10.30.97,robin,LTBEsal37,prog, +10.10.30.98,robin,LTBEsal37,prog, +10.10.30.99,robin,LTBEsal37,prog, +10.10.70.21,robin,LTBEsal37,prog, +10.10.70.24,robin,LTBEsal37,prog, +10.10.70.25,robin,LTBEsal37,prog, +10.10.70.27,robin,LTBEsal37,prog, +10.10.70.28,robin,LTBEsal37,prog, +10.10.70.250,robin,LTBEsal37,prog, +10.10.70.251,robin,LTBEsal37,prog, +10.10.70.254,robin,LTBEsal37,prog, +10.60.1.100,robin,LTBEsal37,, +10.80.1.2,robin,LTBEsal37,prog, +10.80.1.253,robin,LTBEsal37,prog, +10.80.1.254,robin,LTBEsal37,prog, +10.80.13.11,robin,LTBEsal37,prog, +10.80.13.12,robin,LTBEsal37,prog, +10.80.13.21,robin,LTBEsal37,prog, +10.80.13.22,robin,LTBEsal37,prog, +10.90.1.1,robin,LTBEsal37,prog, +10.90.1.2,robin,LTBEsal37,prog, +10.90.1.3,robin,LTBEsal37,prog, +130.35.0.1,robin,LTBEsal37,prog, +130.35.0.253,robin,LTBEsal37,prog, +130.35.0.17,robin,LTBEsal37,, +130.35.0.18,robin,LTBEsal37,prog, +130.35.0.19,robin,LTBEsal37,prog, +130.35.0.28,robin,LTBEsal37,prog, +130.35.0.29,robin,LTBEsal37,prog, +192.169.1.13,robin,LTBEsal37,prog, +192.169.1.21,robin,LTBEsal37,prog, +192.169.1.22,robin,LTBEsal37,prog, +192.169.1.23,robin,LTBEsal37,prog, +192.169.1.81,robin,LTBEsal37,prog, +192.169.1.82,robin,LTBEsal37,prog, +192.169.1.83,robin,LTBEsal37,prog, +193.169.55.248,robin,LTBEsal37,prog, +193.169.55.249,robin,LTBEsal37,prog, +170.250.1.22,robin,LTBEsal37,prog, +170.250.1.101,robin,LTBEsal37,prog, +170.250.1.102,robin,LTBEsal37,prog, +170.250.1.253,robin,LTBEsal37,prog, +170.11.1.1,robin,LTBEsal37,prog, +170.11.1.4,robin,LTBEsal37,prog, +170.11.1.5,robin,LTBEsal37,prog, +170.11.1.6,robin,LTBEsal37,prog, +170.11.1.253,robin,LTBEsal37,prog, +170.11.1.254,robin,LTBEsal37,prog, +170.15.1.1,robin,LTBEsal37,prog, +170.20.1.1,robin,LTBEsal37,prog, +170.20.1.2,robin,LTBEsal37,prog, +170.20.1.3,robin,LTBEsal37,prog, +170.20.1.9,robin,LTBEsal37,prog, +170.21.1.1,robin,LTBEsal37,prog, +170.24.1.2,robin,LTBEsal37,prog, +170.24.1.3,robin,LTBEsal37,prog, +170.40.1.1,robin,LTBEsal37,prog, +170.40.1.4,robin,LTBEsal37,prog, +170.40.1.5,robin,LTBEsal37,prog, +170.40.1.253,robin,LTBEsal37,prog, +170.40.1.254,robin,LTBEsal37,prog, +170.43.1.1,robin,LTBEsal37,prog, +170.43.1.2,robin,LTBEsal37,prog, +170.45.1.1,robin,LTBEsal37,prog, +170.45.1.2,robin,LTBEsal37,prog, +170.45.1.4,robin,LTBEsal37,prog, +170.45.2.4,robin,LTBEsal37,prog, +170.45.1.3,robin,LTBEsal37,prog, +170.50.1.1,robin,LTBEsal37,prog, +170.50.1.2,robin,LTBEsal37,prog, +170.50.1.3,robin,LTBEsal37,prog, +170.60.2.1,robin,LTBEsal37,prog, +170.60.2.3,robin,LTBEsal37,prog, +170.60.2.5,robin,LTBEsal37,prog, +170.60.2.7,robin,LTBEsal37,prog, +170.60.2.8,robin,LTBEsal37,prog, +170.60.2.10,robin,LTBEsal37,prog, +170.60.2.14,robin,LTBEsal37,prog, +170.60.2.15,robin,LTBEsal37,prog, +170.60.2.19,robin,LTBEsal37,prog, +170.60.2.20,robin,LTBEsal37,prog, +170.61.3.1,robin,LTBEsal37,prog, +170.61.4.1,robin,LTBEsal37,prog, +170.61.5.1,robin,LTBEsal37,prog, +170.61.6.1,robin,LTBEsal37,prog, +170.61.7.1,robin,LTBEsal37,prog, +170.250.1.22,robin,LTBEsal37,prog, +170.250.1.101,robin,LTBEsal37,prog, +170.250.1.102,robin,LTBEsal37,prog, +170.250.1.253,robin,LTBEsal37,prog, +170.250.2.1,robin,LTBEsal37,prog, +170.250.2.101,robin,LTBEsal37,prog, +170.250.2.102,robin,LTBEsal37,prog, +170.253.4.16,robin,LTBEsal37,prog, +170.253.4.17,robin,LTBEsal37,prog, +192.168.99.25,robin,LTBEsal37,prog, +192.168.104.42,,actissec,actisen, +192.168.104.43,,actissec,actisen, +10.1.6.1,robin,LTBEsal37,prog, +10.1.6.2,robin,LTBEsal37,prog, +10.1.6.3,robin,LTBEsal37,prog, +10.1.7.1,robin,LTBEsal37,prog, +10.1.8.1,robin,LTBEsal37,prog, +10.1.8.254,robin,LTBEsal37,prog, +91.33.211.21,robin,LTBEsal37,prog, +91.33.211.22,robin,LTBEsal37,prog, +91.33.211.31,robin,LTBEsal37,prog, +91.33.211.32,robin,LTBEsal37,prog, +92.254.253.25,robin,LTBEsal37,prog, +92.254.253.26,robin,LTBEsal37,prog, +92.254.253.31,robin,LTBEsal37,prog, +92.254.253.33,robin,LTBEsal37,prog, +92.254.253.253,robin,LTBEsal37,prog, +94.200.15.22,robin,LTBEsal37,prog, +94.200.15.23,robin,LTBEsal37,prog, +90.201.238.21,robin,LTBEsal37,prog, +90.201.238.21,robin,LTBEsal37,prog, +193.169.55.252,mao,peking08,, +193.169.55.253,mao,peking08,, \ No newline at end of file diff --git a/CISCO change ASA VPN peer/change_vpn_peer.sh b/CISCO change ASA VPN peer/change_vpn_peer.sh new file mode 100644 index 0000000..e8617f9 --- /dev/null +++ b/CISCO change ASA VPN peer/change_vpn_peer.sh @@ -0,0 +1,104 @@ +#!/bin/bash +echo "" + +if [ "$4" == "a" ]; +then + ACTION=a +elif [ "$4" == "d" ]; +then + ACTION=d +else + echo "$./change_vpn_peer.sh " + echo "" + echo " hostname is firewall name as used in observium" + echo "" + echo " oldpeer|newpeer are IP addresses of remote gateway" + echo "" + echo " action can be a or d" + echo " a applies configuration to firewall" + echo " d just displays configuration" + echo "" + exit +fi + +ASA=$1 +OLDPEER=$2 +NEWPEER=$3 +CONF=/home/rancid/var/rancid/network/configs/$ASA +CONFIG=/scripts/rancid/changepeer_$ASA_$OLDPEER_$NEWPEER.txt + +echo "UPDATE Konfigfile via rancid to have the latest config file" +/home/rancid/bin/rancid-run -r asa-hosting +echo "" + +echo "CHECK for old peer IP in config file" +grep "tunnel-group $OLDPEER" $CONF || ( echo "tunnel group not found" && exit ) > /dev/null 2>&1 +echo "Old peer found" +echo "" + +echo "GET crypto map name for old peer IP" +CMNAME=`grep "crypto map" $CONF | grep "set peer $OLDPEER" | awk '{print $3}'` > /dev/null 2>&1 +echo " ~ $CMNAME" +echo "" + +echo "GET crypto map entry for old peer IP" +CMENTRY=`grep "crypto map" $CONF | grep "set peer $OLDPEER" | awk '{print $4}'` > /dev/null 2>&1 +echo " ~ $CMENTRY" +echo "" + +echo "GET old PSK" +PSK=`egrep -A2 "tunnel-group $OLDPEER ipsec-att" $CONF | grep pre` > /dev/null 2>&1 +echo " ~ $PSK" +echo "" + +echo "GET old GroupPolicy" +GROUP=`egrep -A1 "tunnel-group $OLDPEER general-att" $CONF | grep default-group-policy` > /dev/null 2>&1 +echo " ~ $GROUP" +echo "" + +echo "WRITE configuration file" +echo " +config t + +!Remove old tunnel-group +no tunnel-group $OLDPEER ipsec-attributes + +!Re-Configure new tunnel-group +tunnel-group $NEWPEER type ipsec-l2l +tunnel-group $NEWPEER ipsec-attributes +$PSK +exit +tunnel-group $NEWPEER general-attributes +$GROUP +exit + +!Remove Old Peer from Crypto map +no crypto map $CMNAME $CMENTRY set peer $OLDPEER + +!Create New Peer on Crypto Map +crypto map $CMNAME $CMENTRY set peer $NEWPEER + +clear config tunnel-group $OLDPEER + +!Save Config +end +wr mem +" > $CONFIG +echo "" + +if [ "$ACTION" == "a" ]; +then + echo "APPLY configuration file" + /home/rancid/bin/clogin -x $CONFIG $ASA +elif [ "$ACTION" == "d" ]; +then + echo "DISPLAY configuration file" + echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + cat $CONFIG + echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" +fi + +echo "" +echo " ~~~ THE END ~~~" +echo "" + diff --git a/CISCO clear nat/router.pl b/CISCO clear nat/router.pl new file mode 100644 index 0000000..913f9de --- /dev/null +++ b/CISCO clear nat/router.pl @@ -0,0 +1,139 @@ +#!/bin/perl + +use Net::Telnet::Cisco; + +open RTR, ") { + if ($_ =~ /^#/) { + print $_; + next; + } + chomp; + ($ip,$user,$pass,$enable,$wait)=$_=~/^(.*),(.*),(.*),(.*),(.*)$/i; + $wait=60 if ($wait eq ""); +# print "$ip,$user,$pass,$enable,$wait\n"; + @routers=(@routers,[$ip,$user,$pass,$enable,$wait]); +} +close RTR; + +my $session; +my @output; + +my ($ss,$mm,$hh,$dd,$mon,$yy,$we,$doy,$st)=localtime; +$mon++; +$yy+=1900; +$dd = '0' . $dd if ($dd < 10); +$mon = '0' . $mon if ($mon < 10); +my $date=$yy . "-" . $mon . "-" . $dd; + +my @commands; +open CMD, ") { + if ($_ =~ /^#/) { + print $_; + next; + } + chomp unless ($_ =~ /^\n$/); + @commands=(@commands,$_); +} +close CMD; + +foreach my $router (@routers) { + print "$$router[0] connect\n"; + + next unless ($session = Net::Telnet::Cisco->new(Host => "$$router[0]", Errmode=>'return')); + + if ($$router[1] eq '') { + print "$$router[0] send pw\n"; + $session->login(Password => "$$router[2]"); + } + else { + print "$$router[0] send user, pw\n"; + $session->login(Name => "$$router[1]", Password => "$$router[2]"); + } + + print "$$router[0] enable\n"; + $session->cmd("enable\n$$router[3]"); + + + + foreach (@commands) { + print "$$router[0] $_\n"; + @output = $session->cmd("$_"); + } + + $session->cmd("end"); + $session->cmd("wr"); + sleep ($$router[4]); + + + print "\n\n"; + +} + + + + +#$ok = $obj->login($username, $password);# +# +# $ok = $obj->login([Name => $username,] +# [Password => $password,] +# [Passcode => $passcode,] # for Secur-ID/XTACACS +# [Prompt => $match,] +# [Timeout => $secs,]); + + + +#$session = Net::Telnet::Cisco->new( +# [Autopage => $boolean,] # 1 +# [More_prompt => $matchop,] # '/(?m:^\s*--More--)/', +# [Always_waitfor_prompt => $boolean,] # 1 +# [Waitfor_pause => $milliseconds,] # 0.1 +# [Normalize_cmd => $boolean,] # 1 +# [Send_wakeup => $when,] # 0 +# [Ignore_warnings => $boolean,] # 0 +# [Warnings => $matchop,] # see docs +# +# # Net::Telnet arguments +# [Binmode => $mode,] +# [Cmd_remove_mode => $mode,] +# [Dump_Log => $filename,] +# [Errmode => $errmode,] +# [Fhopen => $filehandle,] +# [Host => $host,] +# [Input_log => $file,] +# [Input_record_separator => $char,] +# [Option_log => $file,] +# [Output_log => $file,] +# [Output_record_separator => $char,] +# [Port => $port,] +# [Prompt => $matchop,] # see docs +# [Telnetmode => $mode,] +# [Timeout => $secs,] +# ); + + + +#if ($session->enable("enable_password")) +#$session->errmsg; + + + +# my $protocol = ''; # default value +# my $ip = '10.0.0.1'; +# my $repeat = 10; +# my $datagram = 1500; +# my $timeout = ''; # default value +# my $extended = ''; # default value +# my $sweep = ''; # default value + +# $session->cmd( +# "ping +# $protocol +# $ip +# $repeat +# $datagram +# $timeout +# $extended +# $sweep +# "); \ No newline at end of file diff --git a/CISCO clear nat/router_config.txt b/CISCO clear nat/router_config.txt new file mode 100644 index 0000000..2c9c3e4 --- /dev/null +++ b/CISCO clear nat/router_config.txt @@ -0,0 +1,18 @@ +#Alle Befehle wie auf der Router Konsole eingeben +#Für ip accounting auf f0/0 aktivierung also +#conf t +#int f0/0 +#ip acco +# +#Abschließend wird ein automatisches 'end' 'write' durchgeführt +# +#Benötigt ein Befehl eine besondere Bestätigung wie z.b. reload, clear count +#einfach eine leerzeile (keine leerzeichen) eingeben +#bsp +#clear count +#LEERZEILE +#reload +#Hier auch nur eine neue Zeile + +clear ip nat trans * + diff --git a/CISCO clear nat/router_list.txt b/CISCO clear nat/router_list.txt new file mode 100644 index 0000000..fd3b072 --- /dev/null +++ b/CISCO clear nat/router_list.txt @@ -0,0 +1,4 @@ +10.10.10.107,robin,LTBEsal37,prog, +10.10.10.109,robin,LTBEsal37,prog, +170.11.1.5,robin,LTBEsal37,prog, +170.11.1.6,robin,LTBEsal37,prog, \ No newline at end of file diff --git a/CISCO copy config via snmp and tftp/StartTftpDownload.pl b/CISCO copy config via snmp and tftp/StartTftpDownload.pl new file mode 100644 index 0000000..0555203 --- /dev/null +++ b/CISCO copy config via snmp and tftp/StartTftpDownload.pl @@ -0,0 +1,183 @@ +#!/bin/perl + +use strict; +use warnings; + +use Net::SNMP; + +my $i=@ARGV; +die "\nZu wenige Parameter!\n\nStartTftpDownload.pl \n +Source + 1: networkFile + 3: startupConfig + 4: runningConfig + +Destination + 1: networkFile + 3: startupConfig + 4: runningConfig + +Example +C:\\>StartTftpDownload.pl 172.23.210.151 172.23.210.222 5NMP-Wr1t3-(0mm 1 4 getit.conf +" if $i<6; + +print "\n"; + +my $ROUT = $ARGV[0]; +my $TFTP = $ARGV[1]; +my $COMM = $ARGV[2]; +my $SOUR = $ARGV[3]; +my $DEST = $ARGV[4]; +my $FILE = $ARGV[5]; + + +my ($session, $error) = Net::SNMP->session( + -hostname => $ROUT, + -version => 'snmpv2', + -community => $COMM, +); + +if (!defined $session) { + printf "ERROR: %s.\n", $error; + exit 1; +} + +my $SES=".111"; +my $OID="1.3.6.1.4.1.9.9.96.1.1.1.1.2" . $SES; +$session->set_request(-varbindlist => [ $OID, INTEGER, '1' ], ); #The ConfigCopyProtocol is set to TFTP + + +$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.3" . $SES; +$session->set_request(-varbindlist => [ $OID, INTEGER, $SOUR ], ); #Set the SourceFileType to networkfile #running-config + + +$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.4" . $SES; +$session->set_request(-varbindlist => [ $OID, INTEGER, $DEST ], ); #Set the DestinationFileType to running-config #networkfile + + +$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.5" . $SES; +$session->set_request(-varbindlist => [ $OID, IPADDRESS, $TFTP ], ); #Sets the ServerAddress to the IP address of the TFTP server + + +$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.6" . $SES; +$session->set_request(-varbindlist => [ $OID, OCTET_STRING, $FILE ], ); #Sets the CopyFilename to your desired file name. + + +$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.14" . $SES; +$session->set_request(-varbindlist => [ $OID, INTEGER, '1' ], ); #Sets the CopyStatus to active which starts the copy process. + + +$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.14" . $SES; +$session->set_request(-varbindlist => [ $OID, INTEGER, '6' ], ); #Sets the CopyStatus to delete which cleans all saved informations out of the MIB + +exit; + +# +#ccConfigCopyProtocol +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.2 +#Type: INTEGER +#Options:tftp(1) +#ftp(2) +#rcp(3) +#scp(4) +#sftp(5) +#Description: Defines whicn protocol is used for the copy process. TFTP is default + + +#ccCopySourceFileType +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.3 +#Type: INTEGER +#Options: networkFile(1) +#iosFile(2) +#startupConfig(3) +#runningConfig(4) +#terminal(5) +#Descripton: Defines the source. Either the Source or the DestinatioFileType have to be set to startupConfig or runningConfig. Furthermore the SourceFileType has to be different to the DestinationFileType. + + +#ccCopyDestFileType +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.4 +#Type: INTEGER +#Options: networkFile(1) +#iosFile(2) +#startupConfig(3) +#runningConfig(4) +#terminal(5) +#Description: Defines the destination.Either the Source or the DestinatioFileType have to be set to startupConfig or runningConfig. Furthermore the SourceFileType has to be different to the DestinationFileType. + + +#ccCopyServerAddress +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.5 +#Type: IP Address +#Description: Sets the address of the server to which the file will be copied to. Values like 0.0.0.0 or FF.FF.FF.FF are not allowed for this OID. + + +#ccCopyFileName +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.6 +#Type: STRING +#Description: Sets the name of the destination or source file. This OID has to be set as far as the destination or sourceFileType are set to networkFile or iosFile. + + +#ccCopyUserName +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.7 +#Type: STRING +#Description: Sets a username for FTP, RCP, SFTP or SCP. This will overwrite the user name which might have been set over the rcmd remote-username command if RCP is used as protocol. + + +#ccCopyUserPassword +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.8 +#Type: STRING +#Description: Sets the password for FTP, RCP, SFTP or SCP + + +#ccCopyNotificationOnCompletion +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.9 +#Type: INTEGER +#Description: Defines if a notification has to be sent after the process has ended. + + +#ccCopyState +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.10 +#Type: INTEGER +#Options: waiting(1) +#running(2) +#successful(3) +#failed(4) +#Description: Shows the copy process’ status. This value will be set after the COPYEntryRowStatus has been set to active. + + +#ccCopyTimeStarted +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.11 +#Type: TimeStamp +#Description: Shows the last start time of the process or zero if the process never changed the status to running. + + +#ccCopyTimeCompleted +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.12 +#Type: TimeStamp +#Description: Shows the last time after the process changed from running to successful or failed. + + +#ccCopyFailCause +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.13 +#Type: INTEGER +#Options: unknown(1) +#badFileName(2) +#timeout(3) +#noMem(4) +#noConfig(5) +#unsupportedProtocol(6) +#someConfigApplyFailed(7) +#Description: Shows why the process failed + + +#ccCopyEntryRowStatus +#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.14 +#Type: INTEGER +#Options: active(1) +#notInService(2) +#createAndGo(4) +#createAndWait(5) +#destroy(6) +#Description: Shows the process’ status +# \ No newline at end of file diff --git a/CISCO read config via Perl telnet modul/config.txt b/CISCO read config via Perl telnet modul/config.txt new file mode 100644 index 0000000..1fca6d3 --- /dev/null +++ b/CISCO read config via Perl telnet modul/config.txt @@ -0,0 +1,1302 @@ +C6506E-1#sh conf +Using 38200 out of 1964024 bytes +! +! Last configuration change at 15:02:50 utc+1 Wed Jan 26 2011 by batman +! NVRAM config last updated at 15:13:19 utc+1 Wed Jan 26 2011 by batman +! +upgrade fpd auto +version 12.2 +service tcp-keepalives-in +service timestamps debug datetime msec localtime show-timezone +service timestamps log datetime msec localtime show-timezone +service password-encryption +service linenumber +service counters max age 5 +! +hostname C6506E-1 +! +boot-start-marker +boot system flash sup-bootdisk: +boot-end-marker +! +security passwords min-length 1 +logging buffered 4096 informational +logging console informational +logging monitor informational +enable secret 5 $1$PsT5$HCRcOlnIecTV5K7qVg95c/ +! +username robin privilege 0 password 7 0723156E6B1A18094445 +username batman privilege 15 password 7 013F32266F3F321D201E1B +no aaa new-model +clock timezone utc+1 1 +clock summer-time sommer date Mar 27 2011 2:00 Oct 30 2011 2:00 +ip subnet-zero +! +! +! +ip multicast-routing +ip ssh version 2 +no ip domain-lookup +ip domain-name intern.icfsystems.de +! +switch virtual domain 1 +! +mls netflow interface +mls cef error action reset +! +crypto pki trustpoint TP-self-signed-1430 + enrollment selfsigned + subject-name cn=IOS-Self-Signed-Certificate-1430 + revocation-check none + rsakeypair TP-self-signed-1430 +! +! +crypto pki certificate chain TP-self-signed-1430 + certificate self-signed 01 nvram:IOS-Self-Sig#3001.cer +! +! +! +! +! +! +! +! +spanning-tree mode pvst +spanning-tree extend system-id +no spanning-tree vlan 2-8 +diagnostic bootup level minimal +access-list 99 remark ---- skripte +access-list 99 permit 10.10.12.36 +access-list 99 remark ---- WUP +access-list 99 permit 10.10.12.33 +access-list 99 remark ---- SA +access-list 99 permit 10.10.12.34 +access-list 99 remark ---- Zugang ueber Bismarck, Barschel, Hades +access-list 99 permit 62.80.98.68 +access-list 99 permit 62.80.98.69 +access-list 99 permit 62.80.98.81 +access-list 99 remark ---- AW +access-list 99 permit 130.35.0.205 +access-list 99 remark ---- ML +access-list 99 permit 130.35.0.77 +access-list 99 remark ---- AB +access-list 99 permit 130.35.0.84 +access-list 99 remark ---- MN +access-list 99 permit 130.35.0.92 +access-list 99 remark ---- ICF_SYS +access-list 99 permit 10.61.1.8 0.0.0.7 +access-list 99 remark ---- Zugriff aus dem Netz in dem Router ist 248 - 254 +access-list 99 permit 0.0.0.248 255.255.255.7 +access-list 99 remark ---- Zugriff vom DGW +access-list 99 permit 0.0.0.1 255.255.255.0 +access-list 99 remark ---- Zugriff aus Transfernetz ueber DDV vom anderen Router +access-list 99 permit 192.168.20.0 0.0.0.255 +access-list 99 permit 192.168.21.0 0.0.0.255 +access-list 99 remark ---- Alle anderen Verbindungsversuche werden geblockt +access-list 99 deny any +! +redundancy + main-cpu + auto-sync running-config + mode sso +! +ip access-list extended PBR_1 + permit ip host 10.61.1.10 92.254.215.0 0.0.0.255 + permit ip host 10.61.1.10 94.200.15.0 0.0.0.255 + permit ip host 10.61.1.10 10.0.0.0 0.255.255.255 + permit ip host 10.61.1.10 172.16.0.0 0.224.255.255 + permit ip host 10.61.1.10 192.168.0.0 0.0.255.255 + permit ip host 10.61.1.10 130.35.0.0 0.0.0.255 + permit ip host 10.61.1.10 170.0.0.0 0.255.255.255 + permit ip host 10.61.1.10 172.0.0.0 0.255.255.255 +ip access-list extended PBR_15 + permit ip host 10.61.1.10 any +ip access-list extended PBR_4 + permit ip host 10.61.1.10 90.0.0.0 0.255.255.255 + permit ip host 10.61.1.10 92.0.0.0 0.255.255.255 + permit ip host 10.61.1.10 91.0.0.0 0.255.255.255 + permit ip host 10.61.1.10 94.0.0.0 0.255.255.255 + permit ip host 10.61.1.10 62.80.98.0 0.0.0.255 +! +vlan internal allocation policy ascending +vlan access-log ratelimit 2000 +! +! +! +interface Port-channel2 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 2 + switchport mode trunk +! +interface Port-channel3 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 3 + switchport mode trunk +! +interface Port-channel4 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 4 + switchport mode trunk +! +interface Port-channel5 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 5 + switchport mode trunk +! +interface Port-channel6 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 6 + switchport mode trunk +! +interface Port-channel8 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 8,11 + switchport mode trunk +! +interface GigabitEthernet1/1 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 2 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 2 mode active +! +interface GigabitEthernet1/2 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 2 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 2 mode active +! +interface GigabitEthernet1/3 + no ip address + shutdown +! +interface GigabitEthernet1/4 + no ip address + shutdown +! +interface GigabitEthernet1/5 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 3 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 3 mode active +! +interface GigabitEthernet1/6 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 3 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 3 mode active +! +interface GigabitEthernet1/7 + no ip address + shutdown +! +interface GigabitEthernet1/8 + no ip address + shutdown +! +interface GigabitEthernet1/9 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 4 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 4 mode active +! +interface GigabitEthernet1/10 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 4 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 4 mode active +! +interface GigabitEthernet1/11 + no ip address + shutdown +! +interface GigabitEthernet1/12 + no ip address + shutdown +! +interface GigabitEthernet1/13 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 5 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 5 mode active +! +interface GigabitEthernet1/14 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 5 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 5 mode active +! +interface GigabitEthernet1/15 + no ip address + shutdown +! +interface GigabitEthernet1/16 + no ip address + shutdown +! +interface GigabitEthernet1/17 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 6 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 6 mode active +! +interface GigabitEthernet1/18 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 6 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 6 mode active +! +interface GigabitEthernet1/19 + no ip address + shutdown +! +interface GigabitEthernet1/20 + no ip address + shutdown +! +interface GigabitEthernet1/21 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 8,11 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 8 mode active +! +interface GigabitEthernet1/22 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 8,11 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 8 mode active +! +interface GigabitEthernet1/23 + no ip address + shutdown +! +interface GigabitEthernet1/24 + no ip address + shutdown +! +interface GigabitEthernet1/25 + no ip address + shutdown +! +interface GigabitEthernet1/26 + no ip address + shutdown +! +interface GigabitEthernet1/27 + no ip address + shutdown +! +interface GigabitEthernet1/28 + no ip address + shutdown +! +interface GigabitEthernet1/29 + no ip address + shutdown +! +interface GigabitEthernet1/30 + no ip address + shutdown +! +interface GigabitEthernet1/31 + no ip address + shutdown +! +interface GigabitEthernet1/32 + no ip address + shutdown +! +interface GigabitEthernet1/33 + no ip address + shutdown +! +interface GigabitEthernet1/34 + no ip address + shutdown +! +interface GigabitEthernet1/35 + no ip address + shutdown +! +interface GigabitEthernet1/36 + no ip address + shutdown +! +interface GigabitEthernet1/37 + no ip address + shutdown +! +interface GigabitEthernet1/38 + no ip address + shutdown +! +interface GigabitEthernet1/39 + no ip address + shutdown +! +interface GigabitEthernet1/40 + no ip address + shutdown +! +interface GigabitEthernet1/41 + no ip address + shutdown +! +interface GigabitEthernet1/42 + no ip address + shutdown +! +interface GigabitEthernet1/43 + no ip address + shutdown +! +interface GigabitEthernet1/44 + no ip address + shutdown +! +interface GigabitEthernet1/45 + no ip address + shutdown +! +interface GigabitEthernet1/46 + no ip address + shutdown +! +interface GigabitEthernet1/47 + no ip address + shutdown +! +interface GigabitEthernet1/48 + no ip address + shutdown +! +interface GigabitEthernet2/1 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 2 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 2 mode active +! +interface GigabitEthernet2/2 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 2 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 2 mode active +! +interface GigabitEthernet2/3 + no ip address + shutdown +! +interface GigabitEthernet2/4 + no ip address + shutdown +! +interface GigabitEthernet2/5 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 3 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 3 mode active +! +interface GigabitEthernet2/6 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 3 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 3 mode active +! +interface GigabitEthernet2/7 + no ip address + shutdown +! +interface GigabitEthernet2/8 + no ip address + shutdown +! +interface GigabitEthernet2/9 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 4 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 4 mode active +! +interface GigabitEthernet2/10 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 4 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 4 mode active +! +interface GigabitEthernet2/11 + no ip address + shutdown +! +interface GigabitEthernet2/12 + no ip address + shutdown +! +interface GigabitEthernet2/13 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 5 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 5 mode active +! +interface GigabitEthernet2/14 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 5 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 5 mode active +! +interface GigabitEthernet2/15 + no ip address + shutdown +! +interface GigabitEthernet2/16 + no ip address + shutdown +! +interface GigabitEthernet2/17 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 6 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 6 mode active +! +interface GigabitEthernet2/18 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 6 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 6 mode active +! +interface GigabitEthernet2/19 + no ip address + shutdown +! +interface GigabitEthernet2/20 + no ip address + shutdown +! +interface GigabitEthernet2/21 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 8,11 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 8 mode active +! +interface GigabitEthernet2/22 + switchport + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 8,11 + switchport mode trunk + speed 1000 + duplex full + channel-protocol lacp + channel-group 8 mode active +! +interface GigabitEthernet2/23 + no ip address + shutdown +! +interface GigabitEthernet2/24 + no ip address + shutdown +! +interface GigabitEthernet2/25 + no ip address + shutdown +! +interface GigabitEthernet2/26 + no ip address + shutdown +! +interface GigabitEthernet2/27 + no ip address + shutdown +! +interface GigabitEthernet2/28 + no ip address + shutdown +! +interface GigabitEthernet2/29 + no ip address + shutdown +! +interface GigabitEthernet2/30 + no ip address + shutdown +! +interface GigabitEthernet2/31 + no ip address + shutdown +! +interface GigabitEthernet2/32 + no ip address + shutdown +! +interface GigabitEthernet2/33 + no ip address + shutdown +! +interface GigabitEthernet2/34 + no ip address + shutdown +! +interface GigabitEthernet2/35 + no ip address + shutdown +! +interface GigabitEthernet2/36 + no ip address + shutdown +! +interface GigabitEthernet2/37 + no ip address + shutdown +! +interface GigabitEthernet2/38 + no ip address + shutdown +! +interface GigabitEthernet2/39 + no ip address + shutdown +! +interface GigabitEthernet2/40 + no ip address + shutdown +! +interface GigabitEthernet2/41 + no ip address + shutdown +! +interface GigabitEthernet2/42 + no ip address + shutdown +! +interface GigabitEthernet2/43 + no ip address + shutdown +! +interface GigabitEthernet2/44 + no ip address + shutdown +! +interface GigabitEthernet2/45 + no ip address + shutdown +! +interface GigabitEthernet2/46 + no ip address + shutdown +! +interface GigabitEthernet2/47 + no ip address + shutdown +! +interface GigabitEthernet2/48 + no ip address + shutdown +! +interface GigabitEthernet5/1 + no ip address +! +interface GigabitEthernet5/2 + no ip address +! +interface GigabitEthernet5/3 + no ip address +! +interface TenGigabitEthernet5/4 + no ip address + shutdown +! +interface TenGigabitEthernet5/5 + no ip address + shutdown +! +interface Vlan1 + no ip address + shutdown +! +interface Vlan2 + ip address 10.10.10.1 255.255.255.0 + no ip redirects + no ip proxy-arp + ip pim sparse-dense-mode + ip ospf cost 10 + ip ospf priority 255 + vrrp 22 ip 10.10.10.1 + vrrp 22 timers advertise msec 500 + vrrp 22 priority 254 +! +interface Vlan3 + ip address 10.10.30.1 255.255.255.0 + no ip redirects + no ip proxy-arp + ip ospf cost 10 + ip ospf priority 255 + vrrp 23 ip 10.10.30.1 + vrrp 23 timers advertise msec 500 + vrrp 23 priority 254 +! +interface Vlan4 + ip address 130.35.0.1 255.255.255.0 + no ip redirects + no ip proxy-arp + ip pim sparse-dense-mode + ip ospf cost 10 + ip ospf priority 255 + vrrp 24 ip 130.35.0.1 + vrrp 24 timers advertise msec 500 + vrrp 24 priority 254 +! +interface Vlan5 + ip address 10.10.11.1 255.255.255.0 + no ip redirects + no ip proxy-arp + ip ospf cost 10 + ip ospf priority 255 + vrrp 25 ip 10.10.11.1 + vrrp 25 timers advertise msec 500 + vrrp 25 priority 254 +! +interface Vlan6 + ip address 10.10.12.1 255.255.255.0 + no ip redirects + no ip proxy-arp + ip pim sparse-dense-mode + ip ospf cost 10 + ip ospf priority 255 + vrrp 26 ip 10.10.12.1 + vrrp 26 timers advertise msec 500 + vrrp 26 priority 254 +! +interface Vlan8 + ip address 10.10.21.1 255.255.255.0 secondary + ip address 10.10.32.1 255.255.248.0 secondary + ip address 10.10.20.1 255.255.255.0 + no ip redirects + no ip proxy-arp + ip ospf cost 10 + ip ospf priority 255 + vrrp 81 ip 10.10.20.1 + vrrp 81 timers advertise msec 500 + vrrp 81 priority 254 + vrrp 82 ip 10.10.21.1 + vrrp 82 timers advertise msec 500 + vrrp 82 priority 254 + vrrp 83 ip 10.10.32.1 + vrrp 83 timers advertise msec 500 + vrrp 83 priority 254 +! +interface Vlan11 + ip address 10.61.1.1 255.255.255.0 + no ip proxy-arp + ip pim sparse-dense-mode + ip policy route-map PBR + ip ospf cost 10 + ip ospf priority 255 + vrrp 11 ip 10.61.1.1 + vrrp 11 timers advertise msec 500 + vrrp 11 priority 254 +! +router ospf 1 + router-id 130.35.0.1 + log-adjacency-changes + redistribute connected + network 0.0.0.0 255.255.255.255 area 0 + default-information originate +! +ip classless +ip route 9.164.200.0 255.255.255.0 130.35.0.102 +ip route 10.1.5.0 255.255.255.0 10.10.30.19 +ip route 10.1.6.0 255.255.255.0 10.10.10.50 +ip route 10.1.7.0 255.255.255.0 10.10.10.34 +ip route 10.1.8.0 255.255.255.0 10.10.10.18 +ip route 10.1.9.0 255.255.255.0 10.10.10.19 +ip route 10.2.5.0 255.255.255.0 10.10.30.19 +ip route 10.10.70.0 255.255.255.0 10.10.10.252 +ip route 10.10.72.31 255.255.255.255 10.10.10.11 +ip route 10.10.72.32 255.255.255.255 10.10.10.11 +ip route 10.10.80.0 255.255.255.0 10.10.10.252 +ip route 10.10.81.0 255.255.255.0 10.10.10.252 +ip route 10.10.90.0 255.255.255.0 10.10.10.140 +ip route 10.10.91.0 255.255.255.0 10.10.10.140 +ip route 10.10.92.0 255.255.255.0 10.10.10.140 +ip route 10.10.110.100 255.255.255.255 10.10.30.28 +ip route 10.12.130.0 255.255.255.0 10.10.30.71 +ip route 10.16.7.72 255.255.255.248 10.10.30.12 +ip route 10.22.0.0 255.255.0.0 10.10.30.28 +ip route 10.30.1.0 255.255.255.0 10.10.30.28 +ip route 10.40.106.0 255.255.255.0 10.10.30.71 +ip route 10.56.8.0 255.255.252.0 130.35.0.95 +ip route 10.56.12.0 255.255.252.0 130.35.0.95 +ip route 10.57.104.0 255.255.252.0 130.35.0.95 +ip route 10.59.4.0 255.255.255.0 192.169.1.95 +ip route 10.60.1.0 255.255.255.0 10.10.12.4 +ip route 10.61.250.0 255.255.255.0 130.35.0.238 +ip route 10.61.251.0 255.255.255.0 130.35.0.238 +ip route 10.61.252.0 255.255.255.0 130.35.0.238 +ip route 10.61.253.0 255.255.255.0 130.35.0.238 +ip route 10.61.254.0 255.255.255.0 130.35.0.238 +ip route 10.61.255.0 255.255.255.0 130.35.0.238 +ip route 10.62.0.0 255.255.0.0 10.10.10.177 +ip route 10.62.16.0 255.255.240.0 10.10.30.44 +ip route 10.62.224.0 255.255.255.0 130.35.0.29 +ip route 10.80.0.0 255.240.0.0 10.10.30.28 +ip route 10.90.224.0 255.255.240.0 10.10.10.101 +ip route 10.97.22.0 255.255.255.0 10.10.30.165 +ip route 10.100.0.0 255.255.0.0 10.10.30.11 +ip route 10.126.43.0 255.255.255.0 130.35.0.150 +ip route 10.140.0.0 255.254.0.0 10.10.10.66 +ip route 10.149.228.10 255.255.255.255 130.35.0.13 +ip route 10.184.0.0 255.255.0.0 130.35.0.95 +ip route 10.199.209.30 255.255.255.255 10.10.10.66 +ip route 10.199.209.31 255.255.255.255 10.10.10.66 +ip route 10.199.209.41 255.255.255.255 10.10.10.66 +ip route 10.199.209.42 255.255.255.255 10.10.10.66 +ip route 10.199.217.130 255.255.255.255 10.10.30.28 +ip route 10.199.217.131 255.255.255.255 10.10.30.28 +ip route 10.199.217.134 255.255.255.255 10.10.30.28 +ip route 10.202.1.0 255.255.255.0 10.10.30.20 +ip route 10.217.61.0 255.255.255.0 130.35.0.95 +ip route 10.236.26.98 255.255.255.255 10.10.10.66 +ip route 10.241.1.0 255.255.255.0 130.35.0.15 +ip route 10.241.69.50 255.255.255.255 10.10.10.66 +ip route 10.241.69.85 255.255.255.255 10.10.10.66 +ip route 10.241.201.114 255.255.255.255 10.10.10.66 +ip route 10.241.201.116 255.255.255.255 10.10.10.66 +ip route 10.241.201.196 255.255.255.255 10.10.10.66 +ip route 10.241.234.49 255.255.255.255 10.10.10.66 +ip route 10.241.234.85 255.255.255.255 10.10.10.66 +ip route 10.241.238.52 255.255.255.255 10.10.10.66 +ip route 10.242.64.83 255.255.255.255 10.10.10.66 +ip route 10.242.64.101 255.255.255.255 10.10.10.66 +ip route 10.242.64.104 255.255.255.255 10.10.10.66 +ip route 12.3.89.131 255.255.255.255 130.35.0.10 +ip route 12.111.4.44 255.255.255.255 130.35.0.10 +ip route 20.49.246.0 255.255.255.0 10.10.30.10 +ip route 62.4.64.105 255.255.255.255 130.35.0.10 +ip route 62.67.224.0 255.255.255.0 130.35.0.10 +ip route 62.75.202.76 255.255.255.255 130.35.0.10 +ip route 62.80.98.0 255.255.255.0 130.35.0.10 +ip route 62.93.251.166 255.255.255.255 130.35.0.10 +ip route 62.128.27.128 255.255.255.224 10.10.30.33 +ip route 62.157.211.58 255.255.255.255 130.35.0.10 +ip route 62.157.211.59 255.255.255.255 130.35.0.10 +ip route 62.159.24.11 255.255.255.255 130.35.0.10 +ip route 62.159.24.13 255.255.255.255 130.35.0.10 +ip route 62.160.54.165 255.255.255.255 130.35.0.10 +ip route 62.192.192.21 255.255.255.255 130.35.0.10 +ip route 62.192.192.23 255.255.255.255 130.35.0.10 +ip route 62.206.116.168 255.255.255.255 130.35.0.10 +ip route 62.206.134.0 255.255.255.0 130.35.0.10 +ip route 62.253.208.0 255.255.255.0 130.35.0.10 +ip route 62.255.252.0 255.255.255.0 130.35.0.10 +ip route 63.75.60.0 255.255.255.0 130.35.0.10 +ip route 63.75.61.0 255.255.255.0 130.35.0.10 +ip route 63.75.62.0 255.255.255.0 130.35.0.10 +ip route 63.99.207.0 255.255.255.0 130.35.0.10 +ip route 64.74.235.0 255.255.255.0 130.35.0.10 +ip route 64.93.81.0 255.255.255.0 130.35.0.10 +ip route 66.135.193.73 255.255.255.255 130.35.0.95 +ip route 67.56.184.0 255.255.248.0 10.10.30.19 +ip route 67.57.128.0 255.255.252.0 10.10.30.19 +ip route 69.184.0.0 255.255.0.0 10.10.30.97 +ip route 69.191.192.0 255.255.192.0 130.35.0.10 +ip route 74.114.112.129 255.255.255.255 130.35.0.10 +ip route 80.73.32.0 255.255.255.0 130.35.0.10 +ip route 80.73.32.100 255.255.255.255 130.35.0.10 +ip route 80.73.36.0 255.255.255.0 130.35.0.10 +ip route 80.73.37.0 255.255.255.0 130.35.0.10 +ip route 80.73.38.0 255.255.255.0 130.35.0.10 +ip route 80.73.39.0 255.255.255.0 130.35.0.10 +ip route 80.146.174.0 255.255.255.0 130.35.0.95 +ip route 80.146.174.20 255.255.255.255 130.35.0.186 +ip route 80.152.49.76 255.255.255.255 130.35.0.10 +ip route 80.243.194.0 255.255.255.0 130.35.0.10 +ip route 80.252.97.72 255.255.255.255 130.35.0.10 +ip route 80.252.97.80 255.255.255.255 130.35.0.10 +ip route 80.253.192.235 255.255.255.255 130.35.0.10 +ip route 81.25.196.163 255.255.255.255 130.35.0.10 +ip route 81.169.145.0 255.255.255.0 130.35.0.10 +ip route 82.195.231.34 255.255.255.255 130.35.0.10 +ip route 83.136.79.12 255.255.255.255 10.10.10.66 +ip route 83.136.79.13 255.255.255.255 10.10.10.66 +ip route 83.231.216.0 255.255.255.0 130.35.0.10 +ip route 83.244.214.40 255.255.255.255 130.35.0.10 +ip route 83.244.214.41 255.255.255.255 130.35.0.10 +ip route 89.202.207.40 255.255.255.248 10.10.10.6 +ip route 90.5.209.0 255.255.255.0 10.10.30.17 +ip route 90.8.209.0 255.255.255.0 10.10.30.32 +ip route 90.36.207.0 255.255.255.0 10.10.10.11 +ip route 90.39.218.13 255.255.255.255 10.10.30.28 +ip route 90.39.218.14 255.255.255.255 10.10.30.28 +ip route 90.53.208.0 255.255.255.0 10.10.30.12 +ip route 90.201.238.0 255.255.255.0 130.35.0.95 +ip route 91.33.211.0 255.255.255.0 10.10.30.15 +ip route 91.202.43.0 255.255.255.0 130.35.0.10 +ip route 91.202.236.36 255.255.255.255 130.35.0.10 +ip route 91.202.237.36 255.255.255.255 130.35.0.10 +ip route 91.212.113.36 255.255.255.255 130.35.0.10 +ip route 92.1.253.0 255.255.255.0 10.10.10.5 +ip route 92.254.215.0 255.255.255.0 10.10.30.13 +ip route 94.200.15.0 255.255.255.0 10.10.10.50 +ip route 94.200.15.2 255.255.255.255 10.10.30.250 +ip route 94.251.148.0 255.255.254.0 10.10.10.5 +ip route 94.251.248.0 255.255.255.0 10.10.10.5 +ip route 129.158.149.0 255.255.255.0 10.10.30.89 +ip route 130.200.1.5 255.255.255.255 130.35.0.10 +ip route 130.200.1.6 255.255.255.255 130.35.0.10 +ip route 139.149.22.130 255.255.255.255 130.35.0.10 +ip route 140.177.205.0 255.255.255.0 130.35.0.10 +ip route 153.46.130.0 255.255.255.0 10.10.10.9 +ip route 153.46.219.0 255.255.255.0 10.10.30.97 +ip route 153.46.249.0 255.255.255.0 130.35.0.10 +ip route 153.46.251.0 255.255.255.0 130.35.0.10 +ip route 155.195.0.0 255.255.0.0 10.10.30.19 +ip route 159.156.0.0 255.255.0.0 10.10.10.66 +ip route 160.43.0.0 255.255.0.0 10.10.30.97 +ip route 160.43.250.0 255.255.255.0 130.35.0.10 +ip route 160.92.102.61 255.255.255.255 130.35.0.10 +ip route 160.92.102.67 255.255.255.255 130.35.0.10 +ip route 162.8.168.0 255.255.255.0 130.35.0.10 +ip route 162.8.169.0 255.255.255.0 130.35.0.10 +ip route 162.26.0.0 255.255.0.0 10.10.10.66 +ip route 165.222.184.180 255.255.255.255 10.10.30.28 +ip route 165.222.185.180 255.255.255.255 10.10.30.28 +ip route 165.222.187.70 255.255.255.255 10.10.30.28 +ip route 165.222.187.71 255.255.255.255 10.10.30.28 +ip route 165.222.244.236 255.255.255.255 10.10.30.28 +ip route 166.12.0.0 255.255.0.0 10.10.10.66 +ip route 166.14.0.0 255.255.0.0 10.10.10.66 +ip route 169.40.0.0 255.255.0.0 10.10.10.66 +ip route 169.42.124.0 255.255.252.0 10.10.10.66 +ip route 169.42.156.0 255.255.255.0 10.10.10.66 +ip route 169.43.146.0 255.255.255.0 10.10.10.66 +ip route 169.44.0.0 255.255.0.0 10.10.10.66 +ip route 169.58.163.0 255.255.255.0 10.10.10.66 +ip route 169.58.168.0 255.255.255.0 10.10.10.66 +ip route 169.58.170.0 255.255.255.0 10.10.10.66 +ip route 169.58.171.0 255.255.255.0 10.10.10.66 +ip route 169.58.173.0 255.255.255.0 10.10.10.66 +ip route 169.58.174.0 255.255.255.0 10.10.10.66 +ip route 169.62.0.0 255.255.0.0 10.10.10.66 +ip route 170.3.1.0 255.255.255.0 10.10.30.12 +ip route 170.4.1.0 255.255.255.0 10.10.10.25 +ip route 170.5.1.0 255.255.255.0 10.10.30.22 +ip route 170.10.1.0 255.255.255.0 10.10.30.5 +ip route 170.11.1.0 255.255.255.0 10.10.10.5 +ip route 170.11.1.252 255.255.255.255 10.10.10.5 +ip route 170.12.1.0 255.255.255.0 10.10.10.5 +ip route 170.13.1.0 255.255.255.0 10.10.10.17 +ip route 170.15.1.0 255.255.255.0 10.10.10.21 +ip route 170.16.1.0 255.255.255.0 10.10.10.9 +ip route 170.16.4.155 255.255.255.255 10.10.10.9 +ip route 170.16.4.156 255.255.255.255 10.10.10.9 +ip route 170.16.12.155 255.255.255.255 10.10.10.9 +ip route 170.16.118.143 255.255.255.255 130.35.0.10 +ip route 170.18.1.0 255.255.255.0 10.10.10.23 +ip route 170.19.1.0 255.255.255.0 10.10.30.17 +ip route 170.20.1.0 255.255.255.0 10.10.10.35 +ip route 170.21.1.0 255.255.255.0 10.10.10.12 +ip route 170.23.1.0 255.255.255.0 10.10.10.25 +ip route 170.24.1.0 255.255.255.0 130.35.0.95 +ip route 170.27.1.11 255.255.255.255 10.10.10.9 +ip route 170.27.1.31 255.255.255.255 10.10.10.9 +ip route 170.31.1.0 255.255.255.0 130.35.0.95 +ip route 170.32.1.0 255.255.255.0 10.10.10.17 +ip route 170.33.1.0 255.255.255.0 10.10.30.24 +ip route 170.34.1.0 255.255.255.0 10.10.10.27 +ip route 170.37.2.0 255.255.255.0 10.10.11.42 +ip route 170.38.1.0 255.255.255.0 192.169.1.12 +ip route 170.39.1.0 255.255.255.0 130.35.0.95 +ip route 170.40.1.0 255.255.255.0 10.10.10.6 +ip route 170.40.1.252 255.255.255.255 10.10.10.6 +ip route 170.40.2.0 255.255.255.0 10.10.10.16 +ip route 170.41.1.0 255.255.255.0 10.10.11.45 +ip route 170.43.1.0 255.255.255.0 130.35.0.95 +ip route 170.45.1.0 255.255.255.0 10.10.10.25 +ip route 170.45.2.4 255.255.255.255 10.10.30.28 +ip route 170.46.1.0 255.255.255.0 10.10.10.21 +ip route 170.47.0.0 255.255.0.0 10.10.30.89 +ip route 170.50.0.0 255.255.0.0 10.10.10.252 +ip route 170.60.0.0 255.255.0.0 130.35.0.95 +ip route 170.61.0.0 255.255.0.0 130.35.0.95 +ip route 170.70.1.0 255.255.255.0 10.10.10.9 +ip route 170.70.99.0 255.255.255.0 10.10.10.105 +ip route 170.99.1.0 255.255.255.0 10.10.30.200 +ip route 170.200.1.0 255.255.255.0 10.10.30.22 +ip route 170.201.1.0 255.255.255.0 10.10.10.29 +ip route 170.201.2.0 255.255.255.0 10.10.10.29 +ip route 170.202.1.0 255.255.255.0 10.10.10.29 +ip route 170.204.1.0 255.255.255.0 10.10.30.22 +ip route 170.205.1.0 255.255.255.0 130.35.0.95 +ip route 170.206.1.0 255.255.255.0 130.35.0.13 +ip route 170.207.1.0 255.255.255.0 10.10.30.28 +ip route 170.209.1.0 255.255.255.0 130.35.0.11 +ip route 170.210.1.0 255.255.255.0 10.10.10.29 +ip route 170.220.1.0 255.255.255.0 10.10.12.201 +ip route 170.250.0.0 255.255.0.0 10.10.30.97 +ip route 170.251.1.0 255.255.255.0 10.10.30.19 +ip route 170.251.4.0 255.255.255.0 10.10.30.19 +ip route 170.252.1.0 255.255.255.0 10.10.30.19 +ip route 170.252.4.0 255.255.255.0 10.10.30.19 +ip route 170.252.255.0 255.255.255.0 10.10.30.19 +ip route 170.253.1.0 255.255.255.0 130.35.0.10 +ip route 170.253.4.0 255.255.255.0 10.10.30.19 +ip route 170.255.1.0 255.255.255.0 10.10.30.200 +ip route 170.255.2.0 255.255.255.0 10.10.30.10 +ip route 170.255.255.0 255.255.255.0 192.168.124.31 +ip route 172.12.0.0 255.255.255.0 10.61.1.9 +ip route 172.16.1.0 255.255.255.0 10.10.10.14 +ip route 172.16.1.17 255.255.255.255 10.10.30.18 +ip route 172.16.1.18 255.255.255.255 10.10.30.18 +ip route 172.16.2.0 255.255.255.0 10.10.10.14 +ip route 172.16.3.0 255.255.255.0 10.10.10.14 +ip route 172.16.64.0 255.255.255.0 10.10.10.14 +ip route 172.17.140.0 255.255.255.0 10.10.30.11 +ip route 172.17.243.0 255.255.255.0 10.10.30.13 +ip route 172.19.0.0 255.255.0.0 130.35.0.95 +ip route 172.20.28.0 255.255.255.0 10.10.10.9 +ip route 172.20.101.0 255.255.255.0 10.10.10.9 +ip route 172.20.102.0 255.255.255.0 10.10.10.9 +ip route 172.20.103.0 255.255.255.0 10.10.10.9 +ip route 172.20.104.0 255.255.255.0 10.10.10.9 +ip route 172.20.105.0 255.255.255.0 10.10.10.9 +ip route 172.20.128.0 255.255.255.0 10.10.10.9 +ip route 172.20.145.0 255.255.255.0 10.10.30.13 +ip route 172.21.0.0 255.255.0.0 130.35.0.95 +ip route 172.22.15.65 255.255.255.255 130.35.0.10 +ip route 172.24.116.0 255.255.255.0 10.10.30.10 +ip route 172.25.11.0 255.255.255.0 10.10.10.5 +ip route 172.25.128.0 255.255.255.0 10.10.10.9 +ip route 172.30.3.0 255.255.255.0 10.10.10.28 +ip route 180.64.4.0 255.255.255.0 10.10.30.28 +ip route 192.1.12.0 255.255.255.0 10.10.10.5 +ip route 192.6.126.144 255.255.255.255 130.35.0.10 +ip route 192.67.198.2 255.255.255.255 130.35.0.10 +ip route 192.67.198.7 255.255.255.255 130.35.0.10 +ip route 192.67.198.62 255.255.255.255 130.35.0.10 +ip route 192.67.198.79 255.255.255.255 130.35.0.10 +ip route 192.145.65.1 255.255.255.255 10.10.10.101 +ip route 192.165.211.0 255.255.255.0 130.35.0.10 +ip route 192.165.220.0 255.255.255.0 130.35.0.10 +ip route 192.165.220.1 255.255.255.255 130.35.0.10 +ip route 192.168.1.0 255.255.255.0 10.10.10.37 +ip route 192.168.2.0 255.255.255.0 10.10.10.37 +ip route 192.168.3.0 255.255.255.0 10.10.30.35 +ip route 192.168.4.0 255.255.255.0 130.35.0.10 +ip route 192.168.5.0 255.255.255.0 10.10.30.22 +ip route 192.168.6.0 255.255.255.0 10.10.30.89 +ip route 192.168.7.0 255.255.255.0 10.10.30.89 +ip route 192.168.8.0 255.255.255.0 10.10.30.14 +ip route 192.168.10.0 255.255.255.0 130.35.0.10 +ip route 192.168.14.0 255.255.255.0 10.10.30.28 +ip route 192.168.20.204 255.255.255.252 10.10.30.24 +ip route 192.168.20.212 255.255.255.252 10.10.30.26 +ip route 192.168.30.0 255.255.255.0 10.10.30.28 +ip route 192.168.50.31 255.255.255.255 10.10.30.28 +ip route 192.168.50.32 255.255.255.255 10.10.30.28 +ip route 192.168.75.0 255.255.255.0 10.10.10.9 +ip route 192.168.92.0 255.255.255.0 10.10.10.26 +ip route 192.168.99.0 255.255.255.0 10.10.10.66 +ip route 192.168.100.0 255.255.255.0 10.10.30.28 +ip route 192.168.100.10 255.255.255.255 10.10.11.48 +ip route 192.168.103.1 255.255.255.255 10.10.10.35 +ip route 192.168.103.2 255.255.255.255 10.10.10.35 +ip route 192.168.104.42 255.255.255.255 10.10.10.35 +ip route 192.168.108.0 255.255.252.0 10.10.30.28 +ip route 192.168.112.0 255.255.255.0 10.10.30.28 +ip route 192.168.116.70 255.255.255.255 10.10.10.101 +ip route 192.168.116.71 255.255.255.255 10.10.10.101 +ip route 192.168.168.0 255.255.255.0 10.10.30.18 +ip route 192.168.191.250 255.255.255.255 10.10.30.10 +ip route 192.168.200.0 255.255.255.0 10.10.30.18 +ip route 192.168.203.0 255.255.255.0 10.10.30.11 +ip route 192.168.205.0 255.255.255.0 10.10.30.11 +ip route 192.168.214.0 255.255.255.0 10.10.30.11 +ip route 192.168.215.0 255.255.255.0 10.10.30.11 +ip route 192.168.220.0 255.255.255.0 10.10.30.28 +ip route 192.168.230.0 255.255.255.0 10.10.30.11 +ip route 192.168.240.0 255.255.255.0 10.10.30.28 +ip route 192.168.251.0 255.255.255.0 130.35.0.14 +ip route 192.168.254.0 255.255.255.0 10.10.30.22 +ip route 192.168.255.0 255.255.255.0 10.10.30.22 +ip route 192.169.1.0 255.255.255.0 130.35.0.95 +ip route 192.169.100.0 255.255.255.0 10.10.10.23 +ip route 192.169.101.0 255.255.255.0 10.10.10.26 +ip route 192.169.173.101 255.255.255.255 10.10.30.14 +ip route 192.192.0.0 255.255.255.0 130.35.0.4 +ip route 193.8.69.0 255.255.255.0 130.35.0.10 +ip route 193.19.114.164 255.255.255.255 130.35.0.10 +ip route 193.28.102.2 255.255.255.255 10.10.30.71 +ip route 193.29.74.0 255.255.255.0 10.10.30.13 +ip route 193.109.238.26 255.255.255.255 130.35.0.10 +ip route 193.109.238.27 255.255.255.255 130.35.0.10 +ip route 193.154.172.0 255.255.255.0 130.35.0.10 +ip route 193.159.42.171 255.255.255.255 10.10.30.67 +ip route 193.159.243.170 255.255.255.255 130.35.0.10 +ip route 193.201.94.0 255.255.255.0 130.35.0.10 +ip route 193.254.24.0 255.255.255.0 130.35.0.10 +ip route 193.254.25.0 255.255.255.0 130.35.0.10 +ip route 193.254.26.0 255.255.255.0 130.35.0.10 +ip route 193.254.198.0 255.255.255.0 130.35.0.10 +ip route 194.25.134.0 255.255.255.0 130.35.0.10 +ip route 195.20.122.0 255.255.255.0 130.35.0.10 +ip route 195.90.4.169 255.255.255.255 130.35.0.10 +ip route 195.93.156.0 255.255.255.0 130.35.0.10 +ip route 195.143.81.0 255.255.255.0 10.10.30.11 +ip route 195.145.209.0 255.255.255.0 130.35.0.10 +ip route 195.185.135.13 255.255.255.255 130.35.0.95 +ip route 195.226.104.0 255.255.255.0 130.35.0.10 +ip route 195.226.110.0 255.255.255.0 130.35.0.10 +ip route 195.243.251.0 255.255.255.0 130.35.0.10 +ip route 198.178.49.143 255.255.255.255 130.35.0.10 +ip route 198.207.140.0 255.255.255.0 130.35.0.10 +ip route 199.105.0.0 255.255.0.0 10.10.30.97 +ip route 202.167.225.71 255.255.255.255 130.35.0.10 +ip route 204.4.142.0 255.255.255.240 130.35.0.10 +ip route 204.4.143.0 255.255.255.248 130.35.0.10 +ip route 204.109.224.0 255.255.248.0 10.10.30.19 +ip route 205.183.246.0 255.255.255.0 10.10.30.97 +ip route 205.216.112.0 255.255.255.0 130.35.0.10 +ip route 206.132.0.184 255.255.255.255 130.35.0.10 +ip route 206.156.53.0 255.255.255.0 130.35.0.10 +ip route 206.190.126.0 255.255.255.0 10.10.30.19 +ip route 207.17.34.224 255.255.255.224 130.35.0.10 +ip route 208.10.42.74 255.255.255.255 130.35.0.10 +ip route 208.10.42.104 255.255.255.255 130.35.0.10 +ip route 208.22.56.0 255.255.255.0 130.35.0.10 +ip route 208.22.57.0 255.255.255.0 130.35.0.10 +ip route 208.62.27.0 255.255.255.0 130.35.0.10 +ip route 208.134.161.0 255.255.255.0 10.10.30.97 +ip route 208.224.248.3 255.255.255.255 10.10.10.9 +ip route 208.224.248.4 255.255.255.255 10.10.10.9 +ip route 208.224.248.32 255.255.255.255 10.10.10.9 +ip route 208.224.248.33 255.255.255.255 10.10.10.9 +ip route 208.224.251.1 255.255.255.255 10.10.10.9 +ip route 208.224.251.6 255.255.255.255 10.10.10.9 +ip route 208.240.76.0 255.255.255.0 130.35.0.10 +ip route 208.245.107.3 255.255.255.255 130.35.0.10 +ip route 208.245.107.6 255.255.255.255 130.35.0.10 +ip route 210.176.61.0 255.255.255.0 130.35.0.10 +ip route 212.6.204.134 255.255.255.255 10.10.10.5 +ip route 212.23.97.102 255.255.255.255 130.35.0.10 +ip route 212.27.140.8 255.255.255.248 10.10.30.35 +ip route 212.27.140.120 255.255.255.248 10.10.30.35 +ip route 212.33.142.0 255.255.255.0 130.35.0.10 +ip route 212.47.180.32 255.255.255.255 130.35.0.10 +ip route 212.47.180.63 255.255.255.255 130.35.0.10 +ip route 212.118.231.0 255.255.255.0 130.35.0.10 +ip route 212.118.231.91 255.255.255.255 130.35.0.10 +ip route 212.118.235.13 255.255.255.255 130.35.0.10 +ip route 212.118.235.14 255.255.255.255 130.35.0.10 +ip route 212.118.249.13 255.255.255.255 130.35.0.10 +ip route 212.118.249.14 255.255.255.255 130.35.0.10 +ip route 212.118.249.43 255.255.255.255 130.35.0.10 +ip route 212.118.249.51 255.255.255.255 130.35.0.10 +ip route 212.118.249.54 255.255.255.255 130.35.0.10 +ip route 212.162.51.0 255.255.255.0 130.35.0.10 +ip route 212.172.142.0 255.255.255.0 130.35.0.10 +ip route 212.227.15.0 255.255.255.0 130.35.0.10 +ip route 212.227.17.0 255.255.255.0 130.35.0.10 +ip route 212.227.126.0 255.255.255.0 130.35.0.10 +ip route 212.227.127.0 255.255.255.0 130.35.0.10 +ip route 212.243.80.1 255.255.255.255 130.35.0.10 +ip route 212.249.16.157 255.255.255.255 130.35.0.10 +ip route 212.249.16.158 255.255.255.255 130.35.0.10 +ip route 213.17.5.0 255.255.255.0 10.10.30.18 +ip route 213.41.106.65 255.255.255.255 130.35.0.10 +ip route 213.61.29.0 255.255.255.0 130.35.0.10 +ip route 213.61.29.219 255.255.255.255 130.35.0.10 +ip route 213.86.133.118 255.255.255.255 130.35.0.10 +ip route 213.165.64.0 255.255.255.0 130.35.0.10 +ip route 213.182.157.55 255.255.255.255 130.35.0.10 +ip route 213.200.97.3 255.255.255.255 130.35.0.10 +ip route 213.206.144.7 255.255.255.255 130.35.0.10 +ip route 213.206.144.10 255.255.255.255 130.35.0.10 +ip route 213.239.234.70 255.255.255.255 130.35.0.10 +ip route 216.23.232.0 255.255.255.0 130.35.0.10 +ip route 216.35.59.128 255.255.255.192 130.35.0.10 +ip route 216.52.236.17 255.255.255.255 130.35.0.10 +ip route 216.52.236.18 255.255.255.255 130.35.0.10 +ip route 216.52.236.51 255.255.255.255 130.35.0.10 +ip route 216.52.236.54 255.255.255.255 130.35.0.10 +ip route 216.185.240.0 255.255.255.0 10.10.10.29 +ip route 216.219.78.184 255.255.255.255 130.35.0.10 +ip route 217.5.134.166 255.255.255.255 130.35.0.10 +ip route 217.5.135.0 255.255.255.0 130.35.0.10 +ip route 217.12.0.0 255.255.0.0 130.35.0.10 +ip route 217.68.149.0 255.255.255.0 130.35.0.10 +ip route 217.72.0.0 255.255.0.0 130.35.0.10 +ip route 217.72.192.0 255.255.255.0 130.35.0.10 +ip route 217.110.39.0 255.255.255.0 130.35.0.10 +ip route 217.110.39.220 255.255.255.255 130.35.0.254 +ip route 217.110.115.0 255.255.255.0 130.35.0.10 +ip route 217.110.182.89 255.255.255.255 130.35.0.10 +ip route 217.110.182.93 255.255.255.255 130.35.0.10 +ip route 217.110.200.0 255.255.255.0 130.35.0.10 +ip route 217.111.25.83 255.255.255.255 130.35.0.10 +ip route 217.111.25.86 255.255.255.255 130.35.0.10 +ip route 217.111.41.9 255.255.255.255 130.35.0.10 +ip route 217.160.215.172 255.255.255.255 130.35.0.10 +ip route 217.199.55.64 255.255.255.224 130.35.0.10 +ip route 221.133.197.0 255.255.255.0 130.35.0.10 +! +! +no ip http server +ip http authentication local +no ip http secure-server +! +logging history informational +logging trap errors +logging facility local1 +logging 10.10.12.36 +! +route-map PBR permit 10 + match ip address PBR_1 +! +route-map PBR permit 20 + match ip address PBR_4 + set ip next-hop 10.10.12.4 +! +route-map PBR permit 30 + match ip address PBR_15 + set ip next-hop 130.35.0.15 +! +snmp-server engineID local 800000090300C84C7581C580 +snmp-server community public RO +snmp-server ifindex persist +snmp ifmib ifindex persist +! +! +control-plane +! +! +dial-peer cor custom +! +! +! +banner login ^C +********************************************************************* +**** +**** Property of ICF Systems AG +**** phone +49(0) 69 - 299 25 - 666 +**** +**** +**** Unauthorized access is prohibited +**** +**** You are connected to $(hostname) +**** +********************************************************************* +^C +! +line con 0 +line vty 0 4 + session-timeout 60 + access-class 99 in + exec-timeout 60 0 + login local + transport input ssh +line vty 5 15 + no login +! +ntp clock-period 17180029 +ntp server 10.10.12.252 +ntp server 10.10.12.251 prefer +no event manager policy Mandatory.go_switchbus.tcl type system +! +end + +C6506E-1# diff --git a/CISCO read config via Perl telnet modul/read_config.pl b/CISCO read config via Perl telnet modul/read_config.pl new file mode 100644 index 0000000..8a3b3a1 --- /dev/null +++ b/CISCO read config via Perl telnet modul/read_config.pl @@ -0,0 +1,145 @@ +#!/bin/perl +use Net::Telnet(); +use strict; + +#my $IP="10.60.1.100"; +my $IP="192.168.100.2"; + +# read config +#my @config=read_cisco_config($IP, "batman", "LTBTTTra25", "local", "prog"); +my $version=read_devicetype($IP, "awisniewski", "peter", "local", "peter"); +print "$version\n"; + +sub read_cisco_config { + my ($host, $user, $pass, $login, $enable) = @_; + my $t = new Net::Telnet (Timeout => 5, Prompt => '/#$/'); + + my $found_proper_method=0; + $t->errmode("return"); + $t->open($host); + + if ($t->waitfor('/>/i') == 1) { + # 1 wenn ok + # '' wenn n ok + $t->print("enable"); + $t->waitfor('/password/i'); + $t->print("$pass"); + $t->waitfor('/#/i'); + $found_proper_method=1; + } + if ($found_proper_method==0) { + if ($t->waitfor('/#/i') == 1) { + $found_proper_method=1; + } + } + if ($found_proper_method==0) { + if ($t->waitfor('/username/i') == 1) { + $t->print("$user"); + $t->waitfor('/password/i'); + $t->print("$pass"); + + if ($t->waitfor('/>/i') == 1) { + $t->print("enable"); + $t->waitfor('/password/i'); + $t->print("$enable"); + } + if ($t->waitfor('/#/i') == '1') { + $found_proper_method=1; + } + } + } + if ($found_proper_method==0) { + if ($t->waitfor('/password/i') == 1 and $found_proper_method==0) { + $t->print("$login"); + + if ($t->waitfor('/>/i') == 1) { + $t->print("enable"); + $t->waitfor('/password/i'); + $t->print("$enable"); + } + if ($t->waitfor('/#/i') == '1') { + $found_proper_method=1; + } + } + } + if ($found_proper_method==1) { + #$t->put(Timeout=>20); + $t->cmd("terminal length 0"); + $t->waitfor('/#/'); + (@config) = $t->cmd("show running"); + } + else { + @config=("Kein Login möglich."); + } + return @config; +} + +sub read_devicetype { + my ($host, $user, $pass, $login, $enable) = @_; + my $t = new Net::Telnet (Timeout => 2, Prompt => '/#[\s]*$/'); + my @version; + my $devicetype; + + my $found_proper_method=0; + $t->errmode("return"); + $t->open($host); + + if ($t->waitfor('/>/i') == 1) { + # 1 wenn ok + # '' wenn n ok + $t->print("enable"); + $t->waitfor('/password/i'); + $t->print("$pass"); + $t->waitfor('/#/i'); + $found_proper_method=1; + } + if ($found_proper_method==0) { + if ($t->waitfor('/#/i') == 1) { + $found_proper_method=1; + } + } + if ($found_proper_method==0) { + if ($t->waitfor('/username/i') == 1) { + $t->print("$user"); + $t->waitfor('/password/i'); + $t->print("$pass"); + + if ($t->waitfor('/>/i') == 1) { + $t->print("enable"); + $t->waitfor('/password/i'); + $t->print("$enable"); + } + if ($t->waitfor('/#/i') == '1') { + $found_proper_method=1; + } + } + } + if ($found_proper_method==0) { + if ($t->waitfor('/password/i') == 1 and $found_proper_method==0) { + $t->print("$login"); + + if ($t->waitfor('/>/i') == 1) { + $t->print("enable"); + $t->waitfor('/password/i'); + $t->print("$enable"); + } + if ($t->waitfor('/#/i') == '1') { + $found_proper_method=1; + } + } + } + if ($found_proper_method==1) { + #$t->put(Timeout=>20); + $t->cmd("terminal length 0"); + $t->waitfor('/#/'); + $t->cmd("terminal pager 500"); + $t->waitfor('/#/'); + (@version) = $t->cmd("show version"); + + ## Hier erfolgt die Auswertung des Gerätetyps + } + else { + $devicetype="Kein Login möglich"; + } + return $devicetype; +} \ No newline at end of file diff --git a/CISCO read config via Perl telnet modul/version.txt b/CISCO read config via Perl telnet modul/version.txt new file mode 100644 index 0000000..f30442d --- /dev/null +++ b/CISCO read config via Perl telnet modul/version.txt @@ -0,0 +1,16 @@ +Cisco Adaptive Security Appliance Software Version 8.3(1) +Hardware: ASA + + + +Cisco IOS Software + +Cisco Internetwork Operating System Software +IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) + + +Image stamp: /sw/code/build/alpmo(alp11) + Jan 7 2009 17:55:29 + E.11.10 + 53 +Boot Image: Primary diff --git a/CISCO reboot via Perl telnet modul/reboot.pl b/CISCO reboot via Perl telnet modul/reboot.pl new file mode 100644 index 0000000..bdc7327 --- /dev/null +++ b/CISCO reboot via Perl telnet modul/reboot.pl @@ -0,0 +1,20 @@ +#!/bin/perl + +use Net::Telnet::Cisco; + + + print "10.10.10.253 connect\n"; + + $session = Net::Telnet::Cisco->new(Host => "10.10.10.253", Errmode=>'return'); + + sleep(2); + $session->cmd("enable"); + sleep(2); + $session->cmd("batman"); + sleep(2); + $session->cmd("LTBTTTra25"); + sleep(2); + $session->cmd("reload"); + sleep(2); + $session->cmd("y"); + sleep(2); diff --git a/CISCO versionsinfo via Perl telnet modul/router.pl b/CISCO versionsinfo via Perl telnet modul/router.pl new file mode 100644 index 0000000..cdc8f17 --- /dev/null +++ b/CISCO versionsinfo via Perl telnet modul/router.pl @@ -0,0 +1,121 @@ +#!/bin/perl + +use Net::Telnet::Cisco; + +$wait=""; +open RTR, ") { + chomp; + ($ip,$user,$pass,$enable,$wait)=$_=~/^(.*),(.*),(.*),(.*),(.*)$/i; + $wait=5 if ($wait eq ""); + @routers=(@routers,[$ip,$user,$pass,$enable,$wait]); +} +close RTR; + +my $session; +my @output; + +my ($ss,$mm,$hh,$dd,$mon,$yy,$we,$doy,$st)=localtime; +$mon++; +$yy+=1900; +$dd = '0' . $dd if ($dd < 10); +$mon = '0' . $mon if ($mon < 10); +my $date=$yy . "-" . $mon . "-" . $dd; +mkdir $date; + +foreach my $router (@routers) { + print "$$router[0] connect\n"; + + next unless ($session = Net::Telnet::Cisco->new(Host => "$$router[0]", Errmode=>'return')); + + if ($$router[1] eq '') { + print "$$router[0] send pw\n"; + $session->login(Password => "$$router[2]"); + } + else { + print "$$router[0] send user, pw\n"; + $session->login(Name => "$$router[1]", Password => "$$router[2]"); + } + + print "$$router[0] enable\n"; + $session->cmd("enable\n$$router[3]") if ($$router[3] ne ""); + + print "$$router[0] sh version\n"; + @output = $session->cmd('show version'); + + open OUT, ">$date\\$$router[0]_version.txt"; + print OUT @output; + close OUT; + + sleep($$router[4]); +} + + + + + + + +#$ok = $obj->login($username, $password);# +# +# $ok = $obj->login([Name => $username,] +# [Password => $password,] +# [Passcode => $passcode,] # for Secur-ID/XTACACS +# [Prompt => $match,] +# [Timeout => $secs,]); + + + +#$session = Net::Telnet::Cisco->new( +# [Autopage => $boolean,] # 1 +# [More_prompt => $matchop,] # '/(?m:^\s*--More--)/', +# [Always_waitfor_prompt => $boolean,] # 1 +# [Waitfor_pause => $milliseconds,] # 0.1 +# [Normalize_cmd => $boolean,] # 1 +# [Send_wakeup => $when,] # 0 +# [Ignore_warnings => $boolean,] # 0 +# [Warnings => $matchop,] # see docs +# +# # Net::Telnet arguments +# [Binmode => $mode,] +# [Cmd_remove_mode => $mode,] +# [Dump_Log => $filename,] +# [Errmode => $errmode,] +# [Fhopen => $filehandle,] +# [Host => $host,] +# [Input_log => $file,] +# [Input_record_separator => $char,] +# [Option_log => $file,] +# [Output_log => $file,] +# [Output_record_separator => $char,] +# [Port => $port,] +# [Prompt => $matchop,] # see docs +# [Telnetmode => $mode,] +# [Timeout => $secs,] +# ); + + + +#if ($session->enable("enable_password")) +#$session->errmsg; + + + +# my $protocol = ''; # default value +# my $ip = '10.0.0.1'; +# my $repeat = 10; +# my $datagram = 1500; +# my $timeout = ''; # default value +# my $extended = ''; # default value +# my $sweep = ''; # default value + +# $session->cmd( +# "ping +# $protocol +# $ip +# $repeat +# $datagram +# $timeout +# $extended +# $sweep +# "); \ No newline at end of file diff --git a/CISCO versionsinfo via Perl telnet modul/router_list.txt b/CISCO versionsinfo via Perl telnet modul/router_list.txt new file mode 100644 index 0000000..6c4e393 --- /dev/null +++ b/CISCO versionsinfo via Perl telnet modul/router_list.txt @@ -0,0 +1,158 @@ +10.10.10.3,robin,LTBEsal37,prog, +10.10.10.4,robin,LTBEsal37,prog, +10.10.10.5,robin,LTBEsal37,prog, +10.10.10.6,robin,LTBEsal37,prog, +10.10.10.7,robin,LTBEsal37,prog, +10.10.10.8,robin,LTBEsal37,prog, +10.10.10.9,robin,LTBEsal37,prog, +10.10.10.12,robin,LTBEsal37,prog, +10.10.10.17,robin,LTBEsal37,prog, +10.10.10.18,robin,LTBEsal37,prog, +10.10.10.21,robin,LTBEsal37,prog, +10.10.10.23,robin,LTBEsal37,prog, +10.10.10.25,robin,LTBEsal37,prog, +10.10.10.26,robin,LTBEsal37,prog, +10.10.10.27,robin,LTBEsal37,prog, +10.10.10.29,robin,LTBEsal37,prog, +10.10.10.34,robin,LTBEsal37,prog, +10.10.10.35,robin,LTBEsal37,prog, +10.10.10.37,robin,LTBEsal37,prog, +10.10.10.46,robin,LTBEsal37,prog, +10.10.10.47,robin,LTBEsal37,prog, +10.10.10.48,robin,LTBEsal37,prog, +10.10.10.49,robin,LTBEsal37,prog, +10.10.10.50,robin,LTBEsal37,prog, +10.10.10.101,robin,LTBEsal37,prog, +10.10.10.102,robin,LTBEsal37,prog, +10.10.10.107,robin,LTBEsal37,prog, +10.10.10.108,robin,LTBEsal37,prog, +10.10.10.109,robin,LTBEsal37,prog, +10.10.10.125,robin,LTBEsal37,prog, +10.10.10.177,robin,LTBEsal37,prog, +10.10.10.250,robin,LTBEsal37,prog, +10.10.10.251,robin,LTBEsal37,prog, +10.10.10.252,robin,LTBEsal37,prog, +10.10.12.1,robin,LTBEsal37,prog, +10.10.12.251,robin,LTBEsal37,prog, +10.10.12.252,robin,LTBEsal37,prog, +10.10.12.253,robin,LTBEsal37,prog, +10.10.30.17,robin,LTBEsal37,prog, +10.10.30.97,robin,LTBEsal37,prog, +10.10.30.98,robin,LTBEsal37,prog, +10.10.30.99,robin,LTBEsal37,prog, +10.10.70.21,robin,LTBEsal37,prog, +10.10.70.24,robin,LTBEsal37,prog, +10.10.70.25,robin,LTBEsal37,prog, +10.10.70.27,robin,LTBEsal37,prog, +10.10.70.28,robin,LTBEsal37,prog, +10.10.70.250,robin,LTBEsal37,prog, +10.10.70.251,robin,LTBEsal37,prog, +10.10.70.254,robin,LTBEsal37,prog, +10.60.1.100,robin,LTBEsal37,, +10.80.1.2,robin,LTBEsal37,prog, +10.80.1.253,robin,LTBEsal37,prog, +10.80.1.254,robin,LTBEsal37,prog, +10.80.13.11,robin,LTBEsal37,prog, +10.80.13.12,robin,LTBEsal37,prog, +10.80.13.21,robin,LTBEsal37,prog, +10.80.13.22,robin,LTBEsal37,prog, +10.90.1.1,robin,LTBEsal37,prog, +10.90.1.2,robin,LTBEsal37,prog, +10.90.1.3,robin,LTBEsal37,prog, +130.35.0.1,robin,LTBEsal37,prog, +130.35.0.253,robin,LTBEsal37,prog, +130.35.0.17,robin,LTBEsal37,, +130.35.0.18,robin,LTBEsal37,prog, +130.35.0.19,robin,LTBEsal37,prog, +130.35.0.28,robin,LTBEsal37,prog, +130.35.0.29,robin,LTBEsal37,prog, +192.169.1.13,robin,LTBEsal37,prog, +192.169.1.21,robin,LTBEsal37,prog, +192.169.1.22,robin,LTBEsal37,prog, +192.169.1.23,robin,LTBEsal37,prog, +192.169.1.81,robin,LTBEsal37,prog, +192.169.1.82,robin,LTBEsal37,prog, +192.169.1.83,robin,LTBEsal37,prog, +193.169.55.248,robin,LTBEsal37,prog, +193.169.55.249,robin,LTBEsal37,prog, +170.250.1.22,robin,LTBEsal37,prog, +170.250.1.101,robin,LTBEsal37,prog, +170.250.1.102,robin,LTBEsal37,prog, +170.250.1.253,robin,LTBEsal37,prog, +170.11.1.1,robin,LTBEsal37,prog, +170.11.1.4,robin,LTBEsal37,prog, +170.11.1.5,robin,LTBEsal37,prog, +170.11.1.6,robin,LTBEsal37,prog, +170.11.1.253,robin,LTBEsal37,prog, +170.11.1.254,robin,LTBEsal37,prog, +170.15.1.1,robin,LTBEsal37,prog, +170.20.1.1,robin,LTBEsal37,prog, +170.20.1.2,robin,LTBEsal37,prog, +170.20.1.3,robin,LTBEsal37,prog, +170.20.1.9,robin,LTBEsal37,prog, +170.21.1.1,robin,LTBEsal37,prog, +170.24.1.2,robin,LTBEsal37,prog, +170.24.1.3,robin,LTBEsal37,prog, +170.40.1.1,robin,LTBEsal37,prog, +170.40.1.4,robin,LTBEsal37,prog, +170.40.1.5,robin,LTBEsal37,prog, +170.40.1.253,robin,LTBEsal37,prog, +170.40.1.254,robin,LTBEsal37,prog, +170.43.1.1,robin,LTBEsal37,prog, +170.43.1.2,robin,LTBEsal37,prog, +170.45.1.1,robin,LTBEsal37,prog, +170.45.1.2,robin,LTBEsal37,prog, +170.45.1.4,robin,LTBEsal37,prog, +170.45.2.4,robin,LTBEsal37,prog, +170.45.1.3,robin,LTBEsal37,prog, +170.50.1.1,robin,LTBEsal37,prog, +170.50.1.2,robin,LTBEsal37,prog, +170.50.1.3,robin,LTBEsal37,prog, +170.60.2.1,robin,LTBEsal37,prog, +170.60.2.3,robin,LTBEsal37,prog, +170.60.2.5,robin,LTBEsal37,prog, +170.60.2.7,robin,LTBEsal37,prog, +170.60.2.8,robin,LTBEsal37,prog, +170.60.2.10,robin,LTBEsal37,prog, +170.60.2.14,robin,LTBEsal37,prog, +170.60.2.15,robin,LTBEsal37,prog, +170.60.2.19,robin,LTBEsal37,prog, +170.60.2.20,robin,LTBEsal37,prog, +170.61.3.1,robin,LTBEsal37,prog, +170.61.4.1,robin,LTBEsal37,prog, +170.61.5.1,robin,LTBEsal37,prog, +170.61.6.1,robin,LTBEsal37,prog, +170.61.7.1,robin,LTBEsal37,prog, +170.250.1.22,robin,LTBEsal37,prog, +170.250.1.101,robin,LTBEsal37,prog, +170.250.1.102,robin,LTBEsal37,prog, +170.250.1.253,robin,LTBEsal37,prog, +170.250.2.1,robin,LTBEsal37,prog, +170.250.2.101,robin,LTBEsal37,prog, +170.250.2.102,robin,LTBEsal37,prog, +170.253.4.16,robin,LTBEsal37,prog, +170.253.4.17,robin,LTBEsal37,prog, +192.168.99.25,robin,LTBEsal37,prog, +192.168.104.42,,actissec,actisen, +192.168.104.43,,actissec,actisen, +10.1.6.1,robin,LTBEsal37,prog, +10.1.6.2,robin,LTBEsal37,prog, +10.1.6.3,robin,LTBEsal37,prog, +10.1.7.1,robin,LTBEsal37,prog, +10.1.8.1,robin,LTBEsal37,prog, +10.1.8.254,robin,LTBEsal37,prog, +91.33.211.21,robin,LTBEsal37,prog, +91.33.211.22,robin,LTBEsal37,prog, +91.33.211.31,robin,LTBEsal37,prog, +91.33.211.32,robin,LTBEsal37,prog, +92.254.253.25,robin,LTBEsal37,prog, +92.254.253.26,robin,LTBEsal37,prog, +92.254.253.31,robin,LTBEsal37,prog, +92.254.253.33,robin,LTBEsal37,prog, +92.254.253.253,robin,LTBEsal37,prog, +94.200.15.22,robin,LTBEsal37,prog, +94.200.15.23,robin,LTBEsal37,prog, +90.201.238.21,robin,LTBEsal37,prog, +90.201.238.21,robin,LTBEsal37,prog, +193.169.55.252,mao,peking08,, +193.169.55.253,mao,peking08,, \ No newline at end of file diff --git a/CISCO vpn connect/vpnconnect.bat b/CISCO vpn connect/vpnconnect.bat new file mode 100644 index 0000000..d16b26d --- /dev/null +++ b/CISCO vpn connect/vpnconnect.bat @@ -0,0 +1,38 @@ +@echo off +cls + +c: +cd \program files\cisco systems\vpn client\ + +echo Verbindungsversuch + +:LOOP +vpnclient connect AW user Andre pwd K01v1kk0!>vpnconnect.log + +type vpnconnect.log | find "already exists" +if errorlevel 1 goto NEXT1 +if errorlevel 0 goto EXISTS + +:NEXT1 +type vpnconnect.log | find "is secure" +if errorlevel 1 goto NEXT2 +if errorlevel 0 goto ESTABLISHED + +:NEXT2 +echo Neuer Verbindungsversuch +goto LOOP + +:EXISTS +echo Verbindung bereits aufgebaut +goto ENDE + +:ESTABLISHED +echo Verbindung erfolgreich aufgebaut +goto ENDE + +:ENDE +cd \ +goto QUIT + +:QUIT +pause \ No newline at end of file diff --git a/CISCO vpn connect/vpnconnect.log b/CISCO vpn connect/vpnconnect.log new file mode 100644 index 0000000..e69de29