Cisco 877

!
! c870-advipservicesk9-mz.124-15.T10.bin
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service linenumber
service sequence-numbers
!
hostname r877
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 5 log
logging snmp-authfail
logging buffered 10240
logging rate-limit console 5
enable secret *****
!
aaa new-model
!
aaa authentication login default local-case
aaa authentication enable default enable
aaa authorization exec default local none 
!
!
aaa session-id common
clock timezone NZST 12
clock summer-time NZDT recurring last Sun Sep 2:00 1 Sun Apr 3:00
errdisable recovery cause bpduguard
!
!
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip dhcp excluded-address 192.168.2.0 192.168.2.199
!
ip dhcp pool MY-DHCP-POOL
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1 
   lease 0 4
   update arp
!
ip domain name router.local
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp router-traffic
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall skinny
ip inspect name firewall pptp
!
login block-for 10 attempts 3 within 30
login on-failure
login on-success
!
ipv6 unicast-routing
ipv6 dhcp pool IPV6-DHCP-POOL
 import dns-server
!
ipv6 inspect name firewall icmp
ipv6 inspect name firewall tcp
ipv6 inspect name firewall udp
ipv6 inspect name firewall ftp
!
spanning-tree portfast bpduguard
spanning-tree vlan 2 priority 8192
username user privilege 15 secret *****
!
archive
 log config
  hidekeys
!
!
ip tcp selective-ack
ip tcp timestamp
ip tcp path-mtu-discovery
ip ssh logging events
!
interface ATM0
 no ip address
 logging event atm pvc state
 logging event subif-link-status
 load-interval 30
 no atm ilmi-keepalive
 !dsl operating-mode adsl2+ 
!
interface ATM0.1 point-to-point
 pvc 0/100 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
interface FastEthernet0
 switchport access vlan 2
 load-interval 30
!
interface FastEthernet1
 switchport access vlan 2
 load-interval 30
 spanning-tree portfast
!
interface FastEthernet2
 switchport access vlan 2
 load-interval 30
!
interface FastEthernet3
 switchport access vlan 2
 load-interval 30
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 ip address 192.168.2.1 255.255.255.0
 ip access-group LAN-IN in
 ip verify unicast reverse-path
 ip nat inside
 ip virtual-reassembly
 load-interval 30
 ipv6 address FE80::1 link-local
 ipv6 address ASSIGNED-PREFIX ::1:0:0:0:1/64
 ipv6 enable
 ipv6 nd prefix default 180 120
 ipv6 nd other-config-flag
 ipv6 nd ra interval 10
 ipv6 verify unicast reverse-path
 ipv6 dhcp server IPV6-DHCP-POOL
!
interface Dialer0
 ip address negotiated
 ip access-group WAN-IN in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip multicast boundary NO-MULTICAST
 ip nat outside
 ip inspect firewall out
 ip virtual-reassembly
 encapsulation ppp
 logging event subif-link-status
 load-interval 30
 dialer pool 1
 dialer-group 1
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 verify unicast reverse-path
 ipv6 dhcp client pd ASSIGNED-PREFIX
 ipv6 inspect firewall out
 fair-queue
 no cdp enable
 ppp pap sent-username user@adsl.xnet.co.nz password *****
 ppp ipcp dns request
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 5
no ip http secure-server
ip http secure-port 8443
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list standard NO-MULTICAST
 deny   224.0.0.0 15.255.255.255
!
ip access-list extended LAN-IN
 remark Traffic allowed to enter the router from the Ethernet.
 permit ip any host 192.168.2.1
 permit ip any host 192.168.2.255
 deny   ip any 0.0.0.0 0.255.255.255 log-input
 deny   ip any 10.0.0.0 0.255.255.255 log-input
 deny   ip any 127.0.0.0 0.255.255.255 log-input
 deny   ip any 169.254.0.0 0.0.255.255 log-input
 deny   ip any 172.16.0.0 0.15.255.255 log-input
 deny   ip any 192.0.2.0 0.0.0.255 log-input
 deny   ip any 192.168.0.0 0.0.255.255 log-input
 deny   ip any 198.18.0.0 0.1.255.255 log-input
 permit ip 192.168.2.0 0.0.0.255 any
 permit ip any host 255.255.255.255
 deny   ip any any log-input
ip access-list extended NAT
 permit ip 192.168.2.0 0.0.0.255 any
 deny   ip any any
ip access-list extended WAN-IN
 remark Traffic allowed to enter the router from the Internet.
 deny   ip 0.0.0.0 0.255.255.255 any log-input
 deny   ip 10.0.0.0 0.255.255.255 any log-input
 deny   ip 127.0.0.0 0.255.255.255 any log-input
 deny   ip 169.254.0.0 0.0.255.255 any log-input
 deny   ip 172.16.0.0 0.15.255.255 any log-input
 deny   ip 192.0.2.0 0.0.0.255 any log-input
 deny   ip 192.168.0.0 0.0.255.255 any log-input
 deny   ip 198.18.0.0 0.1.255.255 any log-input
 deny   ip 224.0.0.0 0.15.255.255 any log-input
 deny   ip any host 255.255.255.255 log-input
 deny   icmp any any log-input fragments
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 deny   icmp any any log-input
 permit esp any any log-input
 permit udp any eq isakmp any eq isakmp
 permit gre any any
 permit 41 any any
 deny   ip any any log-input
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 deny   any log
access-list 5 deny   any log
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
!
ipv6 access-list INTERNET-IN
 permit icmp any any echo-request
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 deny ipv6 any any log-input
!
ipv6 access-list VTY
 permit ipv6 FE80::/10 any
 deny ipv6 any any log-input
!
control-plane
!
banner login $


THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit 
expectation of privacy.


Any or all uses of this system and all files on this system may
be intercepted, monitored, recorded, copied, audited, inspected,
and disclosed to authorized site and law enforcement personnel,
as well as authorized officials of other agencies, both domestic
and foreign.  By using this system, the user consents to such
interception, monitoring, recording, copying, auditing, inspection,
and disclosure at the discretion of authorized site personnel.


Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.


By continuing to use this system you indicate your awareness of and
consent to these terms and conditions of use.   Disconnect IMMEDIATELY
if you do not agree to the conditions stated in this warning.


$
!
line con 0
 exec-timeout 120 0
 logging synchronous
 no modem enable
 transport preferred none
 transport output none
line aux 0
line vty 0 4
 access-class 1 in
 exec-timeout 120 0
 ipv6 access-class VTY in
 logging synchronous
 transport preferred none
 transport input ssh
 transport output ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp logging
ntp server 131.203.16.6
ntp server 131.203.16.10
end