Arhivarea configuratiilor intr-un router CISCO

MUlti stiu, putini cunosc cat de usor se poate configura un kron astfel incat, la intervale stabilite de voi
sa se salveze configuratia unui router intr-o locatie aleasa.

De exemplu, avem nevoie ca respectiva configuratie sa fie salvata la
fiecare 2500 de minute:

archive
path disk0:/config-archive
maximum 14
time-period 2500
log config
notify syslog

FTP Kron Policy

kron occurrence ftpconfig_occur in 1:0:0 recurring
policy-list ftpconfig
!
kron policy-list ftpconfig
cli copy running-config
ftp://192.168.1.74/configs/router.cfg //IP e ales aleator... se poate inlocui cu IP unui
server de ftp agreat de voi

Router#show archive
There are currently 3 archive configurations saved.
The next archive file will be named disk0:/config-archive-4
Archive # Name
0
1 disk0:/config-archive-1
2 disk0:/config-archive-2
3 disk0:/config-archive-3
…

Router#show kron schedule
Kron Occurrence Schedule
ftpconfig_occur inactive, will run again in 0 days 23:54:17

 

Astaro… reluare…

Azi m-am hotarat sa instalez un Astaro in ciclul de productie. Daca totul merge bine, inlocuiesc vechiul 515 de la CISCO…Urati-mi succes!

Later edit: De moment, Astaro functioneaza bine… il mai tin in teste si voi posta concluziile… Intre timp, am achizitionat un pix 501 pentru colectia de acasa. M-a costat doua beri, dar a meritat investitia, mai ales ca vreau sa-l configurez sa lucreze cu un 1721 pe adsl-ul propriu si personal… Pana acolo mai e cale lunga, mai ales ca nemernicul mic si rau e parolat iar fostul proprietar habar nu are de parola… Incercam varianta de la CISCO, cea in care trebuie sa opresti boot-ul si sa incarci in flash un fisier care sa iti stearga parola… Asta daca ma prind cee IP-uri are configurate pe interfete. Teoretic, daca las calculorul  pe DHCP, ar trebui sa sa ia un Ip din aceeasi clasa, si ar fi mai usor… Voi aveti alte idei?

 

Cand nu protejezi bine un router…

… poti sa ai probleme. Cam asa se intampla cu Telefonica, una dintre cele mai mari companii de comunicatii din lume, care, culmea, imprumuta si configureaza routere pentru diverse alte companii…

Sa vedem cam cum arata configuratia unuia dintre routerele lor:

Using 5298 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ibemnapacc
!
boot-start-marker
boot-end-marker
!
logging buffered 100000 debugging
no logging console
enable secret 5 $1$u1X7$fFHQopGMm7UVDpXOvTnPE1
enable password 7 04480E0F0135484B
!
clock timezone MET 1
clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa session-id common
ip subnet-zero
ip cef
!
!
!
!
ip ftp source-interface Loopback400
ip ips po max-events 100
ip tftp source-interface Loopback400
no ip domain lookup
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key ADSLREMOTA address 172.99.1.1
crypto isakmp keepalive 30
!
!
crypto ipsec transform-set IBER esp-3des esp-sha-hmac
!
crypto map ADSLREMOTA local-address Loopback20
crypto map ADSLREMOTA 10 ipsec-isakmp
set peer 172.99.1.1
set transform-set IBER
match address 110
!
!
!
interface Loopback20
ip address 172.99.1.254 255.255.255.255
!
interface Loopback400
description Gestion InterLAN
ip address 172.30.153.130 255.255.255.255
!
interface ATM0
description ADSL: 948258057
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
description Conexion con NRI: 31712712 dlci 69
ip address 172.55.3.78 255.255.255.252
crypto map ADSLREMOTA
pvc 8/32
encapsulation aal5snap
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 89.31.29.1 255.255.255.248 secondary
ip address 89.102.10.60 255.255.0.0
shutdown
speed auto
!
router eigrp 1
network 89.0.0.0
network 172.55.0.0
network 172.99.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
ip tacacs source-interface Loopback400
!
!
access-list 3 permit 89.0.4.164
access-list 50 remark GESTION SNMP SOLO LECTURA
access-list 50 permit 172.24.7.128 0.0.0.63
access-list 50 permit 213.0.254.0 0.0.0.63
access-list 50 permit 213.0.190.192 0.0.0.63
access-list 50 permit 213.0.187.192 0.0.0.63
access-list 51 remark GESTION PERMISO ESCRITURA Y TFTP
access-list 51 permit 172.24.7.128 0.0.0.63
access-list 51 permit 213.0.254.0 0.0.0.63
access-list 51 permit 213.0.190.192 0.0.0.63
access-list 51 permit 213.0.187.192 0.0.0.63
access-list 52 permit 172.55.3.77
access-list 52 remark ACCESO TELNET
access-list 52 permit 172.24.7.128 0.0.0.63
access-list 52 permit 213.0.254.0 0.0.0.63
access-list 52 permit 213.0.190.192 0.0.0.63
access-list 52 permit 213.0.187.192 0.0.0.63
access-list 53 remark ACCESO NTP
access-list 53 permit 172.24.7.128 0.0.0.63
access-list 53 permit 213.0.254.0 0.0.0.63
access-list 53 permit 213.0.190.192 0.0.0.63
access-list 53 permit 213.0.187.192 0.0.0.63
access-list 110 permit ip 89.102.0.0 0.0.255.255 any
access-list 110 permit ip 89.31.29.0 0.0.0.7 any
snmp-server community GESTION RO 50
snmp-server community ESCRITO RW 51
snmp-server community IBERMUTUA RO 3
snmp-server ifindex persist
snmp-server trap-source Loopback400
snmp-server location IBERMUTUAMUR –> Sancho Ramirez 15   bj IRUQA NAVARRA
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps atm pvc
snmp-server host 172.24.7.174 GESTION
snmp-server host 89.0.4.164 IBERMUTUA
snmp-server tftp-server-list 51
tacacs-server host 172.24.7.171
tacacs-server timeout 3
tacacs-server directed-request
tacacs-server key 7 132435312F29220D
!
control-plane
!
banner motd ^CC
********************************************************************
********************************************************************
********************************************************************
**    Esta usted accediendo a una maquina privada propiedad de    **
**                     TELEFONICA DATA ESPAQA S.A.          ,
**   sin autorizacion, podra estar incurriendo en una violacion   **
**  que podria suponer la posible comision de una falta o delito  **
********************************************************************
**                  Telefonica Data España S.A.                   **
********************************************************************
**          Grupo de Gestion Servicio InterLAN de TDE             **
********************************************************************
********************************************************************^C
!
line con 0
exec-timeout 5 0
password 7 1044081100161E
line aux 0
access-class 52 in
exec-timeout 5 0
password 7 045205130C29435D
modem InOut
no exec
stopbits 1
flowcontrol hardware
line vty 0 4
!
end

Router#

Router#

Nu intrebati cum am obtinut-o, bine?

 

Astaro Security Gateway

Pentru un informatician, procesul de invatare de noi tehnologii este esential. Iar in cadrul acestui proces, cel de experimentare are cel mai mult farmec. Asadar, dupa ce m-am jucat cateva saptamani cu un firewall hardware de la R.I.S.C. Security, despre care, din pacate nu pot sa scriu deocamdata din motive de licentiere si nu numai, zilele trecute am descarcat noua varianta de Security Gateway a celor de la Astaro. Care ASG exista si in varianta free pentru homeuseri.

Daca aveti vreo rasnita de calculator veche, nu e rau sa aruncati o privire si prin ograda celor de la Astaro. Produsul e chiar OK, usor de configurat, nu cere multe resurse…etc.

Deocamdata inca sunt in plin proces de testare, dar va pot oferi cateva preview-uri:

Instalarea se face simplu, ca orice sistem operativ bazat pe Unix/Linux. Cerintele, dupa cum spuneam, nu sunt mari: procesor la 1GHz, minim 1 GB de Ram, doua placi de retea, un hard de 10 GB sau mai mare.

Dupa instalare se acceseaza consola de management direct din browser, folosind ca adresa localhost si portul 4444. Clar, se poate accesa si din retea, folosind IP-ul serverului de firewall. Prima care va intampina este fereastra de login de mai sus…

Dupa cum veti vedea, menagementul se face in mod grafic, ceea ce va simplica mult configurarea si supravegherea firewall-ului:

Pe partea de securitate a retelei, care ma intereseaza, beneficiem de filtrare de pachete, NAT, Intrusion Prevention, Server load balancing…

Suna bine, pentru un produs pe care il poti folosi acasa… In zilele urmatoare revin cu un review detaliat, impreuna cu cateva tutoriale..

 

Provocare hacking…

…sau asa spun ei.

Ieri am descoperit un site care ne propune o serie de provocari in domeniul hacking-ului.

De obicei nu imi ocup timpul cu genul asta de lucruri,dar mi s-a parut relativ interesant…
Pagina este : http://isatcis.com

Hai sa vedem cam care sunt pasii de urmat:

Nivelul 1:

O mica privire aruncata in codul sursa :

<script language="javascript">
</script>
<script language="JavaScript" type="text/javascript">
<!--
var passwort, i;

passwort=prompt("Please enter password!","");
if (passwort=="easy") {
window.location.href="step1.htm";
i=4;

}

//-->
</script>

Si misterul e lamurit!!! Parola: easy
Pana aici nu m-a incitat prea tare 
Nivelul doi a fost la fel de usor. Asa ca nu va ramane decat sa va uitati
cu atentie la codul sursa.
Parola nu o mai dau pe moca!

Nivelul 3 aduce insa ceva nou. Si anume un script:
<SCRIPT LANGUAGE="JavaScript">
function pw()
{
   var d1, Eingabe;
   d1=window.document.linkColor;

	Eingabe=prompt ("Please enter password");
	if (Eingabe==d1)
	{

    window.location.href=String.fromCharCode(65,66,67)+".htm";
    }
	else
	{
	window.location.href="denied.htm";
   	}
   }
</SCRIPT>

Carevasazica, avem un CharCode(65,66,67)...O mica privire prin google
si aflam ca cele trei numere corespund unor litere...
Asadar nu introducem parola, ci scriem in bara de adrese numele paginii
html. Aflati voi care!

Nivelul 4... si mai interesant...
<script language=JavaScript>
{
var a=unescape("%43%4f%44%45%5a");
 function check()
 	{
  if (document.a.c.value == a)
    {

document.location.href="http://isatcis.com/"+document.a.c.value+".htm";

    }
 else
	{
	 alert ("wrong! - letter size?");

	}
}
	}
</script>

Codul ascii sa traiasca... si mai ales valorile lui hexadecimale...
Hai ca-i usor...

Ce facem insa la nivelul 5? Sa vedem:
<!--
function abfrage1() {
var code = new Array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k",
"l", "m", "n", "o", "p","q", "r", "s", "t", "u", "v", "w", "x", "y", "z");

Eingabe = window.prompt("Password : ","");

if(Eingabe != ((code.length)*100)/2-66)
        {
        window.location.href="denied.htm";
        }
else
         window.location.href=Eingabe+".htm";
}

// -->
</script>
Deci, intelegem ca lungimea codului este 26, iar formula este
"lungime codului"*100/2-66...V-ati prins?

Nivelul 6...in codul sursa se face referire la o pagina numita "sechsjava.htm"
De aici e simplu!
Nivelul 7 e relativ asemanator, numai ca, in loc de o pagina htm, avem un mic
script java care contine parola...
I-a sa vedem, il gasiti?

Ah...nivelul 8... e atat de simplu...dar m-am chinuit un sfert de ora.
Tocmai pentru ca era prea simplu.

Deocamdata atat, din lipsa de timp...Revin cu alte amanunte...
UPDATE: Cand ma simteam si eu mai bine... se pare ca paginile nu mai sunt valabile... cel putin de la nivelul 9. Pacat....

Apropo, stie cineva un site decent? Clar, cu provocari de hacking...

 

Cisco si DDNS

Daca tot beneficiem de avantajele unui router serios, nu pocnitorile pe care ni le baga pe gat providerii de internet, atunci musai sa configuram si un DDNS. Dar sa incepem cu inceputul.
Ce este un DDNS?
Dynamic Domain Name System – adica un protocol sau un serviciu de retea care ofera posibilitatea notificarii unui sistem DNS de schimbarile, in timp real, survenite in configuratiile de retea. Mai pe romaneste, cum multi dintre noi avem IP dinamic, e ceva mai dificil sa configuram un server de web de exemplu, pentru ca se va schimba IP-ul si nu vom mmai avea acces la el. Drept urmare, avem nevoie de un sistem dinamic care sa trimita noua adresa IP serverelor de DNS si sa asocieze adresa cu serverul de web pe care il ave (sau mail, ftp…etc.)
Clar, exista DynDNS, NO-IP si multe alte servicii similare, care ne rezolva problema intr-un mod destul de facil. Dar, ce-ar fi daca am avea posibilitatea sa configuram un astfel de sistem dinamic direct in router? Pentru pocnitorile oferite de IPS-uri e destul de simplu, pentru ca, de obicei, au functia implementata. Ce facem insa cu un router CISCO?
Clar…il configuram…

Hai sa vedem si cum:
Presupunem ca vom folosi serviciile celor de la No-IP ca metoda de update al IP-ului si de asociere al unui nume de domeniu (ex.: domeniulmeu.com)

Intram in modul privilegiat, introducand o paraola daca e cazul (daca nu inseamna ca sunteti tampiti si nu merita sa aveti un router Cisco )
Router> enable

Modul de configurare este urmatorul pas:
Router# configure terminal

Mai departe trebuie sa specificam modul de update al configuratiei de retea si clar, al schimbarilor de IP:
Router(config)# ip ddns update method unnumeoarecare
Router(DDNS-update-method)# ddns

Specifica daca un cache intern va fi folosit ca mod de update:
Router(DDNS-update-method)# internal mycache altnumeoarecare

Specificam HTTP-ul ca mod de updatesi introducem url-ul de la No-IP (de exemplu…):
Router(DDNS-update-method)# http
Router(DDNS-HTTP)# add http://username:password%40dynupdate.no-
ip.com/nic/update%3Fhostname=domeniulmeu.com

Configuram si intervalul maxim de update(serviciul trebuie sa citeasca datele la un interval de timp, astfel incat sa nu apara itreruperi datorita schimbarilor de IP):
Router(DDNS-HTTP)# interval maximum 0 0 1 1 //(unde fiecare cifra reprezinta, in ordine, zile, ore, minute si secunde)

Bun… pana acum am configurat serviciul de update. In continuare trebuie sa-l asociem unei interfete:
Router(DDNS-HTTP)# exit
Router(DDNS-update-method)# exit
Router(config)# interface ethernet 1
Router(config-if)# ip ddns update hostname domeniultau.com
Router(config-if) ip ddns update unnumeoarecare (adica ala de la a treia linie de configurare)
Router(config)# exit

Serviciul ar trebui sa fie functional…
Succes!

 

cmd.exe – autocomplete

Cei care lucreaza in Linux sau Cisco IOS stiu ce inseamna autocomplete. Si mai ales cat de comod este.
Ceea ce am aflat si eu de curand este faptul ca aceeasi functie poate fi folosita si in cmd.exe, doar ca trebuie activata intai. Iar activarea se face modificand:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor]

“CompletionChar”=dword:00000040 cu “CompletionChar”=dword:00000009

Succes!

 

Stiu…

…am cam lipsit de pe blog in ultima vreme, situatie pe care sper sa o remediez cat mai repede. Deocamdata va spun doar ca am in pregatire cateva articole despre :

- Configurarea unui VPN cu IPsec

- BGP – importanta, exemple de configurare si vulnerabilitati

- configurarea unei conexiuni ADSL dinamice pe un router cisco folosind SDM si cli (asta pentru ca tot am vazut pe forumuri o gramada de destepri care isi cumpara routere cisco la mana a doua si cer ajutor la configurare!)

Mai am si alte teme in plan, dar totul depinde de timpul pe care il am la dispozitie…

 

CONVENTII DE NUME PENTRU CISCO IOS

Foarte util atunci cand trebuie sa stim ce servicii ne aduce o varianta sau alta de IOS.

Ne permite sa citim numele versiunilor anterioare 12.3 (incepand cu aceasta versione IOS-urile se divid in 8.

Daca, de exemplu avem un Cisco IOS c7200-ajs40-mz, utilizand lista putem sti ca:

c7200: E vorba de un IOS pentru un Router Cisco 7200.

a: APPN (Advanced Peer to Peer Networking).

j: Entreprise.

s: NAT, ISL, IBM, MMP, VPDN/L2F.

40: criptare pe 40 de biti.

m: software-ul se executa in RAM.

z: arhivat zip.

A
a	APPN
a2	ATM
a3	APPN replacement
B
b	Appletalk
boot	boot image
C
c	Comm-server/Remote Access Server (RAS) subset (SNMP, IP, Bridging, IPX, Atalk, Decnet, FR, HDLC, PPP, X,25, ARAP, tn3270, PT, XRemote, LAT) (non-CiscoPro)
c	CommServer lite (CiscoPro)
c2	Comm-server/Remote Access Server (RAS) subset ( SNMP, IP, Bridging, IPX, Atalk, Decnet, FR, HDLC, PPP, X,25, ARAP, tn3270, PT, XRemote, LAT) (CiscoPro)
c3	clustering
D
d	Desktop subset ( SNMP, IP, Bridging, WAN, Remote Node, Terminal Services, IPX, Atalk, ARAP) (11.2 – Decnet)
d2	reduced Desktop subset (SNMP, IP, IPX, ATALK, ARAP)
diag	IOS based diagnostic images
E
e	IPeXchange (no longer used in 11.3 and later) – StarPipes DB2 Access – Enables Cisco IOS to act as a “Gateway” to all IBM DB2 products for downstream clients/servers in 11.3T
eboot	ethernet boot image for mc3810 platform

F
f	FRAD subset (SNMP, FR, PPP, SDLLC, STUN)
f2	modified FRAD subset, EIGRP, Pcbus, Lan Mgr removed, OSPF added
G
g	ISDN subset (SNMP, IP, Bridging, ISDN, PPP, IPX, Atalk)
g2	gatekeeper proxy, voice and video
g3	ISDN subset for c800 (IP, ISDN, FR)
H
h	For Malibu(2910), 8021D, switch functions, IP Host
hdiag	Diagnostics image for Malibu(2910)
I (used for image names of platforms c2500 and large)
i	IP subset (SNMP, IP, Bridging, WAN, Remote Node, Terminal Services)
i2	subset similar to IP subset for system controller image (3600)
i3	reduced IP subset with BGP/MIB, EGP/MIB, NHRP, DIRRESP removed.
i4	subset of IP (5200)
ipss7	IP subset with SS7 (2600)
J
j	enterprise subset (formerly bpx, includes protocol translation) *** not used until 10.3 ***
K
k	kitchen sink (enterprise for high-end) (same as bx) (Not used after 10.3)
k1	Baseline Privacy key encryption (On 11.3 and up)
k2	high-end enterprise w/CIP2 ucode (Not used after 10.3)
k3	Triple DES (On 11.3 and up)
k4	56bit SSH encryption
k5	168bit SSH encryption
k6	Reserved for future encryption capabilities (On 11.3 and up)
k7	Reserved for future encryption capabilities (On 11.3 and up)
k8	Reserved for future encryption capabilities (On 11.3 and up)
k9	Reserved for future encryption capabilities (On 11.3 and up)
L
l	IPeXchange IPX, static routing, gateway
M
m	RMON (11.1 only)
m	Catalyst 2820-kernel, parser, ATM signaling, Lane Client, bridging
N
n	IPX
O
o	Firewall (formerly IPeXchange Net Management)
o2	Firewall (3xx0)
o3	Firewall with ssh (36×0 26×0)
P
p	Service Provider (IP RIP/IGRP/EIGRP/OSPF/BGP, CLNS ISIS/IGRP)
p2	Service Provider w/CIP2 ucode
p3	as5200 service provider
p4	5800 (Nitro) service provider
p5	Service Provider (6400 NRP)
p7	Service Provider with PT/TARP (2600, 3640)
Q
q	Async
q2	IPeXchange Async
R
r	IBM base option (SRB, SDLLC, STUN, DLSW, QLLC) – used with i, in, d (See note below.)
r2	IBM variant for 1600 images
r3	IBM variant for Ardent images (3810)
r4	reduced IBM subset with BSC/MIB, BSTUN/MIB, ASPP/MIB, RSRB/MIB removed
S
s	source route switch (SNMP, IP, Bridging, SRB) (10.2 to 11.1)
s	Additions by Platform via PLUS packs c1000 (OSPF, PIM, SMRP, NLSP, ATIP, ATAURP, FRSVC, RSVP, NAT) c1005 (X.25, full WAN, OSPF, PIM, NLSP, SMRP, ATIP, ATAURP, FRSVC, RSVP, NAT) c1600 (OSPF, IPMULTICAST, NHRP, NTP, NAT, RSVP, FRAME_RELAY_SVC) AT “s” images also have: (SMRP,ATIP,AURP) IPX “s” images also have: (NLSP,NHRP) c2500 (NAT, RMON, IBM, MMP, VPDN/L2F) c2600 (NAT, IBM, MMP, VPDN/L2F, VOIP and ATM) c3620 (NAT, IBM, MMP, VPDN/L2F) In 11.3T added VOIP c3640 (NAT, IBM, MMP, VPDN/L2F) In 11.3T added VOIP c4000 (NAT, IBM, MMP, VPDN/L2F) c4500 (NAT, ISL, LANE, IBM, MMP, VPDN/L2F) c5200 (PT, v.120, managed modems, RMON, MMP, VPDN/L2F) c5300 (MMP, VPDN, NAT, Modem Management, RMON, IBM) c5rsm (NAT, LANE and VLANS) c7000 (ISL, LANE, IBM, MMP, VPDN/L2F) c7200 (NAT, ISL, IBM, MMP, VPDN/L2F) rsp (NAT, ISL, LANE, IBM, MMP, VPDN/L2F)
T
t	AIP w/ modified Ucode to connect to Teralink 1000 Data (11.2)
t	Telco return (12.0)
U
u	IP with VLAN RIP (Network Layer 3 Switching Software, rsrb, srt, srb, sr/tlb)
V
v	VIP and dual RSP (HSA) support
v2	Voice V2D
v3	Voice Feature Card
v4	Voice (ubr920)
W
w	WBU Feature Sets i IISP l LANE & PVC p PNNI v PVC trafffic shaping
w2	Cisco Advantage ED train Feature Sets a IPX, static routing, gateway b Net Management c FR/X25 y Async
w3	Distributed Director Feature Sets
X
x	X.25 in 11.1 and earlier releases and on c800 in 12.0T
x	FR/X.25 in 11.2 (IPeXchange)
x	H.323 Gatekeeper/Proxy in 11.3 and later releases for 2500, 3620, 3640, mc3810
Y (used for image names of platforms smaller than c2500)
y	reduced IP (SNMP, IP RIP/IGRP/EIGRP, Bridging, ISDN, PPP) (C1003/4)
y	reduced IP (SNMP, IP RIP/IGRP/EIGRP, Bridging, WAN – X.25) (C1005) (11.2 – includes X.25) (c1005)
y	IP variant (no Kerberos, Radius, NTP, OSPF, PIM, SMRP, NHRP…) (c1600)
y2	IP variant (SNMP, IP RIP/IGRP/EIGRP, WAN – X.25, OSPF, PIM) (C1005)
y2	IP Plus variant (no Kerberos, Radius, NTP, …) (c1600)
y3	IP/X.31
y4	reduced IP variant (Cable, Mibs, DHCP, EZHTTP)
y5	reduced IP variant (Cable, Mibs, DHCP, EZIP) Home Office
y6	reduced IP variant(c800)
Z
z	managed modems
0-9
40	40 bit encryption
56	56 bit encryption
56i	56 bit encryption with IPSEC
Obsolet
h	reduced desktop subset (SNMP, IP RIP/IGRP/EIGRP, Bridging, ISDN, PPP, IPX, Atalk) 1003/4
h	reduced desktop subset (SNMP, IP RIP/IGRP/EIGRP, Bridging, WAN – X.25, IPX, Atalk) 1005

 

Tabele cu clasele de IP-uri si cantitatea de subretele si host-uri suportate…

Clasa A – Prefix, Subretele, Host si Masca de retea

CIDR	Cantitate Retele Clasa A	Cantitate de Hosts	Masca de retea
/32	16.777.216	1	255.255.255.255
/31	8.388.608	2	255.255.255.254
/30	4.194.304	4	255.255.255.252
/29	2.097.152	8	255.255.255.248
/28	1.048.576	16	255.255.255.240
/27	524.288	32	255.255.255.224
/26	262.144	64	255.255.255.192
/25	131.072	128	255.255.255.128
/24	65.536	256	255.255.255.0
/23	32.768	512	255.255.254.0
/22	16.384	1.024	255.255.252.0
/21	8.192	2.048	255.255.248.0
/20	4.096	4.096	255.255.240.0
/19	2.048	8.192	255.255.224.0
/18	1.024	16.384	255.255.192.0
/17	512	32.768	255.255.128.0
/16	256	65.536	255.255.0.0
/15	128	131.072	255.254.0.0
/14	64	262.144	255.252.0.0
/13	32	524.288	255.248.0.0
/12	16	1.048.576	255.240.0.0
/11	8	2.097.152	255.224.0.0
/10	4	4.194.304	255.192.0.0
/9	2	8.388.608	255.128.0.0
/8	1	16.777.216	255.0.0.0
/7	2	33.554.432	254.0.0.0
/6	4	67.108.864	252.0.0.0
/5	8	134.217.728	248.0.0.0
/4	16	268.435.456	240.0.0.0
/3	32	536.870.912	224.0.0.0
/2	64	1.073.741.824	192.0.0.0
/1	128	2.147.483.648	128.0.0.0
/0	256	4.294.967.296	0.0.0.0

Clase B – Prefix, Subretele, Host si Masca de retea

CIDR	Cantitate Retele Clasa B	Cantitate de Hosts	Masca de retea
/32	65.536	1	255.255.255.255
/31	32.768	2	255.255.255.254
/30	16.384	4	255.255.255.252
/29	8.192	8	255.255.255.248
/28	4.096	16	255.255.255.240
/27	2.048	32	255.255.255.224
/26	1.024	64	255.255.255.192
/25	512	128	255.255.255.128
/24	256	256	255.255.255.0
/23	128	512	255.255.254.0
/22	64	1.024	255.255.252.0
/21	32	2.048	255.255.248.0
/20	16	4.096	255.255.240.0
/19	8	8.192	255.255.224.0
/18	4	16.384	255.255.192.0
/17	2	32.768	255.255.128.0
/16	1	65.536	255.255.0.0
/15	2	131.072	255.254.0.0
/14	4	262.144	255.252.0.0
/13	8	524.288	255.248.0.0
/12	13	1.048.576	255.240.0.0
/11	32	2.097.152	255.224.0.0
/10	64	4.194.304	255.192.0.0
/9	128	8.388.608	255.128.0.0
/8	256	16.777.216	255.0.0.0
/7	512	33.554.432	254.0.0.0
/6	1.024	67.108.864	252.0.0.0
/5	2.048	134.217.728	248.0.0.0
/4	4.096	268.435.456	240.0.0.0
/3	8.192	536.870.912	224.0.0.0
/2	16.384	1.073.741.824	192.0.0.0
/1	32.768	2.147.483.648	128.0.0.0
/0	65.536	4.294.967.296	0.0.0.0

Clase C – Prefix, Subretele, Host si Masca de retea

CIDR	Cantitate Retele Clasa C	Cantitate de Hosts	Masca de retea
/32	256	1	255.255.255.255
/31	128	2	255.255.255.254
/30	64	4	255.255.255.252
/29	32	8	255.255.255.248
/28	16	16	255.255.255.240
/27	8	32	255.255.255.224
/26	4	64	255.255.255.192
/25	2	128	255.255.255.128
/24	1	256	255.255.255.0
/23	2	512	255.255.254.0
/22	4	1.024	255.255.252.0
/21	8	2.048	255.255.248.0
/20	16	4.096	255.255.240.0
/19	32	8.192	255.255.224.0
/18	64	16.384	255.255.192.0
/17	128	32.768	255.255.128.0
/16	256	65.536	255.255.0.0
/15	512	131.072	255.254.0.0
/14	1.024	262.144	255.252.0.0
/13	2.048	524.288	255.248.0.0
/12	4.096	1.048.576	255.240.0.0
/11	8.192	2.097.152	255.224.0.0
/10	16.384	4.194.304	255.192.0.0
/9	32.768	8.388.608	255.128.0.0
/8	65.536	16.777.216	255.0.0.0
/7	131.072	33.554.432	254.0.0.0
/6	262.144	67.108.864	252.0.0.0
/5	524.288	134.217.728	248.0.0.0
/4	1.048.576	268.435.456	240.0.0.0
/3	2.097.152	536.870.912	224.0.0.0
/2	4.194.304	1.073.741.824	192.0.0.0
/1	8.388.608	2.147.483.648	128.0.0.0
/0	33.534.432	4.294.967.296	0.0.0.0