Guest

Design Zone for Education

Schools SRA Configuration Supplement

  • Viewing Options

  • PDF (2.6 MB)
  • Feedback
Schools SRA Configuration Supplement

Table Of Contents

Schools SRA Configuration Supplement

Contents

Network Diagram

Validated Platforms and Software Versions

Network Infrastructure

Emerging Technologies

Configurations

District Office

Access

Core/Distribution

WAN Aggregation

PSTN Edge

School 1

Access

Core/Distribution/WAN Edge

PSTN Edge

School 100

Access

Core/Distribution/WAN Edge

PSTN Edge


Schools SRA Configuration Supplement


Contents

This document, contains the network diagram, and a list of all the platforms and software releases which were validated for the Schools Service Ready Architecture. The last section includes the configurations for each platform (CLI only, no GUI).

Provides a efficient and flexible network architecture for secondary schools, while enabling advanced services, such as security, unified wireless access, unified voice communications services, and presence services. The network is designed to meet the needs of the education environment:

Academic Excellence

Administrative Efficiency

School safety and security

Network Diagram

Figure 1 Physical Topology

Validated Platforms and Software Versions

Network Infrastructure

Table 1 School SRA Network Infrastructure

School Location
Platform
Role
Software

District Office

2960

Access

12.2(50)SE

2975 - Stackwise

12.2(46)EX

3560

12.2(50)SE

3750

12.2(50)SE

3750 - Stackwise

12.2(50)SE

4507R-E - Sup6E/SupV

Core/Distribution

12.2(52)SG

3750ME

WAN Aggregation

12.2(50)SE

2851

PSTN Edge

12.4(15)T1

WLC 4400 - 2100

Wireless LAN Controller

6.0

Mobile Service Engine

Location

6.0

County school 1

2960

Access

12.2(50)SE

3560

3750

3750 - Stackwise

4507R-E - SupV-10GE

Core/Distribution/WAN Edge

12.2(52)SG

2851

PSTN Edge

12.4(15)T1

WLC 4400 - 2100

Wireless LAN Controller

6.0

NAC Appliance

Network Admission

4.5

County school 2-99

3750

Core/Distribution/WAN Edge

12.2(50)SE

County school 100

2960

Access

12.2(50)SE

3560

3750

3750 - Stackwise

3750 - Stackwise

Core/Distribution/WAN Edge

12.2(50)SE

2851

PSTN Edge

12.4(15)T1

WLC 4400 - 2100

Wireless LAN Controller

6.0

NAC Appliance

Network Admission

4.5


Emerging Technologies

Table 2 Emerging Technologies

School Location
Platform
Role
Software

District Office

CUCM

Call Manager

7.0

Presence Server

Presence

7.0

7960G

IP Phone

 

7965G

 

7975G

 

7985G

Video Phone

 

ASA5520

Firewall

8.0

WSA

   

NAC Appliance (CAS, CAM)

Network Admission

4.5.1

Cisco ACS

Radius Server

4.2

County school 1

7960G

IP Phone

 

7965G

 

7975G

 

County school 2-99

Emulated IP Phones

IP Phone

 

County school 100

7960G

IP Phone

 

7965G

   

7975G

   

NAC Appliance (CAM, CAS)

Network Admission

4.5.1

Cisco ACS

Radius Server

4.2


Configurations

This section contains a copy of the complete configuration for each platform validated in the School Service Ready Architecture validation (only for platforms with CLI configurations, does not include GUI configurations).


Note Externally accessible IP addresses and passwords have been replaced with descriptive text.


District Office

Access

Cr24-2960-DO
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr24-2960-DO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$XK8W$tZTDCYAq5eBMNKtqjisAw.
enable password 7 104D000A0618
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
!
!
ip dhcp snooping vlan 101-110
no ip dhcp snooping information option
ip dhcp snooping
no ip domain-lookup
ip arp inspection vlan 101-110
ip arp inspection validate src-mac dst-mac ip allow zeros 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
 enrollment selfsigned
 serial-number
 revocation-check none
 rsakeypair HTTPS_SS_CERT_KEYPAIR
!
!
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
 certificate self-signed 01 nvram:F9154780host#2E2E.cer
!
!
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 101
 name cr2960_Dept1_VLAN
!
vlan 102
 name cr2960_Dept2_VLAN
!
vlan 103
 name cr2960_Dept3_VLAN
!
vlan 104
 name cr2960_Dept4_VLAN
!
vlan 105
 name cr2960_Dept5_VLAN
!
vlan 106
 name cr2960_Dept6_VLAN
!
vlan 107
 name cr2960_Dept7_VLAN
!
vlan 108
 name cr2960_Dept8_VLAN
!
vlan 109
 name cr2960_Dept9_VLAN
!
vlan 110
 name cr2960_Dept10_VLAN
!
vlan 201
 name Guest_VLAN
!
vlan 802
 name Hopping_VLAN
!
vlan 900
 name Mgmt_VLAN
!
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 1000000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 1000000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 1000000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 1000000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
interface Loopback0
 ip address 10.125.100.2 255.255.255.255
 no ip route-cache
!
interface Port-channel1
 description Connected to cr24-4507-DO
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110,201,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface FastEthernet0/1
 description CONNECTED TO UNTRUSTED PC
 switchport access vlan 101
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input UnTrusted-PC-Policy
 ip verify source
!
interface FastEthernet0/2
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 102
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
 ip verify source
!
interface FastEthernet0/3
 description CONNECTED TO PHONE
 switchport mode access
 switchport block unicast
 switchport voice vlan 103
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security violation restrict
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 service-policy input Phone-Policy
 ip verify source
!
interface FastEthernet0/4
 description CONNECTED TO PHONE+PC
 switchport access vlan 104
 switchport mode access
 switchport block unicast
 switchport voice vlan 105
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone+PC-Policy
 ip verify source
!
interface FastEthernet0/5
 description CONNECTED TO IPVS 2500 - CAMERA
 switchport access vlan 106
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 107
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 108
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
 description Connected to IXIA - ALM - 2/1
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110
 switchport mode trunk
 switchport nonegotiate
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface FastEthernet0/11
 description Connected to IXIA - STX - 3/1
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110
 switchport mode trunk
 switchport nonegotiate
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
 description Connected to FlashNet
 switchport mode access
 load-interval 30
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
 description Connected to cr24-4507-DO
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110,201,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet0/2
 description Connected to cr24-4507-DO
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110,201,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 description Connected to FlashNet
 ip address 172.26.160.188 255.255.254.0
 no ip redirects
 no ip proxy-arp
 no ip route-cache
!
interface Vlan900
 ip address 10.125.34.2 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip route-cache
 load-interval 30
!
no ip http server
no ip http secure-server
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 01100F1758044A5E731F
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36028997
ntp server 172.26.160.10
end


Cr26-2975-DO  
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr26-2975-DO
!
boot-start-marker
boot-end-marker
!
enable password 7 094F471A1A0A
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c2975gs-48ps-l
switch 2 provision ws-c2975gs-48ps-l
switch 3 provision ws-c2975gs-48ps-l
stack-mac persistent timer 0
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
!
!
ip dhcp snooping vlan 111-120
no ip dhcp snooping information option
ip dhcp snooping
no ip domain-lookup
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2  24
mls qos srr-queue input dscp-map queue 1 threshold 3  48 56
mls qos srr-queue input dscp-map queue 2 threshold 3  32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3  32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1  16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1  36 38
mls qos srr-queue output dscp-map queue 2 threshold 2  24
mls qos srr-queue output dscp-map queue 2 threshold 3  48 56
mls qos srr-queue output dscp-map queue 3 threshold 3  0
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 2  10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
!
!
!
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name FlashNet_VLAN
!
vlan 111-120 
!
vlan 202
 name Guest_VLAN
!
vlan 803
 name Hopping_VLAN
!
vlan 900
 name Mgmt_VLAN
!
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
interface Loopback0
 ip address 10.125.100.3 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 switchport trunk native vlan 803
 switchport trunk allowed vlan 111-120,900
 switchport mode trunk
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/1
 description CONNECTED TO UNTRUSTED-PC
 switchport access vlan 111
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input UnTrusted-PC-Policy
!
interface GigabitEthernet1/0/2
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 112
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
!
interface GigabitEthernet1/0/3
 description CONNECTED TO PHONE
 switchport mode access
 switchport block unicast
 switchport voice vlan 113
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security violation restrict
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 service-policy input Phone-Policy
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
 description Connected to FlashNet
 switchport access vlan 2
 switchport mode access
 load-interval 30
!
interface GigabitEthernet1/0/49
 description Connected to cr24-4507-DO
 switchport trunk native vlan 803
 switchport trunk allowed vlan 111-120,900
 switchport mode trunk
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface GigabitEthernet2/0/29
!
interface GigabitEthernet2/0/30
!
interface GigabitEthernet2/0/31
!
interface GigabitEthernet2/0/32
!
interface GigabitEthernet2/0/33
!
interface GigabitEthernet2/0/34
!
interface GigabitEthernet2/0/35
!
interface GigabitEthernet2/0/36
!
interface GigabitEthernet2/0/37
!
interface GigabitEthernet2/0/38
!
interface GigabitEthernet2/0/39
!
interface GigabitEthernet2/0/40
!
interface GigabitEthernet2/0/41
!
interface GigabitEthernet2/0/42
!
interface GigabitEthernet2/0/43
!
interface GigabitEthernet2/0/44
!
interface GigabitEthernet2/0/45
!
interface GigabitEthernet2/0/46
!
interface GigabitEthernet2/0/47
!
interface GigabitEthernet2/0/48
 description Connected to FlashNet
 switchport access vlan 2
 switchport mode access
 load-interval 30
!
interface GigabitEthernet2/0/49
!
interface GigabitEthernet2/0/50
!
interface GigabitEthernet2/0/51
!
interface GigabitEthernet2/0/52
!
interface GigabitEthernet3/0/1
 description CONNECTED TO PHONE+PC
 switchport access vlan 114
 switchport mode access
 switchport block unicast
 switchport voice vlan 115
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone+PC-Policy
!
interface GigabitEthernet3/0/2
 description CONNECTED TO IPVS 2500 - CAMERA
 switchport access vlan 116
 switchport mode access
 switchport block unicast
 switchport port-security
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet3/0/3
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 117
 switchport mode access
 switchport block unicast
 switchport port-security
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet3/0/4
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 118
 switchport mode access
 switchport block unicast
 switchport port-security
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 dot1x mac-auth-bypass
 dot1x pae authenticator
 dot1x violation-mode protect
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet3/0/5
!
interface GigabitEthernet3/0/6
!
interface GigabitEthernet3/0/7
!
interface GigabitEthernet3/0/8
!
interface GigabitEthernet3/0/9
!
interface GigabitEthernet3/0/10
 description Connected to IXIA - ALM - 2/2
 switchport trunk native vlan 202
 switchport trunk allowed vlan 111-120
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 spanning-tree guard root
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet3/0/11
 description Connected to IXIA - STX - 3/2
 switchport trunk native vlan 202
 switchport trunk allowed vlan 111-120
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 spanning-tree guard root
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet3/0/12
!
interface GigabitEthernet3/0/13
!
interface GigabitEthernet3/0/14
!
interface GigabitEthernet3/0/15
!
interface GigabitEthernet3/0/16
!
interface GigabitEthernet3/0/17
!
interface GigabitEthernet3/0/18
!
interface GigabitEthernet3/0/19
!
interface GigabitEthernet3/0/20
!
interface GigabitEthernet3/0/21
!
interface GigabitEthernet3/0/22
!
interface GigabitEthernet3/0/23
!
interface GigabitEthernet3/0/24
!
interface GigabitEthernet3/0/25
!
interface GigabitEthernet3/0/26
!
interface GigabitEthernet3/0/27
!
interface GigabitEthernet3/0/28
!
interface GigabitEthernet3/0/29
!
interface GigabitEthernet3/0/30
!
interface GigabitEthernet3/0/31
!
interface GigabitEthernet3/0/32
!
interface GigabitEthernet3/0/33
!
interface GigabitEthernet3/0/34
!
interface GigabitEthernet3/0/35
!
interface GigabitEthernet3/0/36
!
interface GigabitEthernet3/0/37
!
interface GigabitEthernet3/0/38
!
interface GigabitEthernet3/0/39
!
interface GigabitEthernet3/0/40
!
interface GigabitEthernet3/0/41
!
interface GigabitEthernet3/0/42
!
interface GigabitEthernet3/0/43
!
interface GigabitEthernet3/0/44
!
interface GigabitEthernet3/0/45
!
interface GigabitEthernet3/0/46
!
interface GigabitEthernet3/0/47
!
interface GigabitEthernet3/0/48
 description Connected to FlashNet
 switchport access vlan 2
 switchport mode access
 load-interval 30
!
interface GigabitEthernet3/0/49
 description Connected to cr24-4507-DO
 switchport trunk native vlan 803
 switchport trunk allowed vlan 111-120,900
 switchport mode trunk
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet3/0/50
!
interface GigabitEthernet3/0/51
!
interface GigabitEthernet3/0/52
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Connected to FlashNet - DO NOT ROUTE
 ip address 172.26.160.190 255.255.254.0
 no ip redirects
 no ip proxy-arp
 load-interval 30
!
interface Vlan900
 description Mgmt_VLAN
 ip address 10.125.34.3 255.255.255.224
 no ip redirects
 no ip unreachables
 load-interval 30
!
no ip http server
no ip http secure-server
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 094F471A1A0A5B43595F
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
 logging synchronous
 speed 115200
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
 logging synchronous
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36028631
ntp server 172.26.160.10
end


Cr24-3560r-DO
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr24-3560r-DO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$nwph$/o52o3VuKVOHNwYCaEu/w.
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
!
!
ip dhcp snooping vlan 11-20
no ip dhcp snooping information option
ip dhcp snooping
ip multicast-routing distributed
ip arp inspection vlan 11-20
ip arp inspection validate src-mac dst-mac ip allow zeros 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
key chain eigrp-key
 key 1
   key-string 7 045802150C2E
!
crypto pki trustpoint TP-self-signed-3151740416
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3151740416
 revocation-check none
 rsakeypair TP-self-signed-3151740416
!
!
crypto pki certificate chain TP-self-signed-3151740416
 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
!
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 11-20 
!
vlan 203
 name Guest_VLAN
!
ip ftp username nimishguest
ip ftp password 7 030A5F0C130A3258
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface Loopback0
 ip address 10.125.100.4 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 no switchport
 dampening
 ip address 10.125.32.1 255.255.255.254
 ip pim sparse-mode
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
!
interface FastEthernet0/1
 description CONNECTED TO UNTRUSTED-PC
 switchport access vlan 11
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input UnTrusted-PC-Policy
 ip verify source
!
interface FastEthernet0/2
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 12
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
 ip verify source
!
interface FastEthernet0/3
 description CONNECTED TO PHONE
 switchport mode access
 switchport block unicast
 switchport voice vlan 13
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security violation restrict
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 service-policy input Phone-Policy
 ip verify source
!
interface FastEthernet0/4
 description CONNECTED TO PHONE+PC
 switchport access vlan 14
 switchport mode access
 switchport block unicast
 switchport voice vlan 15
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone+PC-Policy
 ip verify source
!
interface FastEthernet0/5
 description CONNECTED TO IPVS 2500 - CAMERA
 switchport access vlan 16
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 17
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 18
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no mdix auto
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 no mdix auto
!
interface FastEthernet0/9
 switchport access vlan 11
 switchport mode access
 no mdix auto
 spanning-tree portfast
!
interface FastEthernet0/10
 description Connected to IXIA - ALM - 2/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 203
 switchport trunk allowed vlan 11-20
 switchport mode trunk
 switchport nonegotiate
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no mdix auto
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface FastEthernet0/11
 description Connected to IXIA - STX - 3/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 203
 switchport trunk allowed vlan 11-20
 switchport mode trunk
 switchport nonegotiate
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no mdix auto
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface FastEthernet0/12
 no mdix auto
!
interface FastEthernet0/13
 no mdix auto
!
interface FastEthernet0/14
 no mdix auto
!
interface FastEthernet0/15
 no mdix auto
!
interface FastEthernet0/16
 no mdix auto
!
interface FastEthernet0/17
 no mdix auto
!
interface FastEthernet0/18
 no mdix auto
!
interface FastEthernet0/19
 no mdix auto
!
interface FastEthernet0/20
 no mdix auto
!
interface FastEthernet0/21
 no mdix auto
!
interface FastEthernet0/22
 no mdix auto
!
interface FastEthernet0/23
 no mdix auto
!
interface FastEthernet0/24
 no mdix auto
!
interface FastEthernet0/25
 no mdix auto
!
interface FastEthernet0/26
 no mdix auto
!
interface FastEthernet0/27
 no mdix auto
!
interface FastEthernet0/28
 no mdix auto
!
interface FastEthernet0/29
 no mdix auto
!
interface FastEthernet0/30
 no mdix auto
!
interface FastEthernet0/31
 no mdix auto
!
interface FastEthernet0/32
 no mdix auto
!
interface FastEthernet0/33
 no mdix auto
!
interface FastEthernet0/34
 no mdix auto
!
interface FastEthernet0/35
 no mdix auto
!
interface FastEthernet0/36
 no mdix auto
!
interface FastEthernet0/37
 no mdix auto
!
interface FastEthernet0/38
 no mdix auto
!
interface FastEthernet0/39
 no mdix auto
!
interface FastEthernet0/40
 no mdix auto
!
interface FastEthernet0/41
 no mdix auto
!
interface FastEthernet0/42
 no mdix auto
!
interface FastEthernet0/43
 no mdix auto
!
interface FastEthernet0/44
 no mdix auto
!
interface FastEthernet0/45
 no mdix auto
!
interface FastEthernet0/46
 no mdix auto
!
interface FastEthernet0/47
 no mdix auto
!
interface FastEthernet0/48
 no switchport
 ip address 172.26.160.187 255.255.254.0
 no ip redirects
 no ip proxy-arp
 no mdix auto
!
interface GigabitEthernet0/1
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet0/2
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 dampening
 ip address 10.125.11.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan12
 dampening
 ip address 10.125.11.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan13
 dampening
 ip address 10.125.12.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan14
 dampening
 ip address 10.125.12.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan15
 dampening
 ip address 10.125.13.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan16
 dampening
 ip address 10.125.13.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan17
 dampening
 ip address 10.125.14.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan18
 dampening
 ip address 10.125.14.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan19
 dampening
 ip address 10.125.15.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan20
 dampening
 ip address 10.125.15.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
!
router eigrp 100
 passive-interface default
 no passive-interface Port-channel1
 no auto-summary
 eigrp router-id 10.125.100.4
 eigrp stub connected
 network 10.125.0.0 0.0.255.255
!
ip classless
no ip http server
no ip http secure-server
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
!
!
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 00071A15075447575D72
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36028444
ntp server 172.26.160.10
end


Cr25-3750-DO
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr25-3750-DO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$rZnh$VH5sfvkInDxIlKe6HvlHO.
enable password 7 094F471A1A0A
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
no ip domain-lookup
!
!
ip dhcp snooping vlan 121-130
no ip dhcp snooping information option
ip dhcp snooping
ip multicast-routing distributed
ip arp inspection vlan 121-130
ip arp inspection validate src-mac dst-mac ip allow zeros 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
crypto pki trustpoint TP-self-signed-250233728
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-250233728
 revocation-check none
 rsakeypair TP-self-signed-250233728
!
!
crypto pki certificate chain TP-self-signed-250233728
 certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 121
 name cr25_3750_Dept21
!
vlan 122
 name cr25_3750_Dept22
!
vlan 123
 name cr25_3750_Dept23
!
vlan 124
 name cr25_3750_Dept24
!
vlan 125
 name cr25_3750_Dept25
!
vlan 126
 name cr25_3750_Dept26
!
vlan 127
 name cr25_3750_Dept27
!
vlan 128
 name cr25_3750_Dept28
!
vlan 129
 name cr25_3750_Dept29
!
vlan 130
 name cr25_3750_Dept30
!
vlan 204
 name Guest_VLAN
!
vlan 804
 name Hopping_VLAN
!
vlan 900
 name Mgmt_VLAN
!
ip ftp username nimishguest
ip ftp password 7 0701254B5B0C0A11
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface Loopback0
 ip address 10.125.100.5 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130,204,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/1
 description CONNECTED TO UNTRUSTED PC
 switchport access vlan 121
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input UnTrusted-PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/2
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 122
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/3
 description CONNECTED TO PHONE
 switchport mode access
 switchport block unicast
 switchport voice vlan 123
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security violation restrict
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 service-policy input Phone-Policy
 ip verify source
!
interface GigabitEthernet1/0/4
 description CONNECTED TO PHONE+PC
 switchport access vlan 124
 switchport mode access
 switchport block unicast
 switchport voice vlan 125
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone+PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/5
 description CONNECTED TO IPVS 2500 - CAMERA
 switchport access vlan 126
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 127
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 128
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 description Connected to IXIA - ALM - 2/4
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/11
 description Connected to IXIA - STX - 3/4
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
 description Flashnet DO NOT ROUTE
 no switchport
 ip address 172.26.160.200 255.255.254.0
 no ip proxy-arp
 duplex full
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130,204,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/28
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130,204,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan900
 description Mgmt_VLAN
 ip address 10.125.34.4 255.255.255.224
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
ip classless
ip route 172.26.158.0 255.255.255.0 172.26.160.1
no ip http server
no ip http secure-server
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
!
!
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 13061E010803487B7977
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36029250
ntp server 172.26.160.10
end


Cr26-3750r-DO
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr26-3750r-DO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$d/Sc$Ha0.t0aRa.T2i2rSdNk7e1
enable password 7 05080F1C2243
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750e-24pd
switch 2 provision ws-c3750e-24pd
switch 3 provision ws-c3750e-24pd
stack-mac persistent timer 0
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
!
!
ip dhcp snooping vlan 11-20
no ip dhcp snooping information option
ip dhcp snooping
ip multicast-routing distributed
ip arp inspection vlan 11-20
ip arp inspection validate src-mac dst-mac ip allow zeros 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
key chain eigrp-key
 key 1
   key-string 7 104D000A0618
!
crypto pki trustpoint TP-self-signed-1384443008
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1384443008
 revocation-check none
 rsakeypair TP-self-signed-1384443008
!
crypto pki trustpoint TP-self-signed-721582080
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-721582080
 revocation-check none
 rsakeypair TP-self-signed-721582080
!
!
crypto pki certificate chain TP-self-signed-1384443008
 certificate self-signed 
  quit
crypto pki certificate chain TP-self-signed-721582080
license boot level ipservices switch 1
license boot level ipservices switch 3
license boot level ipservices
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 120
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 11-20 
!
vlan 205
 name Guest_VLAN
!
vlan 900 
!
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface Loopback0
 ip address 10.125.100.6 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 no switchport
 dampening
 ip address 10.125.32.3 255.255.255.254
 ip pim sparse-mode
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
!
interface FastEthernet0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description CONNECTED TO UNTRUSTED PC
 switchport access vlan 11
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input UnTrusted-PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/2
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 12
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/3
 description CONNECTED TO PHONE
 switchport mode access
 switchport block unicast
 switchport voice vlan 13
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security violation restrict
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 service-policy input Phone-Policy
 ip verify source
!
interface GigabitEthernet1/0/4
 description CONNECTED TO PHONE+PC
 switchport access vlan 14
 switchport mode access
 switchport block unicast
 switchport voice vlan 15
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone+PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/5
 description CONNECTED TO IPVS 2500 - CAMERA
 switchport access vlan 16
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 17
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 18
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/9
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/10
 description Connected to IXIA - ALM - 2/5
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 11-20
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/11
 description Connected to IXIA - STX - 4/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 11-20
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/12
 description Connected to FlashNet
 switchport access vlan 900
 switchport mode access
 load-interval 30
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 ip pim sparse-mode
 ip hold-time eigrp 100 20
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
 description FlashNet - DO NOT ROUTE
 switchport access vlan 900
 switchport mode access
 load-interval 30
 spanning-tree portfast
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface GigabitEthernet2/0/25
 channel-protocol lacp
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface TenGigabitEthernet2/0/1
!
interface TenGigabitEthernet2/0/2
!
interface GigabitEthernet3/0/1
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
!
interface GigabitEthernet3/0/4
!
interface GigabitEthernet3/0/5
!
interface GigabitEthernet3/0/6
!
interface GigabitEthernet3/0/7
!
interface GigabitEthernet3/0/8
!
interface GigabitEthernet3/0/9
!
interface GigabitEthernet3/0/10
!
interface GigabitEthernet3/0/11
!
interface GigabitEthernet3/0/12
 description FlashNet - DO NOT ROUTE
 switchport access vlan 900
 switchport mode access
 load-interval 30
 spanning-tree portfast
!
interface GigabitEthernet3/0/13
!
interface GigabitEthernet3/0/14
!
interface GigabitEthernet3/0/15
!
interface GigabitEthernet3/0/16
!
interface GigabitEthernet3/0/17
!
interface GigabitEthernet3/0/18
!
interface GigabitEthernet3/0/19
!
interface GigabitEthernet3/0/20
!
interface GigabitEthernet3/0/21
!
interface GigabitEthernet3/0/22
!
interface GigabitEthernet3/0/23
!
interface GigabitEthernet3/0/24
!
interface GigabitEthernet3/0/25
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet3/0/26
!
interface GigabitEthernet3/0/27
!
interface GigabitEthernet3/0/28
!
interface TenGigabitEthernet3/0/1
!
interface TenGigabitEthernet3/0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 dampening
 ip address 10.125.21.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan12
 dampening
 ip address 10.125.21.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan13
 dampening
 ip address 10.125.22.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan14
 dampening
 ip address 10.125.22.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan15
 dampening
 ip address 10.125.23.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan16
 dampening
 ip address 10.125.23.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan17
 dampening
 ip address 10.125.24.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan18
 dampening
 ip address 10.125.24.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan19
 dampening
 ip address 10.125.25.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan20
 dampening
 ip address 10.125.25.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan900
 ip address 172.26.158.238 255.255.254.0
 no ip redirects
 no ip proxy-arp
 load-interval 30
!
!
router eigrp 100
 passive-interface default
 no passive-interface Port-channel1
 no auto-summary
 eigrp router-id 10.125.100.6
 eigrp stub connected
 network 10.125.0.0 0.0.255.255
 nsf
!
ip classless
no ip http server
no ip http secure-server
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
!
!
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 02050D48080943701E1D
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36026851
ntp server 172.26.158.10
end


Cr25-3750s-DO   
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr25-3750s-DO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$wQrW$jkV1e46Qfbs8PzbR/vO7O/
enable password 7 02050D480809
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ts
switch 2 provision ws-c3750g-24ts
stack-mac persistent timer 0
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
no ip domain-lookup
!
!
ip dhcp snooping vlan 131-140
no ip dhcp snooping information option
ip dhcp snooping
ip multicast-routing distributed
ip arp inspection vlan 131-140
ip arp inspection validate src-mac dst-mac ip allow zeros 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
crypto pki trustpoint TP-self-signed-1942438528
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1942438528
 revocation-check none
 rsakeypair TP-self-signed-1942438528
!
!
crypto pki certificate chain TP-self-signed-1942438528
 certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name FlashNet_VLAN
!
vlan 131
 name cr26_3750s_Dept31
!
vlan 132
 name cr26_3750s_Dept32
!
vlan 133
 name cr26_3750s_Dept33
!
vlan 134
 name cr26_3750s_Dept34
!
vlan 135
 name cr26_3750s_Dept35
!
vlan 136
 name cr26_3750s_Dept36
!
vlan 137
 name cr26_3750s_Dept37
!
vlan 138
 name cr26_3750s_Dept38
!
vlan 139
 name cr26_3750s_Dept39
!
vlan 140
 name cr26_3750s_Dept40
!
vlan 206
 name Guest_VLAN
!
vlan 805
 name Hopping_VLAN
!
vlan 900
 name Mgmt_VLAN
!
ip ftp username nimishguest
ip ftp password 7 09424A0E0C000406
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface Loopback0
 ip address 10.125.100.7 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140,900
 switchport mode trunk
 ip arp inspection trust
 logging event bundle-status
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/1
 description CONNECTED TO UNTRUSTED PC
 switchport access vlan 131
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input UnTrusted-PC-Policy
 ip verify source
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 description CONNECTED TO PHONE
 switchport mode access
 switchport block unicast
 switchport voice vlan 133
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security maximum 1 vlan voice
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone-Policy
 ip verify source
!
interface GigabitEthernet1/0/4
 ip arp inspection limit rate 100
!
interface GigabitEthernet1/0/5
 description CONNECTED TO IPVS 2500 - CAMERA
 switchport access vlan 136
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 authentication open
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 137
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 authentication open
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 138
 switchport mode access
 switchport block unicast
 switchport port-security
 ip arp inspection limit rate 100
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 authentication open
 mab
 mls qos trust dscp
 dot1x pae authenticator
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 description Connected to IXIA - ALM - 2/6
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140
 switchport mode trunk
 switchport nonegotiate
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/11
 description Connected to IXIA - STX - 4/2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140
 switchport mode trunk
 switchport nonegotiate
 ip arp inspection trust
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
 description Flashnet DO NOT ROUTE
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/25
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet2/0/1
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 132
 switchport mode access
 switchport block unicast
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 100
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
 ip verify source
!
interface GigabitEthernet2/0/2
 ip arp inspection limit rate 100
!
interface GigabitEthernet2/0/3
 description CONNECTED TO PHONE+PC
 switchport access vlan 134
 switchport mode access
 switchport block unicast
 switchport voice vlan 135
 ip arp inspection limit rate 100
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone+PC-Policy
 ip verify source
!
interface GigabitEthernet2/0/4
 ip arp inspection limit rate 100
!
interface GigabitEthernet2/0/5
 ip arp inspection limit rate 100
!
interface GigabitEthernet2/0/6
 ip arp inspection limit rate 100
!
interface GigabitEthernet2/0/7
 ip arp inspection limit rate 100
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
 description Flashnet DO NOT ROUTE
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet2/0/25
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140,900
 switchport mode trunk
 ip arp inspection trust
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
 ip dhcp snooping trust
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description Flashnet DO NOT ROUTE
 ip address 172.26.160.201 255.255.254.0
 no ip redirects
 no ip proxy-arp
!
interface Vlan900
 description Mgmt_VLAN
 ip address 10.125.34.5 255.255.255.224
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
ip classless
ip route 172.26.158.0 255.255.255.0 172.26.160.1
no ip http server
no ip http secure-server
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
!
!
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 094F471A1A0A5B43595F
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36028937
ntp server 172.26.160.10
end



Cr26-3750DC-DO
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco
! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr26-3750DC-DO
!
boot-start-marker
boot-end-marker
!
enable password 7 070C285F4D06
!
aaa new-model
!
!
aaa authentication login default group radius enable line
aaa authentication dot1x default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-12s
switch 3 provision ws-c3750g-12s
stack-mac persistent timer 0
system mtu routing 1500
vtp domain District-Office
vtp mode transparent
ip subnet-zero
no ip domain-lookup
!
!
ip multicast-routing distributed
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
crypto pki trustpoint TP-self-signed-721633024
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-721633024
 revocation-check none
 rsakeypair TP-self-signed-721633024
!
!
crypto pki certificate chain TP-self-signed-721633024
 certificate self-signed 01 nvram:IOS-Self-Sig#3434.cer
dot1x system-auth-control
dot1x guest-vlan supplicant
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name FlashNet_Vlan
!
vlan 141
 name cr26_3750s_DC_Group1
!
vlan 142
 name cr26_3750s_DC_Group2
!
vlan 143
 name cr26_3750s_DC_Group3
!
vlan 144
 name cr26_3750s_DC_Group4
!
vlan 145
 name cr26_3750s_DC_Group5
!
vlan 146
 name cr26_3750s_DC_Group6
!
vlan 147
 name cr26_3750s_DC_Group7
!
vlan 148
 name cr26_3750s_DC_Group8
!
vlan 149
 name cr26_3750s_DC_Group9
!
vlan 150
 name cr26_3750s_DC_Grou10
!
vlan 806
 name Hopping_Vlan
!
vlan 900
 name Mgmt_VLAN
!
!
class-map match-all BULK-DATA
 match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
 match ip dscp cs3 
class-map match-all MULTIMEDIA-CONFERENCING
 match access-group name MULTIMEDIA-CONFERENCING
class-map match-all DEFAULT
 match access-group name DEFAULT
class-map match-all SCAVENGER
 match access-group name SCAVENGER
class-map match-all SIGNALING
 match access-group name SIGNALING
class-map match-all VVLAN-VOIP
 match ip dscp ef 
class-map match-all TRANSACTIONAL-DATA
 match access-group name TRANSACTIONAL-DATA
!
!
policy-map Phone-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
policy-map UnTrusted-PC-Policy
 class class-default
  police 10000000 8000 exceed-action drop
  set dscp default
policy-map Trusted-PC-Policy
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
policy-map Phone+PC-Policy
 class VVLAN-VOIP
  police 128000 8000 exceed-action drop
  set dscp ef
 class VVLAN-SIGNALING
  police 32000 8000 exceed-action drop
  set dscp cs3
 class MULTIMEDIA-CONFERENCING
  set dscp af41
  police 5000000 8000 exceed-action drop
 class SIGNALING
  set dscp cs3
  police 1000000 8000 exceed-action drop
 class TRANSACTIONAL-DATA
  set dscp af21
  police 10000000 8000 exceed-action policed-dscp-transmit
 class BULK-DATA
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 class SCAVENGER
  set dscp cs1
  police 10000000 8000 exceed-action drop
 class DEFAULT
  set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
interface Loopback0
 ip address 10.125.100.8 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 141-150,900
 switchport mode trunk
 logging event bundle-status
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
 description CONNECTED TO TRUSTED-PC
 switchport access vlan 141
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Trusted-PC-Policy
!
interface GigabitEthernet1/0/3
 description Connected to IXIA - LSM - 1/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 142
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/4
 description Connected to IXIA - LSM - 1/4
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 143
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/5
 description Connected to IXIA - LSM - 1/5
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 144
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/6
 description Connected to IXIA - LSM - 1/6
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 145
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/7
 description Connected to IXIA - LSM - 1/7
 switchport access vlan 141
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/8
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 141-150,900
 switchport mode trunk
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/0/9
 description Connected to cr25-w2k-2
 switchport access vlan 141
!
interface GigabitEthernet1/0/10
 switchport access vlan 141
!
interface GigabitEthernet1/0/11
 switchport access vlan 141
!
interface GigabitEthernet1/0/12
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet2/0/1
 switchport access vlan 141
!
interface GigabitEthernet2/0/2
 switchport access vlan 141
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet3/0/1
 description Connected to IXIA - LSM - 1/7
 switchport access vlan 141
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 146
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet3/0/2
 description CONNECTED TO PHONE
 switchport access vlan 141
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust dscp
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input Phone-Policy
!
interface GigabitEthernet3/0/3
 description CONNECTED TO IPVS 4500 - CAMERA
 switchport access vlan 141
 mls qos trust dscp
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet3/0/4
 description CONNECTED TO DIGITAL MEDIA PLAYER
 switchport access vlan 141
 priority-queue out 
 mls qos trust dscp
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet3/0/5
 switchport access vlan 141
!
interface GigabitEthernet3/0/6
 switchport access vlan 141
!
interface GigabitEthernet3/0/7
 switchport access vlan 141
!
interface GigabitEthernet3/0/8
 description Connected to cr24-4507-DO
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 806
 switchport trunk allowed vlan 141-150,900
 switchport mode trunk
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol lacp
 channel-group 1 mode active
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet3/0/9
 switchport access vlan 141
 speed 100
 duplex half
!
interface GigabitEthernet3/0/10
!
interface GigabitEthernet3/0/11
 switchport access vlan 141
!
interface GigabitEthernet3/0/12
 switchport access vlan 2
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description FlashNet VLAN
 ip address 172.26.160.189 255.255.254.0
 no ip redirects
 no ip proxy-arp
!
interface Vlan900
 description Mgmt_VLAN
 ip address 10.125.34.6 255.255.255.224
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
ip classless
no ip http server
no ip http secure-server
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended BULK-DATA
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark SSH/SFTP
 permit tcp any any eq 22
 remark SMTP/SECURE SMTP
 permit tcp any any eq smtp
 permit tcp any any eq 465
 remark IMAP/SECURE IMAP
 permit tcp any any eq 143
 permit tcp any any eq 993
 remark POP3/SECURE POP3
 permit tcp any any eq pop3
 permit tcp any any eq 995
 remark CONNECTED PC BACKUP
 permit tcp any eq 1914 any
ip access-list extended DEFAULT
 remark EXPLICIT CLASS-DEFAULT
 permit ip any any
ip access-list extended MULTIMEDIA-CONFERENCING
 remark RTP
 permit udp any any range 16384 32767
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
ip access-list extended PXE
 permit tcp any any established
 permit udp any any eq bootps
 permit udp any host 10.125.31.11 eq domain
 permit udp any host 10.125.31.12 eq tftp
ip access-list extended SCAVENGER
 remark KAZAA
 permit tcp any any eq 1214
 permit udp any any eq 1214
 remark MICROSOFT DIRECT X GAMING
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 remark APPLE ITUNES MUSIC SHARING
 permit tcp any any eq 3689
 permit udp any any eq 3689
 remark BITTORRENT
 permit tcp any any range 6881 6999
 remark YAHOO GAMES
 permit tcp any any eq 11999
 remark MSN GAMING ZONE
 permit tcp any any range 28800 29100
ip access-list extended SIGNALING
 remark SCCP
 permit tcp any any range 2000 2002
 remark SIP
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
 remark HTTPS
 permit tcp any any eq 443
 remark ORACLE-SQL*NET
 permit tcp any any eq 1521
 permit udp any any eq 1521
 remark ORACLE
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
!
!
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
radius-server dead-criteria time 15 tries 3
radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 02050D48080943701E1D
radius-server deadtime 1
!
control-plane
!
alias exec dsno show ip dhcp snooping bind
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
!
line con 0
 exec-timeout 0 0
 password 7 121A0C041104
line vty 0 4
 exec-timeout 0 0
 password 7 121A0C041104
line vty 5 15
 exec-timeout 0 0
!
ntp clock-period 36028995
ntp server 172.26.160.10
end


Core/Distribution

Cr24-4507-D 
!
! Last configuration change at 22:53:38 EDT Wed Sep 2 2009
! NVRAM config last updated at 22:53:55 EDT Wed Sep 2 2009
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service compress-config
!
hostname cr24-4507-DO
!
boot-start-marker
boot system flash slot0:cat4500e-entservicesk9-mz.122-53.SG
boot-end-marker
!
enable secret 5 $1$UMTH$xnQm5GcPPGxmEWdUoGWj7.
enable password 7 094F471A1A0A
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
hw-module uplink mode shared-backplane
hw-module module 3 port-group 1 select gigabitethernet
hw-module module 4 port-group 1 select gigabitethernet
ip subnet-zero
no ip domain-lookup
!
!
ip vrf mgmtVrf
!
ip multicast-routing 
vtp domain District-Office
vtp mode transparent
!
!
table-map WLC-DSCP-COS
 default copy
!
!
key chain eigrp-key
 key 1
   key-string 7 045802150C2E
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery interval 120
power redundancy-mode redundant
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
redundancy
 mode sso
 main-cpu
  auto-sync standard
!
process-max-time 20
vlan internal allocation policy ascending
!
vlan 11-20 
!
vlan 101
 name cr24_2960_Dept1
!
vlan 102
 name cr24_2960_Dept2
!
vlan 103
 name cr24_2960_Dept3
!
vlan 104
 name cr24_2960_Dept4
!
vlan 105
 name cr24_2960_Dept5
!
vlan 106
 name cr24_2960_Dept6
!
vlan 107
 name cr24_2960_Dept7
!
vlan 108
 name cr24_2960_Dept8
!
vlan 109
 name cr24_2960_Dept9
!
vlan 110
 name cr24_2960_Dept10
!
vlan 111
 name cr24_3550_Dept11
!
vlan 112
 name cr24_3550_Dept12
!
vlan 113
 name cr24_3550_Dept13
!
vlan 114
 name cr24_3550_Dept14
!
vlan 115
 name cr24_3550_Dept15
!
vlan 116
 name cr24_3550_Dept16
!
vlan 117
 name cr24_3550_Dept17
!
vlan 118
 name cr24_3550_Dept18
!
vlan 119
 name cr24_3550_Dept19
!
vlan 120
 name cr24_3550_Dept20
!
vlan 121
 name cr25_3750_Dept21
!
vlan 122
 name cr25_3750_Dept22
!
vlan 123
 name cr25_3750_Dept23
!
vlan 124
 name cr25_3750_Dept24
!
vlan 125
 name cr25_3750_Dept25
!
vlan 126
 name cr25_3750_Dept26
!
vlan 127
 name cr25_3750_Dept27
!
vlan 128
 name cr25_3750_Dept28
!
vlan 129
 name cr25_3750_Dept29
!
vlan 130
 name cr25_3750_Dept30
!
vlan 131
 name cr26_3750s_Dept31
!
vlan 132
 name cr26_3750s_Dept32
!
vlan 133
 name cr26_3750s_Dept33
!
vlan 134
 name cr26_3750s_Dept34
!
vlan 135
 name cr26_3750s_Dept35
!
vlan 136
 name cr26_3750s_Dept36
!
vlan 137
 name cr26_3750s_Dept37
!
vlan 138
 name cr26_3750s_Dept38
!
vlan 139
 name cr26_3750s_Dept39
!
vlan 140
 name cr26_3750s_Dept40
!
vlan 141
 name cr26_3750s_DC_Group1
!
vlan 142
 name cr26_3750s_DC_Group2
!
vlan 143
 name cr26_3750s_DC_Group3
!
vlan 144
 name cr26_3750s_DC_Group4
!
vlan 145
 name cr26_3750s_DC_Group5
!
vlan 146
 name cr26_3750s_DC_Group6
!
vlan 147
 name cr26_3750s_DC_Group7
!
vlan 148
 name cr26_3750s_DC_Group8
!
vlan 149
 name cr26_3750s_DC_Group9
!
vlan 150
 name cr26_3750s_DC_Grou10
!
vlan 200
 name cr24_4507_FW_Inside
!
vlan 801
 name cr24_3750DC_Hopping
!
vlan 802
 name cr25_3550_Hopping
!
vlan 803
 name cr24_2975_Hopping
!
vlan 804
 name cr24_3560_Hopping
!
vlan 805
 name cr24_3750_Hopping
!
vlan 806
 name cr26_3750DC_Hopping
!
vlan 900
 name Mgmt_VLAN
!
ip ftp username nimishguest
ip ftp password 7 000A1701115E1812
!
class-map match-all MULTIMEDIA-STREAMING-QUEUE
 match  dscp af31  af32  af33 
class-map match-any CONTROL-MGMT-QUEUE
 match  dscp cs7 
 match  dscp cs6 
 match  dscp cs3 
 match  dscp cs2 
class-map match-all TRANSACTIONAL-DATA-QUEUE
 match  dscp af21  af22  af23 
class-map match-all COPP-CRITICAL-APPLICATIONS
 match access-group name COPP-CRITICAL-APPLICATIONS
class-map match-all COPP-FILE-MANAGEMENT
 match access-group name COPP-FILE-MANAGEMENT
class-map match-all SCAVENGER-QUEUE
 match  dscp cs1 
class-map match-all COPP-MONITORING
 match access-group name COPP-MONITORING
class-map match-all MULTIMEDIA-CONFERENCING-QUEUE
 match  dscp af41  af42  af43 
class-map match-all BULK-DATA-QUEUE
 match  dscp af11  af12  af13 
class-map match-all COPP-INTERACTIVE-MANAGEMENT
 match access-group name COPP-INTERACTIVE-MANAGEMENT
class-map match-any PRIORITY-QUEUE
 match  dscp ef 
 match  dscp cs5 
 match  dscp cs4 
class-map match-all COPP-UNDESIRABLE
 match access-group name COPP-UNDESIRABLE
class-map match-all COPP-IGP
 match access-group name COPP-IGP
!
!
policy-map EGRESS-POLICY
 class PRIORITY-QUEUE
    priority
 class CONTROL-MGMT-QUEUE
    bandwidth remaining percent 10
 class MULTIMEDIA-CONFERENCING-QUEUE
    bandwidth remaining percent 10
 class MULTIMEDIA-STREAMING-QUEUE
    bandwidth remaining percent 10
 class TRANSACTIONAL-DATA-QUEUE
    bandwidth remaining percent 10
    dbl
 class BULK-DATA-QUEUE
    bandwidth remaining percent 4
    dbl
 class SCAVENGER-QUEUE
    bandwidth remaining percent 1
 class class-default
    bandwidth remaining percent 25
    dbl
policy-map PQ-POLICER
 class PRIORITY-QUEUE
    police cir 300000000
      conform-action transmit 
      exceed-action drop 
policy-map system-cpp-policy
 class COPP-IGP
    police cir 300000 bc 3000 be 3000
      conform-action transmit 
      exceed-action drop 
      violate-action drop 
 class COPP-INTERACTIVE-MANAGEMENT
    police cir 500000 bc 5000 be 5000
      conform-action transmit 
      exceed-action drop 
      violate-action drop 
 class COPP-FILE-MANAGEMENT
    police cir 6000000 bc 60000 be 60000
      conform-action transmit 
      exceed-action drop 
      violate-action drop 
 class COPP-MONITORING
    police cir 900000 bc 9000 be 9000
      conform-action transmit 
      exceed-action drop 
      violate-action drop 
 class COPP-CRITICAL-APPLICATIONS
    police cir 900000 bc 9000 be 9000
      conform-action transmit 
      exceed-action drop 
      violate-action drop 
 class COPP-UNDESIRABLE
    police cir 32000 bc 3000 be 3000
      conform-action drop 
      exceed-action drop 
      violate-action drop 
 class class-default
    police cir 500000 bc 5000 be 5000
      conform-action transmit 
      exceed-action drop 
      violate-action drop 
!
!
!
interface Loopback0
 ip address 10.125.100.1 255.255.255.255
!
interface Loopback1
 description RP
 ip address 10.125.100.100 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-3750ME-DO
 dampening
 ip address 10.125.32.4 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel2
 description Connected to cr24-2851-DO
 ip address 10.125.32.6 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel11
 description Connected to cr24-2960-DO
 switchport
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel12
 description Connected to cr24-2975-DO
 switchport
 switchport trunk native vlan 803
 switchport trunk allowed vlan 111-120,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel13
 description Connected to cr24-3560r-DO
 dampening
 ip address 10.125.32.0 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel14
 description Connected to cr25-3750-DO
 switchport
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel15
 description Connected to cr26-3750r-DO
 dampening
 ip address 10.125.32.2 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel16
 description Connected to cr25-3750s-DO
 switchport
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface Port-channel17
 description Connected to cr26-3750DC-DO
 switchport
 switchport trunk native vlan 806
 switchport trunk allowed vlan 141-150,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 service-policy output PQ-POLICER
!
interface FastEthernet1
 ip vrf forwarding mgmtVrf
 no ip address
 speed auto
 duplex auto
!
interface GigabitEthernet1/1
 description Connected to cr24-2960-DO
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol pagp
 channel-group 11 mode desirable
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet1/2
 description Connected to cr24-2975-DO
 switchport trunk native vlan 803
 switchport trunk allowed vlan 111-120,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 12 mode active
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet1/3
 description Connected to cr24-3560r-DO
 no switchport
 dampening
 no ip address
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-group 13 mode desirable
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet1/4
 description Connected to cr25-3750-DO
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol pagp
 channel-group 14 mode desirable
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet1/5
 description Connected to cr26-3750-DO
 no switchport
 dampening
 no ip address
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 15 mode active
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet1/6
 description Connected to cr26-3750s-DO
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 16 mode active
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet2/1
 description Connected to cr24-2960-DO
 switchport trunk native vlan 802
 switchport trunk allowed vlan 101-110,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol pagp
 channel-group 11 mode desirable
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet2/2
 description Connected to cr24-2975-DO
 switchport trunk native vlan 803
 switchport trunk allowed vlan 111-120,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 12 mode active
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet2/3
 description Connected to cr24-3560r-DO
 no switchport
 dampening
 no ip address
 logging event link-status
 load-interval 30
 udld port
 channel-group 13 mode desirable
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet2/4
 description Connected to cr25-3750-DO
 switchport trunk native vlan 804
 switchport trunk allowed vlan 121-130,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol pagp
 channel-group 14 mode desirable
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet2/5
 description Connected to cr26-3750-DO
 no switchport
 dampening
 no ip address
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 15 mode active
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet2/6
 description Connected to cr26-3750s-DO
 switchport trunk native vlan 805
 switchport trunk allowed vlan 131-140,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 16 mode active
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface TenGigabitEthernet3/1
!
interface TenGigabitEthernet3/2
!
interface GigabitEthernet3/3
!
interface GigabitEthernet3/4
 no switchport
 no ip address
 load-interval 30
!
interface GigabitEthernet3/5
 no switchport
 no ip address
 load-interval 30
!
interface GigabitEthernet3/6
 no switchport
 no ip address
 load-interval 30
!
interface TenGigabitEthernet4/1
!
interface TenGigabitEthernet4/2
!
interface GigabitEthernet4/3
!
interface GigabitEthernet4/4
 description backup link to cr26-asa5520-DO
 switchport access vlan 200
 switchport mode access
 switchport block unicast
 load-interval 30
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet4/5
 no switchport
 no ip address
 load-interval 30
!
interface GigabitEthernet4/6
 no switchport
 no ip address
 load-interval 30
!
interface GigabitEthernet5/1
 switchport trunk native vlan 806
 switchport trunk allowed vlan 141-150,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 17 mode active
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet5/2
!
interface GigabitEthernet5/3
 description Connected to cr26-asa5520-DO
 switchport access vlan 200
 switchport mode access
 switchport block unicast
 load-interval 30
 media-type rj45
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet5/4
 no switchport
 no ip address
 load-interval 30
 shutdown
 media-type rj45
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet5/5
!
interface GigabitEthernet5/6
 description Connected to cr24-3750ME-DO
 no switchport
 dampening
 no ip address
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol pagp
 channel-group 1 mode desirable
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet6/1
 switchport trunk native vlan 806
 switchport trunk allowed vlan 141-150,900
 switchport mode trunk
 logging event link-status
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol lacp
 channel-group 17 mode active
 spanning-tree guard root
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet6/2
 load-interval 30
!
interface GigabitEthernet6/3
 description Connects to IronPort WSA T1 (L4TM)
 media-type rj45
 speed 1000
 duplex full
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet6/4
 description Connected to IronPort
 media-type rj45
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet6/5
!
interface GigabitEthernet6/6
 description Connected to cr24-3750ME-DO
 no switchport
 dampening
 no ip address
 load-interval 30
 carrier-delay msec 0
 udld port
 channel-protocol pagp
 channel-group 1 mode desirable
 service-policy output EGRESS-POLICY
!
interface GigabitEthernet7/1
 description Connected to FlashNet - DO NOT ROUTE
 no switchport
 ip address 172.26.160.185 255.255.252.0
 no ip redirects
 no ip proxy-arp
 load-interval 30
!
interface GigabitEthernet7/2
 switchport mode trunk
!
interface GigabitEthernet7/3
 description Connects to IronPort WSA P1
 switchport access vlan 200
 switchport mode access
 switchport block unicast
 load-interval 30
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet7/4
!
interface GigabitEthernet7/5
!
interface GigabitEthernet7/6
!
interface GigabitEthernet7/7
!
interface GigabitEthernet7/8
!
interface GigabitEthernet7/9
!
interface GigabitEthernet7/10
!
interface GigabitEthernet7/11
!
interface GigabitEthernet7/12
!
interface GigabitEthernet7/13
!
interface GigabitEthernet7/14
!
interface GigabitEthernet7/15
!
interface GigabitEthernet7/16
!
interface GigabitEthernet7/17
!
interface GigabitEthernet7/18
!
interface GigabitEthernet7/19
!
interface GigabitEthernet7/20
!
interface GigabitEthernet7/21
!
interface GigabitEthernet7/22
!
interface GigabitEthernet7/23
!
interface GigabitEthernet7/24
!
interface GigabitEthernet7/25
!
interface GigabitEthernet7/26
!
interface GigabitEthernet7/27
!
interface GigabitEthernet7/28
!
interface GigabitEthernet7/29
!
interface GigabitEthernet7/30
!
interface GigabitEthernet7/31
!
interface GigabitEthernet7/32
!
interface GigabitEthernet7/33
!
interface GigabitEthernet7/34
!
interface GigabitEthernet7/35
!
interface GigabitEthernet7/36
!
interface GigabitEthernet7/37
!
interface GigabitEthernet7/38
!
interface GigabitEthernet7/39
!
interface GigabitEthernet7/40
!
interface GigabitEthernet7/41
!
interface GigabitEthernet7/42
!
interface GigabitEthernet7/43
!
interface GigabitEthernet7/44
!
interface GigabitEthernet7/45
!
interface GigabitEthernet7/46
!
interface GigabitEthernet7/47
!
interface GigabitEthernet7/48
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan101
 description Connected to cr24_2960_Dept_1_VLAN
 dampening
 ip address 10.125.1.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan102
 description Connected to cr24_2960_Dept_2_VLAN
 dampening
 ip address 10.125.1.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan103
 description Connected to cr24_2960_Dept_3_VLAN
 dampening
 ip address 10.125.2.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan104
 description Connected to cr24_2960_Dept_4_VLAN
 dampening
 ip address 10.125.2.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan105
 description Connected to cr24_2960_Dept_5_VLAN
 dampening
 ip address 10.125.3.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan106
 description Connected to cr24_2960_Dept_6_VLAN
 dampening
 ip address 10.125.3.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan107
 description Connected to cr24_2960_Dept_7_VLAN
 dampening
 ip address 10.125.4.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan108
 description Connected to cr24_2960_Dept_8_VLAN
 dampening
 ip address 10.125.4.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan109
 description Connected to cr24_2960_Dept_9_VLAN
 dampening
 ip address 10.125.5.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan110
 description Connected to cr24_2960_Dept_10_VLAN
 dampening
 ip address 10.125.5.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan111
 description Connected to cr24_2975_Dept_11_VLAN
 dampening
 ip address 10.125.6.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan112
 description Connected to cr24_2975_Dept_12_VLAN
 dampening
 ip address 10.125.6.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan113
 description Connected to cr24_2975_Dept_13_VLAN
 dampening
 ip address 10.125.7.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan114
 description Connected to cr24_2975_Dept_14_VLAN
 dampening
 ip address 10.125.7.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan115
 description Connected to cr24_2975_Dept_15_VLAN
 dampening
 ip address 10.125.8.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan116
 description Connected to cr24_2975_Dept_16_VLAN
 dampening
 ip address 10.125.8.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan117
 description Connected to cr24_2975_Dept_17_VLAN
 dampening
 ip address 10.125.9.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan118
 description Connected to cr24_2975_Dept_18_VLAN
 dampening
 ip address 10.125.9.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan119
 description Connected to cr24_2975_Dept_19_VLAN
 dampening
 ip address 10.125.10.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan120
 description Connected to cr24_2975_Dept_20_VLAN
 dampening
 ip address 10.125.10.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan121
 description Connected to cr26_3750_Dept_31_VLAN
 dampening
 ip address 10.125.16.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan122
 description Connected to cr26_3750_Dept_32_VLAN
 dampening
 ip address 10.125.16.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan123
 description Connected to cr26_3750_Dept_33_VLAN
 dampening
 ip address 10.125.17.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan124
 description Connected to cr26_3750_Dept_34_VLAN
 dampening
 ip address 10.125.17.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan125
 description Connected to cr26_3750_Dept_35_VLAN
 dampening
 ip address 10.125.18.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan126
 description Connected to cr26_3750_Dept_36_VLAN
 dampening
 ip address 10.125.18.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan127
 description Connected to cr26_3750_Dept_37_VLAN
 dampening
 ip address 10.125.19.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan128
 description Connected to cr26_3750_Dept_38_VLAN
 dampening
 ip address 10.125.19.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan129
 description Connected to cr26_3750_Dept_39_VLAN
 dampening
 ip address 10.125.20.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan130
 description Connected to cr26_3750_Dept_40_VLAN
 dampening
 ip address 10.125.20.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan131
 description Connected to cr25_3750s_Dept_31_VLAN
 dampening
 ip address 10.125.26.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan132
 description Connected to cr25_3750s_Dept_32_VLAN
 dampening
 ip address 10.125.26.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan133
 description Connected to cr25_3750s_Dept_33_VLAN
 dampening
 ip address 10.125.27.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan134
 description Connected to cr25_3750s_Dept_34_VLAN
 dampening
 ip address 10.125.27.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan135
 description Connected to cr25_3750s_Dept_35_VLAN
 dampening
 ip address 10.125.28.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan136
 description Connected to cr25_3750s_Dept_36_VLAN
 dampening
 ip address 10.125.28.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan137
 description Connected to cr25_3750s_Dept_37_VLAN
 dampening
 ip address 10.125.29.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan138
 description Connected to cr25_3750s_Dept_38_VLAN
 dampening
 ip address 10.125.29.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan139
 description Connected to cr25_3750s_Dept_39_VLAN
 dampening
 ip address 10.125.30.1 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan140
 description Connected to cr25_3750s_Dept_40_VLAN
 dampening
 ip address 10.125.30.129 255.255.255.128
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan141
 dampening
 ip address 10.125.31.1 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan142
 dampening
 ip address 10.125.31.17 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan143
 dampening
 ip address 10.125.31.33 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan144
 dampening
 ip address 10.125.31.49 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan145
 dampening
 ip address 10.125.31.65 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan146
 dampening
 ip address 10.125.31.81 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim dr-priority 100
 ip pim sparse-mode
 load-interval 30
!
interface Vlan147
 dampening
 ip address 10.125.31.97 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan148
 dampening
 ip address 10.125.31.113 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan149
 dampening
 ip address 10.125.31.129 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan150
 dampening
 ip address 10.125.31.145 255.255.255.240
 ip helper-address 10.125.31.2
 no ip redirects
 no ip unreachables
 ip pim sparse-mode
 load-interval 30
!
interface Vlan200
 description Connected to cr24_ASA_Inside_Port
 dampening
 ip address 10.125.33.9 255.255.255.0
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5
 logging event link-status
 load-interval 30
 carrier-delay msec 0
!
interface Vlan900
 description Mgmt_VLAN
 dampening
 ip address 10.125.34.1 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip pim dr-priority 100
 ip pim sparse-mode
 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5
 load-interval 30
!
!
router eigrp 100
 passive-interface default
 no passive-interface Vlan200
 no passive-interface GigabitEthernet3/3
 no passive-interface GigabitEthernet4/3
 no passive-interface GigabitEthernet4/4
 no passive-interface GigabitEthernet4/6
 no passive-interface GigabitEthernet5/4
 no passive-interface GigabitEthernet5/5
 no passive-interface GigabitEthernet5/6
 no passive-interface GigabitEthernet6/2
 no passive-interface GigabitEthernet6/5
 no passive-interface GigabitEthernet6/6
 no passive-interface Port-channel1
 no passive-interface Port-channel13
 no passive-interface Port-channel15
 no passive-interface Port-channel17
 distribute-list route-map EIGRP_STUB_ROUTES out Vlan200
 distribute-list route-map EIGRP_STUB_ROUTES out Port-channel13
 distribute-list route-map EIGRP_STUB_ROUTES out Port-channel15
 no auto-summary
 eigrp router-id 10.125.100.1
 network 10.125.0.0 0.0.255.255
 nsf
!
no ip http server
no ip http secure-server
!
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended COPP-CRITICAL-APPLICATIONS
 remark DHCP
 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
 permit udp host 10.125.31.2 eq bootps any eq bootps
ip access-list extended COPP-FILE-MANAGEMENT
 remark (initiated) FTP (active and passive)
 permit tcp 172.26.160.0 0.0.3.255 eq ftp host 172.26.160.185 gt 1023 established
 permit tcp 172.26.160.0 0.0.3.255 eq ftp-data host 172.26.160.185 gt 1023
 permit tcp 172.26.160.0 0.0.3.255 gt 1023 host 172.26.160.185 gt 1023 established
 remark (initiated) TFTP
 permit udp 172.26.160.0 0.0.3.255 gt 1023 host 172.26.160.185 gt 1023
ip access-list extended COPP-IGP
 remark IGP (EIGRP)
 permit eigrp any host 224.0.0.10
 permit eigrp any any
ip access-list extended COPP-INTERACTIVE-MANAGEMENT
 remark RADIUS (return traffic)
 permit udp host 10.125.31.4 host 10.125.100.2
 remark SSH
 permit tcp 10.124.0.0 0.3.255.255 host 10.125.100.2 eq 22
 remark SNMP
 permit udp host 172.26.160.100 host 10.125.100.2 eq snmp
 remark NTP
 permit udp host 172.26.160.10 host 172.26.160.185 eq ntp
ip access-list extended COPP-MONITORING
 remark PING-ECHO
 permit icmp any any echo
 remark PING-ECHO-REPLY
 permit icmp any any echo-reply
 remark TRACEROUTE
 permit icmp any any ttl-exceeded
 permit icmp any any port-unreachable
ip access-list extended COPP-UNDESIRABLE
 remark UNDESIRABLE
 permit udp any any eq 1434
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
!
access-list 1 permit 0.0.0.0
access-list 1 permit 10.126.0.0
access-list 1 permit 10.127.0.0
access-list 1 permit 10.125.0.0
!
route-map EIGRP_STUB_ROUTES permit 10
 match ip address 1
!
!
!
control-plane
 service-policy input system-cpp-policy
!
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
alias exec dsno show ip dhcp snooping bind
!
line con 0
 exec-timeout 0 0
 password 7 104D000A0618
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password 7 0822455D0A16
 login
line vty 5 15
 exec-timeout 0 0
 login
!
!
monitor session 10 source interface Gi4/4
monitor session 10 source interface Gi5/3
monitor session 10 filter packet-type good rx
monitor session 10 destination interface Gi6/3
ntp clock-period 17181779
ntp server 172.26.160.10
end
 

WAN Aggregation

Cr24-3750ME-DO
!
! Last configuration change at 22:59:31 EDT Wed Sep 2 2009
! NVRAM config last updated at 22:59:37 EDT Wed Sep 2 2009
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cr24-3750ME-DO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.2Ap$J0k3w04nQHip4UNN28KxX0
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
ip subnet-zero
ip routing
!
!
no ip domain-lookup
ip multicast-routing distributed
vtp domain District-Office
vtp mode transparent
!
no mpls traffic-eng auto-bw timers frequency 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 2 80 90 100 100
mls qos queue-set output 1 threshold 4 60 100 100 100
mls qos
!
key chain eigrp-key
 key 1
   key-string 7 02050D480809
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
 enrollment selfsigned
 serial-number
 revocation-check none
 rsakeypair HTTPS_SS_CERT_KEYPAIR
!
!
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
 certificate self-signed 01 nvram:8F1F4D80host#2E2E.cer
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause storm-control
errdisable recovery interval 120
port-channel load-balance src-dst-ip
!
vlan internal allocation policy ascending
!
vlan 501
 name School-Site1
!
vlan 502
 name School-Site2
!
vlan 503
 name School-Site3
!
vlan 504
 name School-Site4
!
vlan 505
 name School-Site5
!
vlan 506
 name School-Site6
!
vlan 507
 name School-Site7
!
vlan 508
 name School-Site8
!
vlan 509
 name School-Site9
!
vlan 510
 name School-Site10
!
vlan 511
 name School-Site11
!
vlan 512
 name School-Site12
!
vlan 513
 name School-Site13
!
vlan 514
 name School-Site14
!
vlan 515
 name School-Site15
!
vlan 516
 name School-Site16
!
vlan 517
 name School-Site17
!
vlan 518
 name School-Site18
!
vlan 519
 name School-Site19
!
vlan 520
 name School-Site20
!
vlan 521
 name School-Site21
!
vlan 522
 name School-Site22
!
vlan 523
 name School-Site23
!
vlan 524
 name School-Site24
!
vlan 525
 name School-Site25
!
vlan 526
 name School-Site26
!
vlan 527
 name School-Site27
!
vlan 528
 name School-Site28
!
vlan 529
 name School-Site29
!
vlan 530
 name School-Site30
!
vlan 531
 name School-Site31
!
vlan 532
 name School-Site32
!
vlan 533
 name School-Site33
!
vlan 534
 name School-Site34
!
vlan 535
 name School-Site35
!
vlan 536
 name School-Site36
!
vlan 537
 name School-Site37
!
vlan 538
 name School-Site38
!
vlan 539
 name School-Site39
!
vlan 540
 name School-Site40
!
vlan 541
 name School-Site41
!
vlan 542
 name School-Site42
!
vlan 543
 name School-Site43
!
vlan 544
 name School-Site44
!
vlan 545
 name School-Site45
!
vlan 546
 name School-Site46
!
vlan 547
 name School-Site47
!
vlan 548
 name School-Site48
!
vlan 549
 name School-Site49
!
vlan 550
 name School-Site50
!
vlan 601
 name School-Site51
!
vlan 602
 name School-Site52
!
vlan 603
 name School-Site53
!
vlan 604
 name School-Site54
!
vlan 605
 name School-Site55
!
vlan 606
 name School-Site56
!
vlan 607
 name School-Site57
!
vlan 608
 name School-Site58
!
vlan 609
 name School-Site59
!
vlan 610
 name School-Site60
!
vlan 611
 name School-Site61
!
vlan 612
 name School-Site62
!
vlan 613
 name School-Site63
!
vlan 614
 name School-Site64
!
vlan 615
 name School-Site65
!
vlan 616
 name School-Site66
!
vlan 617
 name School-Site67
!
vlan 618
 name School-Site68
!
vlan 619
 name School-Site69
!
vlan 620
 name School-Site70
!
vlan 621
 name School-Site71
!
vlan 622
 name School-Site72
!
vlan 623
 name School-Site73
!
vlan 624
 name School-Site74
!
vlan 625
 name School-Site75
!
vlan 626
 name School-Site76
!
vlan 627
 name School-Site77
!
vlan 628
 name School-Site78
!
vlan 629
 name School-Site79
!
vlan 630
 name School-Site80
!
vlan 631
 name School-Site81
!
vlan 632
 name School-Site82
!
vlan 633
 name School-Site83
!
vlan 634
 name School-Site84
!
vlan 635
 name School-Site85
!
vlan 636
 name School-Site86
!
vlan 637
 name School-Site87
!
vlan 638
 name School-Site88
!
vlan 639
 name School-Site89
!
vlan 640
 name School-Site90
!
vlan 641
 name School-Site91
!
vlan 642
 name School-Site92
!
vlan 643
 name School-Site93
!
vlan 644
 name School-Site94
!
vlan 645
 name School-Site95
!
vlan 646
 name School-Site96
!
vlan 647
 name School-Site97
!
vlan 648
 name School-Site98
!
vlan 649
 name School-Site99
!
vlan 650
 name School-Site100
!
vlan 801
 name MetroE_G1/1/1_Hopping_VLAN
!
vlan 802
 name MetroE_G1/1/2_Hopping_VLAN
!
!
class-map match-all GOLD
 match ip dscp cs6 
 match ip dscp cs7 
 match ip dscp cs3 
 match ip dscp cs2 
class-map match-all SILVER
 match ip dscp af21 
 match ip dscp af22 
 match ip dscp af23 
 match ip dscp af11 
 match ip dscp af12 
 match ip dscp af13 
 match ip dscp af31 
 match ip dscp af32 
 match ip dscp af33 
 match ip dscp af41 
 match ip dscp af42 
 match ip dscp af43 
class-map match-all School_Site11
  description 3750-SS11
 match vlan  511
class-map match-all School_Site22
  description 3750-SS22
 match vlan  522
class-map match-all School_Site33
  description 3750-SS33
 match vlan  533
class-map match-all School_Site44
  description 3750-SS44
 match vlan  544
class-map match-all School_Site55
  description 3750-SS55
 match vlan  606
class-map match-all School_Site66
  description 3750-SS66
 match vlan  617
class-map match-all School_Site77
  description 3750-SS77
 match vlan  628
class-map match-all School_Site88
  description 3750-SS88
 match vlan  639
class-map match-all School_Site99
  description 3750-SS99
 match vlan  650
class-map match-all School_Site10
  description 3750-SS10
 match vlan  510
class-map match-all School_Site23
  description 3750-SS23
 match vlan  523
class-map match-all School_Site32
  description 3750-SS32
 match vlan  532
class-map match-all School_Site45
  description 3750-SS45
 match vlan  545
class-map match-all School_Site54
  description 3750-SS54
 match vlan  605
class-map match-all School_Site67
  description 3750-SS67
 match vlan  618
class-map match-all School_Site76
  description 3750-SS76
 match vlan  627
class-map match-all School_Site89
  description 3750-SS89
 match vlan  640
class-map match-all School_Site98
  description 3750-SS98
 match vlan  649
class-map match-all School_Site13
  description 3750-SS13
 match vlan  513
class-map match-all School_Site20
  description 3750-SS20
 match vlan  520
class-map match-all School_Site31
  description 3750-SS31
 match vlan  531
class-map match-all School_Site46
  description 3750-SS46
 match vlan  546
class-map match-all School_Site57
  description 3750-SS57
 match vlan  608
class-map match-all School_Site64
  description 3750-SS64
 match vlan  615
class-map match-all School_Site75
  description 3750-SS75
 match vlan  626
class-map match-all School_Site12
  description 3750-SS12
 match vlan  512
class-map match-all School_Site21
  description 3750-SS21
 match vlan  521
class-map match-all School_Site30
  description 3750-SS30
 match vlan  530
class-map match-all School_Site47
  description 3750-SS47
 match vlan  547
class-map match-all School_Site56
  description 3750-SS56
 match vlan  607
class-map match-all School_Site65
  description 3750-SS65
 match vlan  616
class-map match-all School_Site74
  description 3750-SS74
 match vlan  625
class-map match-all School_Site15
  description 3750-SS15
 match vlan  515
class-map match-all School_Site26
  description 3750-SS26
 match vlan  526
class-map match-all School_Site37
  description 3750-SS37
 match vlan  537
class-map match-all School_Site40
  description 3750-SS40
 match vlan  540
class-map match-all School_Site51
  description 3750-SS51
 match vlan  602
class-map match-all School_Site62
  description 3750-SS62
 match vlan  613
class-map match-all School_Site73
  description 3750-SS73
 match vlan  624
class-map match-all School_Site14
  description 3750-SS14
 match vlan  514
class-map match-all School_Site27
  description 3750-SS27
 match vlan  527
class-map match-all School_Site36
  description 3750-SS36
 match vlan  536
class-map match-all School_Site41
  description 3750-SS41
 match vlan  541
class-map match-all School_Site50
  description 3750-SS50
 match vlan  550
class-map match-all School_Site63
  description 3750-SS63
 match vlan  614
class-map match-all School_Site72
  description 3750-SS72
 match vlan  623
class-map match-all School_Site17
  description 3750-SS17
 match vlan  517
class-map match-all School_Site24
  description 3750-SS24
 match vlan  524
class-map match-all School_Site35
  description 3750-SS35
 match vlan  535
class-map match-all School_Site42
  description 3750-SS42
 match vlan  542
class-map match-all School_Site53
  description 3750-SS53
 match vlan  604
class-map match-all School_Site60
  description 3750-SS60
 match vlan  611
class-map match-all School_Site71
  description 3750-SS71
 match vlan  622
class-map match-all School_Site16
  description 3750-SS16
 match vlan  516
class-map match-all School_Site25
  description 3750-SS25
 match vlan  525
class-map match-all School_Site34
  description 3750-SS34
 match vlan  534
class-map match-all School_Site43
  description 3750-SS43
 match vlan  543
class-map match-all School_Site52
  description 3750-SS52
 match vlan  603
class-map match-all School_Site61
  description 3750-SS61
 match vlan  612
class-map match-all School_Site70
  description 3750-SS70
 match vlan  621
class-map match-all School_Site19
  description 3750-SS19
 match vlan  519
class-map match-all School_Site80
  description 3750-SS80
 match vlan  631
class-map match-all School_Site91
  description 3750-SS91
 match vlan  642
class-map match-all School_Site18
  description 3750-SS18
 match vlan  518
class-map match-all School_Site81
  description 3750-SS81
 match vlan  632
class-map match-all School_Site90
  description 3750-SS90
 match vlan  641
class-map match-all School_Site28
  description 3750-SS28
 match vlan  528
class-map match-all School_Site39
  description 3750-SS39
 match vlan  539
class-map match-all School_Site82
  description 3750-SS82
 match vlan  633
class-map match-all School_Site93
  description 3750-SS93
 match vlan  644
class-map match-all School_Site29
  description 3750-SS29
 match vlan  529
class-map match-all School_Site38
  description 3750-SS38
 match vlan  538
class-map match-all School_Site83
  description 3750-SS83
 match vlan  634
class-map match-all School_Site92
  description 3750-SS92
 match vlan  643
class-map match-all School_Site48
  description 3750-SS48
 match vlan  548
class-map match-all School_Site59
  description 3750-SS59
 match vlan  610
class-map match-all School_Site84
  description 3750-SS84
 match vlan  635
class-map match-all School_Site95
  description 3750-SS95
 match vlan  646
class-map match-all School_Site49
  description 3750-SS49
 match vlan  549
class-map match-all School_Site58
  description 3750-SS58
 match vlan  609
class-map match-all School_Site85
  description 3750-SS85
 match vlan  636
class-map match-all School_Site94
  description 3750-SS94
 match vlan  645
class-map match-all School_Site68
  description 3750-SS68
 match vlan  619
class-map match-all School_Site79
  description 3750-SS79
 match vlan  630
class-map match-all School_Site86
  description 3750-SS86
 match vlan  637
class-map match-all School_Site97
  description 3750-SS97
 match vlan  648
class-map match-all School_Site69
  description 3750-SS69
 match vlan  620
class-map match-all School_Site78
  description 3750-SS78
 match vlan  629
class-map match-all School_Site87
  description 3750-SS87
 match vlan  638
class-map match-all School_Site96
  description 3750-SS96
 match vlan  647
class-map match-all REAL_TIME
 match ip dscp ef 
 match ip dscp cs5 
 match ip dscp cs4 
class-map match-all School_Site1
  description cr2-4507-SS1
 match vlan  501
class-map match-all School_Site100
  description cr36-3750s-SS100
 match vlan  650
class-map match-all School_Site2
  description 3750-SS2
 match vlan  502
class-map match-all School_Site3
  description 3750-SS3
 match vlan  503
class-map match-all School_Site4
  description 3750-SS4
 match vlan  504
class-map match-all School_Site5
  description 3750-SS5
 match vlan  505
class-map match-all School_Site6
  description 3750-SS6
 match vlan  506
class-map match-all School_Site7
  description 3750-SS7
 match vlan  507
class-map match-all School_Site8
  description 3750-SS8
 match vlan  508
class-map match-all School_Site9
  description 3750-SS9
 match vlan  509
!
!
policy-map School-Child-Policy-Map
 class REAL_TIME
    priority
   police cir percent 30 conform-action set-cos-transmit 5 exceed-action drop 
violate-action drop
  set cos 5
 class GOLD
    bandwidth percent 5
  set cos 3
 class SILVER
    bandwidth percent 30
  set cos 2
 class class-default
    bandwidth percent 35
  set cos 0
policy-map School-51to100-Parent-Policy-Map
 class School_Site100
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site51
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site52
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site53
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site54
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site55
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site56
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site57
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site58
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site59
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site60
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site61
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site62
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site63
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site64
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site65
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site66
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site67
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site68
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site69
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site70
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site71
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site72
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site73
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site74
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site75
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site76
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site77
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site78
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site79
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site80
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site81
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site82
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site83
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site84
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site85
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site86
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site87
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site88
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site89
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site90
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site91
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site92
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site93
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site94
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site95
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site96
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site97
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site98
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site99
    shape average 10000000
  service-policy School-Child-Policy-Map
policy-map School-1to50-Parent-Policy-Map
 class School_Site1
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site2
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site3
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site4
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site5
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site6
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site7
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site8
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site9
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site10
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site11
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site12
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site13
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site14
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site15
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site16
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site17
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site18
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site19
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site20
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site21
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site22
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site23
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site24
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site25
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site26
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site27
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site28
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site29
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site30
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site31
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site32
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site33
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site34
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site35
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site36
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site37
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site38
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site39
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site40
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site41
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site42
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site43
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site44
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site45
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site46
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site47
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site48
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site49
    shape average 20000000
  service-policy School-Child-Policy-Map
 class School_Site50
    shape average 10000000
  service-policy School-Child-Policy-Map
!
!
!
!
interface Loopback0
 ip address 10.126.100.1 255.255.255.255
!
interface Port-channel1
 description Connected to cr24-4507-DO
 no switchport
 dampening
 ip address 10.125.32.5 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.127.0.0 255.255.0.0 5
 ip summary-address eigrp 100 10.126.0.0 255.255.0.0 5
 logging event bundle-status
 load-interval 30
 carrier-delay msec 0
 hold-queue 2000 in
 hold-queue 2000 out
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
 description Connected to FlashNet
 no switchport
 ip address 172.26.160.184 255.255.254.0
 no ip redirects
 no ip proxy-arp
 load-interval 30
!
interface GigabitEthernet1/0/1
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 logging event bundle-status
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
!
interface GigabitEthernet1/0/2
 description Connected to cr24-4507-DO
 no switchport
 no ip address
 logging event bundle-status
 load-interval 30
 carrier-delay msec 0
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 udld port
 mls qos trust dscp
 channel-protocol pagp
 channel-group 1 mode desirable
!
interface GigabitEthernet1/1/1
 description Connected to SP-MPLS-Core-cr24-6500-1
 switchport trunk native vlan 801
 switchport trunk allowed vlan 501-550
 switchport mode trunk
 logging event trunk-status
 load-interval 30
 carrier-delay msec 0
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree guard root
 service-policy output School-1to50-Parent-Policy-Map
 hold-queue 2000 in
 hold-queue 2000 out
!
interface GigabitEthernet1/1/2
 description Connected to SP-MPLS-Core-cr24-6500-1
 switchport trunk native vlan 802
 switchport trunk allowed vlan 601-650
 switchport mode trunk
 logging event trunk-status
 load-interval 30
 carrier-delay msec 0
 priority-queue out 
 mls qos trust dscp
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable
 spanning-tree guard root
 service-policy output School-51to100-Parent-Policy-Map
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan501
 description Connected to cr35-4507-SS1
 dampening
 ip address 10.126.0.0 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan502
 dampening
 ip address 10.126.0.2 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan503
 dampening
 ip address 10.126.0.4 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan504
 dampening
 ip address 10.126.0.6 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan505
 dampening
 ip address 10.126.0.8 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan506
 dampening
 ip address 10.126.0.10 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan507
 dampening
 ip address 10.126.0.12 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan508
 dampening
 ip address 10.126.0.14 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan509
 dampening
 ip address 10.126.0.16 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan510
 dampening
 ip address 10.126.0.18 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan511
 dampening
 ip address 10.126.0.20 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan512
 dampening
 ip address 10.126.0.22 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan513
 dampening
 ip address 10.126.0.24 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan514
 dampening
 ip address 10.126.0.26 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan515
 dampening
 ip address 10.126.0.28 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan516
 dampening
 ip address 10.126.0.30 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan517
 dampening
 ip address 10.126.0.32 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan518
 dampening
 ip address 10.126.0.34 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan519
 dampening
 ip address 10.126.0.36 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan520
 dampening
 ip address 10.126.0.38 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan521
 dampening
 ip address 10.126.0.40 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan522
 dampening
 ip address 10.126.0.42 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan523
 dampening
 ip address 10.126.0.44 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan524
 dampening
 ip address 10.126.0.46 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan525
 dampening
 ip address 10.126.0.48 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan526
 dampening
 ip address 10.126.0.50 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan527
 dampening
 ip address 10.126.0.52 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan528
 dampening
 ip address 10.126.0.54 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan529
 dampening
 ip address 10.126.0.56 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan530
 dampening
 ip address 10.126.0.58 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan531
 dampening
 ip address 10.126.0.60 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan532
 dampening
 ip address 10.126.0.62 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan533
 dampening
 ip address 10.126.0.64 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan534
 dampening
 ip address 10.126.0.66 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan535
 dampening
 ip address 10.126.0.68 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan536
 dampening
 ip address 10.126.0.70 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan537
 dampening
 ip address 10.126.0.72 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan538
 dampening
 ip address 10.126.0.74 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan539
 dampening
 ip address 10.126.0.76 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan540
 dampening
 ip address 10.126.0.78 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan541
 dampening
 ip address 10.126.0.80 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan542
 dampening
 ip address 10.126.0.82 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan543
 dampening
 ip address 10.126.0.84 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan544
 dampening
 ip address 10.126.0.86 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan545
 dampening
 ip address 10.126.0.88 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan546
 dampening
 ip address 10.126.0.90 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan547
 dampening
 ip address 10.126.0.92 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan548
 dampening
 ip address 10.126.0.94 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan549
 dampening
 ip address 10.126.0.96 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan550
 dampening
 ip address 10.126.0.98 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan601
 description Connected to cr36-3750-SS2
 dampening
 ip address 10.126.1.0 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan602
 dampening
 ip address 10.126.1.2 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan603
 dampening
 ip address 10.126.1.4 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan604
 dampening
 ip address 10.126.1.6 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan605
 dampening
 ip address 10.126.1.8 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan606
 dampening
 ip address 10.126.1.10 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan607
 dampening
 ip address 10.126.1.12 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan608
 dampening
 ip address 10.126.1.14 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan609
 dampening
 ip address 10.126.1.16 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan610
 dampening
 ip address 10.126.1.18 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan611
 dampening
 ip address 10.126.1.20 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan612
 dampening
 ip address 10.126.1.22 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan613
 dampening
 ip address 10.126.1.24 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan614
 dampening
 ip address 10.126.1.26 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan615
 dampening
 ip address 10.126.1.28 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan616
 dampening
 ip address 10.126.1.30 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan617
 dampening
 ip address 10.126.1.32 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan618
 dampening
 ip address 10.126.1.34 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan619
 dampening
 ip address 10.126.1.36 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan620
 dampening
 ip address 10.126.1.38 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan621
 dampening
 ip address 10.126.1.40 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan622
 dampening
 ip address 10.126.1.42 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan623
 dampening
 ip address 10.126.1.44 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan624
 dampening
 ip address 10.126.1.46 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan625
 dampening
 ip address 10.126.1.48 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan626
 dampening
 ip address 10.126.1.50 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan627
 dampening
 ip address 10.126.1.52 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan628
 dampening
 ip address 10.126.1.54 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan629
 dampening
 ip address 10.126.1.56 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan630
 dampening
 ip address 10.126.1.58 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan631
 dampening
 ip address 10.126.1.60 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan632
 dampening
 ip address 10.126.1.62 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan633
 dampening
 ip address 10.126.1.64 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan634
 dampening
 ip address 10.126.1.66 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan635
 dampening
 ip address 10.126.1.68 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan636
 dampening
 ip address 10.126.1.70 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan637
 dampening
 ip address 10.126.1.72 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan638
 dampening
 ip address 10.126.1.74 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan639
 dampening
 ip address 10.126.1.76 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan640
 dampening
 ip address 10.126.1.78 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan641
 dampening
 ip address 10.126.1.80 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan642
 dampening
 ip address 10.126.1.82 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan643
 dampening
 ip address 10.126.1.84 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan644
 dampening
 ip address 10.126.1.86 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan645
 dampening
 ip address 10.126.1.88 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan646
 dampening
 ip address 10.126.1.90 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan647
 dampening
 ip address 10.126.1.92 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan648
 dampening
 ip address 10.126.1.94 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan649
 dampening
 ip address 10.126.1.96 255.255.255.254
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
interface Vlan650
 dampening
 ip address 10.126.1.98 255.255.255.254
 ip hold-time eigrp 100 20
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 eigrp-key
 ip pim sparse-mode
 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5
 load-interval 30
 hold-queue 2000 in
 hold-queue 2000 out
!
!
router eigrp 100
 passive-interface default
 no passive-interface Vlan501
 no passive-interface Vlan502
 no passive-interface Vlan503
 no passive-interface Vlan504
 no passive-interface Vlan505
 no passive-interface Vlan506
 no passive-interface Vlan507
 no passive-interface Vlan508
 no passive-interface Vlan509
 no passive-interface Vlan510
 no passive-interface Vlan511
 no passive-interface Vlan512
 no passive-interface Vlan513
 no passive-interface Vlan514
 no passive-interface Vlan515
 no passive-interface Vlan516
 no passive-interface Vlan517
 no passive-interface Vlan518
 no passive-interface Vlan519
 no passive-interface Vlan520
 no passive-interface Vlan521
 no passive-interface Vlan522
 no passive-interface Vlan523
 no passive-interface Vlan524
 no passive-interface Vlan525
 no passive-interface Vlan526
 no passive-interface Vlan527
 no passive-interface Vlan528
 no passive-interface Vlan529
 no passive-interface Vlan530
 no passive-interface Vlan531
 no passive-interface Vlan532
 no passive-interface Vlan533
 no passive-interface Vlan534
 no passive-interface Vlan535
 no passive-interface Vlan536
 no passive-interface Vlan537
 no passive-interface Vlan538
 no passive-interface Vlan539
 no passive-interface Vlan540
 no passive-interface Vlan541
 no passive-interface Vlan542
 no passive-interface Vlan543
 no passive-interface Vlan544
 no passive-interface Vlan545
 no passive-interface Vlan546
 no passive-interface Vlan547
 no passive-interface Vlan548
 no passive-interface Vlan549
 no passive-interface Vlan550
 no passive-interface Vlan601
 no passive-interface Vlan602
 no passive-interface Vlan603
 no passive-interface Vlan604
 no passive-interface Vlan605
 no passive-interface Vlan606
 no passive-interface Vlan607
 no passive-interface Vlan608
 no passive-interface Vlan609
 no passive-interface Vlan610
 no passive-interface Vlan611
 no passive-interface Vlan612
 no passive-interface Vlan613
 no passive-interface Vlan614
 no passive-interface Vlan615
 no passive-interface Vlan616
 no passive-interface Vlan617
 no passive-interface Vlan618
 no passive-interface Vlan619
 no passive-interface Vlan620
 no passive-interface Vlan621
 no passive-interface Vlan622
 no passive-interface Vlan623
 no passive-interface Vlan624
 no passive-interface Vlan625
 no passive-interface Vlan626
 no passive-interface Vlan627
 no passive-interface Vlan628
 no passive-interface Vlan629
 no passive-interface Vlan630
 no passive-interface Vlan631
 no passive-interface Vlan632
 no passive-interface Vlan633
 no passive-interface Vlan634
 no passive-interface Vlan635
 no passive-interface Vlan636
 no passive-interface Vlan637
 no passive-interface Vlan638
 no passive-interface Vlan639
 no passive-interface Vlan640
 no passive-interface Vlan641
 no passive-interface Vlan642
 no passive-interface Vlan643
 no passive-interface Vlan644
 no passive-interface Vlan645
 no passive-interface Vlan646
 no passive-interface Vlan647
 no passive-interface Vlan648
 no passive-interface Vlan649
 no passive-interface Vlan650
 no passive-interface Port-channel1
 no auto-summary
 eigrp router-id 10.126.100.1
 network 10.125.0.0 0.0.255.255
 network 10.126.0.0 0.0.255.255
!
ip classless
ip route 172.26.158.0 255.255.255.0 172.26.160.1
!
no ip http server
no ip http secure-server
!
ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override
ip pim spt-threshold infinity
ip pim accept-register list PERMIT-SOURCES
!
ip access-list standard Allowed_MCAST_Groups
 permit 224.0.1.39
 permit 224.0.1.40
 permit 239.192.0.0 0.0.255.255
ip access-list standard Deny_PIM_DM_Fallback
 deny   224.0.1.39
 deny   224.0.1.40
 permit any
!
ip access-list extended PERMIT-SOURCES
 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255
!
!
snmp-server community public RO
snmp-server community k12 RW
snmp-server trap-source Loopback0
snmp-server host 172.26.158.251 version 2c k12 
!
control-plane
!
alias exec ct config t
alias exec srb sh run | begin
alias exec sri sh run int
alias exec cl clear logg
alias exec rib show ip route
alias exec ec sh etherchannel
alias exec cc clea count
alias exec sac sh access-list
alias exec cpu show proc c s | inc CPU
alias exec sin show ip int brief | ex unassi
alias exec dsno show ip dhcp snooping bind
!
line con 0
 exec-timeout 0 0
 password 7 00071A150754
line vty 0 4
 exec-timeout 0 0
 password 7 02050D480809
 login
line vty 5 15
 exec-timeout 0 0
 no login
!
ntp clock-period 36028666
ntp server 172.26.160.10
end
 


Cr26-asa5520-DO
cr26-asa5520-do# wr t
: Saved
:
ASA Version 8.2(1) 
!
hostname cr26-asa5520-do
domain-name cisco.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface GigabitEthernet0/0
 description Connected to cr24-4507-DO
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 description backup to cr24-4507-DO
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 description Connected to Internet - cr26-6500-1
 nameif outside
 security-level 0
 ip address 198.133.219.5 255.255.255.0 
 ospf message-digest-key 1 md5 <removed>
 ospf authentication message-digest
!
interface GigabitEthernet0/3
 description School DMZ
 nameif dmz
 security-level 50
 ip address 10.25.34.1 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 100
 ip address 172.26.160.225 255.255.252.0 
 management-only
!
interface Redundant1
 description Connected to cr24-4507-DO
 member-interface GigabitEthernet0/0
 member-interface GigabitEthernet0/1
 nameif inside
 security-level 100
 allow-ssc-mgmt
 ip address 10.125.33.10 255.255.255.0 
 authentication key eigrp 100 <removed> key-id 1
 authentication mode eigrp 100 md5
!
boot system disk0:/asa821-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name cisco.com
access-list wsa-farm extended permit ip host 10.125.33.8 any 
access-list proxylist extended deny ip host 10.125.33.8 any 
access-list proxylist extended permit tcp 10.0.0.0 255.0.0.0 any eq www 
access-list proxylist extended permit tcp 10.0.0.0 255.0.0.0 any eq https 
access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 any eq www 
access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 any eq https 
access-list Outbound extended permit icmp 10.0.0.0 255.0.0.0 any echo 
access-list Outbound extended permit udp 10.0.0.0 255.0.0.0 host 10.25.34.13 eq domain
access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 host 10.25.34.12 eq smtp
access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 host 10.25.34.12 eq pop3
access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 host 10.25.34.12 eq imap4
access-list Inbound-Routes standard permit host 0.0.0.0 
access-list DMZ extended permit udp host 10.25.34.13 any eq domain 
access-list DMZ extended permit tcp host 10.25.34.13 any eq domain 
access-list DMZ extended permit tcp host 10.25.34.12 any eq smtp 
access-list DMZ extended permit tcp host 10.25.34.11 any eq www 
access-list DMZ extended permit tcp host 10.25.34.11 any eq https 
access-list Inbound extended permit udp any host 198.133.219.13 eq domain 
access-list Inbound extended permit tcp any host 198.133.219.13 eq domain 
access-list Inbound extended permit tcp any host 198.133.219.11 eq smtp 
access-list Inbound extended permit tcp any host 198.133.219.10 eq www 
access-list Inbound extended permit tcp any host 198.133.219.10 eq https 
pager lines 24
logging enable
logging console critical
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu management 1500
mtu inside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 10.0.0.0 255.0.0.0
static (inside,outside) 198.133.219.2 10.125.31.2 netmask 255.255.255.255 
static (dmz,outside) 198.133.219.10 10.25.34.10 netmask 255.255.255.255 
static (dmz,outside) 198.133.219.11 10.25.34.11 netmask 255.255.255.255 
static (dmz,outside) 198.133.219.12 10.25.34.12 netmask 255.255.255.255 
static (dmz,outside) 198.133.219.13 10.25.34.13 netmask 255.255.255.255 
static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 
access-group Outbound in interface inside
access-group DMZ in interface dmz
access-group Inbound in interface outside
!
route-map Inbound-EIGRP permit 10
</