Cisco 2811企业网络配置案例(2)

username bcd password bcd 为VPN用户指定DNS ip name-server 202.100.0.20 ip name-server 202.106.116.1 打开AAA服务 aaa new-model aaa authentication login default local aaa authentication ppp default local aaa authorization network default local 配置PPTP服务 vpdn enable vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 interface Virtual-Template1 ip unnumbered FastEthernet0/1 peer default ip address pool addpool no keepalive ppp encrypt mppe auto passive ppp authentication ms-chap ms-chap-v2 五、访问控制列表 1．放开特权IP地址权限 access-list 100 permit ip host 192.168.0.2 any access-list 100 permit ip host 192.168.0.3 any access-list 100 permit ip host 192.168.0.4 any access-list 100 permit ip host 192.168.0.5 any access-list 100 permit ip host 192.168.0.6 any access-list 100 permit ip host 192.168.0.7 any access-list 100 permit ip host 192.168.0.8 any 2．允许其他用户使用的协议 access-list 100 permit tcp any any eq 135 access-list 100 permit udp any any eq domain access-list 100 permit icmp any any 3．开放MSN access-list 100 permit tcp any any eq 1863 access-list 100 permit tcp any any eq 3389 access-list 100 permit tcp any any eq 1503 access-list 100 permit tcp any any eq 6891 access-list 100 permit tcp any any eq 443 4．开放QQ access-list 100 permit tcp any any range 6891 6900