Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- !
- version 12.4
- service timestamps debug datetime msec
- service timestamps log datetime msec
- no service password-encryption
- !
- hostname R1
- !
- boot-start-marker
- boot-end-marker
- !
- no logging buffered
- !
- no aaa new-model
- !
- !
- ip cef
- ip auth-proxy max-nodata-conns 3
- ip admission max-nodata-conns 3
- no ip dhcp use vrf connected
- ip dhcp excluded-address 172.16.1.1 172.16.1.20
- ip dhcp excluded-address 172.16.2.1 172.16.2.20
- ip dhcp excluded-address 172.16.3.1 172.16.3.20
- ip dhcp excluded-address 172.16.4.1 172.16.4.20
- ip dhcp excluded-address 172.16.5.1 172.16.5.20
- ip dhcp excluded-address 172.16.6.1 172.16.6.20
- ip dhcp excluded-address 172.16.7.1 172.16.7.20
- !
- ip dhcp pool VLAN10
- network 172.16.1.0 255.255.255.0
- default-router 172.16.1.1
- dns-server 8.8.8.8 4.2.2.4
- !
- ip dhcp pool VLAN20
- network 172.16.2.0 255.255.255.0
- default-router 172.16.2.1
- dns-server 8.8.8.8 4.2.2.4
- !
- ip dhcp pool VLAN30
- network 172.16.3.0 255.255.255.0
- default-router 172.16.3.1
- dns-server 8.8.8.8 4.2.2.4
- !
- ip dhcp pool VLAN40
- network 172.16.4.0 255.255.255.0
- default-router 172.16.4.1
- dns-server 8.8.8.8 4.2.2.4
- !
- ip dhcp pool VLAN50
- network 172.16.5.0 255.255.255.0
- default-router 172.16.5.1
- dns-server 8.8.8.8 4.2.2.4
- !
- ip dhcp pool VLAN60
- network 172.16.6.0 255.255.255.0
- default-router 172.16.6.1
- dns-server 8.8.8.8 4.2.2.4
- !
- ip dhcp pool VLAN70
- network 172.16.7.0 255.255.255.0
- default-router 172.16.7.1
- dns-server 8.8.8.8 4.2.2.4
- !
- !
- ip ips sdf location flash://sdmips.sdf
- ip ips notify SDEE
- ip ips name sdm_ips_rule
- ip domain name mydomain.com
- !
- !
- !
- !
- username admin privilege 15 secret 5 BLAHBLAHBLAH
- !
- !
- ip ssh authentication-retries 5
- ip ssh rsa keypair-name SSH
- ip ssh version 2
- !
- !
- !
- !
- interface FastEthernet0/0
- no ip address
- duplex full
- speed 100
- !
- interface FastEthernet0/0.10
- description VLAN10
- encapsulation dot1Q 10
- ip address 172.16.1.2 255.255.255.0
- ip access-group VLAN10-IN in
- ip access-group VLAN10-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 10 ip 172.16.1.1
- standby 10 priority 110
- standby 10 preempt
- standby 10 authentication PASSWORD
- !
- interface FastEthernet0/0.20
- description VLAN20
- encapsulation dot1Q 20
- ip address 172.16.2.2 255.255.255.0
- ip access-group VLAN20-IN in
- ip access-group VLAN20-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 20 ip 172.16.2.1
- standby 20 priority 110
- standby 20 preempt
- standby 20 authentication PASSWORD
- !
- interface FastEthernet0/0.30
- description VLAN30
- encapsulation dot1Q 30
- ip address 172.16.3.2 255.255.255.0
- ip access-group VLAN30-IN in
- ip access-group VLAN30-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 30 ip 172.16.3.1
- standby 30 priority 110
- standby 30 preempt
- standby 30 authentication PASSWORD
- !
- interface FastEthernet0/0.40
- description VLAN40
- encapsulation dot1Q 40
- ip address 172.16.4.2 255.255.255.0
- ip access-group VLAN40-IN in
- ip access-group VLAN40-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 40 ip 172.16.4.1
- standby 40 priority 110
- standby 40 preempt
- standby 40 authentication PASSWORD
- !
- interface FastEthernet0/0.50
- description VLAN50
- encapsulation dot1Q 50
- ip address 172.16.5.2 255.255.255.0
- ip access-group VLAN50-IN in
- ip access-group VLAN50-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 50 ip 172.16.5.1
- standby 50 priority 110
- standby 50 preempt
- standby 50 authentication PASSWORD
- !
- interface FastEthernet0/0.60
- description VLAN60
- encapsulation dot1Q 60
- ip address 172.16.6.2 255.255.255.0
- ip access-group VLAN60-IN in
- ip access-group VLAN60-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 60 ip 172.16.6.1
- standby 60 priority 110
- standby 60 preempt
- standby 60 authentication PASSWORD
- !
- interface FastEthernet0/0.70
- description VLAN70
- encapsulation dot1Q 70
- ip address 172.16.7.2 255.255.255.0
- ip access-group VLAN70-IN in
- ip access-group VLAN70-OUT out
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- standby 70 ip 172.16.7.1
- standby 70 priority 110
- standby 70 preempt
- standby 70 authentication PASSWORD
- !
- interface FastEthernet0/1
- ip address 172.16.0.2 255.255.255.0
- ip ips sdm_ips_rule in
- ip ips sdm_ips_rule out
- ip virtual-reassembly
- duplex full
- speed 100
- standby 1 ip 172.16.0.4
- standby 1 priority 110
- standby 1 preempt
- standby 1 authentication PASSWORD
- !
- ip forward-protocol nd
- ip route 0.0.0.0 0.0.0.0 172.16.0.1
- !
- ip http secure-server
- ip http authentication local
- !
- ip access-list extended VLAN10-IN
- remark VLAN10 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.7.0 0.0.0.255 log
- permit ip 172.16.1.0 0.0.0.255 any
- ip access-list extended VLAN10-OUT
- remark VLAN10 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.1.0 0.0.0.255
- ip access-list extended VLAN20-IN
- remark VLAN20 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.3.0 0.0.0.255 log
- deny ip any 172.16.4.0 0.0.0.255 log
- deny ip any 172.16.5.0 0.0.0.255 log
- deny ip any 172.16.6.0 0.0.0.255 log
- deny ip any 172.16.7.0 0.0.0.255 log
- permit ip 172.16.2.0 0.0.0.255 any
- ip access-list extended VLAN20-OUT
- remark VLAN20 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.2.0 0.0.0.255 any log
- deny ip 172.16.3.0 0.0.0.255 any log
- deny ip 172.16.4.0 0.0.0.255 any log
- deny ip 172.16.5.0 0.0.0.255 any log
- deny ip 172.16.6.0 0.0.0.255 any log
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.2.0 0.0.0.255
- ip access-list extended VLAN30-IN
- remark VLAN30 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.2.0 0.0.0.255 log
- deny ip any 172.16.4.0 0.0.0.255 log
- deny ip any 172.16.5.0 0.0.0.255 log
- deny ip any 172.16.6.0 0.0.0.255 log
- deny ip any 172.16.7.0 0.0.0.255 log
- permit ip 172.16.3.0 0.0.0.255 any
- ip access-list extended VLAN30-OUT
- remark VLAN30 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.2.0 0.0.0.255 any log
- deny ip 172.16.3.0 0.0.0.255 any log
- deny ip 172.16.4.0 0.0.0.255 any log
- deny ip 172.16.5.0 0.0.0.255 any log
- deny ip 172.16.6.0 0.0.0.255 any log
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.3.0 0.0.0.255
- ip access-list extended VLAN40-IN
- remark VLAN40 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.2.0 0.0.0.255 log
- deny ip any 172.16.3.0 0.0.0.255 log
- deny ip any 172.16.5.0 0.0.0.255 log
- deny ip any 172.16.6.0 0.0.0.255 log
- deny ip any 172.16.7.0 0.0.0.255 log
- permit ip 172.16.4.0 0.0.0.255 any
- ip access-list extended VLAN40-OUT
- remark VLAN40 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.2.0 0.0.0.255 any log
- deny ip 172.16.3.0 0.0.0.255 any log
- deny ip 172.16.4.0 0.0.0.255 any log
- deny ip 172.16.5.0 0.0.0.255 any log
- deny ip 172.16.6.0 0.0.0.255 any log
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.4.0 0.0.0.255
- ip access-list extended VLAN50-IN
- remark VLAN50 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.2.0 0.0.0.255 log
- deny ip any 172.16.3.0 0.0.0.255 log
- deny ip any 172.16.4.0 0.0.0.255 log
- deny ip any 172.16.6.0 0.0.0.255 log
- deny ip any 172.16.7.0 0.0.0.255 log
- permit ip 172.16.5.0 0.0.0.255 any
- ip access-list extended VLAN50-OUT
- remark VLAN50 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.2.0 0.0.0.255 any log
- deny ip 172.16.3.0 0.0.0.255 any log
- deny ip 172.16.4.0 0.0.0.255 any log
- deny ip 172.16.5.0 0.0.0.255 any log
- deny ip 172.16.6.0 0.0.0.255 any log
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.5.0 0.0.0.255
- ip access-list extended VLAN60-IN
- remark VLAN60 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.2.0 0.0.0.255 log
- deny ip any 172.16.3.0 0.0.0.255 log
- deny ip any 172.16.4.0 0.0.0.255 log
- deny ip any 172.16.5.0 0.0.0.255 log
- deny ip any 172.16.7.0 0.0.0.255 log
- permit ip 172.16.6.0 0.0.0.255 any
- ip access-list extended VLAN60-OUT
- remark VLAN60 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.2.0 0.0.0.255 any log
- deny ip 172.16.3.0 0.0.0.255 any log
- deny ip 172.16.4.0 0.0.0.255 any log
- deny ip 172.16.5.0 0.0.0.255 any log
- deny ip 172.16.6.0 0.0.0.255 any log
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.6.0 0.0.0.255
- ip access-list extended VLAN70-IN
- remark VLAN70 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip any 172.16.1.0 0.0.0.255 log
- deny ip any 172.16.2.0 0.0.0.255 log
- deny ip any 172.16.3.0 0.0.0.255 log
- deny ip any 172.16.4.0 0.0.0.255 log
- deny ip any 172.16.5.0 0.0.0.255 log
- deny ip any 172.16.6.0 0.0.0.255 log
- permit ip 172.16.7.0 0.0.0.255 any
- ip access-list extended VLAN70-OUT
- remark VLAN70 acl
- permit udp any any eq bootps
- permit udp any any eq domain
- permit udp any any eq bootpc
- deny ip 172.16.1.0 0.0.0.255 any log
- deny ip 172.16.2.0 0.0.0.255 any log
- deny ip 172.16.3.0 0.0.0.255 any log
- deny ip 172.16.4.0 0.0.0.255 any log
- deny ip 172.16.5.0 0.0.0.255 any log
- deny ip 172.16.6.0 0.0.0.255 any log
- deny ip 172.16.7.0 0.0.0.255 any log
- permit ip any 172.16.7.0 0.0.0.255
- !
- logging 172.16.0.5
- !
- !
- control-plane
- !
- !
- !
- line con 0
- login local
- line aux 0
- line vty 0 4
- login local
- transport input ssh
- !
- scheduler allocate 20000 1000
- !
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement