API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 5th, 2013
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.27 KB | None | 0 0
raw download clone embed print report
  1.  
  2. !
  3. version 12.4
  4. service timestamps debug datetime msec
  5. service timestamps log datetime msec
  6. no service password-encryption
  7. !
  8. hostname R1
  9. !
  10. boot-start-marker
  11. boot-end-marker
  12. !
  13. no logging buffered
  14. !
  15. no aaa new-model
  16. !
  17. !
  18. ip cef
  19. ip auth-proxy max-nodata-conns 3
  20. ip admission max-nodata-conns 3
  21. no ip dhcp use vrf connected
  22. ip dhcp excluded-address 172.16.1.1 172.16.1.20
  23. ip dhcp excluded-address 172.16.2.1 172.16.2.20
  24. ip dhcp excluded-address 172.16.3.1 172.16.3.20
  25. ip dhcp excluded-address 172.16.4.1 172.16.4.20
  26. ip dhcp excluded-address 172.16.5.1 172.16.5.20
  27. ip dhcp excluded-address 172.16.6.1 172.16.6.20
  28. ip dhcp excluded-address 172.16.7.1 172.16.7.20
  29. !
  30. ip dhcp pool VLAN10
  31. network 172.16.1.0 255.255.255.0
  32. default-router 172.16.1.1
  33. dns-server 8.8.8.8 4.2.2.4
  34. !
  35. ip dhcp pool VLAN20
  36. network 172.16.2.0 255.255.255.0
  37. default-router 172.16.2.1
  38. dns-server 8.8.8.8 4.2.2.4
  39. !
  40. ip dhcp pool VLAN30
  41. network 172.16.3.0 255.255.255.0
  42. default-router 172.16.3.1
  43. dns-server 8.8.8.8 4.2.2.4
  44. !
  45. ip dhcp pool VLAN40
  46. network 172.16.4.0 255.255.255.0
  47. default-router 172.16.4.1
  48. dns-server 8.8.8.8 4.2.2.4
  49. !
  50. ip dhcp pool VLAN50
  51. network 172.16.5.0 255.255.255.0
  52. default-router 172.16.5.1
  53. dns-server 8.8.8.8 4.2.2.4
  54. !
  55. ip dhcp pool VLAN60
  56. network 172.16.6.0 255.255.255.0
  57. default-router 172.16.6.1
  58. dns-server 8.8.8.8 4.2.2.4
  59. !
  60. ip dhcp pool VLAN70
  61. network 172.16.7.0 255.255.255.0
  62. default-router 172.16.7.1
  63. dns-server 8.8.8.8 4.2.2.4
  64. !
  65. !
  66. ip ips sdf location flash://sdmips.sdf
  67. ip ips notify SDEE
  68. ip ips name sdm_ips_rule
  69. ip domain name mydomain.com
  70. !
  71. !
  72. !
  73. !
  74. username admin privilege 15 secret 5 BLAHBLAHBLAH
  75. !
  76. !
  77. ip ssh authentication-retries 5
  78. ip ssh rsa keypair-name SSH
  79. ip ssh version 2
  80. !
  81. !
  82. !
  83. !
  84. interface FastEthernet0/0
  85. no ip address
  86. duplex full
  87. speed 100
  88. !
  89. interface FastEthernet0/0.10
  90. description VLAN10
  91. encapsulation dot1Q 10
  92. ip address 172.16.1.2 255.255.255.0
  93. ip access-group VLAN10-IN in
  94. ip access-group VLAN10-OUT out
  95. ip ips sdm_ips_rule in
  96. ip ips sdm_ips_rule out
  97. ip virtual-reassembly
  98. standby 10 ip 172.16.1.1
  99. standby 10 priority 110
  100. standby 10 preempt
  101. standby 10 authentication PASSWORD
  102. !
  103. interface FastEthernet0/0.20
  104. description VLAN20
  105. encapsulation dot1Q 20
  106. ip address 172.16.2.2 255.255.255.0
  107. ip access-group VLAN20-IN in
  108. ip access-group VLAN20-OUT out
  109. ip ips sdm_ips_rule in
  110. ip ips sdm_ips_rule out
  111. ip virtual-reassembly
  112. standby 20 ip 172.16.2.1
  113. standby 20 priority 110
  114. standby 20 preempt
  115. standby 20 authentication PASSWORD
  116. !
  117. interface FastEthernet0/0.30
  118. description VLAN30
  119. encapsulation dot1Q 30
  120. ip address 172.16.3.2 255.255.255.0
  121. ip access-group VLAN30-IN in
  122. ip access-group VLAN30-OUT out
  123. ip ips sdm_ips_rule in
  124. ip ips sdm_ips_rule out
  125. ip virtual-reassembly
  126. standby 30 ip 172.16.3.1
  127. standby 30 priority 110
  128. standby 30 preempt
  129. standby 30 authentication PASSWORD
  130. !
  131. interface FastEthernet0/0.40
  132. description VLAN40
  133. encapsulation dot1Q 40
  134. ip address 172.16.4.2 255.255.255.0
  135. ip access-group VLAN40-IN in
  136. ip access-group VLAN40-OUT out
  137. ip ips sdm_ips_rule in
  138. ip ips sdm_ips_rule out
  139. ip virtual-reassembly
  140. standby 40 ip 172.16.4.1
  141. standby 40 priority 110
  142. standby 40 preempt
  143. standby 40 authentication PASSWORD
  144. !
  145. interface FastEthernet0/0.50
  146. description VLAN50
  147. encapsulation dot1Q 50
  148. ip address 172.16.5.2 255.255.255.0
  149. ip access-group VLAN50-IN in
  150. ip access-group VLAN50-OUT out
  151. ip ips sdm_ips_rule in
  152. ip ips sdm_ips_rule out
  153. ip virtual-reassembly
  154. standby 50 ip 172.16.5.1
  155. standby 50 priority 110
  156. standby 50 preempt
  157. standby 50 authentication PASSWORD
  158. !
  159. interface FastEthernet0/0.60
  160. description VLAN60
  161. encapsulation dot1Q 60
  162. ip address 172.16.6.2 255.255.255.0
  163. ip access-group VLAN60-IN in
  164. ip access-group VLAN60-OUT out
  165. ip ips sdm_ips_rule in
  166. ip ips sdm_ips_rule out
  167. ip virtual-reassembly
  168. standby 60 ip 172.16.6.1
  169. standby 60 priority 110
  170. standby 60 preempt
  171. standby 60 authentication PASSWORD
  172. !
  173. interface FastEthernet0/0.70
  174. description VLAN70
  175. encapsulation dot1Q 70
  176. ip address 172.16.7.2 255.255.255.0
  177. ip access-group VLAN70-IN in
  178. ip access-group VLAN70-OUT out
  179. ip ips sdm_ips_rule in
  180. ip ips sdm_ips_rule out
  181. ip virtual-reassembly
  182. standby 70 ip 172.16.7.1
  183. standby 70 priority 110
  184. standby 70 preempt
  185. standby 70 authentication PASSWORD
  186. !
  187. interface FastEthernet0/1
  188. ip address 172.16.0.2 255.255.255.0
  189. ip ips sdm_ips_rule in
  190. ip ips sdm_ips_rule out
  191. ip virtual-reassembly
  192. duplex full
  193. speed 100
  194. standby 1 ip 172.16.0.4
  195. standby 1 priority 110
  196. standby 1 preempt
  197. standby 1 authentication PASSWORD
  198. !
  199. ip forward-protocol nd
  200. ip route 0.0.0.0 0.0.0.0 172.16.0.1
  201. !
  202. ip http secure-server
  203. ip http authentication local
  204. !
  205. ip access-list extended VLAN10-IN
  206. remark VLAN10 acl
  207. permit udp any any eq bootps
  208. permit udp any any eq domain
  209. permit udp any any eq bootpc
  210. deny ip any 172.16.7.0 0.0.0.255 log
  211. permit ip 172.16.1.0 0.0.0.255 any
  212. ip access-list extended VLAN10-OUT
  213. remark VLAN10 acl
  214. permit udp any any eq bootps
  215. permit udp any any eq domain
  216. permit udp any any eq bootpc
  217. deny ip 172.16.7.0 0.0.0.255 any log
  218. permit ip any 172.16.1.0 0.0.0.255
  219. ip access-list extended VLAN20-IN
  220. remark VLAN20 acl
  221. permit udp any any eq bootps
  222. permit udp any any eq domain
  223. permit udp any any eq bootpc
  224. deny ip any 172.16.3.0 0.0.0.255 log
  225. deny ip any 172.16.4.0 0.0.0.255 log
  226. deny ip any 172.16.5.0 0.0.0.255 log
  227. deny ip any 172.16.6.0 0.0.0.255 log
  228. deny ip any 172.16.7.0 0.0.0.255 log
  229. permit ip 172.16.2.0 0.0.0.255 any
  230. ip access-list extended VLAN20-OUT
  231. remark VLAN20 acl
  232. permit udp any any eq bootps
  233. permit udp any any eq domain
  234. permit udp any any eq bootpc
  235. deny ip 172.16.2.0 0.0.0.255 any log
  236. deny ip 172.16.3.0 0.0.0.255 any log
  237. deny ip 172.16.4.0 0.0.0.255 any log
  238. deny ip 172.16.5.0 0.0.0.255 any log
  239. deny ip 172.16.6.0 0.0.0.255 any log
  240. deny ip 172.16.7.0 0.0.0.255 any log
  241. permit ip any 172.16.2.0 0.0.0.255
  242. ip access-list extended VLAN30-IN
  243. remark VLAN30 acl
  244. permit udp any any eq bootps
  245. permit udp any any eq domain
  246. permit udp any any eq bootpc
  247. deny ip any 172.16.2.0 0.0.0.255 log
  248. deny ip any 172.16.4.0 0.0.0.255 log
  249. deny ip any 172.16.5.0 0.0.0.255 log
  250. deny ip any 172.16.6.0 0.0.0.255 log
  251. deny ip any 172.16.7.0 0.0.0.255 log
  252. permit ip 172.16.3.0 0.0.0.255 any
  253. ip access-list extended VLAN30-OUT
  254. remark VLAN30 acl
  255. permit udp any any eq bootps
  256. permit udp any any eq domain
  257. permit udp any any eq bootpc
  258. deny ip 172.16.2.0 0.0.0.255 any log
  259. deny ip 172.16.3.0 0.0.0.255 any log
  260. deny ip 172.16.4.0 0.0.0.255 any log
  261. deny ip 172.16.5.0 0.0.0.255 any log
  262. deny ip 172.16.6.0 0.0.0.255 any log
  263. deny ip 172.16.7.0 0.0.0.255 any log
  264. permit ip any 172.16.3.0 0.0.0.255
  265. ip access-list extended VLAN40-IN
  266. remark VLAN40 acl
  267. permit udp any any eq bootps
  268. permit udp any any eq domain
  269. permit udp any any eq bootpc
  270. deny ip any 172.16.2.0 0.0.0.255 log
  271. deny ip any 172.16.3.0 0.0.0.255 log
  272. deny ip any 172.16.5.0 0.0.0.255 log
  273. deny ip any 172.16.6.0 0.0.0.255 log
  274. deny ip any 172.16.7.0 0.0.0.255 log
  275. permit ip 172.16.4.0 0.0.0.255 any
  276. ip access-list extended VLAN40-OUT
  277. remark VLAN40 acl
  278. permit udp any any eq bootps
  279. permit udp any any eq domain
  280. permit udp any any eq bootpc
  281. deny ip 172.16.2.0 0.0.0.255 any log
  282. deny ip 172.16.3.0 0.0.0.255 any log
  283. deny ip 172.16.4.0 0.0.0.255 any log
  284. deny ip 172.16.5.0 0.0.0.255 any log
  285. deny ip 172.16.6.0 0.0.0.255 any log
  286. deny ip 172.16.7.0 0.0.0.255 any log
  287. permit ip any 172.16.4.0 0.0.0.255
  288. ip access-list extended VLAN50-IN
  289. remark VLAN50 acl
  290. permit udp any any eq bootps
  291. permit udp any any eq domain
  292. permit udp any any eq bootpc
  293. deny ip any 172.16.2.0 0.0.0.255 log
  294. deny ip any 172.16.3.0 0.0.0.255 log
  295. deny ip any 172.16.4.0 0.0.0.255 log
  296. deny ip any 172.16.6.0 0.0.0.255 log
  297. deny ip any 172.16.7.0 0.0.0.255 log
  298. permit ip 172.16.5.0 0.0.0.255 any
  299. ip access-list extended VLAN50-OUT
  300. remark VLAN50 acl
  301. permit udp any any eq bootps
  302. permit udp any any eq domain
  303. permit udp any any eq bootpc
  304. deny ip 172.16.2.0 0.0.0.255 any log
  305. deny ip 172.16.3.0 0.0.0.255 any log
  306. deny ip 172.16.4.0 0.0.0.255 any log
  307. deny ip 172.16.5.0 0.0.0.255 any log
  308. deny ip 172.16.6.0 0.0.0.255 any log
  309. deny ip 172.16.7.0 0.0.0.255 any log
  310. permit ip any 172.16.5.0 0.0.0.255
  311. ip access-list extended VLAN60-IN
  312. remark VLAN60 acl
  313. permit udp any any eq bootps
  314. permit udp any any eq domain
  315. permit udp any any eq bootpc
  316. deny ip any 172.16.2.0 0.0.0.255 log
  317. deny ip any 172.16.3.0 0.0.0.255 log
  318. deny ip any 172.16.4.0 0.0.0.255 log
  319. deny ip any 172.16.5.0 0.0.0.255 log
  320. deny ip any 172.16.7.0 0.0.0.255 log
  321. permit ip 172.16.6.0 0.0.0.255 any
  322. ip access-list extended VLAN60-OUT
  323. remark VLAN60 acl
  324. permit udp any any eq bootps
  325. permit udp any any eq domain
  326. permit udp any any eq bootpc
  327. deny ip 172.16.2.0 0.0.0.255 any log
  328. deny ip 172.16.3.0 0.0.0.255 any log
  329. deny ip 172.16.4.0 0.0.0.255 any log
  330. deny ip 172.16.5.0 0.0.0.255 any log
  331. deny ip 172.16.6.0 0.0.0.255 any log
  332. deny ip 172.16.7.0 0.0.0.255 any log
  333. permit ip any 172.16.6.0 0.0.0.255
  334. ip access-list extended VLAN70-IN
  335. remark VLAN70 acl
  336. permit udp any any eq bootps
  337. permit udp any any eq domain
  338. permit udp any any eq bootpc
  339. deny ip any 172.16.1.0 0.0.0.255 log
  340. deny ip any 172.16.2.0 0.0.0.255 log
  341. deny ip any 172.16.3.0 0.0.0.255 log
  342. deny ip any 172.16.4.0 0.0.0.255 log
  343. deny ip any 172.16.5.0 0.0.0.255 log
  344. deny ip any 172.16.6.0 0.0.0.255 log
  345. permit ip 172.16.7.0 0.0.0.255 any
  346. ip access-list extended VLAN70-OUT
  347. remark VLAN70 acl
  348. permit udp any any eq bootps
  349. permit udp any any eq domain
  350. permit udp any any eq bootpc
  351. deny ip 172.16.1.0 0.0.0.255 any log
  352. deny ip 172.16.2.0 0.0.0.255 any log
  353. deny ip 172.16.3.0 0.0.0.255 any log
  354. deny ip 172.16.4.0 0.0.0.255 any log
  355. deny ip 172.16.5.0 0.0.0.255 any log
  356. deny ip 172.16.6.0 0.0.0.255 any log
  357. deny ip 172.16.7.0 0.0.0.255 any log
  358. permit ip any 172.16.7.0 0.0.0.255
  359. !
  360. logging 172.16.0.5
  361. !
  362. !
  363. control-plane
  364. !
  365. !
  366. !
  367. line con 0
  368. login local
  369. line aux 0
  370. line vty 0 4
  371. login local
  372. transport input ssh
  373. !
  374. scheduler allocate 20000 1000
  375. !
  376. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!