xi'an#sho run 
Building configuration...

Current configuration : 10885 bytes
!
! No configuration change since last restart
!
version 12.3
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname xi'an
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$y/t2$ojbOw.wf8tWyDfgy3Z4hn/
!
username any secret 5 $1$JhK3$2xGWFy9iVXPhj02nW6.k2/
clock timezone BeiJing 8
no network-clock-participate aim 0 
no network-clock-participate aim 1 
aaa new-model
!         
!
aaa session-id common
ip subnet-zero
!
!
ip cef
ip dhcp excluded-address 10.165.2.1 10.165.2.20
ip dhcp excluded-address 10.165.4.1 10.165.4.20
ip dhcp excluded-address 10.165.6.1 10.165.6.20
ip dhcp excluded-address 10.165.8.1 10.165.8.20
ip dhcp excluded-address 10.165.12.1 10.165.12.20
ip dhcp excluded-address 10.165.128.1 10.165.128.20
ip dhcp excluded-address 10.165.136.1 10.165.136.20
ip dhcp excluded-address 10.165.144.1 10.165.144.20
ip dhcp excluded-address 10.165.152.1 10.165.152.20
ip dhcp excluded-address 10.165.160.1 10.165.160.20
ip dhcp excluded-address 10.165.168.1 10.165.168.20
ip dhcp excluded-address 10.165.176.1 10.165.176.20
ip dhcp excluded-address 10.165.184.1 10.165.184.20
ip dhcp excluded-address 10.165.186.1 10.165.186.20
ip dhcp excluded-address 10.165.192.1 10.165.192.20
ip dhcp excluded-address 10.165.252.1 10.165.252.20
ip dhcp excluded-address 10.64.12.1 10.64.12.30
ip dhcp ping packets 3
!
ip dhcp pool global
   network 10.165.0.0 255.255.0.0
   default-router 10.165.0.1 
   dns-server 10.1.32.49 10.1.32.50 202.102.224.68 202.102.227.68 
   domain-name wr
   lease 2
!
ip dhcp pool lingdao
   network 10.165.2.0 255.255.255.0
   default-router 10.165.2.1 
   lease 2
!
ip dhcp pool IT
   network 10.165.4.0 255.255.255.0
   default-router 10.165.4.1 
   lease 2
!
ip dhcp pool helpdsek
   network 10.165.186.0 255.255.255.0
   default-router 10.165.186.1 
   lease 2
!
ip dhcp pool newcaiwu
   network 10.165.6.0 255.255.255.0
   default-router 10.165.6.1 
   lease 2
!
ip dhcp pool xiaoshou
   network 10.165.8.0 255.255.255.0
   default-router 10.165.8.1 
   lease 2
!
ip dhcp pool zongbu
   network 10.165.12.0 255.255.255.0
   default-router 10.165.12.1 
   lease 2
!
ip dhcp pool newfenzhi
   network 10.165.128.0 255.255.255.0
   default-router 10.165.128.1 
   lease 2
!
ip dhcp pool shichang
   network 10.165.136.0 255.255.255.0
   default-router 10.165.136.1 
   lease 2
!
ip dhcp pool chanpin
   network 10.165.144.0 255.255.255.0
   default-router 10.165.144.1 
   lease 2
!
ip dhcp pool shixisheng
   network 10.165.152.0 255.255.255.0
   default-router 10.165.152.1 
   lease 2
!
ip dhcp pool renli
   network 10.165.160.0 255.255.255.0
   default-router 10.165.160.1 
   lease 2
!
ip dhcp pool yunyong
   network 10.165.168.0 255.255.255.0
   default-router 10.165.168.1 
   lease 2
!         
ip dhcp pool DSR
   network 10.165.176.0 255.255.255.0
   default-router 10.165.176.1 
   lease 2
!
ip dhcp pool aigle
   network 10.165.184.0 255.255.255.0
   default-router 10.165.184.1 
   lease 2
!
ip dhcp pool guwen
   network 10.165.192.0 255.255.255.0
   default-router 10.165.192.1 
   lease 2
!
ip dhcp pool guest
   network 10.165.252.0 255.255.255.0
   default-router 10.165.252.1 
   lease 2
!
ip dhcp pool fengongsi
   network 10.64.12.0 255.255.255.0
   default-router 10.64.12.1 
   dns-server 10.1.32.42 202.102.224.68 202.102.227.68 
   domain-name lining.lngroup
   lease 2
!
!
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
class-map match-all class1
 match access-group 199
!
!
policy-map policy1
 class class1
  bandwidth percent 45
!
! 
!
crypto isakmp policy 10
 authentication pre-share
 group 2
crypto isakmp key liningkey address 123.127.195.1 no-xauth
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac 
!
crypto map clientmap 10 ipsec-isakmp 
 set peer 123.127.195.1
 set transform-set myset 
 match address 100
!
!
!
interface Loopback0
 ip address 172.16.200.7 255.255.255.255
!
interface GigabitEthernet0/0
 ip address 124.114.128.182 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map clientmap
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 description lingdao
 encapsulation dot1Q 2
 ip address 10.165.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.4
 description IT
 encapsulation dot1Q 4
 ip address 10.165.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!         
interface GigabitEthernet0/1.6
 description caiwu
 encapsulation dot1Q 6
 ip address 10.165.6.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.8
 description xiaoshou
 encapsulation dot1Q 8
 ip address 10.165.8.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.10
 description server
 encapsulation dot1Q 10 native
 ip address 10.165.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.12
 description user_vlan
 encapsulation dot1Q 12
 ip address 10.165.12.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.128
 description fenzhi
 encapsulation dot1Q 128
 ip address 10.165.128.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.136
 description shichang
 encapsulation dot1Q 136
 ip address 10.165.136.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.144
 description chanpin
 encapsulation dot1Q 144
 ip address 10.165.144.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.152
 description shixisheng
 encapsulation dot1Q 152
 ip address 10.165.152.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.160
 description renli
 encapsulation dot1Q 160
 ip address 10.165.160.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.168
 description yunying
 encapsulation dot1Q 168
 ip address 10.165.168.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.176
 description DSR
 encapsulation dot1Q 176
 ip address 10.165.176.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.184
 description aigle
 encapsulation dot1Q 184
 ip address 10.165.184.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.186
 description aigle
 encapsulation dot1Q 186
 ip address 10.165.186.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.192
 description guwen
 encapsulation dot1Q 192
 ip address 10.165.192.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map tobeijing
!
interface GigabitEthernet0/1.200
 description fengongsi
 encapsulation dot1Q 200
 ip address 10.64.12.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet0/1.252
 description guest_vlan
 encapsulation dot1Q 252
 ip address 10.165.252.1 255.255.255.0
!
interface Serial0/0/0
 ip address 192.168.100.26 255.255.255.252
 service-policy output policy1
!
interface Serial0/0/1
 no ip address
 shutdown
 clockrate 2000000
!
router ospf 1
 log-adjacency-changes
 network 10.64.12.1 0.0.0.0 area 290
 network 10.165.0.0 0.0.255.255 area 290
 network 172.16.200.7 0.0.0.0 area 290
 network 192.168.100.26 0.0.0.0 area 290
!
ip classless
ip route 0.0.0.0 0.0.0.0 124.114.128.181
ip http server
no ip http secure-server
ip nat inside source route-map natmap interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.64.12.2 445 124.114.128.182 445 extendable
ip nat inside source static tcp 10.64.12.2 1433 124.114.128.182 1433 extendable
!
ip access-list extended to-bj
 permit tcp any host 192.168.1.14
 deny   tcp any any eq 4444
 deny   tcp any any eq 5554
 deny   tcp any any eq 1434
 deny   tcp any any eq 9996
 deny   tcp any any eq 44445
 deny   tcp any any eq 69
 deny   tcp any any eq 6346
 deny   tcp any any eq 6667
 deny   tcp any any eq 2500
 deny   tcp any any eq 3127
 deny   udp any any eq 6667
 deny   udp any any eq 593
 permit ip any any
!
logging trap errors
logging facility local0
logging source-interface Loopback0
logging 192.168.1.154
access-list 100 permit ip 10.165.0.0 0.0.255.255 10.1.0.0 0.0.255.255
access-list 100 permit ip 10.64.12.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 111 deny   ip 10.165.0.0 0.0.255.255 10.165.0.0 0.0.255.255
access-list 111 deny   ip any 2.1.1.0 0.0.0.255
access-list 111 deny   ip 10.165.0.0 0.0.255.255 10.64.0.0 0.0.0.255
access-list 111 deny   icmp 10.165.0.0 0.0.255.255 10.64.0.0 0.0.0.255
access-list 111 permit ip 10.165.0.0 0.0.255.255 any
access-list 111 deny   icmp any 2.1.1.0 0.0.0.255
access-list 111 permit icmp 10.165.0.0 0.0.255.255 any
access-list 150 deny   ip 10.165.0.0 0.0.255.255 2.1.1.0 0.0.0.255
access-list 150 deny   ip 10.165.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 150 deny   ip 10.64.12.0 0.0.0.255 2.1.1.0 0.0.0.255
access-list 150 deny   ip 10.64.12.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 150 permit ip 10.165.0.0 0.0.255.255 any
access-list 150 permit ip 10.64.12.0 0.0.0.255 any
access-list 155 permit tcp any host 192.168.1.14
access-list 155 deny   tcp any any eq 4444
access-list 155 deny   tcp any any eq 69
access-list 155 deny   tcp any any eq 6346
access-list 155 deny   tcp any any eq 6667
access-list 155 deny   tcp any any eq 2500
access-list 155 deny   tcp any any eq 3127
access-list 155 deny   udp any any eq 6667
access-list 155 permit ip any any
access-list 199 permit ip 10.64.12.0 0.0.0.255 10.1.0.0 0.0.255.255
snmp-server community ln2008 RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps flash insertion removal
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps hsrp
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps rtr
snmp-server host 192.168.1.154 version 2c ln2008 
route-map natmap permit 10
 match ip address 150
!         
route-map tobeijing permit 10
 match ip address 111
 set interface Serial0/0/0 GigabitEthernet0/1
!
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 logging synchronous
line vty 5 15
 logging synchronous
!
scheduler allocate 20000 1000
ntp clock-period 17180039
ntp source Loopback0
ntp server 10.0.0.3
!
end