Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide
Appendix E: Detailed Full Running Configurations
Downloads: This chapterpdf (PDF - 4.36MB) The complete bookPDF (PDF - 27.09MB) | Feedback

Table Of Contents

Detailed Full Running Configurations

Table of Contents

Data Center

WAN

ASA-WAN-1

ASA-WAN-1_IDS

RWAN-1

RWAN-2

SWAN-1

SWAN-3

Core

RCORE-1

RCORE-2

Aggregation

ASA-DC-1

RAGG-1-RUNNING

RAGG-1-VDC1-RUNNING

RAGG-1-VDC2-RUNNING

RAGG-2-RUNNING

RAGG-2-VDC1-RUNNING

RAGG-2-VDC2-RUNNING

N1KV-1-RUNNING

VSG-TENANT-1-RUNNING

RSERV-1

RSERV-2

Access

SACCESS-1

SACCESS-2

SACCESS-3

SACCESS-4

SACCESS-5

Storage

MDS-DC-1-RUNNING

MDS-DC-2-RUNNING

Internet Edge

WAN

RIE-1

RIE-2

Converged Core/Aggregation

ASA-IE-1

DMZ-IDS-1

DMZ-ASASM

DMZ-ACE-1

DMZ-ACE-1_ECOM

RIE-3

Clinic

Hospital

R-A2-LRG-1

R-A2-LRG-2

S-A2-LRG-1

S-A2-LRG-2

S-A2-LRG-3

S-A2-LRG-4

S-A2-LRG-5

Medium Clinic

R-A2-MED-1

R-A2-MED-2

S-A2-MED-1

S-A2-MED-3

Small Clinic

R-A2-SMALL

S-A2-SMALL

Mini Clinic

R-A2-MINI-1

S-A2-MINI-1

S-A2-MINI-2

Doctor's Office

R-A2-CONV-1

S-A2-CONV-1

Managed Service Provider

FW-A2-MSP-1

S-A2-MSP-1


Detailed Full Running Configurations


Table of Contents

Data Center

WAN

ASA-WAN-1

ASA Version 9.1(1)
!
firewall transparent
terminal width 511
hostname ASA-WAN-1
domain-name cisco-irn.com
enable password <removed>
passwd <removed>
names
!
interface GigabitEthernet0/0
 nameif outside
 bridge-group 1
 security-level 0
!
interface GigabitEthernet0/1
 nameif inside
 bridge-group 1
 security-level 100
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
!
interface GigabitEthernet0/3
 description LAN/STATE Failover Interface
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
!
interface GigabitEthernet0/5
 shutdown
 no nameif
 no security-level
!
interface GigabitEthernet0/6
 shutdown
 no nameif
 no security-level
!
interface GigabitEthernet0/7
 shutdown
 no nameif
 no security-level
!
interface Management0/0
 management-only
 no nameif
 no security-level
!
interface BVI1
 ip address 192.168.11.20 255.255.255.0 standby 192.168.11.21
!
boot system disk0:/asa911-smp-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
 domain-name cisco-irn.com
object network AdminStation
 host 192.168.41.101
object network AdminStation2
 host 192.168.41.102
object network AdminStation4-bart
 host 10.19.151.99
object network EMC-NCM
 host 192.168.42.122
 description EMC Network Configuration Manager
object network CSManager
 host 192.168.42.133
 description Cisco Security Manager
object network AdminStation3
 host 192.168.42.138
object network ActiveDirectory.cisco-irn.com
 host 192.168.42.130
object network Branches-ALL
 subnet 10.10.0.0 255.255.0.0
 description all branch networks
object network vSphere-1
 host 192.168.41.102
 description vSphere server for Lab
object network WCSManager
 host 192.168.43.135
 description Wireless Manager
object network PAME-DC-1
 host 192.168.44.111
object network MSP-DC-1
 host 192.168.44.121
 description Data Center VSOM
object network DC-ALL
 subnet 192.168.0.0 255.255.0.0
 description All of the Data Center
object network RSA-enVision
 host 192.168.42.124
 description RSA EnVision Syslog collector and SIM
object network TACACS
 host 192.168.42.131
 description Csico Secure ACS server for TACACS and Radius
object network RSA-AM
 host 192.168.42.137
 description RSA Authentication Manager for SecureID
object network ISE-2
 host 192.168.42.112
 description HA ISE Server
object network ISE-1
 host 192.168.42.111
 description ISE server for NAC
object network MS-Update
 host 192.168.42.150
 description Windows Update Server
object network MSExchange
 host 192.168.42.140
 description Mail Server
object network DC-POS
 subnet 192.168.52.0 255.255.255.0
 description POS in the Data Center
object service RPC
 service tcp destination eq 135
object service LDAP-GC
 service tcp destination eq 3268
object service LDAP-GC-SSL
 service tcp destination eq 3269
object service Kerberos-TCP
 service tcp destination eq 88
object service Microsoft-DS-SMB
 service tcp destination eq 445
 description Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharing
object service LDAP-UDP
 service udp destination eq 389
object service RPC-HighPorts
 service tcp destination range 1024 65535
object service IP-Protocol-97
 service 97
 description IP protocol 97
object service TCP1080
 service tcp destination eq 1080
object service TCP8080
 service tcp destination eq 8080
object service RDP
 service tcp destination eq 3389
 description Windows Remote Desktop
object network LMS
 host 192.168.42.139
 description Cisco Prime LMS
object-group network BRANCH-POS
 network-object 10.10.0.0 255.255.0.0
object-group network Admin-Systems
 network-object object EMC-NCM
 network-object object AdminStation
 network-object object AdminStation2
 network-object object CSManager
 network-object object AdminStation3
 network-object object ISE-1
 network-object object ISE-2
 network-object object LMS
object-group network DC-Wifi-Controllers
 description Central Wireless Controllers for branchs
 network-object 192.168.43.21 255.255.255.255
 network-object 192.168.43.22 255.255.255.255
object-group network DC-Wifi-MSE
 description Mobility Service Engines
 network-object 192.168.43.31 255.255.255.255
 network-object 192.168.43.32 255.255.255.255
object-group network DM_INLINE_NETWORK_5
 network-object object ISE-1
 network-object object ISE-2
 network-object object RSA-AM
 network-object object TACACS
object-group network DM_INLINE_NETWORK_6
 network-object object ISE-1
 network-object object ISE-2
object-group network DC-WAAS
 description WAE Appliances in Data Center
 network-object 192.168.48.10 255.255.255.255
 network-object 192.168.49.10 255.255.255.255
 network-object 192.168.47.11 255.255.255.255
 network-object 192.168.47.12 255.255.255.255
object-group network NTP-Servers
 description NTP Servers
 network-object 192.168.62.161 255.255.255.255
 network-object 162.168.62.162 255.255.255.255
object-group icmp-type DM_INLINE_ICMP_1
 icmp-object echo
 icmp-object echo-reply
 icmp-object time-exceeded
 icmp-object traceroute
 icmp-object unreachable
object-group service DM_INLINE_TCP_3 tcp
 port-object eq www
 port-object eq https
object-group network DC-POS-Tomax
 description Tomax POS Communication from Store to Data Center
 network-object 192.168.52.96 255.255.255.224
object-group network DC-POS-SAP
 description SAP POS Communication from Store to Data Center
 network-object 192.168.52.144 255.255.255.240
object-group network DC-POS-Oracle
 description Oracle POS Communication from Store to Data Center
 network-object 192.168.52.128 255.255.255.240
object-group service HTTPS-8443
 service-object tcp destination eq 8443
object-group network DM_INLINE_NETWORK_7
 network-object object MSP-DC-1
 network-object object PAME-DC-1
object-group service DNS-Resolving
 description Domain Name Server
 service-object tcp destination eq domain
 service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_8
 group-object DC-Wifi-Controllers
 group-object DC-Wifi-MSE
object-group service vCenter-to-ESX4
 description Communication from vCetner to ESX hosts
 service-object tcp destination eq 5989
 service-object tcp destination eq 8000
 service-object tcp destination eq 902
 service-object tcp destination eq 903
object-group network DM_INLINE_NETWORK_9
 network-object object DC-POS
 group-object DC-POS-Oracle
 group-object DC-POS-SAP
 group-object DC-POS-Tomax
object-group service TFTP
 description Trivial File Transfer
 service-object tcp destination eq 69
 service-object udp destination eq tftp
object-group service LWAPP
 description LWAPP UDP ports 12222 and 12223
 service-object udp destination eq 12222
 service-object udp destination eq 12223
object-group service CAPWAP
 description CAPWAP UDP ports 5246 and 5247
 service-object udp destination eq 5246
 service-object udp destination eq 5247
object-group service DM_INLINE_SERVICE_10
 group-object HTTPS-8443
 service-object tcp destination eq www
 service-object tcp destination eq https
object-group service ESX-SLP
 description CIM Service Location Protocol (SLP) for VMware systems
 service-object udp destination eq 427
 service-object tcp destination eq 427
object-group service DM_INLINE_SERVICE_11
 group-object ESX-SLP
 service-object tcp destination eq www
 service-object tcp destination eq https
 service-object tcp destination eq ssh
 group-object vCenter-to-ESX4
object-group service CISCO-WAAS
 description Ports for Cisco WAAS
 service-object tcp destination eq 4050
object-group service Netbios
 description Netbios Servers
 service-object udp destination eq netbios-dgm
 service-object udp destination eq netbios-ns
 service-object tcp destination eq netbios-ssn
object-group service Cisco-Mobility
 description Mobility ports for Wireless
 service-object udp destination eq 16666
 service-object udp destination eq 16667
object-group service DM_INLINE_SERVICE_12
 group-object CAPWAP
 group-object Cisco-Mobility
 service-object object IP-Protocol-97
 group-object LWAPP
 service-object tcp destination eq https
 service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_13
 service-object tcp-udp destination eq sip
 service-object tcp destination eq 2000
object-group network DM_INLINE_NETWORK_2
 group-object DC-Wifi-Controllers
 group-object DC-Wifi-MSE
 network-object object WCSManager
object-group network DM_INLINE_NETWORK_3
 network-object object DC-ALL
 group-object BRANCH-POS
object-group network DM_INLINE_NETWORK_4
 network-object object MSP-DC-1
 network-object object PAME-DC-1
object-group service DM_INLINE_SERVICE_2
 service-object icmp
 group-object HTTPS-8443
 service-object tcp destination eq https
 service-object tcp destination eq ssh
 service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_3
 group-object DNS-Resolving
 service-object object Kerberos-TCP
 service-object object LDAP-GC
 service-object object LDAP-GC-SSL
 service-object object LDAP-UDP
 service-object object Microsoft-DS-SMB
 service-object object RPC
 service-object object RPC-HighPorts
 service-object tcp destination eq ldap
 service-object tcp destination eq ldaps
 service-object udp destination eq 88
 service-object udp destination eq netbios-dgm
 service-object udp destination eq ntp
object-group service DM_INLINE_SERVICE_4
 service-object tcp destination eq https
 service-object tcp destination eq ssh
 group-object vCenter-to-ESX4
object-group service DM_INLINE_SERVICE_5
 group-object CAPWAP
 service-object object IP-Protocol-97
 group-object LWAPP
 group-object TFTP
 service-object tcp destination eq www
 service-object tcp destination eq https
 service-object tcp destination eq ssh
 service-object tcp destination eq telnet
 service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_6
 group-object HTTPS-8443
 service-object object RDP
 service-object object TCP1080
 service-object object TCP8080
 service-object icmp echo
 service-object icmp echo-reply
 service-object tcp destination eq ftp
 service-object tcp destination eq www
 service-object tcp destination eq https
 service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_7
 group-object CISCO-WAAS
 group-object HTTPS-8443
 service-object object Microsoft-DS-SMB
 group-object Netbios
object-group service DM_INLINE_SERVICE_8
 service-object tcp-udp destination eq sip
 service-object tcp destination eq 2000
object-group service DM_INLINE_SERVICE_14
 group-object CISCO-WAAS
 group-object HTTPS-8443
 service-object object Microsoft-DS-SMB
 group-object Netbios
object-group service DM_INLINE_SERVICE_15
 group-object DNS-Resolving
 service-object object Kerberos-TCP
 service-object object LDAP-GC
 service-object object LDAP-GC-SSL
 service-object object LDAP-UDP
 service-object object Microsoft-DS-SMB
 service-object object RPC
 service-object object RPC-HighPorts
 service-object tcp destination eq ldap
 service-object tcp destination eq ldaps
 service-object udp destination eq 88
 service-object udp destination eq netbios-dgm
 service-object udp destination eq ntp
object-group service DM_INLINE_SERVICE_9
 service-object tcp destination eq ldap
 service-object tcp destination eq ldaps
 service-object udp destination eq domain
object-group service DM_INLINE_TCP_1 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_2 tcp
 port-object eq www
 port-object eq https
 port-object eq imap4
 port-object eq pop3
 port-object eq smtp
object-group service DM_INLINE_UDP_1 udp
 port-object eq snmp
 port-object eq snmptrap
 port-object eq syslog
object-group service DM_INLINE_UDP_2 udp
 port-object eq 1812
 port-object eq 1813
access-list INSIDE extended permit ip any any
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_2 object-group 
Admin-Systems object-group DM_INLINE_NETWORK_3
access-list INSIDE remark Allow Active Directory Domain
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_3 object 
ActiveDirectory.cisco-irn.com object Branches-ALL
access-list INSIDE remark VMWare - ESX systems
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_4 object vSphere-1 
object Branches-ALL
access-list INSIDE remark Wireless Management to Stores
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_5 object-group 
DM_INLINE_NETWORK_2 object Branches-ALL
access-list INSIDE remark Physical security systems
access-list INSIDE extended permit tcp object-group DM_INLINE_NETWORK_4 object 
Branches-ALL eq https
access-list INSIDE remark Allow Management of branch systems
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_6 object DC-ALL object 
Branches-ALL
access-list INSIDE remark WAAS systems
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_7 object-group DC-WAAS 
object Branches-ALL
access-list INSIDE remark Voice calls
access-list INSIDE extended permit object-group DM_INLINE_SERVICE_8 object DC-ALL object 
Branches-ALL
access-list INSIDE remark Drop and Log all other traffic
access-list INSIDE extended deny ip any any log
access-list OUTSIDE extended permit ip any any
access-list OUTSIDE remark Connectivity validation
access-list OUTSIDE extended permit icmp object Branches-ALL any object-group 
DM_INLINE_ICMP_1
access-list OUTSIDE remark Internet Browsing
access-list OUTSIDE extended permit tcp object Branches-ALL any object-group 
DM_INLINE_TCP_3
access-list OUTSIDE remark Config uploading
access-list OUTSIDE extended permit tcp object Branches-ALL object EMC-NCM eq ssh
access-list OUTSIDE remark Log reporting
access-list OUTSIDE extended permit udp object Branches-ALL object RSA-enVision 
object-group DM_INLINE_UDP_1
access-list OUTSIDE remark Authentication and DNS lookup
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_9 object Branches-ALL 
object ActiveDirectory.cisco-irn.com
access-list OUTSIDE remark Authentication and authorization
access-list OUTSIDE extended permit tcp object Branches-ALL object TACACS eq tacacs
access-list OUTSIDE remark Time Sync
access-list OUTSIDE extended permit udp object Branches-ALL object-group NTP-Servers eq 
ntp
access-list OUTSIDE remark Authentication
access-list OUTSIDE extended permit udp object Branches-ALL object-group 
DM_INLINE_NETWORK_5 object-group DM_INLINE_UDP_2
access-list OUTSIDE remark Authentication web portal
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_10 object Branches-ALL 
object-group DM_INLINE_NETWORK_6
access-list OUTSIDE remark VMWare ESX to Data Center
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_11 object Branches-ALL 
object vSphere-1
access-list OUTSIDE remark Physical security systems
access-list OUTSIDE extended permit tcp object Branches-ALL object-group 
DM_INLINE_NETWORK_7 eq https
access-list OUTSIDE remark Wireless control systems
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_12 object Branches-ALL 
object-group DM_INLINE_NETWORK_8
access-list OUTSIDE remark Voice calls
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_13 object Branches-ALL 
object DC-ALL
access-list OUTSIDE remark WAAS systems
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_14 object Branches-ALL 
object-group DC-WAAS
access-list OUTSIDE remark Allow Active Directory Domain
access-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_15 object Branches-ALL 
object ActiveDirectory.cisco-irn.com
access-list OUTSIDE remark Allow Windows Updates
access-list OUTSIDE extended permit tcp object Branches-ALL object MS-Update object-group 
DM_INLINE_TCP_1
access-list OUTSIDE remark Allow Mail
access-list OUTSIDE extended permit tcp object Branches-ALL object MSExchange object-group 
DM_INLINE_TCP_2
access-list OUTSIDE remark Allow Applications
access-list OUTSIDE extended permit tcp object Branches-ALL object-group 
DM_INLINE_NETWORK_9 eq https
access-list OUTSIDE remark Drop all other traffic
access-list OUTSIDE extended deny ip any any log
pager lines 24
logging enable
logging host inside 192.168.42.124
logging host inside 192.168.42.139
mtu outside 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface folink GigabitEthernet0/3
failover link folink GigabitEthernet0/3
failover interface ip folink 192.168.12.20 255.255.255.0 standby 192.168.12.21
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-711.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group OUTSIDE in interface outside
access-group INSIDE in interface inside
route inside 0.0.0.0 0.0.0.0 192.168.11.60 1
route outside 10.10.0.0 255.255.0.0 192.168.11.1 1
route inside 10.10.0.0 255.255.255.0 192.168.11.60 1
route outside 10.10.1.0 255.255.255.0 192.168.11.2 1
route outside 10.10.2.0 255.255.255.0 192.168.11.3 1
route inside 10.10.3.0 255.255.255.0 192.168.11.60 1
route inside 10.10.4.0 255.255.255.0 192.168.11.60 1
route outside 10.10.254.0 255.255.255.0 192.168.11.3 1
route outside 10.10.255.0 255.255.255.0 192.168.11.2 1
route inside 192.168.0.0 255.255.0.0 192.168.11.10 1
route outside 192.168.1.111 255.255.255.255 192.168.11.2 1
route outside 192.168.1.112 255.255.255.255 192.168.11.3 1
route inside 192.168.20.0 255.255.252.0 192.168.11.60 1
route inside 192.168.24.0 255.255.255.0 192.168.11.60 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server CiscoACS protocol tacacs+
aaa-server CiscoACS (inside) host 192.168.42.131
 key *****
user-identity default-domain LOCAL
aaa authentication ssh console CiscoACS LOCAL
aaa authentication enable console CiscoACS LOCAL
aaa authentication http console CiscoACS LOCAL
aaa accounting ssh console CiscoACS
aaa accounting enable console CiscoACS
aaa accounting command privilege 15 CiscoACS
aaa authentication secure-http-client
aaa local authentication attempts max-fail 6
aaa authorization exec authentication-server
http server enable
http server idle-timeout 15
http server session-timeout 60
http 192.168.41.102 255.255.255.255 inside
http 192.168.41.101 255.255.255.255 inside
http 192.168.42.122 255.255.255.255 inside
http 192.168.42.124 255.255.255.255 inside
http 192.168.42.133 255.255.255.255 inside
http 192.168.42.138 255.255.255.255 inside
http 192.168.42.139 255.255.255.255 inside
http 192.168.42.134 255.255.255.255 inside
snmp-server group V3Group v3 priv
snmp-server user csmadmin V3Group v3 encrypted auth sha 
9e:72:6a:fa:06:f5:29:f9:8a:87:ce:fa:46:19:a5:80:6c:2d:2e:b8 priv aes 256 
9e:72:6a:fa:06:f5:29:f9:8a:87:ce:fa:46:19:a5:80:6c:2d:2e:b8:bb:47:d1:68:d7:39:58:f4:62:f7:
38:36
snmp-server user ciscolms V3Group v3 encrypted auth sha 
9e:72:6a:fa:06:f5:29:f9:8a:87:ce:fa:46:19:a5:80:6c:2d:2e:b8 priv aes 256 
9e:72:6a:fa:06:f5:29:f9:8a:87:ce:fa:46:19:a5:80:6c:2d:2e:b8:bb:47:d1:68:d7:39:58:f4:62:f7:
38:36
snmp-server host inside 192.168.42.134 version 3 ciscolms
snmp-server host inside 192.168.42.139 version 3 ciscolms
snmp-server host inside 192.168.42.133 version 3 csmadmin
snmp-server location Building SJC-17-1 Aisle 1 Rack 3
snmp-server contact EmployeeA
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 1
ssh scopy enable
ssh 192.168.41.101 255.255.255.255 inside
ssh 192.168.41.102 255.255.255.255 inside
ssh 192.168.42.122 255.255.255.255 inside
ssh 192.168.42.124 255.255.255.255 inside
ssh 192.168.42.133 255.255.255.255 inside
ssh 192.168.42.138 255.255.255.255 inside
ssh 192.168.42.139 255.255.255.255 inside
ssh 192.168.42.134 255.255.255.255 inside
ssh timeout 15
ssh version 2
console timeout 15
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.62.162 source inside
ntp server 192.168.62.161 source inside prefer
ssl encryption aes256-sha1 3des-sha1
username csmadmin password <removed> privilege 15
username ciscolms password <removed> privilege 15
username bmcgloth password <removed> privilege 15
!
class-map inspection_default
 match default-inspection-traffic
class-map global-class-XXX
 match any
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 description IPS inspection policy for Cisco LAB
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
 class global-class-XXX
  ips promiscuous fail-open
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:74ca008c5477bc602c2080c680584775
: end

ASA-WAN-1_IDS

! ------------------------------
! Current configuration last modified Fri Dec 07 09:38:41 2012
! ------------------------------
! Version 7.1(6)
! Host:
!     Realm Keys          key1.0
! Signature Definition:
!     Signature Update    S648.0   2012-05-30
! ------------------------------
service interface
exit
! ------------------------------
service authentication
attemptLimit 6
password-strength
size 7-64
digits-min 1
lowercase-min 1
other-min 1
number-old-passwords 4
exit
cli-inactivity-timeout 15
exit
! ------------------------------
service event-action-rules rules0
exit
! ------------------------------
service host
network-settings
host-ip 192.168.11.23/24,192.168.11.10
host-name IPS-WAN-1
telnet-option disabled
access-list 192.168.41.101/32
access-list 192.168.41.102/32
access-list 192.168.42.122/32
access-list 192.168.42.124/32
access-list 192.168.42.133/32
access-list 192.168.42.134/32
access-list 192.168.42.138/32
access-list 192.168.42.139/32
login-banner-text WARNING: THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS 
ONLY!
dns-primary-server enabled
address 192.168.42.130
exit
dns-secondary-server disabled
dns-tertiary-server disabled
exit
time-zone-settings
offset -480
standard-time-zone-name PST
exit
ntp-option enabled-ntp-unauthenticated
ntp-server 192.168.62.161
exit
summertime-option recurring
summertime-zone-name PDT
start-summertime
month march
week-of-month second
day-of-week sunday
time-of-day 02:00:00
exit
end-summertime
month november
week-of-month first
day-of-week sunday
time-of-day 02:00:00
exit
exit
exit
! ------------------------------
service logger
exit
! ------------------------------
service network-access
exit
! ------------------------------
service notification
trap-destinations 192.168.42.124
trap-community-name RSAenvision
exit
enable-notifications true
trap-community-name RSAenvision
system-location Building SJC-17-1 Row 1 Rack 1
system-contact EmployeeA
exit
! ------------------------------
service signature-definition sig0
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
enable-tls true
port 443
server-id IPS-WAN-1
exit
! ------------------------------
service anomaly-detection ad0
exit
! ------------------------------
service external-product-interface
exit
! ------------------------------
service health-monitor
exit
! ------------------------------
service global-correlation
exit
! ------------------------------
service aaa
aaa radius
primary-server
server-address 192.168.42.131
shared-secret <removed>
exit
nas-id IPS-WAN-1
local-fallback enabled
console-authentication radius-and-local
default-user-role administrator
exit
exit
! ------------------------------
service analysis-engine
exit
IPS-WAN-1#
 
 

RWAN-1

 
 
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no platform punt-keepalive disable-kernel-core
!
hostname RWAN-1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
security authentication failure rate 2 log
security passwords min-length 7
logging buffered 50000
no logging rate-limit
enable secret 4 <removed>
!
aaa new-model
!
!
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone PST -8 0
clock summer-time PSTDST recurring
ip source-route
!
!
!
no ip bootp server
no ip domain lookup
ip domain name cisco-irn.com
ip name-server 192.168.42.130
ip multicast-routing distributed
!
!
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
!
!
!
multilink bundle-name authenticated
!
password encryption aes
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1264044905
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1264044905
 revocation-check none
 rsakeypair TP-self-signed-1264044905
!
!
crypto pki certificate chain TP-self-signed-1264044905
 certificate self-signed 01
  <removed>   				quit
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 4 <removed>
username csmadmin privilege 15 secret 4 <removed>
!
redundancy
 mode none
!
!
!
ip ssh version 2
ip scp server enable
!
class-map match-all BRANCH-BULK-DATA
 match access-group name BULK-DATA-APPS
class-map match-all BULK-DATA
 match ip dscp af11  af12 
class-map match-all INTERACTIVE-VIDEO
 match ip dscp af41  af42 
class-map match-any BRANCH-TRANSACTIONAL-DATA
 match protocol telnet
 match access-group name TRANSACTIONAL-DATA-APPS
class-map match-all BRANCH-MISSION-CRITICAL
 match access-group name MISSION-CRITICAL-SERVERS
class-map match-all VOICE
 match ip dscp ef 
class-map match-all MISSION-CRITICAL-DATA
 match ip dscp 25 
class-map match-any BRANCH-NET-MGMT
 match protocol dns
 match access-group name NET-MGMT-APPS
class-map match-all ROUTING
 match ip dscp cs6 
class-map match-all SCAVENGER
 match ip dscp cs1 
class-map match-all NET-MGMT
 match ip dscp cs2 
class-map match-any BRANCH-SCAVENGER
class-map match-any CALL-SIGNALING
 match ip dscp cs3 
class-map match-all TRANSACTIONAL-DATA
 match ip dscp af21  af22 
!
policy-map DataCenter-LAN-EDGE-OUT
 class class-default
policy-map DataCenter-LAN-EDGE-IN
 class BRANCH-MISSION-CRITICAL
  set ip dscp 25
 class BRANCH-TRANSACTIONAL-DATA
  set ip dscp af21
 class BRANCH-NET-MGMT
  set ip dscp cs2
 class BRANCH-BULK-DATA
  set ip dscp af11
 class BRANCH-SCAVENGER
  set ip dscp cs1
policy-map DataCenter-WAN-EDGE
 class VOICE
  priority percent 18
 class INTERACTIVE-VIDEO
  priority percent 15
 class CALL-SIGNALING
  bandwidth percent 5 
 class ROUTING
  bandwidth percent 3 
 class NET-MGMT
  bandwidth percent 2 
 class MISSION-CRITICAL-DATA
  bandwidth percent 15 
  random-detect
 class TRANSACTIONAL-DATA
  bandwidth percent 1 
  random-detect dscp-based
 class class-default
  bandwidth percent 25 
  random-detect
!
! 
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.1.111 255.255.255.255
!
interface GigabitEthernet0/0/0
 description SWAN-1
 ip address 192.168.11.2 255.255.255.0
 standby 1 ip 192.168.11.1
 standby 1 priority 105
 standby 1 preempt
 no negotiation auto
 service-policy input DataCenter-LAN-EDGE-IN
 service-policy output DataCenter-LAN-EDGE-OUT
!
interface GigabitEthernet0/0/1
 no ip address
 no negotiation auto
!
interface GigabitEthernet0/0/2
 description RSP-1 G0/1
 ip address 10.10.1.6 255.255.255.0
 no negotiation auto
 service-policy output DataCenter-WAN-EDGE
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 no negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
no ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 192.168.11.60
ip route 10.10.0.0 255.255.0.0 10.10.1.1
ip route 10.10.0.0 255.255.0.0 192.168.11.3 50
ip route 10.10.0.0 255.255.255.0 192.168.11.60
ip route 10.10.2.0 255.255.255.0 192.168.11.3
ip route 10.10.3.0 255.255.255.0 192.168.11.60
ip route 10.10.4.0 255.255.255.0 192.168.11.60
ip route 10.10.110.2 255.255.255.255 192.168.11.3
ip route 10.10.126.2 255.255.255.255 192.168.11.3
ip route 10.10.254.0 255.255.255.0 192.168.11.3
ip route 192.168.0.0 255.255.0.0 192.168.11.10
ip route 192.168.1.112 255.255.255.255 192.168.11.3
ip route 192.168.20.0 255.255.252.0 192.168.11.60
ip route 192.168.24.0 255.255.255.0 192.168.11.60
ip tacacs source-interface Loopback0
!
ip access-list extended BULK-DATA-APPS
 remark ---File Transfer---
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark ---E-mail traffic---
 permit tcp any any eq smtp
 permit tcp any any eq pop3
 permit tcp any any eq 143
 remark ---other EDM app protocols---
 permit tcp any any range 3460 3466
 permit tcp any range 3460 3466 any
 remark ---messaging services---
 permit tcp any any eq 2980
 permit tcp any eq 2980 any
 remark ---Microsoft file services---
 permit tcp any any range 137 139
 permit tcp any range 137 139 any
ip access-list extended MISSION-CRITICAL-SERVERS
 remark ---POS Applications---
 permit ip 192.168.52.0 0.0.0.255 any
ip access-list extended NET-MGMT-APPS
 remark - Router user Authentication - Identifies TACACS Control traffic
 permit tcp any any eq tacacs
 permit tcp any eq tacacs any
ip access-list extended TRANSACTIONAL-DATA-APPS
 remark ---Workbrain Application---
 remark --Large Store Clock Server to Central Clock Application
 permit tcp host 192.168.46.72 eq 8444 host 10.10.49.94
 remark --Large branch Clock Server to CUAE
 permit tcp host 192.168.45.185 eq 8000 host 10.10.49.94
 remark ---LiteScape Application---
 permit ip host 192.168.46.82 any
 permit ip 239.192.0.0 0.0.0.255 any
 permit ip host 239.255.255.250 any
 remark ---Remote Desktop---
 permit tcp any any eq 3389
 permit tcp any eq 3389 any
 remark ---Oracle SIM---
 permit tcp 192.168.46.0 0.0.0.255 eq 7777 any
 permit tcp 192.168.46.0 0.0.0.255 eq 6003 any
 permit tcp 192.168.46.0 0.0.0.255 range 12401 12500 any
!
logging esm config
logging trap debugging
logging source-interface Loopback0
logging 192.168.42.124
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
cdp run
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access  88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth 
snmp-server trap-source Loopback0
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps hsrp
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps flash insertion removal
snmp-server host 192.168.42.124 remoteuser 
!
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
!
control-plane
!
!
!
!
banner exec C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner incoming C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner login C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
 stopbits 1
line aux 0
 session-timeout 1  output
 exec-timeout 0 1
 privilege level 0
 no exec
 transport preferred none
 transport output none
 stopbits 1
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
ntp clock-period 17186047
ntp source Loopback0
ntp server 192.168.62.162
ntp server 192.168.62.161 prefer
end

RWAN-2

 
 
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no platform punt-keepalive disable-kernel-core
!
hostname RWAN-2
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
security authentication failure rate 2 log
security passwords min-length 7
logging buffered 50000
no logging rate-limit
enable secret 5 <removed>
!
aaa new-model
!
!
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
aaa session-id common
!
!
clock timezone PST -8 0
clock summer-time PST recurring
ip source-route
!
!
no ip bootp server
no ip domain lookup
ip domain name cisco-irn.com
ip name-server 192.168.42.130
ip multicast-routing distributed
!
!
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
!
!
multilink bundle-name authenticated
!
password encryption aes
!
!
crypto pki trustpoint TP-self-signed-1414178861
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1414178861
 revocation-check none
 rsakeypair TP-self-signed-1414178861
!
!
crypto pki certificate chain TP-self-signed-1414178861
 certificate self-signed 01
  <removed>
  	quit
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 4 <removed>
username csmadmin privilege 15 secret 4 <removed>
!
redundancy
 mode none
!
!
!
ip ssh version 2
ip scp server enable
! 
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.1.112 255.255.255.255
 ip pim sparse-dense-mode
!
interface GigabitEthernet0/0/0
 description SWAN-2
 ip address 192.168.11.3 255.255.255.0
 standby 1 ip 192.168.11.1
 standby 1 priority 95
 no negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 no negotiation auto
!
interface GigabitEthernet0/0/2
 description RSP-2 G0/1
 ip address 10.10.2.6 255.255.255.0
 no negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 no negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
no ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 192.168.11.60
ip route 10.10.0.0 255.255.0.0 10.10.2.1
ip route 10.10.0.0 255.255.0.0 192.168.11.2 50
ip route 10.10.0.0 255.255.255.0 192.168.11.60
ip route 10.10.1.0 255.255.255.0 192.168.11.2
ip route 10.10.3.0 255.255.255.0 192.168.11.60
ip route 10.10.4.0 255.255.255.0 192.168.11.60
ip route 10.10.110.1 255.255.255.255 192.168.11.2
ip route 10.10.126.1 255.255.255.255 192.168.11.2
ip route 10.10.255.0 255.255.255.0 192.168.11.2
ip route 192.168.0.0 255.255.0.0 192.168.11.10
ip route 192.168.1.111 255.255.255.255 192.168.11.2
ip route 192.168.20.0 255.255.252.0 192.168.11.60
ip route 192.168.24.0 255.255.255.0 192.168.11.60
ip tacacs source-interface Loopback0
!
!
logging esm config
logging trap debugging
logging source-interface Loopback0
logging 192.168.42.124
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access  88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth 
snmp-server trap-source Loopback0
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps hsrp
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps flash insertion removal
snmp-server host 192.168.42.124 remoteuser 
!
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
!
control-plane
!
!
!
!
banner exec C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner incoming C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner login C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
 stopbits 1
line aux 0
 session-timeout 1  output
 exec-timeout 0 1
 privilege level 0
 login authentication CiscoACS
 no exec
 transport preferred none
 transport output none
 stopbits 1
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
ntp clock-period 17219603
ntp source Loopback0
ntp server 192.168.62.162
ntp server 192.168.62.161 prefer
end

SWAN-1

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname SWAN-1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
enable secret 5 <removed>
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
username ciscolms privilege 15 secret 5 <removed>
!
!
aaa new-model
!
!
aaa group server tacacs+ PRIMARY1
!
aaa authentication login CiscoACS group PRIMARY1 local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PST recurring
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-722491520
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-722491520
 revocation-check none
 rsakeypair TP-self-signed-722491520
!
!
crypto pki certificate chain TP-self-signed-722491520
 certificate self-signed 01
<removed>
  quit
!
!
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 10
ip ssh time-out 30
ip ssh authentication-retries 2
ip ssh version 2
ip scp server enable
!
!
interface GigabitEthernet1/0/1
 description Link to RWAN-1 G0-0-0
!
interface GigabitEthernet1/0/2
description Link to ASA-WAN-1 G0-0
!    |
!<removed for brevity>
!    |
interface GigabitEthernet1/0/48
shutdown
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface TenGigabitEthernet1/1/1
shutdown
!
interface TenGigabitEthernet1/1/2
shutdown
!
!
interface GigabitEthernet2/0/1
 description Link to RWAN-2 G0-0-0
!
interface GigabitEthernet2/0/2
description Link to ASA-WAN-2 G0-0
!
! <removed for brevity>
!
interface GigabitEthernet2/0/48
shutdown
!
interface GigabitEthernet2/1/1
shutdown
!
interface GigabitEthernet2/1/2
shutdown
!
interface GigabitEthernet2/1/3
shutdown
!
interface GigabitEthernet2/1/4
shutdown
!
interface TenGigabitEthernet2/1/1
shutdown
!
interface TenGigabitEthernet2/1/2
shutdown
!
!
interface Vlan1
 ip address 192.168.11.14 255.255.255.0
!
ip default-gateway 192.168.11.10
ip classless
no ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip sla enable reaction-alerts
logging trap debugging
logging 192.168.42.124
logging 192.168.42.139
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 192.168.42.139 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 permit 192.168.42.139 log
access-list 88 deny   any log
snmp-server group V3Group v3 priv read V3Read write V3Write notify 
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server view V3Read iso included
snmp-server view V3Write iso included
snmp-server packetsize 8192
snmp-server location Building SJC-17-1 Aisle 2 Rack 3
snmp-server contact Bart McGlothin
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1-4
snmp-server enable traps power-ethernet police
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps energywise
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 192.168.42.134 version 3 priv ciscolms
snmp-server host 192.168.42.139 version 3 priv ciscolms
snmp-server host 192.168.42.133 version 3 priv csmadmin
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
banner exec ^C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
^C
banner incoming ^C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
^C
banner login ^C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
^C
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
!
monitor session 1 source interface Fa1/0/1
monitor session 1 destination interface Fa1/0/48
ntp clock-period 36029318
ntp server 192.168.62.162
ntp server 192.168.62.161 prefer
end
 
 

SWAN-3

Current configuration : 12174 bytes
!
! Last configuration change at 14:08:38 PST Fri Dec 21 2012 by bmcgloth
! NVRAM config last updated at 13:54:15 PST Fri Dec 21 2012 by bmcgloth
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname SWAN-3
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
enable secret 5 <removed>
!
 
 
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
username ciscolms privilege 15 secret 5 <removed>
!
!
aaa new-model
!
!
aaa group server tacacs+ PRIMARY1
!
aaa authentication login CiscoACS group PRIMARY1 local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PST recurring
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-722491520
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-722491520
 revocation-check none
 rsakeypair TP-self-signed-722491520
!
!
crypto pki certificate chain TP-self-signed-722491520
 certificate self-signed 01
<removed>
  quit
!
!
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 10
ip ssh time-out 30
ip ssh authentication-retries 2
ip ssh version 2
ip scp server enable
!
!
interface GigabitEthernet1/0/1
 description Link to RCORE-2 G1-1
!
interface GigabitEthernet1/0/2
description Link to ASA-WAN-1 G0-1
!    |
!<removed for brevity>
!    |
interface GigabitEthernet1/0/48
shutdown
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface TenGigabitEthernet1/1/1
shutdown
!
interface TenGigabitEthernet1/1/2
shutdown
!
!
interface GigabitEthernet2/0/1
 description Link to RCORE-1 G1-1
!
interface GigabitEthernet2/0/2
description Link to ASA-WAN-2 G0-1
!
! <removed for brevity>
!
interface GigabitEthernet2/0/48
shutdown
!
interface GigabitEthernet2/1/1
shutdown
!
interface GigabitEthernet2/1/2
shutdown
!
interface GigabitEthernet2/1/3
shutdown
!
interface GigabitEthernet2/1/4
shutdown
!
interface TenGigabitEthernet2/1/1
shutdown
!
interface TenGigabitEthernet2/1/2
shutdown
!
!
interface Vlan1
 ip address 192.168.11.14 255.255.255.0
!
ip default-gateway 192.168.11.10
ip classless
no ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip sla enable reaction-alerts
logging trap debugging
logging 192.168.42.124
logging 192.168.42.139
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 192.168.42.139 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 permit 192.168.42.139 log
access-list 88 deny   any log
snmp-server group V3Group v3 priv read V3Read write V3Write notify 
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server view V3Read iso included
snmp-server view V3Write iso included
snmp-server packetsize 8192
snmp-server location Building SJC-17-1 Aisle 2 Rack 3
snmp-server contact Bart McGlothin
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1-4
snmp-server enable traps power-ethernet police
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps energywise
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 192.168.42.134 version 3 priv ciscolms
snmp-server host 192.168.42.139 version 3 priv ciscolms
snmp-server host 192.168.42.133 version 3 priv csmadmin
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
banner exec ^C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
^C
banner incoming ^C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
^C
banner login ^C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
^C
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
!
monitor session 1 source interface Fa1/0/1
monitor session 1 destination interface Fa1/0/48
ntp clock-period 36029318
ntp server 192.168.62.162
ntp server 192.168.62.161 prefer
end
 
 

Core

RCORE-1

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname RCORE-1
!
boot-start-marker
boot system flash disk0:s72033-adventerprisek9_wan-mz.122-33.SXJ.bin
boot-end-marker
!
security authentication failure rate 2 log
security passwords min-length 7
logging buffered 50000
no logging rate-limit
enable secret 5 <removed>
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
aaa new-model
!
!
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PSTDST recurring
ip wccp 61
ip wccp 62
!
!
!
no ip bootp server
ip multicast-routing 
ip ssh version 2
ip scp server enable
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
ipv6 mfib hardware-switching replication-mode ingress
vtp domain COMPLIANCEVTP
vtp mode transparent
mls ip cef load-sharing full simple
no mls acl tcam share-global
mls netflow interface
mls cef error action freeze
password encryption aes
!
crypto pki trustpoint TP-self-signed-1104
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1104
 revocation-check none
 rsakeypair TP-self-signed-1104
!
!
crypto pki certificate chain TP-self-signed-1104
 certificate self-signed 01
  <removed>
  quit
!
!
!
!
!
!
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
environment temperature-controlled
diagnostic bootup level minimal
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
! 
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface Port-channel99
 ip address 192.168.10.29 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface GigabitEthernet1/1
 description to DC WAN_SWAN-3
 ip address 192.168.11.11 255.255.255.0
 standby 0 ip 192.168.11.10
 standby 0 priority 101
 standby 0 preempt
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/4
 no ip address
 shutdown
!
interface GigabitEthernet1/5
 no ip address
 shutdown
!
interface GigabitEthernet1/6
 no ip address
 shutdown
!
interface GigabitEthernet1/7
 no ip address
 shutdown
!
interface GigabitEthernet1/8
 no ip address
 shutdown
!
interface GigabitEthernet1/9
 no ip address
 shutdown
!
interface GigabitEthernet1/10
 no ip address
 shutdown
!
interface GigabitEthernet1/11
 no ip address
 shutdown
!
interface GigabitEthernet1/12
 no ip address
 shutdown
!
interface GigabitEthernet1/13
 no ip address
 shutdown
!
interface GigabitEthernet1/14
 no ip address
 shutdown
!
interface GigabitEthernet1/15
 no ip address
 shutdown
!
interface GigabitEthernet1/16
 no ip address
 shutdown
!
interface GigabitEthernet1/17
 no ip address
 shutdown
!
interface GigabitEthernet1/18
 no ip address
 shutdown
!
interface GigabitEthernet1/19
 no ip address
 shutdown
!
interface GigabitEthernet1/20
 no ip address
 shutdown
!
interface GigabitEthernet1/21
 no ip address
 shutdown
!
interface GigabitEthernet1/22
 no ip address
 shutdown
!
interface GigabitEthernet1/23
 no ip address
 shutdown
!
interface GigabitEthernet1/24
 no ip address
 shutdown
!
interface GigabitEthernet1/25
 no ip address
 shutdown
!
interface GigabitEthernet1/26
 no ip address
 shutdown
!
interface GigabitEthernet1/27
 no ip address
 shutdown
!
interface GigabitEthernet1/28
 no ip address
 shutdown
!
interface GigabitEthernet1/29
 no ip address
 shutdown
!
interface GigabitEthernet1/30
 no ip address
 shutdown
!
interface GigabitEthernet1/31
 no ip address
 shutdown
!
interface GigabitEthernet1/32
 no ip address
 shutdown
!
interface GigabitEthernet1/33
 no ip address
 shutdown
!
interface GigabitEthernet1/34
 no ip address
 shutdown
!
interface GigabitEthernet1/35
 no ip address
 shutdown
!
interface GigabitEthernet1/36
 no ip address
 shutdown
!
interface GigabitEthernet1/37
 no ip address
 shutdown
!
interface GigabitEthernet1/38
 no ip address
 shutdown
!
interface GigabitEthernet1/39
 no ip address
 shutdown
!
interface GigabitEthernet1/40
 no ip address
 shutdown
!
interface GigabitEthernet1/41
 no ip address
 shutdown
!
interface GigabitEthernet1/42
 no ip address
 shutdown
!
interface GigabitEthernet1/43
 no ip address
 shutdown
!
interface GigabitEthernet1/44
 no ip address
 shutdown
!
interface GigabitEthernet1/45
 no ip address
 shutdown
!
interface GigabitEthernet1/46
 no ip address
 shutdown
!
interface GigabitEthernet1/47
 no ip address
 shutdown
!
interface GigabitEthernet1/48
 no ip address
 shutdown
!
interface TenGigabitEthernet2/1
 description 10Gig LINK to RAGG-1 T1/3
 ip address 192.168.10.13 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip igmp query-interval 125
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet2/2
 description 10Gig LINK to RAGG-2 T1/3
 ip address 192.168.10.17 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip igmp query-interval 125
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet2/3
 description 10Gig LINK to RCORE-2
 no ip address
 channel-group 99 mode active
!
interface TenGigabitEthernet2/4
 description 10Gig LINK to RCORE-2
 no ip address
 channel-group 99 mode active
!
interface TenGigabitEthernet2/5
 no ip address
 shutdown
!
interface TenGigabitEthernet2/6
 no ip address
 shutdown
!
interface TenGigabitEthernet2/7
 no ip address
 shutdown
!
interface TenGigabitEthernet2/8
 no ip address
 shutdown
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 shutdown
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 5
 router-id 192.168.1.1
 log-adjacency-changes
 auto-cost reference-bandwidth 10000
 nsf
 redistribute static subnets
 passive-interface default
 no passive-interface TenGigabitEthernet2/1
 no passive-interface TenGigabitEthernet2/2
 no passive-interface Port-channel99
 network 192.168.0.0 0.0.255.255 area 0
 default-information originate metric 20 metric-type 1
!
ip classless
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.11.60 name default-to-internet
ip route 10.10.0.0 255.255.0.0 192.168.11.1 name route-to-branchs
ip route 10.10.0.0 255.255.255.0 192.168.11.60 name route-to-SP
ip route 10.10.1.0 255.255.255.0 192.168.11.2
ip route 10.10.2.0 255.255.255.0 192.168.11.3
ip route 10.10.110.1 255.255.255.255 192.168.11.2
ip route 10.10.110.2 255.255.255.255 192.168.11.3
ip route 10.10.126.1 255.255.255.255 192.168.11.2
ip route 10.10.126.2 255.255.255.255 192.168.11.3
ip route 10.10.254.0 255.255.255.0 192.168.11.3
ip route 10.10.255.0 255.255.255.0 192.168.11.2
ip route 192.168.1.111 255.255.255.255 192.168.11.2
ip route 192.168.1.112 255.255.255.255 192.168.11.3
ip route 192.168.20.0 255.255.255.0 192.168.11.60 name route-to-DMZ
ip route 192.168.21.0 255.255.255.0 192.168.11.60 name route-to-DMZ
ip route 192.168.22.0 255.255.255.0 192.168.11.60 name route-to-DMZ
ip route 192.168.23.0 255.255.255.0 192.168.11.60 name route-to-DMZ
!
!
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip pim send-rp-discovery scope 2
ip tacacs source-interface Loopback0
!
logging trap debugging
logging source-interface Loopback0
logging 192.168.42.124
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access  88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth 
snmp-server trap-source Loopback0
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps MAC-Notification change move threshold
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps energywise
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps errdisable
snmp-server host 192.168.42.124 remoteuser 
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner exec C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner incoming C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner login C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
!
ntp source Loopback0
ntp server 192.168.62.161 prefer
ntp server 192.168.62.162
mac-address-table aging-time 480
!
end
 
 

RCORE-2

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname RCORE-2
!
boot-start-marker
boot system flash disk1:s72033-adventerprisek9_wan-mz.122-33.SXJ.bin
boot-end-marker
!
security authentication failure rate 2 log
security passwords min-length 7
logging buffered 50000
no logging rate-limit
enable secret 5 <removed>
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
aaa new-model
!
!
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PSTDST recurring
call-home
 no alert-group configuration
 no alert-group diagnostic
 no alert-group environment
 no alert-group inventory
 no alert-group syslog
ip wccp 61
ip wccp 62
!
!
!
no ip bootp server
ip multicast-routing 
ip ssh version 2
ip scp server enable
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
ipv6 mfib hardware-switching replication-mode ingress
vtp domain COMPLIANCEVTP
vtp mode transparent
mls ip cef load-sharing full simple
no mls acl tcam share-global
mls netflow interface
mls cef error action freeze
password encryption aes
!
crypto pki trustpoint TP-self-signed-1051
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1051
 revocation-check none
 rsakeypair TP-self-signed-1051
!
!
crypto pki certificate chain TP-self-signed-1051
 certificate self-signed 01
  <removed>
  quit
!
!
!
!
!
!
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree pathcost method long
environment temperature-controlled
diagnostic bootup level minimal
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
! 
!
!
!
interface Loopback0
 ip address 192.168.1.2 255.255.255.255
!
interface Port-channel99
 description link between CORE's
 ip address 192.168.10.30 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface GigabitEthernet1/1
 description to DC WAN_SWAN-3/4
 ip address 192.168.11.12 255.255.255.0
 standby 0 ip 192.168.11.10
 standby 0 priority 99
 standby 0 preempt
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/4
 no ip address
 shutdown
!
interface GigabitEthernet1/5
 no ip address
 shutdown
!
interface GigabitEthernet1/6
 no ip address
 shutdown
!
interface GigabitEthernet1/7
 no ip address
 shutdown
!
interface GigabitEthernet1/8
 no ip address
 shutdown
!
interface GigabitEthernet1/9
 no ip address
 shutdown
!
interface GigabitEthernet1/10
 no ip address
 shutdown
!
interface GigabitEthernet1/11
 no ip address
 shutdown
!
interface GigabitEthernet1/12
 no ip address
 shutdown
!
interface GigabitEthernet1/13
 no ip address
 shutdown
!
interface GigabitEthernet1/14
 no ip address
 shutdown
!
interface GigabitEthernet1/15
 no ip address
 shutdown
!
interface GigabitEthernet1/16
 no ip address
 shutdown
!
interface GigabitEthernet1/17
 no ip address
 shutdown
!
interface GigabitEthernet1/18
 no ip address
 shutdown
!
interface GigabitEthernet1/19
 no ip address
 shutdown
!
interface GigabitEthernet1/20
 no ip address
 shutdown
!
interface GigabitEthernet1/21
 no ip address
 shutdown
!
interface GigabitEthernet1/22
 no ip address
 shutdown
!
interface GigabitEthernet1/23
 no ip address
 shutdown
!
interface GigabitEthernet1/24
 no ip address
 shutdown
!
interface GigabitEthernet1/25
 no ip address
 shutdown
!
interface GigabitEthernet1/26
 no ip address
 shutdown
!
interface GigabitEthernet1/27
 no ip address
 shutdown
!
interface GigabitEthernet1/28
 no ip address
 shutdown
!
interface GigabitEthernet1/29
 no ip address
 shutdown
!
interface GigabitEthernet1/30
 no ip address
 shutdown
!
interface GigabitEthernet1/31
 no ip address
 shutdown
!
interface GigabitEthernet1/32
 no ip address
 shutdown
!
interface GigabitEthernet1/33
 no ip address
 shutdown
!
interface GigabitEthernet1/34
 no ip address
 shutdown
!
interface GigabitEthernet1/35
 no ip address
 shutdown
!
interface GigabitEthernet1/36
 no ip address
 shutdown
!
interface GigabitEthernet1/37
 no ip address
 shutdown
!
interface GigabitEthernet1/38
 no ip address
 shutdown
!
interface GigabitEthernet1/39
 no ip address
 shutdown
!
interface GigabitEthernet1/40
 no ip address
 shutdown
!
interface GigabitEthernet1/41
 no ip address
 shutdown
!
interface GigabitEthernet1/42
 no ip address
 shutdown
!
interface GigabitEthernet1/43
 no ip address
 shutdown
!
interface GigabitEthernet1/44
 no ip address
 shutdown
!
interface GigabitEthernet1/45
 no ip address
 shutdown
!
interface GigabitEthernet1/46
 no ip address
 shutdown
!
interface GigabitEthernet1/47
 no ip address
 shutdown
!
interface GigabitEthernet1/48
 no ip address
 shutdown
!
interface TenGigabitEthernet2/1
 description 10Gig LINK to RAGG-1 T1/4
 ip address 192.168.10.21 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip igmp query-interval 125
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet2/2
 description 10Gig LINK to RAGG-2 T1/4
 ip address 192.168.10.25 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip igmp query-interval 125
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf network point-to-point
 ip ospf hello-interval 2
 ip ospf dead-interval 6
 logging event link-status
!
interface TenGigabitEthernet2/3
 description 10Gig LINK to RCORE-1
 no ip address
 channel-group 99 mode active
!
interface TenGigabitEthernet2/4
 description 10Gig LINK to RCORE-1
 no ip address
 channel-group 99 mode active
!
interface TenGigabitEthernet2/5
 no ip address
 shutdown
!
interface TenGigabitEthernet2/6
 no ip address
 shutdown
!
interface TenGigabitEthernet2/7
 no ip address
 shutdown
!
interface TenGigabitEthernet2/8
 no ip address
 shutdown
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 shutdown
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 5
 router-id 192.168.1.2
 log-adjacency-changes
 auto-cost reference-bandwidth 10000
 nsf
 redistribute static subnets
 passive-interface default
 no passive-interface TenGigabitEthernet2/1
 no passive-interface TenGigabitEthernet2/2
 no passive-interface Port-channel99
 network 192.168.0.0 0.0.255.255 area 0
 default-information originate metric 22 metric-type 1
!
ip classless
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.11.60 name default-to-internet
ip route 10.10.0.0 255.255.0.0 192.168.11.1 name route-to-branchs
ip route 10.10.0.0 255.255.255.0 192.168.11.60 name route-to-SP
ip route 10.10.1.0 255.255.255.0 192.168.11.2
ip route 10.10.2.0 255.255.255.0 192.168.11.3
ip route 10.10.110.1 255.255.255.255 192.168.11.2
ip route 10.10.110.2 255.255.255.255 192.168.11.3
ip route 10.10.126.1 255.255.255.255 192.168.11.2
ip route 10.10.126.2 255.255.255.255 192.168.11.3
ip route 10.10.254.0 255.255.255.0 192.168.11.3
ip route 10.10.255.0 255.255.255.0 192.168.11.2
ip route 192.168.20.0 255.255.255.0 192.168.11.60 name route-to-DMZ
ip route 192.168.21.0 255.255.255.0 192.168.11.60 name route-to-DMZ
ip route 192.168.22.0 255.255.255.0 192.168.11.60 name route-to-DMZ
ip route 192.168.23.0 255.255.255.0 192.168.11.60 name route-to-DMZ
!
!
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip pim send-rp-discovery scope 2
ip tacacs source-interface Loopback0
!
logging trap debugging
logging source-interface Loopback0
logging 192.168.42.124
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access  88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth 
snmp-server trap-source Loopback0
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps MAC-Notification change move threshold
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps energywise
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps errdisable
snmp-server host 192.168.42.124 remoteuser 
tacacs-server host 192.168.42.131 timeout 5
tacacs-server directed-request
tacacs-server key 7 <removed>
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner exec C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner incoming C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner login C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
ntp source Loopback0
ntp server 192.168.62.161 prefer
ntp server 192.168.62.162
mac-address-table aging-time 480
!
end
 
 

Aggregation

ASA-DC-1

: Saved
:
ASA Version 8.4(1) <context>
!
firewall transparent
hostname dca-vc1
domain-name cisco-irn.com
enable password <removed> encrypted
passwd <removed> encrypted
names
!
interface outside
 nameif north
 bridge-group 1
 security-level 0
!
interface inside
 nameif south
 bridge-group 1
 security-level 100
!
interface BVI1
 ip address 192.168.162.21 255.255.255.0 standby 192.168.162.22 
!
dns domain-lookup south
dns server-group DefaultDNS
 name-server 192.168.42.130
 domain-name cisco-irn.com
object-group network AdminStation
 network-object 192.168.41.101 255.255.255.255
object-group network AdminStation2
 network-object 192.168.41.102 255.255.255.255
object-group network AdminStation4-bart
 network-object 10.19.151.99 255.255.255.255
object-group network CSM_INLINE_src_rule_77309411633
 description Generated by CS-Manager from src of FirewallRule# 2 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object AdminStation
 group-object AdminStation2
 group-object AdminStation4-bart
object-group network DC-ALL
 description All of the Data Center
 network-object 192.168.0.0 255.255.0.0
object-group network Branches-ALL
 description all branch networks
 network-object 10.10.0.0 255.255.0.0
object-group network CSM_INLINE_dst_rule_77309411633
 description Generated by CS-Manager from dst of FirewallRule# 2 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-ALL
 group-object Branches-ALL
object-group network EMC-NCM
 description EMC Network Configuration Manager
 network-object 192.168.42.122 255.255.255.255
object-group network CSManager
 description Cisco Security Manager
 network-object 192.168.42.133 255.255.255.255
object-group network RSA-enVision
 description RSA EnVision Syslog collector and SIM
 network-object 192.168.42.124 255.255.255.255
object-group network AdminStation3
 network-object 192.168.42.138 255.255.255.255
object-group network Admin-Systems
 group-object EMC-NCM
 group-object AdminStation
 group-object AdminStation2
 group-object CSManager
 group-object RSA-enVision
 group-object AdminStation3
 group-object AdminStation4-bart
object-group network DC-DMZ
 description (Optimized by CS-Manager)
 network-object 192.168.20.0 255.255.252.0
 network-object 192.168.24.0 255.255.255.0
object-group network CSM_INLINE_dst_rule_77309411635
 description Generated by CS-Manager from dst of FirewallRule# 3 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-ALL
 group-object Branches-ALL
 group-object DC-DMZ
object-group network CSM_INLINE_src_rule_77309414079
 description Generated by CS-Manager from src of FirewallRule# 4 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-ALL
 group-object Branches-ALL
object-group network CSM_INLINE_src_rule_77309414081
 description Generated by CS-Manager from src of FirewallRule# 5 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-ALL
 group-object Branches-ALL
object-group network ActiveDirectory.cisco-irn.com
 network-object 192.168.42.130 255.255.255.255
object-group network vSphere-1
 description vSphere server for Lab
 network-object 192.168.41.102 255.255.255.255
object-group network WCSManager
 description Wireless Manager
 network-object 192.168.43.135 255.255.255.255
object-group network DC-Wifi-Controllers
 description Central Wireless Controllers for branchs
 network-object 192.168.43.21 255.255.255.255
 network-object 192.168.43.22 255.255.255.255
object-group network DC-Wifi-MSE
 description Mobility Service Engines
 network-object 192.168.43.31 255.255.255.255
 network-object 192.168.43.32 255.255.255.255
object-group network CSM_INLINE_src_rule_77309411641
 description Generated by CS-Manager from src of FirewallRule# 9 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object WCSManager
 group-object DC-Wifi-Controllers
 group-object DC-Wifi-MSE
object-group network PAME-DC-1
 network-object 192.168.44.111 255.255.255.255
object-group network MSP-DC-1
 description Data Center VSOM
 network-object 192.168.44.121 255.255.255.255
object-group network CSM_INLINE_src_rule_77309411643
 description Generated by CS-Manager from src of FirewallRule# 10 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object PAME-DC-1
 group-object MSP-DC-1
object-group network DC-WAAS
 description WAE Appliances in Data Center
 network-object 192.168.48.10 255.255.255.255
 network-object 192.168.49.10 255.255.255.255
 network-object 192.168.47.11 255.255.255.255
 network-object 192.168.47.12 255.255.255.255
object-group network CSM_INLINE_src_rule_77309414071
 description Generated by CS-Manager from src of FirewallRule# 15 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-ALL
 group-object Branches-ALL
object-group network NTP-Servers
 description NTP Servers
 network-object 192.168.62.161 255.255.255.255
 network-object 162.168.62.162 255.255.255.255
object-group network TACACS
 description Csico Secure ACS server for TACACS and Radius
 network-object 192.168.42.131 255.255.255.255
object-group network RSA-AM
 description RSA Authentication Manager for SecureID
 network-object 192.168.42.137 255.255.255.255
object-group network NAC-2
 network-object 192.168.42.112 255.255.255.255
object-group network NAC-1
 description ISE server for NAC
 network-object 192.168.42.111 255.255.255.255
object-group network CSM_INLINE_dst_rule_77309411663
 description Generated by CS-Manager from dst of FirewallRule# 25 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object TACACS
 group-object RSA-AM
 group-object NAC-2
 group-object NAC-1
object-group network CSM_INLINE_dst_rule_77309411665
 description Generated by CS-Manager from dst of FirewallRule# 26 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object NAC-2
 group-object NAC-1
object-group network CSM_INLINE_dst_rule_77309411669
 description Generated by CS-Manager from dst of FirewallRule# 28 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object PAME-DC-1
 group-object MSP-DC-1
object-group network CSM_INLINE_dst_rule_77309411671
 description Generated by CS-Manager from dst of FirewallRule# 29 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-Wifi-Controllers
 group-object DC-Wifi-MSE
object-group network MS-Update
 description Windows Update Server
 network-object 192.168.42.150 255.255.255.255
object-group network MSExchange
 description Mail Server
 network-object 192.168.42.140 255.255.255.255
object-group network POS-Store-Conv
 network-object 10.10.160.81 255.255.255.255
object-group network POS-Store-MSP
 network-object 10.10.176.81 255.255.255.255
object-group network POS-Store-SMALL-1
 description Small Store POS devices
 network-object 10.10.128.81 255.255.255.255
 network-object 10.10.128.82 255.255.255.255
object-group network POS-Store-Medium
 network-object 10.10.112.81 255.255.255.255
 network-object 10.10.125.40 255.255.255.255
object-group network POS-Store-Mini
 network-object 10.10.144.81 255.255.255.255
object-group network POS-Store-3g
 network-object 10.10.192.82 255.255.255.255
object-group network POS-Store-Large
 network-object 10.10.96.81 255.255.255.255
 network-object 10.10.96.82 255.255.255.255
object-group network CSM_INLINE_src_rule_77309411683
 description Generated by CS-Manager from src of FirewallRule# 35 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object POS-Store-Conv
 group-object POS-Store-MSP
 group-object POS-Store-SMALL-1
 group-object POS-Store-Medium
 group-object POS-Store-Mini
 group-object POS-Store-3g
 group-object POS-Store-Large
object-group network DC-POS-Tomax
 description Tomax POS Communication from Store to Data Center
 network-object 192.168.52.96 255.255.255.224
object-group network DC-POS
 description POS in the Data Center
 network-object 192.168.52.0 255.255.255.0
object-group network DC-POS-SAP
 description SAP POS Communication from Store to Data Center
 network-object 192.168.52.144 255.255.255.240
object-group network DC-POS-Oracle
 description Oracle POS Communication from Store to Data Center
 network-object 192.168.52.128 255.255.255.240
object-group network CSM_INLINE_dst_rule_77309411683
 description Generated by CS-Manager from dst of FirewallRule# 35 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DC-POS-Tomax
 group-object DC-POS
 group-object DC-POS-SAP
 group-object DC-POS-Oracle
object-group network CSM_INLINE_src_rule_77309414158
 description Generated by CS-Manager from src of FirewallRule# 36 
(ASA-DC-1-vdc1_v1/mandatory)
 network-object 192.168.22.11 255.255.255.255
 network-object 192.168.22.12 255.255.255.255
 network-object 192.168.21.0 255.255.255.0
object-group network CSM_INLINE_src_rule_77309414160
 description Generated by CS-Manager from src of FirewallRule# 37 
(ASA-DC-1-vdc1_v1/mandatory)
 network-object 192.168.22.11 255.255.255.255
 network-object 192.168.22.12 255.255.255.255
 network-object 192.168.21.0 255.255.255.0
object-group network CSM_INLINE_src_rule_77309414162
 description Generated by CS-Manager from src of FirewallRule# 38 
(ASA-DC-1-vdc1_v1/mandatory)
 network-object 192.168.22.11 255.255.255.255
 network-object 192.168.22.12 255.255.255.255
 network-object 192.168.21.0 255.255.255.0
object-group service HTTPS-8443
 service-object tcp destination eq 8443 
object-group service CSM_INLINE_svc_rule_77309411635
 description Generated by CS-Manager from service of FirewallRule# 3 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq ssh 
 service-object tcp destination eq https 
 group-object HTTPS-8443
object-group service CSM_INLINE_svc_rule_77309414079
 description Generated by CS-Manager from service of FirewallRule# 4 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq smtp 
 service-object tcp destination eq https 
 service-object tcp destination eq ssh 
object-group service CSM_INLINE_svc_rule_77309414081
 description Generated by CS-Manager from service of FirewallRule# 5 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq https 
 service-object tcp destination eq ssh 
object-group service RPC
 service-object tcp destination eq 135 
object-group service LDAP-GC
 service-object tcp destination eq 3268 
object-group service LDAP-GC-SSL
 service-object tcp destination eq 3269 
object-group service DNS-Resolving
 description Domain Name Server
 service-object tcp destination eq domain 
 service-object udp destination eq domain 
object-group service Kerberos-TCP
 service-object tcp destination eq 88 
object-group service Microsoft-DS-SMB
 description Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharing
 service-object tcp destination eq 445 
object-group service LDAP-UDP
 service-object udp destination eq 389 
object-group service RPC-HighPorts
 service-object tcp destination range 1024 65535 
object-group service CSM_INLINE_svc_rule_77309411637
 description Generated by CS-Manager from service of FirewallRule# 7 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq ldap 
 service-object tcp destination eq ldaps 
 service-object udp destination eq 88 
 service-object udp destination eq ntp 
 service-object udp destination eq netbios-dgm 
 group-object RPC
 group-object LDAP-GC
 group-object LDAP-GC-SSL
 group-object DNS-Resolving
 group-object Kerberos-TCP
 group-object Microsoft-DS-SMB
 group-object LDAP-UDP
 group-object RPC-HighPorts
object-group service vCenter-to-ESX4
 description Communication from vCetner to ESX hosts
 service-object tcp destination eq 5989 
 service-object tcp destination eq 8000 
 service-object tcp destination eq 902 
 service-object tcp destination eq 903 
object-group service CSM_INLINE_svc_rule_77309411639
 description Generated by CS-Manager from service of FirewallRule# 8 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq https 
 service-object tcp destination eq ssh 
 group-object vCenter-to-ESX4
object-group service IP-Protocol-97
 description IP protocol 97
 service-object 97 
object-group service TFTP
 description Trivial File Transfer
 service-object tcp destination eq 69 
 service-object udp destination eq tftp 
object-group service LWAPP
 description LWAPP UDP ports 12222 and 12223
 service-object udp destination eq 12222 
 service-object udp destination eq 12223 
object-group service CAPWAP
 description CAPWAP UDP ports 5246 and 5247
 service-object udp destination eq 5246 
 service-object udp destination eq 5247 
object-group service CSM_INLINE_svc_rule_77309411641
 description Generated by CS-Manager from service of FirewallRule# 9 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq https 
 service-object tcp destination eq www 
 service-object udp destination eq isakmp 
 service-object tcp destination eq telnet 
 service-object tcp destination eq ssh 
 group-object IP-Protocol-97
 group-object TFTP
 group-object LWAPP
 group-object CAPWAP
object-group service TCP1080
 service-object tcp destination eq 1080 
object-group service TCP8080
 service-object tcp destination eq 8080 
object-group service RDP
 description Windows Remote Desktop
 service-object tcp destination eq 3389 
object-group service CSM_INLINE_svc_rule_77309411645
 description Generated by CS-Manager from service of FirewallRule# 11 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object icmp echo
 service-object icmp echo-reply
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object tcp destination eq ssh 
 service-object tcp destination eq ftp 
 group-object HTTPS-8443
 group-object TCP1080
 group-object TCP8080
 group-object RDP
object-group service CISCO-WAAS
 description Ports for Cisco WAAS
 service-object tcp destination eq 4050 
object-group service Netbios
 description Netbios Servers
 service-object udp destination eq netbios-dgm 
 service-object udp destination eq netbios-ns 
 service-object tcp destination eq netbios-ssn 
object-group service CSM_INLINE_svc_rule_77309411647
 description Generated by CS-Manager from service of FirewallRule# 12 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object CISCO-WAAS
 group-object HTTPS-8443
 group-object Microsoft-DS-SMB
 group-object Netbios
object-group service CSM_INLINE_svc_rule_77309411649
 description Generated by CS-Manager from service of FirewallRule# 13 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp-udp destination eq sip 
 service-object tcp destination eq 2000 
object-group service CSM_INLINE_svc_rule_77309414071
 description Generated by CS-Manager from service of FirewallRule# 15 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object icmp echo
 service-object icmp echo-reply
 service-object icmp unreachable
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object tcp destination eq ftp 
 service-object tcp destination eq ssh 
 group-object TCP1080
 group-object TCP8080
 group-object RDP
object-group service NTP
 description NTP Protocols
 service-object tcp destination eq 123 
 service-object udp destination eq ntp 
object-group service CSM_INLINE_svc_rule_77309414073
 description Generated by CS-Manager from service of FirewallRule# 16 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object DNS-Resolving
 group-object NTP
object-group service CSM_INLINE_svc_rule_77309414077
 description Generated by CS-Manager from service of FirewallRule# 18 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq ldap 
 service-object tcp destination eq ldaps 
 group-object LDAP-GC
 group-object LDAP-GC-SSL
 group-object LDAP-UDP
object-group service CSM_INLINE_svc_rule_77309411655
 description Generated by CS-Manager from service of FirewallRule# 21 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object udp destination eq snmptrap 
 service-object udp destination eq snmp 
 service-object udp destination eq syslog 
object-group service CSM_INLINE_svc_rule_77309411657
 description Generated by CS-Manager from service of FirewallRule# 22 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object udp destination eq domain 
 service-object tcp destination eq ldap 
 service-object tcp destination eq ldaps 
object-group service CSM_INLINE_svc_rule_77309411663
 description Generated by CS-Manager from service of FirewallRule# 25 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object udp destination eq 1812 
 service-object udp destination eq 1813 
object-group service CSM_INLINE_svc_rule_77309411665
 description Generated by CS-Manager from service of FirewallRule# 26 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq https 
 service-object tcp destination eq www 
 group-object HTTPS-8443
object-group service ESX-SLP
 description CIM Service Location Protocol (SLP) for VMware systems
 service-object udp destination eq 427 
 service-object tcp destination eq 427 
object-group service CSM_INLINE_svc_rule_77309411667
 description Generated by CS-Manager from service of FirewallRule# 27 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq https 
 service-object tcp destination eq www 
 service-object tcp destination eq ssh 
 group-object vCenter-to-ESX4
 group-object ESX-SLP
object-group service Cisco-Mobility
 description Mobility ports for Wireless
 service-object udp destination eq 16666 
 service-object udp destination eq 16667 
object-group service CSM_INLINE_svc_rule_77309411671
 description Generated by CS-Manager from service of FirewallRule# 29 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq https 
 service-object udp destination eq isakmp 
 group-object Cisco-Mobility
 group-object IP-Protocol-97
 group-object LWAPP
 group-object CAPWAP
object-group service CSM_INLINE_svc_rule_77309411673
 description Generated by CS-Manager from service of FirewallRule# 30 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp-udp destination eq sip 
 service-object tcp destination eq 2000 
object-group service CSM_INLINE_svc_rule_77309411675
 description Generated by CS-Manager from service of FirewallRule# 31 
(ASA-DC-1-vdc1_v1/mandatory)
 group-object CISCO-WAAS
 group-object HTTPS-8443
 group-object Microsoft-DS-SMB
 group-object Netbios
object-group service CSM_INLINE_svc_rule_77309411677
 description Generated by CS-Manager from service of FirewallRule# 32 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq ldap 
 service-object tcp destination eq ldaps 
 service-object udp destination eq 88 
 service-object udp destination eq ntp 
 service-object udp destination eq netbios-dgm 
 group-object RPC
 group-object LDAP-GC
 group-object LDAP-GC-SSL
 group-object DNS-Resolving
 group-object Kerberos-TCP
 group-object Microsoft-DS-SMB
 group-object LDAP-UDP
 group-object RPC-HighPorts
object-group service CSM_INLINE_svc_rule_77309411679
 description Generated by CS-Manager from service of FirewallRule# 33 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq www 
 service-object tcp destination eq https 
object-group service CSM_INLINE_svc_rule_77309411681
 description Generated by CS-Manager from service of FirewallRule# 34 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object tcp destination eq smtp 
 service-object tcp destination eq pop3 
 service-object tcp destination eq imap4 
object-group service CSM_INLINE_svc_rule_77309414166
 description Generated by CS-Manager from service of FirewallRule# 40 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object tcp destination eq smtp 
 group-object DNS-Resolving
object-group service CSM_INLINE_svc_rule_77309414172
 description Generated by CS-Manager from service of FirewallRule# 43 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object udp destination eq 1812 
 service-object udp destination eq 1813 
object-group service CSM_INLINE_svc_rule_77309414176
 description Generated by CS-Manager from service of FirewallRule# 45 
(ASA-DC-1-vdc1_v1/mandatory)
 service-object icmp 
 service-object tcp destination eq ssh 
 service-object tcp destination eq telnet 
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object tcp destination eq 8880 
 service-object tcp destination eq 8444 
 service-object tcp destination eq 5900 
 service-object tcp destination eq 5800 
 group-object RDP
 group-object TCP1080
 group-object TCP8080
 group-object TFTP
 group-object HTTPS-8443
 group-object vCenter-to-ESX4
access-list CSM_FW_ACL_north extended permit ospf 192.168.162.0 255.255.255.0 
192.168.162.0 255.255.255.0 
access-list CSM_FW_ACL_north extended permit tcp object-group Branches-ALL object-group 
EMC-NCM eq ssh 
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411655 
object-group Branches-ALL object-group RSA-enVision 
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411657 
object-group Branches-ALL object-group ActiveDirectory.cisco-irn.com 
access-list CSM_FW_ACL_north extended permit tcp object-group Branches-ALL object-group 
TACACS eq tacacs 
access-list CSM_FW_ACL_north extended permit udp object-group Branches-ALL object-group 
NTP-Servers eq ntp 
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411663 
object-group Branches-ALL object-group CSM_INLINE_dst_rule_77309411663 
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411665 
object-group Branches-ALL object-group CSM_INLINE_dst_rule_77309411665 
access-list CSM_FW_ACL_north remark VMWare ESX to Data Center
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411667 
object-group Branches-ALL object-group vSphere-1 
access-list CSM_FW_ACL_north remark Physical security systems
access-list CSM_FW_ACL_north extended permit tcp object-group Branches-ALL object-group 
CSM_INLINE_dst_rule_77309411669 eq https 
access-list CSM_FW_ACL_north remark Wireless control systems
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411671 
object-group Branches-ALL object-group CSM_INLINE_dst_rule_77309411671 
access-list CSM_FW_ACL_north remark Voice calls
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411673 
object-group Branches-ALL object-group DC-ALL 
access-list CSM_FW_ACL_north remark WAAS systems
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411675 
object-group Branches-ALL object-group DC-WAAS 
access-list CSM_FW_ACL_north remark Allow Active Directory Domain
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411677 
object-group Branches-ALL object-group ActiveDirectory.cisco-irn.com 
access-list CSM_FW_ACL_north remark Allow Windows Updates
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411679 
object-group Branches-ALL object-group MS-Update 
access-list CSM_FW_ACL_north remark Allow Mail
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411681 
object-group Branches-ALL object-group MSExchange 
access-list CSM_FW_ACL_north remark Allow Applications
access-list CSM_FW_ACL_north extended permit tcp object-group 
CSM_INLINE_src_rule_77309411683 object-group CSM_INLINE_dst_rule_77309411683 eq https 
access-list CSM_FW_ACL_north extended permit udp object-group 
CSM_INLINE_src_rule_77309414158 object-group NTP-Servers eq ntp 
access-list CSM_FW_ACL_north remark - RIE-2
access-list CSM_FW_ACL_north extended permit udp object-group 
CSM_INLINE_src_rule_77309414160 object-group RSA-enVision eq syslog 
access-list CSM_FW_ACL_north extended permit tcp object-group 
CSM_INLINE_src_rule_77309414162 object-group TACACS eq tacacs 
access-list CSM_FW_ACL_north extended permit udp 192.168.21.0 255.255.255.0 object-group 
ActiveDirectory.cisco-irn.com eq domain 
access-list CSM_FW_ACL_north remark Ironport traffic in from DNZ
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309414166 
host 192.168.23.68 any 
access-list CSM_FW_ACL_north extended permit udp host 192.168.23.68 object-group 
RSA-enVision eq syslog 
access-list CSM_FW_ACL_north extended permit udp host 192.168.23.68 object-group 
NTP-Servers eq ntp 
access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309414172 
host 192.168.23.68 object-group TACACS 
access-list CSM_FW_ACL_north remark Drop all other traffic
access-list CSM_FW_ACL_north extended deny ip any any log 
access-list CSM_FW_ACL_south extended permit ospf 192.168.162.0 255.255.255.0 
192.168.162.0 255.255.255.0 
access-list CSM_FW_ACL_south extended permit ip object-group 
CSM_INLINE_src_rule_77309411633 object-group CSM_INLINE_dst_rule_77309411633 
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411635 
object-group Admin-Systems object-group CSM_INLINE_dst_rule_77309411635 
access-list CSM_FW_ACL_south remark Allow services for Ironport apps
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414079 
object-group CSM_INLINE_src_rule_77309414079 192.168.23.64 255.255.255.224 
access-list CSM_FW_ACL_south remark Allow traffic to DMZ
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414081 
object-group CSM_INLINE_src_rule_77309414081 host 192.168.20.30 
access-list CSM_FW_ACL_south remark Drop unauthorized traffic to DMZ
access-list CSM_FW_ACL_south extended deny ip any 192.168.20.0 255.255.252.0 log 
access-list CSM_FW_ACL_south remark Allow Active Directory Domain
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411637 
object-group ActiveDirectory.cisco-irn.com object-group Branches-ALL 
access-list CSM_FW_ACL_south remark VMWare - ESX systems
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411639 
object-group vSphere-1 object-group Branches-ALL 
access-list CSM_FW_ACL_south remark Wireless Management to Stores
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411641 
object-group CSM_INLINE_src_rule_77309411641 object-group Branches-ALL 
access-list CSM_FW_ACL_south remark Physical security systems
access-list CSM_FW_ACL_south extended permit tcp object-group 
CSM_INLINE_src_rule_77309411643 object-group Branches-ALL eq https 
access-list CSM_FW_ACL_south remark Allow Management of branch systems
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411645 
object-group DC-ALL object-group Branches-ALL 
access-list CSM_FW_ACL_south remark WAAS systems
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411647 
object-group DC-WAAS object-group Branches-ALL 
access-list CSM_FW_ACL_south remark Voice calls
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411649 
object-group DC-ALL object-group Branches-ALL 
access-list CSM_FW_ACL_south extended deny ip any object-group Branches-ALL 
access-list CSM_FW_ACL_south remark Allow outbound services for Internet
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414071 
object-group CSM_INLINE_src_rule_77309414071 any 
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414073 
object-group ActiveDirectory.cisco-irn.com any 
access-list CSM_FW_ACL_south extended permit udp object-group NTP-Servers any eq ntp 
access-list CSM_FW_ACL_south remark Allow LDAP out LAB test
access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414077 
object-group PAME-DC-1 any log 
access-list CSM_FW_ACL_south remark Drop and Log all other traffic
access-list CSM_FW_ACL_south extended deny ip any any log 
pager lines 24
logging host south 192.168.42.124
mtu north 1500
mtu south 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any north
icmp permit any south
asdm history enable
arp timeout 14400
access-group CSM_FW_ACL_north in interface north
access-group CSM_FW_ACL_south in interface south
route north 0.0.0.0 0.0.0.0 192.168.162.1 1
route south 192.168.38.0 255.255.255.0 192.168.162.7 1
route south 192.168.39.0 255.255.255.0 192.168.162.7 1
route south 192.168.40.0 255.255.255.0 192.168.162.7 1
route south 192.168.41.0 255.255.255.0 192.168.162.7 1
route south 192.168.42.0 255.255.255.0 192.168.162.7 1
route south 192.168.43.0 255.255.255.0 192.168.162.7 1
route south 192.168.44.0 255.255.255.0 192.168.162.7 1
route south 192.168.45.0 255.255.255.0 192.168.162.7 1
route south 192.168.46.0 255.255.255.0 192.168.162.7 1
route south 192.168.52.0 255.255.255.0 192.168.162.7 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
aaa-server CiscoACS protocol tacacs+
aaa-server CiscoACS (south) host 192.168.42.131
 key *****
aaa authentication ssh console CiscoACS LOCAL
aaa authentication enable console CiscoACS LOCAL
aaa authentication http console CiscoACS LOCAL
aaa accounting ssh console CiscoACS
aaa accounting enable console CiscoACS
aaa accounting command privilege 15 CiscoACS
aaa authentication secure-http-client
aaa local authentication attempts max-fail 6
aaa authorization exec authentication-server
http server enable
http server idle-timeout 15
http server session-timeout 60
http 10.19.151.99 255.255.255.255 north
http 192.168.41.101 255.255.255.255 south
http 192.168.41.102 255.255.255.255 south
http 192.168.42.122 255.255.255.255 south
http 192.168.42.124 255.255.255.255 south
http 192.168.42.133 255.255.255.255 south
http 192.168.42.138 255.255.255.255 south
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh 10.19.151.99 255.255.255.255 north
ssh 192.168.41.101 255.255.255.255 south
ssh 192.168.41.102 255.255.255.255 south
ssh 192.168.42.122 255.255.255.255 south
ssh 192.168.42.124 255.255.255.255 south
ssh 192.168.42.133 255.255.255.255 south
ssh 192.168.42.138 255.255.255.255 south
ssh timeout 15
ssh version 2
no threat-detection statistics tcp-intercept
username csmadmin password  <removed> encrypted privilege 15
username bmcgloth password <removed> encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect ip-options 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
!
service-policy global_policy global
Cryptochecksum:70afa3a2a3007db41f3f336aca5cf51d
: end
asdm history enable
 
 

RAGG-1-RUNNING

version 5.1(2)
hostname RAGG-1
vdc RAGG-1 id 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 48 maximum 48
  limit-resource m6route-mem minimum 8 maximum 8
vdc vdc1 id 2
  allocate interface Ethernet1/1,Ethernet1/3,Ethernet1/5,Ethernet1/7,Ethernet1/25-32
  allocate interface Ethernet2/1-12
  boot-order 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 5 maximum 5
vdc vdc2 id 3
  allocate interface Ethernet1/2,Ethernet1/4,Ethernet1/6,Ethernet1/8-24
  allocate interface Ethernet2/13-48
  boot-order 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 5 maximum 5
 
 
feature privilege
feature tacacs+
 
 
username bart password 5 <removed> role network-admin
username emc-ncm password 5 <removed>  role network-admin
enable secret 5 <removed>
 
 
banner motd @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
ip host RAGG-1 192.168.42.36
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf management
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.42.36/32 
  20 permit ip 192.168.41.101/32 192.168.42.36/32 
  30 permit ip 192.168.41.102/32 192.168.42.36/32 
  40 permit ip 192.168.42.111/32 192.168.42.36/32 
  50 permit ip 192.168.42.122/32 192.168.42.36/32 
  60 permit ip 192.168.42.131/32 192.168.42.36/32 
  70 permit ip 192.168.42.133/32 192.168.42.36/32 
  80 permit ip 192.168.42.138/32 192.168.42.36/32 
  90 permit ip 10.19.151.99/32 192.168.42.36/32 
  100 deny ip any any 
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.42.36/32 
  20 deny ip any any 
ip access-list copp-system-acl-bgp
  10 permit tcp any gt 1024 any eq bgp 
  20 permit tcp any eq bgp any gt 1024 
ipv6 access-list copp-system-acl-bgp6
  10 permit tcp any gt 1024 any eq bgp 
  20 permit tcp any eq bgp any gt 1024 
ip access-list copp-system-acl-eigrp
  10 permit eigrp any any 
ip access-list copp-system-acl-ftp
  10 permit tcp any any eq ftp-data 
  20 permit tcp any any eq ftp 
  30 permit tcp any eq ftp-data any 
  40 permit tcp any eq ftp any 
ip access-list copp-system-acl-glbp
  10 permit udp any eq 3222 224.0.0.0/24 eq 3222 
ip access-list copp-system-acl-hsrp
  10 permit udp any 224.0.0.0/24 eq 1985 
ip access-list copp-system-acl-icmp
  10 permit icmp any any echo 
  20 permit icmp any any echo-reply 
ipv6 access-list copp-system-acl-icmp6
  10 permit icmp any any echo-request 
  20 permit icmp any any echo-reply 
ipv6 access-list copp-system-acl-icmp6-msgs
  10 permit icmp any any router-advertisement 
  20 permit icmp any any router-solicitation 
  30 permit icmp any any nd-na 
  40 permit icmp any any nd-ns 
  50 permit icmp any any mld-query 
  60 permit icmp any any mld-report 
  70 permit icmp any any mld-reduction 
ip access-list copp-system-acl-igmp
  10 permit igmp any 224.0.0.0/3 
ip access-list copp-system-acl-msdp
  10 permit tcp any gt 1024 any eq 639 
  20 permit tcp any eq 639 any gt 1024 
ip access-list copp-system-acl-ntp
  10 permit udp any any eq ntp 
  20 permit udp any eq ntp any 
ipv6 access-list copp-system-acl-ntp6
  10 permit udp any any eq ntp 
  20 permit udp any eq ntp any 
ip access-list copp-system-acl-ospf
  10 permit ospf any any 
ipv6 access-list copp-system-acl-ospf6
  10 permit 89 any any 
ip access-list copp-system-acl-pim
  10 permit pim any 224.0.0.0/24 
  20 permit udp any any eq pim-auto-rp 
ip access-list copp-system-acl-pim-reg
  10 permit pim any any 
ipv6 access-list copp-system-acl-pim6
  10 permit 103 any ff02::d/128 
  20 permit udp any any eq pim-auto-rp 
ip access-list copp-system-acl-radius
  10 permit udp any any eq 1812 
  20 permit udp any any eq 1813 
  30 permit udp any any eq 1645 
  40 permit udp any any eq 1646 
  50 permit udp any eq 1812 any 
  60 permit udp any eq 1813 any 
  70 permit udp any eq 1645 any 
  80 permit udp any eq 1646 any 
ipv6 access-list copp-system-acl-radius6
  10 permit udp any any eq 1812 
  20 permit udp any any eq 1813 
  30 permit udp any any eq 1645 
  40 permit udp any any eq 1646 
  50 permit udp any eq 1812 any 
  60 permit udp any eq 1813 any 
  70 permit udp any eq 1645 any 
  80 permit udp any eq 1646 any 
ip access-list copp-system-acl-rip
  10 permit udp any 224.0.0.0/24 eq rip 
ip access-list copp-system-acl-sftp
  10 permit tcp any any eq 115 
  20 permit tcp any eq 115 any 
ip access-list copp-system-acl-snmp
  10 permit udp any any eq snmp 
  20 permit udp any any eq snmptrap 
ip access-list copp-system-acl-ssh
  10 permit tcp any any eq 22 
  20 permit tcp any eq 22 any 
ipv6 access-list copp-system-acl-ssh6
  10 permit tcp any any eq 22 
  20 permit tcp any eq 22 any 
ip access-list copp-system-acl-tacacs
  10 permit tcp any any eq tacacs 
  20 permit tcp any eq tacacs any 
ipv6 access-list copp-system-acl-tacacs6
  10 permit tcp any any eq tacacs 
  20 permit tcp any eq tacacs any 
ip access-list copp-system-acl-telnet
  10 permit tcp any any eq telnet 
  20 permit tcp any any eq 107 
  30 permit tcp any eq telnet any 
  40 permit tcp any eq 107 any 
ipv6 access-list copp-system-acl-telnet6
  10 permit tcp any any eq telnet 
  20 permit tcp any any eq 107 
  30 permit tcp any eq telnet any 
  40 permit tcp any eq 107 any 
ip access-list copp-system-acl-tftp
  10 permit udp any any eq tftp 
  20 permit udp any any eq 1758 
  30 permit udp any eq tftp any 
  40 permit udp any eq 1758 any 
ipv6 access-list copp-system-acl-tftp6
  10 permit udp any any eq tftp 
  20 permit udp any any eq 1758 
  30 permit udp any eq tftp any 
  40 permit udp any eq 1758 any 
ip access-list copp-system-acl-traceroute
  10 permit icmp any any ttl-exceeded 
  20 permit icmp any any port-unreachable 
ip access-list copp-system-acl-undesirable
  10 permit udp any any eq 1434 
ip access-list copp-system-acl-vpc
  10 permit udp any any eq 3200 
ip access-list copp-system-acl-vrrp
  10 permit 112 any 224.0.0.0/24 
class-map type control-plane match-any copp-system-class-critical
  match access-group name copp-system-acl-bgp
  match access-group name copp-system-acl-bgp6
  match access-group name copp-system-acl-eigrp
  match access-group name copp-system-acl-igmp
  match access-group name copp-system-acl-msdp
  match access-group name copp-system-acl-ospf
  match access-group name copp-system-acl-ospf6
  match access-group name copp-system-acl-pim
  match access-group name copp-system-acl-pim6
  match access-group name copp-system-acl-rip
  match access-group name copp-system-acl-vpc
class-map type control-plane match-any copp-system-class-exception
  match exception ip option
  match exception ip icmp unreachable
  match exception ipv6 option
  match exception ipv6 icmp unreachable
class-map type control-plane match-any copp-system-class-important
  match access-group name copp-system-acl-glbp
  match access-group name copp-system-acl-hsrp
  match access-group name copp-system-acl-vrrp
  match access-group name copp-system-acl-icmp6-msgs
  match access-group name copp-system-acl-pim-reg
class-map type control-plane match-any copp-system-class-management
  match access-group name copp-system-acl-ftp
  match access-group name copp-system-acl-ntp
  match access-group name copp-system-acl-ntp6
  match access-group name copp-system-acl-radius
  match access-group name copp-system-acl-sftp
  match access-group name copp-system-acl-snmp
  match access-group name copp-system-acl-ssh
  match access-group name copp-system-acl-ssh6
  match access-group name copp-system-acl-tacacs
  match access-group name copp-system-acl-telnet
  match access-group name copp-system-acl-tftp
  match access-group name copp-system-acl-tftp6
  match access-group name copp-system-acl-radius6
  match access-group name copp-system-acl-tacacs6
  match access-group name copp-system-acl-telnet6
class-map type control-plane match-any copp-system-class-monitoring
  match access-group name copp-system-acl-icmp
  match access-group name copp-system-acl-icmp6
  match access-group name copp-system-acl-traceroute
class-map type control-plane match-any copp-system-class-normal
  match protocol arp
class-map type control-plane match-any copp-system-class-redirect
  match redirect dhcp-snoop
  match redirect arp-inspect
class-map type control-plane match-any copp-system-class-undesirable
  match access-group name copp-system-acl-undesirable
policy-map type control-plane copp-system-policy 
  class copp-system-class-critical
    police cir 39600 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-important
    police cir 1060 kbps bc 1000 ms conform transmit violate drop 
  class copp-system-class-management
    police cir 10000 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-normal
    police cir 680 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-redirect
    police cir 280 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-monitoring
    police cir 130 kbps bc 1000 ms conform transmit violate drop 
  class copp-system-class-exception
    police cir 360 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-undesirable
    police cir 32 kbps bc 250 ms conform drop violate drop 
  class class-default
    police cir 100 kbps bc 250 ms conform transmit violate drop 
control-plane
  service-policy input copp-system-policy 
snmp-server user bart network-admin auth md5 <removed> priv <removed> localizedkey
snmp-server user bmcgloth network-admin auth md5 <removed> priv <removed> localizedkey
ntp server 192.168.62.161 use-vrf management
ntp server 192.168.62.162 use-vrf management
aaa authentication login default group CiscoACS 
aaa authentication login console group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context management
  ip route 0.0.0.0/0 192.168.42.1
vlan 1
 
 
interface mgmt0
  ip address 192.168.42.36/24
clock timezone PST -8 0
clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60
  logout-warning 20
line console
  exec-timeout 15
line vty
  exec-timeout 15
  access-class 23 in
boot kickstart bootflash:/n7000-s1-kickstart.5.1.2.bin sup-1
boot system bootflash:/n7000-s1-dk9.5.1.2.bin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.5.1.2.bin sup-2
boot system bootflash:/n7000-s1-dk9.5.1.2.bin sup-2
logging server 192.168.42.124 6 use-vrf management
 
 
 
 

RAGG-1-VDC1-RUNNING

 
 
version 5.1(2)
hostname vdc1
 
 
feature privilege
feature tacacs+
cfs eth distribute
feature ospf
feature pim
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature glbp
feature vpc
 
 
username bmcgloth password 5 <removed> role vdc-admin
username bart password 5 <removed>  role vdc-admin
enable secret 5 <removed>
 
 
banner motd @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    source-interface loopback0
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.1.11/32 
  20 permit ip 192.168.41.101/32 192.168.1.11/32 
  30 permit ip 192.168.41.102/32 192.168.1.11/32 
  40 permit ip 192.168.42.111/32 192.168.1.11/32 
  50 permit ip 192.168.42.122/32 192.168.1.11/32 
  60 permit ip 192.168.42.131/32 192.168.1.11/32 
  70 permit ip 192.168.42.133/32 192.168.1.11/32 
  80 permit ip 192.168.42.138/32 192.168.1.11/32 
  90 permit ip 10.19.151.99/32 192.168.1.11/32 
  100 deny ip any any 
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.1.11/32 
  20 deny ip any any 
snmp-server source-interface trap loopback0
snmp-server source-interface inform loopback0
snmp-server user bart vdc-admin auth md5 <removed> priv <removed> localizedkey
snmp-server user bmcgloth vdc-admin auth md5 <removed> priv <removed> localizedkey
no snmp-server enable traps entity entity_mib_change
no snmp-server enable traps entity entity_module_status_change
no snmp-server enable traps entity entity_power_status_change
no snmp-server enable traps entity entity_module_inserted
no snmp-server enable traps entity entity_module_removed
no snmp-server enable traps entity entity_unrecognised_module
no snmp-server enable traps entity entity_fan_status_change
no snmp-server enable traps entity entity_power_out_change
no snmp-server enable traps link linkDown
no snmp-server enable traps link linkUp
no snmp-server enable traps link IETF-extended-linkDown
no snmp-server enable traps link IETF-extended-linkUp
no snmp-server enable traps link cisco-extended-linkDown
no snmp-server enable traps link cisco-extended-linkUp
snmp-server enable traps callhome event-notify
snmp-server enable traps callhome smtp-send-fail
snmp-server enable traps cfs state-change-notif
snmp-server enable traps cfs merge-failure
no snmp-server enable traps rf redundancy_framework
snmp-server enable traps aaa server-state-change
no snmp-server enable traps license notify-license-expiry
no snmp-server enable traps license notify-no-license-for-feature
no snmp-server enable traps license notify-licensefile-missing
no snmp-server enable traps license notify-license-expiry-warning
snmp-server enable traps hsrp state-change
no snmp-server enable traps upgrade UpgradeOpNotifyOnCompletion
no snmp-server enable traps upgrade UpgradeJobStatusNotify
snmp-server enable traps feature-control FeatureOpStatusChange
snmp-server enable traps link cisco-xcvr-mon-status-chg
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server enable traps bridge topologychange
snmp-server enable traps stpx inconsistency
snmp-server enable traps stpx root-inconsistency
snmp-server enable traps stpx loop-inconsistency
aaa authentication login default group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context management
vlan 1,3,151,161
 
 
interface Vlan1
 
 
interface Vlan3
  no shutdown
  ip address 192.168.10.61/30
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf dead-interval 3
  ip ospf hello-interval 1
  ip router ospf 5 area 0.0.0.0
 
 
interface Vlan151
  no shutdown
  ip address 192.168.152.3/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf priority 3
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 10 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.152.1 
 
 
interface Vlan161
  no shutdown
  ip address 192.168.162.3/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf priority 5
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 10 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.162.1 
 
 
interface port-channel99
  switchport
  switchport mode trunk
  spanning-tree port type network
 
 
interface Ethernet1/1
  description 10Gig LINK to RCORE-1 T2/1
  no switchport
  logging event port link-status
  no ip redirects
  ip address 192.168.10.14/30
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf dead-interval 6
  ip ospf hello-interval 2
  ip ospf network point-to-point
  ip router ospf 5 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
 
interface Ethernet1/3
  description 10Gig LINK to RCORE-2 T2/1
  no switchport
  logging event port link-status
  no ip redirects
  ip address 192.168.10.22/30
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf dead-interval 6
  ip ospf hello-interval 2
  ip ospf network point-to-point
  ip router ospf 5 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
 
interface Ethernet1/5
  description to DC-ASA-1 vc1 T0/6
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 161
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/7
  description to DC-ASA-1 vc2 T0/8
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 151
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/25
  no switchport
 
 
interface Ethernet1/26
  no switchport
 
 
interface Ethernet1/27
  no switchport
 
 
interface Ethernet1/28
  no switchport
 
 
interface Ethernet1/29
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/30
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/31
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/32
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet2/1
  no switchport
 
 
interface Ethernet2/2
  no switchport
 
 
interface Ethernet2/3
  no switchport
 
 
interface Ethernet2/4
  no switchport
 
 
interface Ethernet2/5
  no switchport
 
 
interface Ethernet2/6
  no switchport
 
 
interface Ethernet2/7
  no switchport
 
 
interface Ethernet2/8
  no switchport
 
 
interface Ethernet2/9
  no switchport
 
 
interface Ethernet2/10
  no switchport
 
 
interface Ethernet2/11
  no switchport
 
 
interface Ethernet2/12
  no switchport
 
 
interface loopback0
  ip address 192.168.1.11/32
  ip router ospf 5 area 0.0.0.0
logging server 192.168.42.124 6
logging source-interface loopback 0
  logout-warning 20
line console
  exec-timeout 15
line vty
  exec-timeout 15
  access-class 23 in
router ospf 5
  router-id 192.168.1.11
  area 0.0.0.81 nssa
  area 0.0.0.0 range 192.168.1.11/32
  area 0.0.0.0 range 192.168.10.12/30
  area 0.0.0.0 range 192.168.10.20/30
  area 0.0.0.0 range 192.168.10.60/30
  area 0.0.0.81 range 192.168.152.0/24
  area 0.0.0.81 range 192.168.162.0/24
  area 0.0.0.0 authentication message-digest
  area 0.0.0.81 authentication message-digest
  timers throttle spf 10 100 5000
  auto-cost reference-bandwidth 10000
ip pim ssm range 232.0.0.0/8
 
 

RAGG-1-VDC2-RUNNING

 
 
version 5.1(2)
hostname vdc2
 
 
feature privilege
feature tacacs+
cfs eth distribute
feature ospf
feature pim
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature vpc
 
 
username bart password 5 <removed>   role vdc-admin
username bmcgloth password 5 <removed> role vdc-admin
enable secret 5 <removed>
 
 
banner motd @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf servers1
    source-interface loopback0
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.1.31/32 
  20 permit ip 192.168.41.101/32 192.168.1.31/32 
  30 permit ip 192.168.41.102/32 192.168.1.31/32 
  40 permit ip 192.168.42.111/32 192.168.1.31/32 
  50 permit ip 192.168.42.122/32 192.168.1.31/32 
  60 permit ip 192.168.42.131/32 192.168.1.31/32 
  70 permit ip 192.168.42.133/32 192.168.1.31/32 
  80 permit ip 192.168.42.138/32 192.168.1.31/32 
  90 permit ip 10.19.151.99/32 192.168.1.31/32 
  100 deny ip any any 
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.1.31/32 
  20 deny ip any any 
snmp-server source-interface trap loopback0
snmp-server source-interface inform loopback0
snmp-server user bart vdc-admin auth md5 <removed> priv <removed> localizedkey
snmp-server user bmcgloth vdc-admin auth md5 <removed> priv <removed> localizedkey
no snmp-server enable traps entity entity_mib_change
no snmp-server enable traps entity entity_module_status_change
no snmp-server enable traps entity entity_power_status_change
no snmp-server enable traps entity entity_module_inserted
no snmp-server enable traps entity entity_module_removed
no snmp-server enable traps entity entity_unrecognised_module
no snmp-server enable traps entity entity_fan_status_change
no snmp-server enable traps entity entity_power_out_change
no snmp-server enable traps link linkDown
no snmp-server enable traps link linkUp
no snmp-server enable traps link IETF-extended-linkDown
no snmp-server enable traps link IETF-extended-linkUp
no snmp-server enable traps link cisco-extended-linkDown
no snmp-server enable traps link cisco-extended-linkUp
snmp-server enable traps callhome event-notify
snmp-server enable traps callhome smtp-send-fail
snmp-server enable traps cfs state-change-notif
snmp-server enable traps cfs merge-failure
no snmp-server enable traps rf redundancy_framework
snmp-server enable traps aaa server-state-change
no snmp-server enable traps license notify-license-expiry
no snmp-server enable traps license notify-no-license-for-feature
no snmp-server enable traps license notify-licensefile-missing
no snmp-server enable traps license notify-license-expiry-warning
snmp-server enable traps hsrp state-change
no snmp-server enable traps upgrade UpgradeOpNotifyOnCompletion
no snmp-server enable traps upgrade UpgradeJobStatusNotify
snmp-server enable traps feature-control FeatureOpStatusChange
snmp-server enable traps link cisco-xcvr-mon-status-chg
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server enable traps bridge topologychange
snmp-server enable traps stpx inconsistency
snmp-server enable traps stpx root-inconsistency
snmp-server enable traps stpx loop-inconsistency
aaa authentication login default group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context VPC
vrf context servers1
  ip route 0.0.0.0/0 192.168.162.1
  ip route 192.168.41.0/24 192.168.42.135
  ip pim ssm range 232.0.0.0/8
vrf context servers2
  ip pim ssm range 232.0.0.0/8
vrf context management
vlan 1
vlan 36
  name DeviceMgmtHigh
vlan 37
  name DeviceMgmtLow
vlan 38
  name UIM-OS-INSTALL
vlan 40-41
vlan 42
  name CoreManagement
vlan 43
  name WirelessSystems
vlan 44
  name PhysicalSec
vlan 45
  name VOICE
vlan 52
  name POS
vlan 151-152,154,161-162,164,180-181
spanning-tree domain 777
spanning-tree vlan 1 priority 4096
ip prefix-list VLAN41 seq 5 permit 192.168.41.0/24 
route-map VLAN41 permit 20
  match ip address prefix-list VLAN41 
vpc domain 99
  peer-switch
  peer-keepalive destination 192.168.10.66 source 192.168.10.65 vrf VPC
  peer-gateway
 
 
 
 
interface Vlan1
  no shutdown
  no ip redirects
 
 
interface Vlan36
  no shutdown
  description DeviceMgmtHigh
  vrf member servers1
  no ip redirects
  ip address 192.168.36.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.36.1 
 
 
interface Vlan37
  no shutdown
  description DeviceMgmtLow
  vrf member servers1
  no ip redirects
  ip address 192.168.37.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.37.1 
 
 
interface Vlan38
  no shutdown
  description UIM OS Install only
  vrf member servers1
  no ip redirects
  ip address 192.168.38.201/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
 
 
interface Vlan40
  no shutdown
  vrf member servers1
  no ip redirects
  ip address 192.168.40.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.40.1 
 
 
interface Vlan41
  shutdown
  description SHUTDOWN - NOW ROUTE VIA HyTrust
  vrf member servers1
  no ip redirects
  ip address 192.168.41.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.41.1 
 
 
interface Vlan42
  no shutdown
  vrf member servers1
  no ip redirects
  ip address 192.168.42.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.42.1 
 
 
interface Vlan43
  no shutdown
  description Wireless Systems
  vrf member servers1
  no ip redirects
  ip address 192.168.43.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.43.1 
 
 
interface Vlan44
  no shutdown
  description Wireless Systems
  vrf member servers1
  no ip redirects
  ip address 192.168.44.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.44.1 
 
 
interface Vlan45
  no shutdown
  description VOICE
  vrf member servers1
  no ip redirects
  ip address 192.168.45.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.45.1 
 
 
interface Vlan52
  no shutdown
  description POS
  vrf member servers1
  no ip redirects
  ip address 192.168.52.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.52.1 
 
 
interface Vlan154
  no shutdown
  vrf member servers2
  no ip redirects
  ip address 192.168.152.5/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.152.7 
 
 
interface Vlan164
  no shutdown
  vrf member servers1
  no ip redirects
  ip address 192.168.162.5/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.162.7 
 
 
interface Vlan180
  no shutdown
  vrf member servers1
  no ip redirects
  ip address 192.168.180.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.180.1 
 
 
interface Vlan181
  no shutdown
  vrf member servers2
  no ip redirects
  ip address 192.168.181.3/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.181.1 
 
 
interface port-channel1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  vpc 1
 
 
interface port-channel2
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  vpc 2
 
 
interface port-channel3
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  vpc 3
 
 
interface port-channel4
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  vpc 4
 
 
interface port-channel11
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  spanning-tree port type edge trunk
  vpc 11
 
 
interface port-channel12
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  spanning-tree port type edge trunk
  vpc 12
 
 
interface port-channel99
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  spanning-tree port type network
  spanning-tree guard loop
  vpc peer-link
 
 
interface Ethernet1/2
  description F-UCS-1_E2/1 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 11 mode active
  no shutdown
 
 
interface Ethernet1/4
  description F-UCS-1_E2/2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 11 mode active
  no shutdown
 
 
interface Ethernet1/6
  description F-UCS-2_E2/1 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 12 mode active
  no shutdown
 
 
interface Ethernet1/8
  description F-UCS-2_E2/2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 12 mode active
  no shutdown
 
 
interface Ethernet1/9
  description SACCESS-3 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 3 mode active
  no shutdown
 
 
interface Ethernet1/10
  description SACCESS-3 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 3 mode active
  no shutdown
 
 
interface Ethernet1/11
  description SACCESS-4 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 4 mode active
  no shutdown
 
 
interface Ethernet1/12
  description SACCESS-4 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 4 mode active
  no shutdown
 
 
interface Ethernet1/13
  description SACCESS-1 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  channel-group 1 mode active
  no shutdown
 
 
interface Ethernet1/14
  description SACCESS-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  channel-group 2 mode active
  no shutdown
 
 
interface Ethernet1/15
  description to RSERV-1 T2/1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 162
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/16
  description to RSERV-1 T2/2
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 152
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/17
  description to RSERV-1 T2/5
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 41-44,164
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/18
  description to RSERV-1 T2/6
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 154
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/19
  description to DC-ASA-1 vc1 T5/1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 162
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/20
  description to DC-ASA-1 vc2 T7/1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 152
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/21
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/22
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/23
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/24
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet2/13
  description SACCESS-5
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  no shutdown
 
 
interface Ethernet2/14
  description linkstate for vpc
  no switchport
  vrf member VPC
  ip address 192.168.10.65/30
  no shutdown
 
 
interface Ethernet2/15
  no switchport
 
 
interface Ethernet2/16
  no switchport
 
 
interface Ethernet2/17
  no switchport
 
 
interface Ethernet2/18
  no switchport
 
 
interface Ethernet2/19
  no switchport
 
 
interface Ethernet2/20
  no switchport
 
 
interface Ethernet2/21
  no switchport
 
 
interface Ethernet2/22
  no switchport
 
 
interface Ethernet2/23
  no switchport
 
 
interface Ethernet2/24
  no switchport
 
 
interface Ethernet2/25
  no switchport
 
 
interface Ethernet2/26
  no switchport
 
 
interface Ethernet2/27
  no switchport
 
 
interface Ethernet2/28
  no switchport
 
 
interface Ethernet2/29
  no switchport
 
 
interface Ethernet2/30
  no switchport
 
 
interface Ethernet2/31
  no switchport
 
 
interface Ethernet2/32
  no switchport
 
 
interface Ethernet2/33
  no switchport
 
 
interface Ethernet2/34
  no switchport
 
 
interface Ethernet2/35
  no switchport
 
 
interface Ethernet2/36
  no switchport
 
 
interface Ethernet2/37
  no switchport
 
 
interface Ethernet2/38
  no switchport
 
 
interface Ethernet2/39
  no switchport
 
 
interface Ethernet2/40
  no switchport
 
 
interface Ethernet2/41
  no switchport
 
 
interface Ethernet2/42
  no switchport
 
 
interface Ethernet2/43
  no switchport
 
 
interface Ethernet2/44
  no switchport
 
 
interface Ethernet2/45
  no switchport
 
 
interface Ethernet2/46
  no switchport
 
 
interface Ethernet2/47
  no switchport
 
 
interface Ethernet2/48
  no switchport
 
 
interface loopback0
  vrf member servers1
  ip address 192.168.1.31/32
  ip router ospf 5 area 0.0.0.81
logging server 192.168.42.124 6 use-vrf servers1
logging source-interface loopback 0
  logout-warning 20
line console
  exec-timeout 15
line vty
  exec-timeout 15
  access-class 23 in
router ospf 5
  vrf servers1
    router-id 4.4.4.1
    area 0.0.0.81 nssa
    redistribute static route-map VLAN41
    area 0.0.0.81 range 192.168.0.0/16
    area 0.0.0.81 range 192.168.162.0/24
    area 0.0.0.81 authentication message-digest
    timers throttle spf 10 100 5000
  vrf servers2
    router-id 5.5.5.1
    area 0.0.0.81 nssa
    area 0.0.0.81 range 192.168.0.0/16
    area 0.0.0.81 range 192.168.152.0/24
    area 0.0.0.81 authentication message-digest
    timers throttle spf 10 100 5000
ip pim ssm range 232.0.0.0/8
 
 

RAGG-2-RUNNING

 
 
version 5.1(2)
hostname RAGG-2
vdc RAGG-2 id 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 48 maximum 48
  limit-resource m6route-mem minimum 8 maximum 8
vdc vdc1 id 2
  allocate interface Ethernet1/1,Ethernet1/3,Ethernet1/5,Ethernet1/7,Ethernet1/25-32
  allocate interface Ethernet2/1-12
  boot-order 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 5 maximum 5
vdc vdc2 id 3
  allocate interface Ethernet1/2,Ethernet1/4,Ethernet1/6,Ethernet1/8-24
  allocate interface Ethernet2/13-48
  boot-order 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 5 maximum 5
 
 
feature privilege
feature tacacs+
 
 
username bart password 5 <removed> role network-admin
username bmcgloth password 5 <removed> role network-admin
enable secret 5 <removed>
 
 
banner motd @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
ip host RAGG-2 192.168.42.37
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf management
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.42.37/32 
  20 permit ip 192.168.41.101/32 192.168.42.37/32 
  30 permit ip 192.168.41.102/32 192.168.42.37/32 
  40 permit ip 192.168.42.111/32 192.168.42.37/32 
  50 permit ip 192.168.42.122/32 192.168.42.37/32 
  60 permit ip 192.168.42.131/32 192.168.42.37/32 
  70 permit ip 192.168.42.133/32 192.168.42.37/32 
  80 permit ip 192.168.42.138/32 192.168.42.37/32 
  90 permit ip 10.19.151.99/32 192.168.42.37/32 
  100 deny ip any any 
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.42.37/32 
  20 deny ip any any 
ip access-list copp-system-acl-bgp
  10 permit tcp any gt 1024 any eq bgp 
  20 permit tcp any eq bgp any gt 1024 
ipv6 access-list copp-system-acl-bgp6
  10 permit tcp any gt 1024 any eq bgp 
  20 permit tcp any eq bgp any gt 1024 
ip access-list copp-system-acl-eigrp
  10 permit eigrp any any 
ip access-list copp-system-acl-ftp
  10 permit tcp any any eq ftp-data 
  20 permit tcp any any eq ftp 
  30 permit tcp any eq ftp-data any 
  40 permit tcp any eq ftp any 
ip access-list copp-system-acl-glbp
  10 permit udp any eq 3222 224.0.0.0/24 eq 3222 
ip access-list copp-system-acl-hsrp
  10 permit udp any 224.0.0.0/24 eq 1985 
ip access-list copp-system-acl-icmp
  10 permit icmp any any echo 
  20 permit icmp any any echo-reply 
ipv6 access-list copp-system-acl-icmp6
  10 permit icmp any any echo-request 
  20 permit icmp any any echo-reply 
ipv6 access-list copp-system-acl-icmp6-msgs
  10 permit icmp any any router-advertisement 
  20 permit icmp any any router-solicitation 
  30 permit icmp any any nd-na 
  40 permit icmp any any nd-ns 
  50 permit icmp any any mld-query 
  60 permit icmp any any mld-report 
  70 permit icmp any any mld-reduction 
ip access-list copp-system-acl-igmp
  10 permit igmp any 224.0.0.0/3 
ip access-list copp-system-acl-msdp
  10 permit tcp any gt 1024 any eq 639 
  20 permit tcp any eq 639 any gt 1024 
ip access-list copp-system-acl-ntp
  10 permit udp any any eq ntp 
  20 permit udp any eq ntp any 
ipv6 access-list copp-system-acl-ntp6
  10 permit udp any any eq ntp 
  20 permit udp any eq ntp any 
ip access-list copp-system-acl-ospf
  10 permit ospf any any 
ipv6 access-list copp-system-acl-ospf6
  10 permit 89 any any 
ip access-list copp-system-acl-pim
  10 permit pim any 224.0.0.0/24 
  20 permit udp any any eq pim-auto-rp 
ip access-list copp-system-acl-pim-reg
  10 permit pim any any 
ipv6 access-list copp-system-acl-pim6
  10 permit 103 any ff02::d/128 
  20 permit udp any any eq pim-auto-rp 
ip access-list copp-system-acl-radius
  10 permit udp any any eq 1812 
  20 permit udp any any eq 1813 
  30 permit udp any any eq 1645 
  40 permit udp any any eq 1646 
  50 permit udp any eq 1812 any 
  60 permit udp any eq 1813 any 
  70 permit udp any eq 1645 any 
  80 permit udp any eq 1646 any 
ipv6 access-list copp-system-acl-radius6
  10 permit udp any any eq 1812 
  20 permit udp any any eq 1813 
  30 permit udp any any eq 1645 
  40 permit udp any any eq 1646 
  50 permit udp any eq 1812 any 
  60 permit udp any eq 1813 any 
  70 permit udp any eq 1645 any 
  80 permit udp any eq 1646 any 
ip access-list copp-system-acl-rip
  10 permit udp any 224.0.0.0/24 eq rip 
ip access-list copp-system-acl-sftp
  10 permit tcp any any eq 115 
  20 permit tcp any eq 115 any 
ip access-list copp-system-acl-snmp
  10 permit udp any any eq snmp 
  20 permit udp any any eq snmptrap 
ip access-list copp-system-acl-ssh
  10 permit tcp any any eq 22 
  20 permit tcp any eq 22 any 
ipv6 access-list copp-system-acl-ssh6
  10 permit tcp any any eq 22 
  20 permit tcp any eq 22 any 
ip access-list copp-system-acl-tacacs
  10 permit tcp any any eq tacacs 
  20 permit tcp any eq tacacs any 
ipv6 access-list copp-system-acl-tacacs6
  10 permit tcp any any eq tacacs 
  20 permit tcp any eq tacacs any 
ip access-list copp-system-acl-telnet
  10 permit tcp any any eq telnet 
  20 permit tcp any any eq 107 
  30 permit tcp any eq telnet any 
  40 permit tcp any eq 107 any 
ipv6 access-list copp-system-acl-telnet6
  10 permit tcp any any eq telnet 
  20 permit tcp any any eq 107 
  30 permit tcp any eq telnet any 
  40 permit tcp any eq 107 any 
ip access-list copp-system-acl-tftp
  10 permit udp any any eq tftp 
  20 permit udp any any eq 1758 
  30 permit udp any eq tftp any 
  40 permit udp any eq 1758 any 
ipv6 access-list copp-system-acl-tftp6
  10 permit udp any any eq tftp 
  20 permit udp any any eq 1758 
  30 permit udp any eq tftp any 
  40 permit udp any eq 1758 any 
ip access-list copp-system-acl-traceroute
  10 permit icmp any any ttl-exceeded 
  20 permit icmp any any port-unreachable 
ip access-list copp-system-acl-undesirable
  10 permit udp any any eq 1434 
ip access-list copp-system-acl-vpc
  10 permit udp any any eq 3200 
ip access-list copp-system-acl-vrrp
  10 permit 112 any 224.0.0.0/24 
class-map type control-plane match-any copp-system-class-critical
  match access-group name copp-system-acl-bgp
  match access-group name copp-system-acl-bgp6
  match access-group name copp-system-acl-eigrp
  match access-group name copp-system-acl-igmp
  match access-group name copp-system-acl-msdp
  match access-group name copp-system-acl-ospf
  match access-group name copp-system-acl-ospf6
  match access-group name copp-system-acl-pim
  match access-group name copp-system-acl-pim6
  match access-group name copp-system-acl-rip
  match access-group name copp-system-acl-vpc
class-map type control-plane match-any copp-system-class-exception
  match exception ip option
  match exception ip icmp unreachable
  match exception ipv6 option
  match exception ipv6 icmp unreachable
class-map type control-plane match-any copp-system-class-important
  match access-group name copp-system-acl-glbp
  match access-group name copp-system-acl-hsrp
  match access-group name copp-system-acl-vrrp
  match access-group name copp-system-acl-icmp6-msgs
  match access-group name copp-system-acl-pim-reg
class-map type control-plane match-any copp-system-class-management
  match access-group name copp-system-acl-ftp
  match access-group name copp-system-acl-ntp
  match access-group name copp-system-acl-ntp6
  match access-group name copp-system-acl-radius
  match access-group name copp-system-acl-sftp
  match access-group name copp-system-acl-snmp
  match access-group name copp-system-acl-ssh
  match access-group name copp-system-acl-ssh6
  match access-group name copp-system-acl-tacacs
  match access-group name copp-system-acl-telnet
  match access-group name copp-system-acl-tftp
  match access-group name copp-system-acl-tftp6
  match access-group name copp-system-acl-radius6
  match access-group name copp-system-acl-tacacs6
  match access-group name copp-system-acl-telnet6
class-map type control-plane match-any copp-system-class-monitoring
  match access-group name copp-system-acl-icmp
  match access-group name copp-system-acl-icmp6
  match access-group name copp-system-acl-traceroute
class-map type control-plane match-any copp-system-class-normal
  match protocol arp
class-map type control-plane match-any copp-system-class-redirect
  match redirect dhcp-snoop
  match redirect arp-inspect
class-map type control-plane match-any copp-system-class-undesirable
  match access-group name copp-system-acl-undesirable
policy-map type control-plane copp-system-policy 
  class copp-system-class-critical
    police cir 39600 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-important
    police cir 1060 kbps bc 1000 ms conform transmit violate drop 
  class copp-system-class-management
    police cir 10000 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-normal
    police cir 680 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-redirect
    police cir 280 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-monitoring
    police cir 130 kbps bc 1000 ms conform transmit violate drop 
  class copp-system-class-exception
    police cir 360 kbps bc 250 ms conform transmit violate drop 
  class copp-system-class-undesirable
    police cir 32 kbps bc 250 ms conform drop violate drop 
  class class-default
    police cir 100 kbps bc 250 ms conform transmit violate drop 
control-plane
  service-policy input copp-system-policy 
snmp-server user bmcgloth network-admin auth md5 <removed> priv <removed> localizedkey
ntp server 192.168.62.161 use-vrf management
ntp server 192.168.62.162 use-vrf management
aaa authentication login default group CiscoACS 
aaa authentication login console group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context management
  ip route 0.0.0.0/0 192.168.42.1
vlan 1
 
 
interface mgmt0
  ip address 192.168.42.37/24
clock timezone PST -8 0
clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60
  logout-warning 20
line console
  exec-timeout 15
line vty
  exec-timeout 15
  access-class 23 in
boot kickstart bootflash:/n7000-s1-kickstart.5.1.2.bin sup-1
boot system bootflash:/n7000-s1-dk9.5.1.2.bin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.5.1.2.bin sup-2
boot system bootflash:/n7000-s1-dk9.5.1.2.bin sup-2
logging server 192.168.42.124 6 use-vrf management
 
 

RAGG-2-VDC1-RUNNING

 
 
version 5.1(2)
hostname vdc1
 
 
feature privilege
feature tacacs+
cfs eth distribute
feature ospf
feature pim
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature glbp
feature vpc
 
 
username bmcgloth password 5 <removed>   role vdc-admin
username bart password 5 <removed>   role vdc-admin
enable secret 5 <removed>
 
 
banner motd @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    source-interface loopback0
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.1.12/32 
  20 permit ip 192.168.41.101/32 192.168.1.12/32 
  30 permit ip 192.168.41.102/32 192.168.1.12/32 
  40 permit ip 192.168.42.111/32 192.168.1.12/32 
  50 permit ip 192.168.42.122/32 192.168.1.12/32 
  60 permit ip 192.168.42.131/32 192.168.1.12/32 
  70 permit ip 192.168.42.133/32 192.168.1.12/32 
  80 permit ip 192.168.42.138/32 192.168.1.12/32 
  90 permit ip 10.19.151.99/32 192.168.1.12/32 
  100 deny ip any any 
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.1.12/32 
  20 deny ip any any 
snmp-server user bmcgloth vdc-admin auth md5 <removed> priv <removed> localizedkey
aaa authentication login default group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context management
vlan 1,3,151,161
 
 
interface Vlan1
 
 
interface Vlan3
  no shutdown
  ip address 192.168.10.62/30
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf dead-interval 3
  ip ospf hello-interval 1
  ip router ospf 5 area 0.0.0.0
 
 
interface Vlan151
  no shutdown
  ip address 192.168.152.4/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 10 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.152.1 
 
 
interface Vlan161
  no shutdown
  ip address 192.168.162.4/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 10 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.162.1 
 
 
interface port-channel99
  switchport
  switchport mode trunk
  spanning-tree port type network
 
 
interface Ethernet1/1
  description 10Gig LINK to RCORE-1 T2/2
  no switchport
  logging event port link-status
  no ip redirects
  ip address 192.168.10.18/30
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf dead-interval 6
  ip ospf hello-interval 2
  ip ospf network point-to-point
  ip router ospf 5 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
 
interface Ethernet1/3
  description 10Gig LINK to RCORE-2 T2/2
  no switchport
  logging event port link-status
  no ip redirects
  ip address 192.168.10.26/30
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip ospf dead-interval 6
  ip ospf hello-interval 2
  ip ospf network point-to-point
  ip router ospf 5 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
 
interface Ethernet1/5
  description to DC-ASA-2 vc1 T0/6
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 161
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/7
  description to DC-ASA-2 vc2 T0/8
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 151
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/25
  no switchport
 
 
interface Ethernet1/26
  no switchport
 
 
interface Ethernet1/27
  no switchport
 
 
interface Ethernet1/28
  no switchport
 
 
interface Ethernet1/29
  description RAGG-1 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/30
  description RAGG-1 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/31
  description RAGG-1 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/32
  description RAGG-1 vPC Channel link
  switchport
  switchport mode trunk
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet2/1
  no switchport
 
 
interface Ethernet2/2
  no switchport
 
 
interface Ethernet2/3
  no switchport
 
 
interface Ethernet2/4
  no switchport
 
 
interface Ethernet2/5
  no switchport
 
 
interface Ethernet2/6
  no switchport
 
 
interface Ethernet2/7
  no switchport
 
 
interface Ethernet2/8
  no switchport
 
 
interface Ethernet2/9
  no switchport
 
 
interface Ethernet2/10
  no switchport
 
 
interface Ethernet2/11
  no switchport
 
 
interface Ethernet2/12
  no switchport
 
 
interface loopback0
  ip address 192.168.1.12/32
  ip router ospf 5 area 0.0.0.0
logging server 192.168.42.124 6
logging source-interface loopback 0
  logout-warning 20
line console
  exec-timeout 15
line vty
  exec-timeout 15
  access-class 23 in
router ospf 5
  router-id 192.168.1.12
  area 0.0.0.81 nssa
  area 0.0.0.0 range 192.168.1.12/32
  area 0.0.0.0 range 192.168.10.12/30
  area 0.0.0.0 range 192.168.10.20/30
  area 0.0.0.0 range 192.168.10.60/30
  area 0.0.0.81 range 192.168.152.0/24
  area 0.0.0.81 range 192.168.162.0/24
  area 0.0.0.0 authentication message-digest
  area 0.0.0.81 authentication message-digest
  timers throttle spf 10 100 5000
  auto-cost reference-bandwidth 10000
ip pim ssm range 232.0.0.0/8
 
 

RAGG-2-VDC2-RUNNING

 
 
version 5.1(2)
hostname vdc2
 
 
feature privilege
feature tacacs+
cfs eth distribute
feature ospf
feature pim
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
 
 
username bart password 5 <removed>   role vdc-admin
username bmcgloth password 5 <removed>   role vdc-admin
enable secret 5 <removed>
 
 
banner motd @
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
@
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf servers1
    source-interface loopback0
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.1.32/32 
  20 permit ip 192.168.41.101/32 192.168.1.32/32 
  30 permit ip 192.168.41.102/32 192.168.1.32/32 
  40 permit ip 192.168.42.111/32 192.168.1.32/32 
  50 permit ip 192.168.42.122/32 192.168.1.32/32 
  60 permit ip 192.168.42.131/32 192.168.1.32/32 
  70 permit ip 192.168.42.133/32 192.168.1.32/32 
  80 permit ip 192.168.42.138/32 192.168.1.32/32 
  90 permit ip 10.19.151.99/32 192.168.1.32/32 
  100 deny ip any any 
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.1.32/32 
  20 deny ip any any 
snmp-server user bmcgloth vdc-admin auth md5 <removed> priv <removed> localizedkey
aaa authentication login default group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context VPC
vrf context servers1
  ip route 0.0.0.0/0 192.168.36.3
  ip pim ssm range 232.0.0.0/8
vrf context servers2
  ip pim ssm range 232.0.0.0/8
vrf context management
vlan 1
vlan 36
  name DeviceMgmtHigh
vlan 37
  name DeviceMgmtLow
vlan 38
  name UIM-OS-INSTALL
vlan 40-41
vlan 42
  name CoreManagement
vlan 43
  name WirelessSystems
vlan 44
  name PhysicalSec
vlan 45
  name VOICE
vlan 52
  name POS
vlan 151-152,154,161-162,164,180-181
spanning-tree domain 777
ip prefix-list VLAN41 seq 5 permit 192.168.41.0/24 
route-map VLAN41 permit 20
  match ip address prefix-list VLAN41 
service dhcp
ip dhcp relay
vpc domain 99
  peer-keepalive destination 192.168.10.65 source 192.168.10.66 vrf VPC
 
 
 
 
interface Vlan1
  no ip redirects
  no shutdown
 
 
interface Vlan36
  vrf member servers1
  no ip redirects
  ip address 192.168.36.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.36.1 
  no shutdown
  description DeviceMgmtHigh
 
 
interface Vlan37
  vrf member servers1
  no ip redirects
  ip address 192.168.37.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.37.1 
  no shutdown
  description DeviceMgmtLow
 
 
interface Vlan38
  vrf member servers1
  no ip redirects
  ip address 192.168.38.202/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
  description UIM OS Install only
 
 
interface Vlan40
  vrf member servers1
  no ip redirects
  ip address 192.168.40.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.40.1 
  no shutdown
 
 
interface Vlan41
  vrf member servers1
  ip address 192.168.41.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 90 forwarding-threshold lower 1 upper 1
    timers  1  3
    ip 192.168.41.1 
  shutdown
  description SHUTDOWN - NOW ROUTE VIA HyTrust
 
 
interface Vlan42
  vrf member servers1
  no ip redirects
  ip address 192.168.42.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.42.1 
  no shutdown
 
 
interface Vlan43
  vrf member servers1
  no ip redirects
  ip address 192.168.43.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.43.1 
  no shutdown
  description Wireless Systems
 
 
interface Vlan44
  vrf member servers1
  no ip redirects
  ip address 192.168.44.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.44.1 
  no shutdown
  description Wireless Systems
 
 
interface Vlan45
  vrf member servers1
  no ip redirects
  ip address 192.168.45.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.45.1 
  no shutdown
  description VOICE
 
 
interface Vlan52
  vrf member servers1
  no ip redirects
  ip address 192.168.52.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 105 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.52.1 
  no shutdown
  description POS
 
 
interface Vlan154
  vrf member servers2
  no ip redirects
  ip address 192.168.152.6/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.152.7 
  no shutdown
 
 
interface Vlan164
  vrf member servers1
  no ip redirects
  ip address 192.168.162.6/24
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 3 <removed>
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 2 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.162.7 
  no shutdown
 
 
interface Vlan180
  vrf member servers1
  no ip redirects
  ip address 192.168.180.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 110 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.180.1 
  no shutdown
 
 
interface Vlan181
  vrf member servers2
  no ip redirects
  ip address 192.168.181.4/24
  ip ospf passive-interface
  ip router ospf 5 area 0.0.0.81
  ip pim sparse-mode
  ip igmp version 3
  hsrp 1 
    authentication text c1sc0
    preempt delay minimum 180 
    priority 120 forwarding-threshold lower 0 upper 0
    timers  1  3
    ip 192.168.181.1 
  no shutdown
 
 
interface port-channel1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  vpc 1
 
 
interface port-channel2
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  vpc 2
 
 
interface port-channel3
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  vpc 3
 
 
interface port-channel4
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  vpc 4
 
 
interface port-channel11
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  spanning-tree port type edge trunk
  vpc 11
 
 
interface port-channel12
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  spanning-tree port type edge trunk
  vpc 12
 
 
interface port-channel99
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  spanning-tree port type network
  spanning-tree guard loop
  vpc peer-link
 
 
interface Ethernet1/2
  description F-UCS-1_E2/1 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 11 mode active
  no shutdown
 
 
interface Ethernet1/4
  description F-UCS-1_E2/2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  spanning-tree port type normal
  channel-group 11 mode active
  no shutdown
 
 
interface Ethernet1/6
  description F-UCS-2_E2/1 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 12 mode active
  no shutdown
 
 
interface Ethernet1/8
  description F-UCS-2_E2/2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41,45-46
  channel-group 12 mode active
  no shutdown
 
 
interface Ethernet1/9
  description SACCESS-3 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 3 mode active
  no shutdown
 
 
interface Ethernet1/10
  description SACCESS-3 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 3 mode active
  no shutdown
 
 
interface Ethernet1/11
  description SACCESS-4 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 4 mode active
  no shutdown
 
 
interface Ethernet1/12
  description SACCESS-4 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
  channel-group 4 mode active
  no shutdown
 
 
interface Ethernet1/13
  description SACCESS-1 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  channel-group 1 mode active
  no shutdown
 
 
interface Ethernet1/14
  description SACCESS-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 38,41-42,44
  channel-group 2 mode active
  no shutdown
 
 
interface Ethernet1/15
  no switchport
 
 
interface Ethernet1/16
  no switchport
 
 
interface Ethernet1/17
  description to RSERV-2 T2/6
  switchport
  switchport mode trunk
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/18
  description to RSERV-2 T2/5
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 42,164
  no shutdown
 
 
interface Ethernet1/19
  description to DC-ASA-2 vc1 T5/1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 152
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/20
  description to DC-ASA-2 vc2 T7/1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 152
  spanning-tree port type normal
  no shutdown
 
 
interface Ethernet1/21
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/22
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/23
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet1/24
  description RAGG-2 vPC Channel link
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 36-52
  udld aggressive
  channel-group 99 mode active
  no shutdown
 
 
interface Ethernet2/13
  description SACCESS-5 vPC Channel link
  switchport
  switchport mode trunk
 
 
interface Ethernet2/14
  description linkstate for vpc
  no switchport
  vrf member VPC
  ip address 192.168.10.66/30
  no shutdown
 
 
interface Ethernet2/15
  no switchport
 
 
interface Ethernet2/16
  no switchport
 
 
interface Ethernet2/17
  no switchport
 
 
interface Ethernet2/18
  no switchport
 
 
interface Ethernet2/19
  no switchport
 
 
interface Ethernet2/20
  no switchport
 
 
interface Ethernet2/21
  no switchport
 
 
interface Ethernet2/22
  no switchport
 
 
interface Ethernet2/23
  no switchport
 
 
interface Ethernet2/24
  no switchport
 
 
interface Ethernet2/25
  no switchport
 
 
interface Ethernet2/26
  no switchport
 
 
interface Ethernet2/27
  no switchport
 
 
interface Ethernet2/28
  no switchport
 
 
interface Ethernet2/29
  no switchport
 
 
interface Ethernet2/30
  no switchport
 
 
interface Ethernet2/31
  no switchport
 
 
interface Ethernet2/32
  no switchport
 
 
interface Ethernet2/33
  no switchport
 
 
interface Ethernet2/34
  no switchport
 
 
interface Ethernet2/35
  no switchport
 
 
interface Ethernet2/36
  no switchport
 
 
interface Ethernet2/37
  no switchport
 
 
interface Ethernet2/38
  no switchport
 
 
interface Ethernet2/39
  no switchport
 
 
interface Ethernet2/40
  no switchport
 
 
interface Ethernet2/41
  no switchport
 
 
interface Ethernet2/42
  no switchport
 
 
interface Ethernet2/43
  no switchport
 
 
interface Ethernet2/44
  no switchport
 
 
interface Ethernet2/45
  no switchport
 
 
interface Ethernet2/46
  no switchport
 
 
interface Ethernet2/47
  no switchport
 
 
interface Ethernet2/48
  no switchport
 
 
interface loopback0
  vrf member servers1
  ip address 192.168.1.32/32
  ip router ospf 5 area 0.0.0.81
logging server 192.168.42.124 6 use-vrf servers1
logging source-interface loopback 0
  logout-warning 20
line console
  exec-timeout 15
line vty
  exec-timeout 15
  access-class 23 in
router ospf 5
  vrf servers1
    router-id 4.4.4.2
    area 0.0.0.81 nssa
    area 0.0.0.81 range 192.168.0.0/16
    area 0.0.0.81 range 192.168.162.0/24
    area 0.0.0.81 authentication message-digest
    timers throttle spf 10 100 5000
  vrf servers2
    router-id 5.5.5.2
    area 0.0.0.81 nssa
    area 0.0.0.81 range 192.168.0.0/16
    area 0.0.0.81 range 192.168.152.0/24
    area 0.0.0.81 authentication message-digest
    timers throttle spf 10 100 5000
ip pim ssm range 232.0.0.0/8
 
 

N1KV-1-RUNNING

 
version 4.2(1)SV1(4)
no feature telnet
feature tacacs+
 
 
username bart password 5 <removed>   role network-admin
username bmcgloth password 5 <removed>   role network-admin
 
 
banner motd # 
WARNING: 
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO **** 
                    **** AUTHORIZED USERS ONLY! **** 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY 
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT 
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. 
#
 
 
ssh key rsa 2048 
ip domain-lookup
ip domain-lookup
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf management
    source-interface mgmt0
aaa group server tacacs+ tacacs 
hostname N1kv-1
ip access-list 23
  10 permit ip 192.168.42.0/24 any 
  20 permit ip any any 
  30 deny ip any any 
ip access-list 88
  10 permit ip 192.168.42.0/24 any 
  20 permit ip any any 
  30 deny ip any any 
vem 3
  host vmware id 414e3537-3441-3255-5838-34353034544b
vem 4
  host vmware id 414e3537-3441-3255-5838-34353034544d
vem 5
  host vmware id 414e3537-3441-3255-5838-333930345046
vem 6
  host vmware id 414e3537-3441-3255-5838-34353034544c
vem 7
  host vmware id 414e3537-3441-3255-5838-333930344e59
vem 8
  host vmware id 414e3537-3441-3255-5838-333830333330
vem 9
  host vmware id 414e3537-3441-3255-5838-333930345057
vem 10
  host vmware id 414e3537-3441-3255-5838-343530345630
vem 11
  host vmware id 414e3537-3441-3255-5838-343530345448
vem 12
  host vmware id 414e3537-3441-3255-5838-333930345048
snmp-server user bmcgloth network-admin auth md5 <removed> priv <removed> localizedkey
ntp server 192.168.62.161 use-vrf management
ntp server 192.168.62.162 use-vrf management
ntp source 192.168.41.61
aaa authentication login default group CiscoACS 
aaa authentication login console group CiscoACS 
 
 
vrf context management
  ip route 0.0.0.0/0 192.168.41.1
vlan 1
vlan 36
  name VLAN36
vlan 37
  name VLAN37
vlan 38
  name VLAN38
vlan 39
  name VLAN39
vlan 40
  name VLAN40
vlan 41
  name VLAN41
vlan 42
  name VLAN42
vlan 43
  name VLAN43
vlan 44
  name VLAN44
vlan 45
  name VLAN45
vlan 46
  name VLAN46
vlan 52
  name VLAN52
vlan 64
  name VLAN64
vlan 72
  name VLAN72
vlan 80
  name VLAN80
vlan 81
  name VLAN81
vlan 82
  name VLAN82
vlan 83
  name VLAN83
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile type vethernet VLAN38
  vmware port-group
  switchport mode access
  switchport access vlan 38
  no shutdown
  state enabled
port-profile type vethernet VLAN36
  vmware port-group
  switchport mode access
  switchport access vlan 36
  no shutdown
  state enabled
port-profile type vethernet VLAN37
  vmware port-group
  switchport mode access
  switchport access vlan 37
  no shutdown
  state enabled
port-profile type vethernet VLAN39
  vmware port-group
  switchport mode access
  switchport access vlan 39
  no shutdown
  state enabled
port-profile type vethernet VLAN40
  vmware port-group
  switchport mode access
  switchport access vlan 40
  no shutdown
  state enabled
port-profile type vethernet VLAN41
  vmware port-group
  switchport mode access
  switchport access vlan 41
  no shutdown
  system vlan 41
  state enabled
port-profile type vethernet VLAN42
  vmware port-group
  switchport mode access
  switchport access vlan 42
  no shutdown
  state enabled
port-profile type vethernet VLAN43
  vmware port-group
  switchport mode access
  switchport access vlan 43
  no shutdown
  state enabled
port-profile type vethernet VLAN44
  vmware port-group
  switchport mode access
  switchport access vlan 44
  no shutdown
  state enabled
port-profile type vethernet VLAN45
  vmware port-group
  switchport mode access
  switchport access vlan 45
  no shutdown
  state enabled
port-profile type vethernet VLAN46
  vmware port-group
  switchport mode access
  switchport access vlan 46
  no shutdown
  state enabled
port-profile type vethernet VLAN52
  vmware port-group
  switchport mode access
  switchport access vlan 52
  no shutdown
  state enabled
port-profile type vethernet VLAN64
  vmware port-group
  switchport mode access
  switchport access vlan 64
  no shutdown
  state enabled
port-profile type vethernet VLAN72
  vmware port-group
  switchport mode access
  switchport access vlan 72
  no shutdown
  state enabled
port-profile type vethernet VLAN80
  vmware port-group
  switchport mode access
  switchport access vlan 80
  no shutdown
  state enabled
port-profile type vethernet VLAN81
  vmware port-group
  switchport mode access
  switchport access vlan 81
  no shutdown
  state enabled
port-profile type vethernet VLAN82
  vmware port-group
  switchport mode access
  switchport access vlan 82
  no shutdown
  state enabled
port-profile type vethernet VLAN83
  vmware port-group
  switchport mode access
  switchport access vlan 83
  no shutdown
  state enabled
port-profile type ethernet Unused_Or_Quarantine_Uplink
  vmware port-group
  shutdown
  description Port-group created for Nexus1000V internal usage. Do not use.
  state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
  vmware port-group
  shutdown
  description Port-group created for Nexus1000V internal usage. Do not use.
  state enabled
port-profile type ethernet sysuplink
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 36-83
  no shutdown
  system vlan 41
  state enabled
port-profile type vethernet VSG-DADA-HA
  vmware port-group
  switchport access vlan 41
  no shutdown
  state enabled
port-profile type vethernet Tenant-1
  vmware port-group
  org root/Tenant-1
  vn-service ip-address 192.168.52.11 vlan 52 security-profile SecurityProfile-1
  switchport mode access
  switchport access vlan 41
  no shutdown
  state enabled
 
 
vdc N1kv-1 id 1
  limit-resource vlan minimum 16 maximum 2049
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource vrf minimum 16 maximum 8192
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
 
 
interface mgmt0
  ip address 192.168.41.61/24
 
 
interface Vethernet3
  inherit port-profile VLAN42
  description RSA-Archer,Network Adapter 1
  vmware dvport 207 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"
  vmware vm mac 0050.56BB.001E
 
 
interface Vethernet5
  inherit port-profile VSG-DADA-HA
  description Nexus1000VSG,Network Adapter 3
  vmware dvport 1057 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"
  vmware vm mac 0050.56BB.0004
 
 
interface Vethernet6
  inherit port-profile VSG-DADA-HA
  description Nexus1000VSG,Network Adapter 1
  vmware dvport 1056 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"
  vmware vm mac 0050.56BB.0002
 
 
interface Vethernet7
  inherit port-profile VLAN52
  description POS Terminal,Network Adapter 1
  vmware dvport 352 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"
  vmware vm mac 0050.56BB.0005
 
 
interface control0
clock timezone PST -8 0
clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60
line vty
  exec-timeout 15
line console
  exec-timeout 15
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4.bin sup-2
svs-domain
  domain id 2
  control vlan 41
  packet vlan 41
  svs mode L2  
svs connection vc
  protocol vmware-vim
  remote ip address 192.168.41.102 port 80
  vmware dvs uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0" datacenter-name 
COMPLIANCE Lab
  connect
vnm-policy-agent
  registration-ip 192.168.41.65
  shared-secret **********
  policy-agent-image bootflash:/vnmc-vsmpa.1.0.1j.bin
  log-level 
logging server 192.168.42.124 7 facility syslog
logging timestamp milliseconds
 
 
 
 

VSG-TENANT-1-RUNNING

version 4.2(1)VSG1(1)
no feature telnet
feature tacacs+
 
 
username bmcgloth password 5 <removed> role network-admin
 
 
banner motd # 
WARNING: 
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO **** 
                    **** AUTHORIZED USERS ONLY! **** 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY 
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT 
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. 
#
 
 
ssh key rsa 2048 
ip domain-lookup
ip domain-lookup
tacacs-server key 7 " <removed> "
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf management
    source-interface mgmt0
aaa group server tacacs+ tacacs 
hostname VSG-Tenant-1
no snmp-server protocol enable 
snmp-server user bmcgloth network-admin auth md5 <removed> priv <removed> localizedkey
ntp source 192.168.41.63
aaa authentication login default group CiscoACS 
aaa authentication login console group CiscoACS 
 
 
vrf context management
  ip domain-name cisco-irn.com
  ip name-server 192.168.42.130
  ip route 0.0.0.0/0 192.168.41.1
vlan 1
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
 
 
vdc VSG-Tenant-1 id 1
  limit-resource vlan minimum 16 maximum 2049
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource vrf minimum 16 maximum 8192
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
 
 
interface mgmt0
  ip address 192.168.41.63/24
 
 
interface data0
  ip address 192.168.52.11/24
clock timezone PST -8 0
clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60
line vty
  exec-timeout 15
line console
  exec-timeout 15
boot kickstart bootflash:/nexus-1000v-kickstart-mz.VSG1.1.bin sup-1
boot system bootflash:/nexus-1000v-mz.VSG1.1.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.VSG1.1.bin sup-2
boot system bootflash:/nexus-1000v-mz.VSG1.1.bin sup-2
ip access-list match-local-traffic
  ha-pair id 41
 
 
security-profile SecurityProfile-1@root/Tenant-1
  policy PolicySet-A@root/Tenant-1
  custom-attribute vnsporg "root/tenant-1"
 
 
security-profile default@root
  policy default@root
  custom-attribute vnsporg "root"
rule default/default-rule@root
  action 10 drop
rule PolicyA/allow_ICMP@root/Tenant-1
  condition 10 dst.net.ip-address eq 192.168.1.1 
  condition 11 net.protocol eq 1 
  action 10 log
  action 11 permit
policy default@root
  rule default/default-rule@root order 2 
policy PolicySet-A@root/Tenant-1
  rule PolicyA/allow_ICMP@root/Tenant-1 order 101 
vnm-policy-agent
  registration-ip 192.168.41.65
  shared-secret **********
  policy-agent-image bootflash:/vnmc-vsgpa.1.0.1j.bin
  log-level 
logging logfile messages 2
logging server 192.168.42.124 6 facility local0
logging monitor 2
 
 

RSERV-1

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname RSERV-1
!
boot-start-marker
boot system flash sup-bootdisk:/s72033-adventerprisek9_wan-mz.122-33.SXJ.bin
boot-end-marker
!
security authentication failure rate 2 log
security passwords min-length 7
logging buffered 50000
no logging rate-limit
enable secret 5 <removed>
!
 
 
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
aaa new-model
!
!
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PSTDST recurring
svclc module 4 vlan-group 162,163
svclc vlan-group 162  152,162
svclc vlan-group 163  153,163
intrusion-detection module 9 management-port access-vlan 42
intrusion-detection module 9 data-port 1 trunk allowed-vlan 153,154
intrusion-detection module 9 data-port 2 trunk allowed-vlan 163,164
ip wccp 61
ip wccp 62
!
!
!
no ip bootp server
ip multicast-routing 
ip ssh version 2
ip scp server enable
no ip domain-lookup
ip domain-name cisco-irn.com
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
ipv6 mfib hardware-switching replication-mode ingress
vtp domain datacenter
vtp mode transparent
no mls acl tcam share-global
mls netflow interface
mls cef error action freeze
password encryption aes
!
crypto pki trustpoint TP-self-signed-1027
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1027
 revocation-check none
 rsakeypair TP-self-signed-1027
!
!
crypto pki certificate chain TP-self-signed-1027
 certificate self-signed 01
  <removed>
  quit
!
!
!
!
!
!
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
spanning-tree mode pvst
!
no power enable module 8
diagnostic bootup level minimal
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 41
 name DeviceManagementHTA
!
vlan 42
 name DeviceManagement
!
vlan 43
 name WIRELESS-CONTROL
!
vlan 44
 name PhysicalSec
!
vlan 47
 name WAAS_Central_Manager
!
vlan 49
 name WAAS_DC
!
vlan 152
 name NorthSide_facing_ASA_Servers2
!
vlan 153
 name ACE_to_IDS_Servers2
!
vlan 154
 name SouthSide_facing_Servers2
!
vlan 162
 name NorthSide_facing_ASA_Servers1
!
vlan 163
 name ACE_to_IDS_Servers1
!
vlan 164
 name SouthSide_facing_Servers1
!
vlan 803
 name RSERV-1_to_RAGG-1-VDC-2
!
vlan 1000 
!
! 
!
!
!
interface Loopback0
 ip address 192.168.1.21 255.255.255.255
!
interface Loopback62
 ip address 192.168.62.161 255.255.255.255
!
interface GigabitEthernet1/1
 no ip address
 shutdown
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/4
 no ip address
 shutdown
!
interface GigabitEthernet1/5
 no ip address
 shutdown
!
interface GigabitEthernet1/6
 no ip address
 shutdown
!
interface GigabitEthernet1/7
 no ip address
 shutdown
!
interface GigabitEthernet1/8
 no ip address
 shutdown
!
interface GigabitEthernet1/9
 no ip address
 shutdown
!
interface GigabitEthernet1/10
 no ip address
 shutdown
!
interface GigabitEthernet1/11
 no ip address
 shutdown
!
interface GigabitEthernet1/12
 no ip address
 shutdown
!
interface GigabitEthernet1/13
 no ip address
 shutdown
!
interface GigabitEthernet1/14
 no ip address
 shutdown
!
interface GigabitEthernet1/15
 no ip address
 shutdown
!
interface GigabitEthernet1/16
 no ip address
 shutdown
!
interface TenGigabitEthernet2/1
 description to RAGG-1 vdc2 T1/15
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 162
 switchport mode trunk
!
interface TenGigabitEthernet2/2
 description to RAGG-1 vdc2 T1/16
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 152
 switchport mode trunk
!
interface TenGigabitEthernet2/3
 no ip address
 shutdown
!
interface TenGigabitEthernet2/4
 no ip address
 shutdown
!
interface TenGigabitEthernet2/5
 description to RAGG-1 vdc2 T1/17
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 41-44,164,803
 switchport mode trunk
!
interface TenGigabitEthernet2/6
 description to RAGG-1 vdc2 T1/18
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 154
 switchport mode trunk
!
interface TenGigabitEthernet2/7
 no ip address
 shutdown
!
interface TenGigabitEthernet2/8
 no ip address
 shutdown
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 shutdown
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
 no ip address
 shutdown
!
interface GigabitEthernet7/1
 no ip address
 shutdown
!
interface GigabitEthernet7/2
 no ip address
 shutdown
!
interface GigabitEthernet7/3
 no ip address
!
interface GigabitEthernet7/4
 no ip address
!
interface GigabitEthernet7/5
 no ip address
!
interface GigabitEthernet7/6
 no ip address
!
interface GigabitEthernet7/7
 no ip address
!
interface GigabitEthernet7/8
 no ip address
!
interface GigabitEthernet7/9
 no ip address
!
interface GigabitEthernet7/10
 no ip address
!
interface GigabitEthernet7/11
 no ip address
!
interface GigabitEthernet7/12
 no ip address
!
interface GigabitEthernet7/13
 no ip address
!
interface GigabitEthernet7/14
 no ip address
!
interface GigabitEthernet7/15
 no ip address
!
interface GigabitEthernet7/16
 no ip address
!
interface GigabitEthernet7/17
 description WAAS Central Manager
 switchport
 switchport access vlan 47
 switchport mode access
!
interface GigabitEthernet7/18
 no ip address
!
interface GigabitEthernet7/19
 no ip address
!
interface GigabitEthernet7/20
 no ip address
!
interface GigabitEthernet7/21
 description AW-DC-1_G1
 switchport
 switchport access vlan 43
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/22
 description AW-DC-2_G1
 switchport
 switchport access vlan 43
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/23
 description MDS Management PAME-DC-1
 switchport
 switchport access vlan 44
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/24
 description MDS Management MDS-DC-1_M0 
 switchport
 switchport access vlan 41
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/25
 description MDS Management MDS-DC-2_M0
 switchport
 switchport access vlan 41
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/26
 no ip address
!
interface GigabitEthernet7/27
 description ASA-WAN-1_M0
 switchport
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/28
 no ip address
!
interface GigabitEthernet7/29
 description MSE-DC-1_G1
 switchport
 switchport access vlan 43
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/30
 description MSE-DC-2_G1
 switchport
 switchport access vlan 43
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/31
 no ip address
!
interface GigabitEthernet7/32
 no ip address
!
interface GigabitEthernet7/33
 description RSA enVision
 switchport
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/34
 no ip address
!
interface GigabitEthernet7/35
 description WAE-DC-1
 switchport
 switchport access vlan 49
 switchport mode access
!
interface GigabitEthernet7/36
 no ip address
!
interface GigabitEthernet7/37
 no ip address
!
interface GigabitEthernet7/38
 no ip address
!
interface GigabitEthernet7/39
 no ip address
!
interface GigabitEthernet7/40
 no ip address
!
interface GigabitEthernet7/41
 no ip address
!
interface GigabitEthernet7/42
 no ip address
!
interface GigabitEthernet7/43
 no ip address
!
interface GigabitEthernet7/44
 no ip address
!
interface GigabitEthernet7/45
 description hard crossover bridge
 no ip address
 shutdown
!
interface GigabitEthernet7/46
 no ip address
!
interface GigabitEthernet7/47
 no ip address
 shutdown
!
interface GigabitEthernet7/48
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan803
 description ** South Side facing Servers1 **
 ip address 192.168.130.10 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf priority 0
!
router ospf 5
 router-id 192.168.1.21
 log-adjacency-changes
 area 81 authentication message-digest
 area 81 nssa
 area 81 range 192.168.0.0 255.255.0.0
 timers throttle spf 10 100 5000
 passive-interface default
 no passive-interface Vlan803
 network 192.168.0.0 0.0.255.255 area 81
!
ip classless
no ip forward-protocol nd
!
!
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip tacacs source-interface Loopback0
!
logging trap debugging
logging source-interface Loopback0
logging 192.168.42.124
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access  88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth 
snmp-server trap-source Loopback0
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps MAC-Notification change move threshold
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps energywise
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps errdisable
snmp-server host 192.168.42.124 remoteuser 
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner exec C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner incoming C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner login C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
!
ntp source Loopback0
ntp master 5
ntp update-calendar
ntp server 171.68.10.150
ntp server 171.68.10.80 prefer
mac-address-table aging-time 480
!
end

RSERV-2

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname RSERV-2
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 2 log
security passwords min-length 7
logging buffered 50000
no logging rate-limit
enable secret 5 <removed>
!
 
 
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
aaa new-model
!
!
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PSTDST recurring
svclc module 4 vlan-group 162,163
svclc vlan-group 162  152,162
svclc vlan-group 163  153,163
intrusion-detection module 9 management-port access-vlan 42
intrusion-detection module 9 data-port 1 trunk allowed-vlan 153,154
intrusion-detection module 9 data-port 2 trunk allowed-vlan 163,164
ip wccp 61
ip wccp 62
!
!
!
no ip bootp server
ip multicast-routing 
ip ssh version 2
ip scp server enable
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
ipv6 mfib hardware-switching replication-mode ingress
vtp domain CiscoCOMPLIANCE
vtp mode transparent
no mls acl tcam share-global
mls netflow interface
mls cef error action freeze
password encryption aes
!
crypto pki trustpoint TP-self-signed-1027
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1027
 revocation-check none
 rsakeypair TP-self-signed-1027
!
!
crypto pki certificate chain TP-self-signed-1027
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  2B312930 27060355 04031320 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31303237 301E170D 31313034 32313030 30353139 5A170D32 
  30303130 31303030 3030305A 302B3129 30270603 55040313 20494F53 2D53656C 
  662D5369 676E6564 2D436572 74696669 63617465 2D313032 3730819F 300D0609 
  2A864886 F70D0101 01050003 818D0030 81890281 8100A365 80CA486A 1FCC3F72 
  4B6DDFE1 AA57CE0A 4726554C B0D6B6F3 BC9F3F3A 84AAD96D 0C8D4E07 3E5C42FD 
  2AB0BA8A 1E5E28AE BDA4FE3A F1A425A6 2D2F09E0 3DC30109 F4561A9B EADC4896 
  87FD5133 4FEAFA2F C214CB35 11B7AEB6 F0C3DE4F 4453DA89 6177A6D3 9FDA59BA 
  EE11414E 008C40A8 FF768B0D 0CE97204 82FB71C6 10C30203 010001A3 75307330 
  0F060355 1D130101 FF040530 030101FF 30200603 551D1104 19301782 15525345 
  52562D32 2E636973 636F2D69 726E2E63 6F6D301F 0603551D 23041830 16801425 
  E9402754 9D8FF072 B2B9284C D1157536 23A79C30 1D060355 1D0E0416 041425E9 
  4027549D 8FF072B2 B9284CD1 15753623 A79C300D 06092A86 4886F70D 01010405 
  00038181 003EACB3 84C4E98F 65FE3BE2 F4984B3D 908DCF32 E89B4217 6F3444EB 
  E844C491 A50B817E 508BE874 E4C1FE1E 9A92EDC5 8566CC69 AB760674 E802086B 
  DDD7DF6A 3964355C 0F88B1AB 52E69373 D25A2877 3379ECAF A8D3DAE8 239C2708 
  8B1C24DF 4210091C 8C3DF041 7B10147C E399480E 6A7D00DD 64D8AD86 528815E4 
  7FAECE3C 2B
  quit
!
!
!
!
!
!
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
spanning-tree mode pvst
!
no power enable module 8
diagnostic bootup level minimal
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
!
!
vlan internal allocation policy descending
vlan dot1q tag native 
vlan access-log ratelimit 2000
!
vlan 41
 name DeviceManagementHTA
!
vlan 42
 name DeviceManagement
!
vlan 43
 name WIRELESS-CONTROL
!
vlan 44
 name PhysicalSec
!
vlan 47
 name WAAS_Central_Manager
!
vlan 49
 name WAAS_DC
!
vlan 152
 name NorthSide_facing_ASA_Servers2
!
vlan 153
 name ACE_to_IDS_Servers2
!
vlan 154
 name SouthSide_facing_Servers2
!
vlan 162
 name NorthSide_facing_ASA_Servers1
!
vlan 163
 name ACE_to_IDS_Servers1
!
vlan 164
 name SouthSide_facing_Servers1
!
vlan 804
 name RSERV-2_to_RAGG-2-VDC-2
!
vlan 1000 
!
! 
!
!
!
interface Loopback0
 ip address 192.168.1.22 255.255.255.255
!
interface Loopback62
 ip address 192.168.62.162 255.255.255.255
!
interface GigabitEthernet1/1
 no ip address
 shutdown
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/4
 no ip address
 shutdown
!
interface GigabitEthernet1/5
 no ip address
 shutdown
!
interface GigabitEthernet1/6
 no ip address
 shutdown
!
interface GigabitEthernet1/7
 no ip address
 shutdown
!
interface GigabitEthernet1/8
 no ip address
 shutdown
!
interface GigabitEthernet1/9
 no ip address
 shutdown
!
interface GigabitEthernet1/10
 no ip address
 shutdown
!
interface GigabitEthernet1/11
 no ip address
 shutdown
!
interface GigabitEthernet1/12
 no ip address
 shutdown
!
interface GigabitEthernet1/13
 no ip address
 shutdown
!
interface GigabitEthernet1/14
 no ip address
 shutdown
!
interface GigabitEthernet1/15
 no ip address
 shutdown
!
interface GigabitEthernet1/16
 no ip address
 shutdown
!
interface TenGigabitEthernet2/1
 description to RAGG-2 vdc2 T1/15
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 162
 switchport mode trunk
!
interface TenGigabitEthernet2/2
 description to RAGG-2 vdc2 T1/16
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 152
 switchport mode trunk
!
interface TenGigabitEthernet2/3
 no ip address
 shutdown
!
interface TenGigabitEthernet2/4
 no ip address
 shutdown
!
interface TenGigabitEthernet2/5
 description to RAGG-2 vdc2 T1/18
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 41-44,164,804
 switchport mode trunk
!
interface TenGigabitEthernet2/6
 description to RAGG-2 vdc2 T1/17
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 154
 switchport mode trunk
!
interface TenGigabitEthernet2/7
 no ip address
 shutdown
!
interface TenGigabitEthernet2/8
 no ip address
 shutdown
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 shutdown
!
interface GigabitEthernet6/1
 no ip address
 shutdown
!
interface GigabitEthernet6/2
 no ip address
 shutdown
!
interface GigabitEthernet7/1
 switchport
 switchport access vlan 42
!
interface GigabitEthernet7/2
 no ip address
!
interface GigabitEthernet7/3
 no ip address
!
interface GigabitEthernet7/4
 no ip address
!
interface GigabitEthernet7/5
 description WAE-DC-2
 switchport
 switchport access vlan 48
 switchport mode access
!
interface GigabitEthernet7/6
 no ip address
!
interface GigabitEthernet7/7
 no ip address
!
interface GigabitEthernet7/8
 no ip address
!
interface GigabitEthernet7/9
 no ip address
!
interface GigabitEthernet7/10
 no ip address
!
interface GigabitEthernet7/11
 no ip address
!
interface GigabitEthernet7/12
 no ip address
!
interface GigabitEthernet7/13
 no ip address
!
interface GigabitEthernet7/14
 no ip address
!
interface GigabitEthernet7/15
 no ip address
!
interface GigabitEthernet7/16
 no ip address
!
interface GigabitEthernet7/17
 no ip address
!
interface GigabitEthernet7/18
 no ip address
!
interface GigabitEthernet7/19
 no ip address
!
interface GigabitEthernet7/20
 no ip address
!
interface GigabitEthernet7/21
 no ip address
!
interface GigabitEthernet7/22
 no ip address
!
interface GigabitEthernet7/23
 description PAME-DC-1
 switchport
 switchport access vlan 44
 switchport mode access
!
interface GigabitEthernet7/24
 no ip address
!
interface GigabitEthernet7/25
 no ip address
!
interface GigabitEthernet7/26
 no ip address
!
interface GigabitEthernet7/27
 description ASA-WAN-2_M0
 switchport
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet7/28
 no ip address
!
interface GigabitEthernet7/29
 no ip address
!
interface GigabitEthernet7/30
 no ip address
!
interface GigabitEthernet7/31
 no ip address
!
interface GigabitEthernet7/32
 no ip address
!
interface GigabitEthernet7/33
 no ip address
!
interface GigabitEthernet7/34
 no ip address
!
interface GigabitEthernet7/35
 no ip address
!
interface GigabitEthernet7/36
 no ip address
!
interface GigabitEthernet7/37
 no ip address
!
interface GigabitEthernet7/38
 no ip address
!
interface GigabitEthernet7/39
 no ip address
!
interface GigabitEthernet7/40
 no ip address
!
interface GigabitEthernet7/41
 no ip address
!
interface GigabitEthernet7/42
 no ip address
!
interface GigabitEthernet7/43
 no ip address
!
interface GigabitEthernet7/44
 no ip address
!
interface GigabitEthernet7/45
 no ip address
!
interface GigabitEthernet7/46
 no ip address
!
interface GigabitEthernet7/47
 no ip address
!
interface GigabitEthernet7/48
 no ip address
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan42
 ip address 192.168.42.47 255.255.255.0
!
interface Vlan804
 description ** South Side facing Servers1 **
 ip address 192.168.130.14 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <removed>
 ip ospf priority 0
!
router ospf 5
 router-id 192.168.1.22
 log-adjacency-changes
 area 81 authentication message-digest
 area 81 nssa
 area 81 range 192.168.0.0 255.255.0.0
 timers throttle spf 10 100 5000
 passive-interface default
 no passive-interface Vlan804
 network 192.168.0.0 0.0.255.255 area 81
!
ip classless
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.42.1 255 name backup_default
!
!
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip tacacs source-interface Loopback0
!
logging trap debugging
logging source-interface Loopback0
logging 192.168.42.124
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access  88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth 
snmp-server trap-source Loopback0
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps MAC-Notification change move threshold
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps energywise
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps errdisable
snmp-server host 192.168.42.124 remoteuser 
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner exec C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner incoming C
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
 
 
banner login C
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
!
ntp source Loopback0
ntp master 5
ntp update-calendar
ntp server 171.68.10.150
ntp server 171.68.10.80 prefer
mac-address-table aging-time 480
!
end

Access

SACCESS-1

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname SACCESS-1
!
boot-start-marker
boot-end-marker
!
logging snmp-authfail
logging buffered 51200 debugging
enable secret 5 <removed>
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
aaa new-model
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
aaa session-id common
clock timezone PST -8
clock summer-time PSTDST recurring
ip subnet-zero
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
!
no ip bootp server
ip ssh version 2
ip scp server enable
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
vtp mode transparent
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-112603
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-112603
 revocation-check none
 rsakeypair TP-self-signed-112603
!
!
crypto pki certificate chain TP-self-signed-112603
 certificate self-signed 01
  <removed>
  quit
!
!
power redundancy-mode redundant
archive
 log config
  logging enable
  hidekeys
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 20,41-43 
!
vlan 44
 name PhysicalSec
!
vlan 45-50,52,62 
!
vlan 64
 name Databases
!
vlan 72,146,164,256,666,1000 
!
interface Loopback0
 no ip address
!
interface Port-channel1
 description to Aggregation Switches
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 38,41,42,44
 switchport mode trunk
 logging event link-status
 flowcontrol receive on
!
interface GigabitEthernet1/1
 description SRV-DC-1
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/2
 description SRV-DC-2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 41
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/3
 description SRV-DC-3
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/4
 description SRV-DC-4
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/5
 description SRV-DC-5
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/6
 description SRV-DC-6=CUAE
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/7
 description SRV-DC-7=CCM511
 switchport access vlan 45
 spanning-tree portfast
!
interface GigabitEthernet1/8
 description SRV-DC-8 - Oracle RDBMS 10g
 switchport access vlan 64
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 64
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/9
 description MSP-DC-1
 switchport access vlan 44
 switchport trunk encapsulation dot1q
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/10
 description SRV-DC-10
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/11
 description SRV-DC-11
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/12
 description SRV-DC-12
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/13
 description SRV-DC-13
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/14
 description SRV-DC-14
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/15
 description SRV-DC-15
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/16
 description SRV-DC-16
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/17
 description SRV-DC-17
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/18
 description SRV-DC-18
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/19
 description SRV-DC-19
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/20
 description SRV-DC-20
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/21
 description SRV-DC-21
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/22
 description SRV-DC-22
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/23
 description SRV-DC-23
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/24
 description SRV-DC-24
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/25
 description SRV-DC-25
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/26
 description server 14 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/27
 description server 15 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/28
 description server 16 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/29
 description server 18 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/30
 description server 19 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/31
 description server 20 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/32
 description server 21 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/33
 description VXML Rouer VEM
 switchport access vlan 45
 spanning-tree portfast
!
interface GigabitEthernet1/34
 description SPAN to SRV-DC-28-NICE VoiceRecorder
 switchport trunk encapsulation dot1q
 spanning-tree portfast
!
interface GigabitEthernet1/35
 description Small branch 1800 server e1
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 spanning-tree portfast
!
interface GigabitEthernet1/36
 description small branch 1800 iLO
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/37
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/38
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/39
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/40
 description IPcelerate Server
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/41
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/42
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/43
 description EMC SAN Mgt-A
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/44
 description PRomise SAN M1
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/45
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/46
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/47
 description Uplink to RSERV-1 Management G7/1
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/48
 description Uplink to RSERV-2 Management G7/1
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast
!
interface TenGigabitEthernet1/49
 description Uplink to RAGG-1-VDC2 T1/13
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 38,41,42,44
 switchport mode trunk
 channel-group 1 mode active
 spanning-tree portfast trunk
!
interface TenGigabitEthernet1/50
 description Uplink to RAGG-2-VDC2 T1/13
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 38,41,42,44
 switchport mode trunk
 channel-group 1 mode active
 spanning-tree portfast trunk
!
interface Vlan1
 no ip address
!
interface Vlan42
 ip address 192.168.42.33 255.255.255.0
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.42.1
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip tacacs source-interface Vlan42
!
!
logging source-interface Vlan42
logging 192.168.42.121
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access 88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F 
snmp-server trap-source Vlan42
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps entity
snmp-server enable traps flash insertion removal
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server host 192.168.42.124 remoteuser 
tacacs-server host 192.168.42.131
no tacacs-server directed-request
tacacs-server key 7 <removed>
radius-server source-ports 1645-1646
!
control-plane
!
banner exec 
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
banner incoming 
WARNING:  
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
banner login 
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
 stopbits 1
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
!
monitor session 1 source interface Gi1/33
monitor session 1 destination interface Gi1/34
ntp clock-period 17181001
ntp server 192.168.0.1
ntp server 192.168.62.162
ntp server 192.168.62.161 prefer
end

SACCESS-2

 
 
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname SACCESS-2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
enable secret 5 <removed>
!
username bart privilege 15 secret 5 <removed>
username bmcgloth privilege 15 secret 5 <removed>
username csmadmin privilege 15 secret 5 <removed>
!
aaa new-model
aaa authentication login CiscoACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated 
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
aaa session-id common
clock timezone PST -8
clock summer-time PST recurring
vtp mode transparent
ip subnet-zero
ip domain-name cisco-irn.com
ip name-server 192.168.42.130
!
no ip bootp server
ip ssh version 2
ip scp server enable
login block-for 1800 attempts 6 within 1800
login quiet-mode access-class 23
login on-failure log
login on-success log
!
password encryption aes
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 20,40-43 
!
vlan 44
 name PhysicalSec
!
vlan 45-49,52,62,64,72,146,164,256,666,1000 
!
interface Port-channel2
 description to Aggregation Switches
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 38,41,42,44
 switchport mode trunk
 logging event link-status
 flowcontrol receive on
!
interface GigabitEthernet1/1
 description SRV-DC-1
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/2
 description SRV-DC-2
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/3
 description SRV-DC-3
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/4
 description SRV-DC-4
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/5
 description SRV-DC-5
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/6
 description SRV-DC-6=CUAE
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/7
 description SRV-DC-7=CCM511
 switchport access vlan 45
 spanning-tree portfast
!
interface GigabitEthernet1/8
 description SRV-DC-8
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/9
 description MSP-DC-1
 switchport access vlan 44
 switchport trunk encapsulation dot1q
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/10
 description SRV-DC-10
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/11
 description SRV-DC-11
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/12
 description SRV-DC-12
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/13
 description SRV-DC-13
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/14
 description SRV-DC-14
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/15
 description SRV-DC-15
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/16
 description SRV-DC-16
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/17
 description SRV-DC-17
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/18
 description SRV-DC-18
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/19
 description SRV-DC-19
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/20
 description SRV-DC-20
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/21
 description SRV-DC-21
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/22
 description SRV-DC-22
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 4094
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/23
 description SRV-DC-23
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/24
 description SRV-DC-24
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/25
 description SRV-DC-25
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/26
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/27
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/28
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/29
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/30
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/31
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/32
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/33
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/34
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/35
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/36
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/37
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet1/38
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/39
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/40
 description IPcelerate Server
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/41
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/42
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/43
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/44
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/45
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/46
 switchport access vlan 42
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 42
 switchport mode trunk
 shutdown
 spanning-tree portfast trunk
!
interface GigabitEthernet1/47
 description TEMP Uplink to RSERV-1 Management G7/2
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/48
 description TEMP Uplink to RSERV-2 Management G7/2
 switchport access vlan 42
 switchport mode access
 spanning-tree portfast
!
interface TenGigabitEthernet1/49
 description Uplink to RAGG-1-VDC2 T1/14
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 38,41,42,44
 switchport mode trunk
 spanning-tree portfast trunk
 channel-group 2 mode active
!
interface TenGigabitEthernet1/50
 description Uplink to RAGG-2-VDC2 T1/14
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 38,41,42,44
 switchport mode trunk
 spanning-tree portfast trunk
 channel-group 2 mode active
!
interface Vlan1
 no ip address
!
interface Vlan42
 ip address 192.168.42.34 255.255.255.0
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.42.1
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication CiscoACS
ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha 
ip http timeout-policy idle 60 life 86400 requests 10000
ip tacacs source-interface Vlan42
!
!
logging trap debugging
logging source-interface Vlan42
logging 192.168.42.124
access-list 23 permit 192.168.41.101 log
access-list 23 permit 192.168.41.102 log
access-list 23 permit 192.168.42.111 log
access-list 23 permit 192.168.42.122 log
access-list 23 permit 192.168.42.124 log
access-list 23 permit 127.0.0.1 log
access-list 23 permit 192.168.42.131 log
access-list 23 permit 192.168.42.133 log
access-list 23 permit 192.168.42.138 log
access-list 23 permit 10.19.151.99 log
access-list 23 deny   any log
access-list 88 permit 192.168.42.124 log
access-list 88 deny   any log
!
!
snmp-server engineID remote 192.168.42.124 0000000000 
snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access 88
snmp-server user remoteuser remoteuser v3 
snmp-server group remoteuser v3 noauth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F 
snmp-server trap-source Vlan42
snmp-server packetsize 8192
snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps flash insertion removal
snmp-server enable traps syslog
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server host 192.168.42.124 remoteuser 
tacacs-server host 192.168.42.131
tacacs-server directed-request
tacacs-server key 7 <removed>
radius-server source-ports 1645-1646
banner exec 
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
banner incoming 
WARNING:  
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT 
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER 
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER 
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW 
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.        
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
 
 
banner login 
WARNING:
THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!
 
 
!
line con 0
 session-timeout 15  output
 exec-timeout 15 0
 login authentication CiscoACS
 stopbits 1
line vty 0 4
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
line vty 5 15
 session-timeout 15  output
 access-class 23 in
 exec-timeout 15 0
 logging synchronous
 login authentication CiscoACS
 transport preferred none
 transport input ssh
 transport output none
!
ntp clock-period 17181029
ntp source Vlan42
ntp server 192.168.62.162
ntp server 192.168.62.161 prefer
!
end

SACCESS-3

 
 
version 5.0(3)N1(1b)
feature fcoe
 
 
feature privilege
no feature telnet
no telnet server enable
feature tacacs+
cfs eth distribute
feature lacp
feature vpc
feature lldp
feature fex
 
 
username bart password 5 <removed>  role network-admin
username bmcgloth password 5 <removed>  role network-admin
enable secret 5 <removed>
 
 
banner motd #
WARNING:
    **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO ****
                    **** AUTHORIZED USERS ONLY! ****
 
 
ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT
TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY
TO IDENTIFY ANY UNAUTHORIZED USER.  THE SYSTEM ADMINISTRATOR OR OTHER
REPRESENTATIVES OF THE SYSTEM OWNER  MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT
FURTHER NOTICE OR CONSENT.  UNAUTHORIZED USE OF  THIS SYSTEM AND ANY OTHER
CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW
ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.
 
 
UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.
#
 
 
ssh login-attempts 6
 
 
ip domain-lookup
ip domain-name cisco-irn.com
ip host SACCESS-3 192.168.41.33
tacacs-server key 7 "<removed>"
tacacs-server host 192.168.42.131 
aaa group server tacacs+ CiscoACS 
    server 192.168.42.131 
    use-vrf management
    source-interface mgmt0
hostname SACCESS-3
ip access-list 23
  statistics per-entry
  10 permit ip 127.0.0.1/32 192.168.41.33/32
  20 permit ip 192.168.41.101/32 192.168.41.33/32
  30 permit ip 192.168.41.102/32 192.168.41.33/32
  40 permit ip 192.168.42.111/32 192.168.41.33/32
  50 permit ip 192.168.42.122/32 192.168.41.33/32
  60 permit ip 192.168.42.131/32 192.168.41.33/32
  70 permit ip 192.168.42.133/32 192.168.41.33/32
  80 permit ip 192.168.42.138/32 192.168.41.33/32
  90 permit ip 10.19.151.99/32 192.168.41.33/32
  100 deny ip any any
ip access-list 88
  statistics per-entry
  10 permit ip 192.168.42.122/32 192.168.41.33/32
  20 deny ip any any
class-map type qos class-fcoe
class-map type queuing class-all-flood
  match qos-group 2
class-map type queuing class-ip-multicast
  match qos-group 2
class-map type network-qos class-all-flood
  match qos-group 2
class-map type network-qos class-ip-multicast
  match qos-group 2
snmp-server user bart network-admin auth md5 <removed> priv <removed> localizedkey
snmp-server user bmcgloth network-admin auth md5 <removed> priv <removed> localizedkey
snmp-server host 192.168.41.101 traps version 2c public  udp-port 2162
no snmp-server enable traps entity entity_mib_change
no snmp-server enable traps entity entity_module_status_change
no snmp-server enable traps entity entity_power_status_change
no snmp-server enable traps entity entity_module_inserted
no snmp-server enable traps entity entity_module_removed
no snmp-server enable traps entity entity_unrecognised_module
no snmp-server enable traps entity entity_fan_status_change
no snmp-server enable traps rf redundancy_framework
snmp-server enable traps entity fru
ntp server 192.168.62.161 use-vrf management
ntp server 192.168.62.162 use-vrf management
aaa authentication login default group CiscoACS 
aaa authentication login console group CiscoACS 
aaa authorization ssh-certificate default group CiscoACS 
aaa accounting default group CiscoACS 
aaa authentication login error-enable 
 
 
vrf context management
  ip route 0.0.0.0/0 192.168.41.1
vlan 1
vlan 36
  name DeviceMgmtHigh
vlan 37
  name DeviceMgmtLow
vlan 38
  name HyTrust
vlan 40
  name Server_iLO
vlan 41
  name ESX_Server
vlan 42
  name CoreManagement
vlan 43
  name WirelessSystems
vlan 45
vlan 52
  name POS
vlan 80-82,140-141
vlan 302
  fcoe vsan 2 
vsan database
  vsan 2 name "Promise-2" 
fcdomain fcid database
  vsan 2 wwn 21:00:00:1b:32:00:ab:0d fcid 0xee0000 area dynamic
  vsan 2 wwn 21:00:00:1b:32:00:70:0d fcid 0xee0100 area dynamic
  vsan 2 wwn 21:00:00:1b:32:00:33:0c fcid 0xee0200 area dynamic
  vsan 2 wwn 21:00:00:1b:32:00:5d:0d fcid 0xee0300 area dynamic
  vsan 2 wwn 21:00:00:1b:32:80:0b:10 fcid 0xee0400 area dynamic
  vsan 2 wwn 21:00:00:1b:32:80:52:10 fcid 0xee0500 area dynamic
  vsan 2 wwn 21:00:00:1b:32:80:da:0f fcid 0xee0600 area dynamic
  vsan 2 wwn 21:00:00:1b:32:00:3a:0c fcid 0xee0700 area dynamic
  vsan 2 wwn 21:00:00:1b:32:80:f1:0f fcid 0xee0800 area dynamic
  vsan 1 wwn 26:01:00:01:55:35:7e:44 fcid 0xee0000 dynamic
  vsan 2 wwn 21:00:00:1b:32:00:5e:0d fcid 0xee0900 area dynamic
 
 
 
 
interface port-channel3
  switchport mode trunk
  switchport trunk allowed vlan 38,41-45,52
 
 
interface vfc513
  bind interface Ethernet1/13
  no shutdown
 
 
interface vfc514
  bind interface Ethernet1/14
  no shutdown
 
 
interface vfc515
  bind interface Ethernet1/15
  no shutdown
 
 
interface vfc516
  bind interface Ethernet1/16
  no shutdown
 
 
interface vfc517
  bind interface Ethernet1/17
  no shutdown
 
 
interface vfc518
  bind interface Ethernet1/18
  no shutdown
 
 
interface vfc519
  bind interface Ethernet1/19
  no shutdown
 
 
interface vfc520
  bind interface Ethernet1/20
  no shutdown
 
 
interface vfc521
  bind interface Ethernet1/21
  no shutdown
 
 
interface vfc522
  bind interface Ethernet1/22
  no shutdown
 
 
interface vfc523
  bind interface Ethernet1/23
  no shutdown
 
 
interface vfc524
  bind interface Ethernet1/24
  no shutdown
 
 
interface vfc525
  bind interface Ethernet1/25
  no shutdown
 
 
interface vfc526
  bind interface Ethernet1/26
  no shutdown
 
 
interface vfc527
  bind interface Ethernet1/27
  no shutdown
 
 
interface vfc528
  bind interface Ethernet1/28
  no shutdown
 
 
interface vfc529
  bind interface Ethernet1/29
  no shutdown
 
 
interface vfc530
  bind interface Ethernet1/30
  no shutdown
 
 
interface vfc531
  bind interface Ethernet1/31
  no shutdown
 
 
interface vfc532
  bind interface Ethernet1/32
  no shutdown
 
 
interface vfc505
  bind interface Ethernet1/5
  no shutdown
 
 
interface vfc506
  bind interface Ethernet1/6
  no shutdown
 
 
interface vfc507
  bind interface Ethernet1/7
  no shutdown
 
 
interface vfc508
  bind interface Ethernet1/8
  no shutdown
 
 
interface vfc509
  bind interface Ethernet1/9
  no shutdown