API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 17th, 2019
155
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.52 KB | None | 0 0
raw download clone embed print report
  1.  
  2. !
  3. ! Last configuration change at 04:02:50 GMT Mon Jan 2 2006
  4. !
  5. version 15.0
  6. no service pad
  7. service timestamps debug datetime localtime
  8. service timestamps log datetime localtime
  9. service password-encryption
  10. !
  11. hostname SECURITY-CABIN
  12. !
  13. boot-start-marker
  14. boot-end-marker
  15. !
  16. no logging monitor
  17. enable secret 5 $1$S3Kd$uIyvQR91qu3bVVINIAd.i1
  18. !
  19. username admin secret 5 $1$Jsi/$9OWJchqRNA/0lViCeMPpp/
  20. aaa new-model
  21. !
  22. !
  23. aaa group server radius NM-ISE
  24. server 10.208.47.19
  25. server 10.208.47.20
  26. server 10.208.47.19 auth-port 1812 acct-port 1813
  27. server 10.208.47.20 auth-port 1812 acct-port 1813
  28. !
  29. aaa authentication login default group NM-ISE local
  30. aaa authentication login NO-RADIUS local
  31. aaa authentication dot1x default group NM-ISE
  32. aaa authorization exec default group NM-ISE local
  33. aaa authorization network default group NM-ISE local
  34. aaa accounting update periodic 5
  35. aaa accounting dot1x default start-stop group NM-ISE
  36. !
  37. !
  38. !
  39. !
  40. !
  41. aaa server radius dynamic-author
  42. client 10.208.47.19 server-key 7 07002C4D400E0B001606
  43. client 10.208.47.20 server-key 7 030B560A080833494F1D
  44. !
  45. aaa session-id common
  46. clock timezone GMT 4 0
  47. system mtu routing 1500
  48. no ip source-route
  49. ip arp inspection vlan 1,15,17,35-50
  50. ip arp inspection validate src-mac dst-mac ip
  51. !
  52. !
  53. ip dhcp snooping vlan 1,15,17,35-50
  54. no ip dhcp snooping information option
  55. ip dhcp snooping
  56. ip domain-name nm.gov.om
  57. ip device tracking
  58. vtp domain NMO
  59. vtp mode transparent
  60. !
  61. epm logging
  62. !
  63. crypto pki trustpoint TP-self-signed-41722112
  64. enrollment selfsigned
  65. subject-name cn=IOS-Self-Signed-Certificate-41722112
  66. revocation-check none
  67. rsakeypair TP-self-signed-41722112
  68. !
  69. !
  70. crypto pki certificate chain TP-self-signed-41722112
  71. certificate self-signed 01
  72. 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  73. 2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
  74. 69666963 6174652D 34313732 32313132 301E170D 39333033 32313033 30363330
  75. 5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
  76. 2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D343137 32323131
  77. 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AC13
  78. 44FC44E9 FF802902 09C04078 4F0A05E6 2CF96286 A3CF7C66 897ADD57 CCE7B54F
  79. 28B818C7 FBC59EE8 CC268E91 740FBF95 651875DE BF0970E0 7DF5A4F8 4C807508
  80. B3393B9F B8F98581 0581CB56 23FA917A 2F353A83 DEE50DAB 898EA115 68873FEF
  81. ED60E7D6 762E05FE 83FBB034 3B112193 A71EDA85 65B91015 A0118E54 87E10203
  82. 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603 551D1104
  83. 1C301A82 18534543 55524954 592D4341 42494E2E 6E6D2E67 6F762E6F 6D301F06
  84. 03551D23 04183016 80141465 86A5AF8C 78D19D81 C44FA934 50843B4E BC17301D
  85. 0603551D 0E041604 14146586 A5AF8C78 D19D81C4 4FA93450 843B4EBC 17300D06
  86. 092A8648 86F70D01 01040500 03818100 5FC2EA62 EB057590 B2E67B1E 1E04C176
  87. 85656DF5 A4876132 C3D99A04 F42A665B D81E82A1 D6BEB046 60C1E4AB D34013C1
  88. 493D3CBF 9B5176E0 AAFDBED5 6BA3CC09 FB31E979 02040C97 F0548653 7DFB68D5
  89. CF634EF8 FE87CBF6 8FC458A4 7B94B53A D4C6CB4A E93508A5 9079D522 4B54F513
  90. 7EBCBB6B 33CF4121 4466EF0F 93ECDBA8
  91. quit
  92. !
  93. !
  94. !
  95. dot1x system-auth-control
  96. spanning-tree mode pvst
  97. spanning-tree extend system-id
  98. !
  99. !
  100. !
  101. !
  102. !
  103. errdisable recovery cause udld
  104. errdisable recovery cause bpduguard
  105. errdisable recovery cause security-violation
  106. errdisable recovery cause channel-misconfig (STP)
  107. errdisable recovery cause pagp-flap
  108. errdisable recovery cause dtp-flap
  109. errdisable recovery cause link-flap
  110. errdisable recovery cause sfp-config-mismatch
  111. errdisable recovery cause gbic-invalid
  112. errdisable recovery cause l2ptguard
  113. errdisable recovery cause psecure-violation
  114. errdisable recovery cause port-mode-failure
  115. errdisable recovery cause dhcp-rate-limit
  116. errdisable recovery cause pppoe-ia-rate-limit
  117. errdisable recovery cause mac-limit
  118. errdisable recovery cause vmps
  119. errdisable recovery cause storm-control
  120. errdisable recovery cause inline-power
  121. errdisable recovery cause arp-inspection
  122. errdisable recovery interval 30
  123. !
  124. !
  125. !
  126. !
  127. vlan internal allocation policy ascending
  128. !
  129. vlan 37
  130. !
  131. vlan 47
  132. name MGMT
  133. !
  134. vlan 48
  135. name VOICE
  136. !
  137. vlan 50
  138. name ACCESS-POINT
  139. !
  140. vlan 990
  141. name unused-port
  142. !
  143. !
  144. !
  145. !
  146. !
  147. !
  148. !
  149. !
  150. !
  151. !
  152. !
  153. interface Port-channel12
  154. switchport trunk encapsulation dot1q
  155. switchport mode trunk
  156. ip arp inspection trust
  157. flowcontrol receive on
  158. ip dhcp snooping trust
  159. !
  160. interface FastEthernet0
  161. no ip address
  162. shutdown
  163. !
  164. interface GigabitEthernet0/1
  165. description "Connected to Access Point"
  166. switchport access vlan 50
  167. switchport mode access
  168. ip access-group ACL-DEFAULT in
  169. authentication event fail action next-method
  170. authentication host-mode multi-host
  171. authentication order dot1x mab
  172. authentication priority dot1x mab
  173. authentication port-control auto
  174. authentication violation restrict
  175. mab
  176. snmp trap mac-notification change added
  177. snmp trap mac-notification change removed
  178. dot1x pae authenticator
  179. dot1x timeout tx-period 10
  180. storm-control broadcast level 10.00
  181. storm-control action shutdown
  182. spanning-tree portfast
  183. spanning-tree bpduguard enable
  184. !
  185. interface GigabitEthernet0/2
  186. description "Connected to Access Point"
  187. switchport access vlan 50
  188. switchport mode access
  189. switchport port-security maximum 2
  190. switchport port-security mac-address sticky
  191. switchport port-security
  192. ip access-group ACL-DEFAULT in
  193. authentication event fail action next-method
  194. authentication host-mode multi-domain
  195. authentication order dot1x mab
  196. authentication priority dot1x mab
  197. authentication port-control auto
  198. authentication violation restrict
  199. mab
  200. snmp trap mac-notification change added
  201. snmp trap mac-notification change removed
  202. dot1x pae authenticator
  203. dot1x timeout tx-period 10
  204. storm-control broadcast level 10.00
  205. storm-control multicast level 10.00
  206. storm-control action shutdown
  207. spanning-tree portfast
  208. spanning-tree bpduguard enable
  209. !
  210. interface GigabitEthernet0/3
  211. switchport mode access
  212. switchport voice vlan 48
  213. ip access-group permit in
  214. authentication event fail action next-method
  215. authentication host-mode multi-domain
  216. authentication order dot1x mab
  217. authentication priority dot1x mab
  218. authentication port-control auto
  219. authentication violation restrict
  220. mab
  221. snmp trap mac-notification change added
  222. snmp trap mac-notification change removed
  223. dot1x pae authenticator
  224. dot1x timeout tx-period 10
  225. storm-control broadcast level 10.00
  226. storm-control action shutdown
  227. spanning-tree portfast
  228. spanning-tree bpduguard enable
  229. !
  230. interface GigabitEthernet0/4
  231. switchport access vlan 990
  232. switchport mode access
  233. switchport port-security mac-address sticky
  234. switchport port-security
  235. ip access-group ACL-DEFAULT in
  236. shutdown
  237. authentication event fail action next-method
  238. authentication host-mode multi-domain
  239. authentication order dot1x mab
  240. authentication priority dot1x mab
  241. authentication port-control auto
  242. authentication violation restrict
  243. mab
  244. snmp trap mac-notification change added
  245. snmp trap mac-notification change removed
  246. dot1x pae authenticator
  247. dot1x timeout tx-period 10
  248. storm-control broadcast level 10.00
  249. storm-control multicast level 10.00
  250. storm-control action shutdown
  251. spanning-tree portfast
  252. spanning-tree bpduguard enable
  253. !
  254. interface GigabitEthernet0/5
  255. switchport access vlan 990
  256. switchport mode access
  257. switchport port-security mac-address sticky
  258. switchport port-security
  259. ip access-group ACL-DEFAULT in
  260. shutdown
  261. authentication event fail action next-method
  262. authentication host-mode multi-domain
  263. authentication order dot1x mab
  264. authentication priority dot1x mab
  265. authentication port-control auto
  266. authentication violation restrict
  267. mab
  268. snmp trap mac-notification change added
  269. snmp trap mac-notification change removed
  270. dot1x pae authenticator
  271. dot1x timeout tx-period 10
  272. storm-control broadcast level 10.00
  273. storm-control multicast level 10.00
  274. storm-control action shutdown
  275. spanning-tree portfast
  276. spanning-tree bpduguard enable
  277. !
  278. interface GigabitEthernet0/6
  279. switchport access vlan 990
  280. switchport mode access
  281. switchport port-security mac-address sticky
  282. switchport port-security
  283. ip access-group ACL-DEFAULT in
  284. shutdown
  285. authentication event fail action next-method
  286. authentication host-mode multi-domain
  287. authentication order dot1x mab
  288. authentication priority dot1x mab
  289. authentication port-control auto
  290. authentication violation restrict
  291. mab
  292. snmp trap mac-notification change added
  293. snmp trap mac-notification change removed
  294. dot1x pae authenticator
  295. dot1x timeout tx-period 10
  296. storm-control broadcast level 10.00
  297. storm-control multicast level 10.00
  298. storm-control action shutdown
  299. spanning-tree portfast
  300. spanning-tree bpduguard enable
  301. !
  302. interface GigabitEthernet0/7
  303. switchport access vlan 990
  304. switchport mode access
  305. switchport port-security mac-address sticky
  306. switchport port-security
  307. ip access-group ACL-DEFAULT in
  308. shutdown
  309. authentication event fail action next-method
  310. authentication host-mode multi-domain
  311. authentication order dot1x mab
  312. authentication priority dot1x mab
  313. authentication port-control auto
  314. authentication violation restrict
  315. mab
  316. snmp trap mac-notification change added
  317. snmp trap mac-notification change removed
  318. dot1x pae authenticator
  319. dot1x timeout tx-period 10
  320. storm-control broadcast level 10.00
  321. storm-control multicast level 10.00
  322. storm-control action shutdown
  323. spanning-tree portfast
  324. spanning-tree bpduguard enable
  325. !
  326. interface GigabitEthernet0/8
  327. switchport access vlan 990
  328. switchport mode access
  329. switchport port-security mac-address sticky
  330. switchport port-security
  331. ip access-group ACL-DEFAULT in
  332. shutdown
  333. authentication event fail action next-method
  334. authentication host-mode multi-domain
  335. authentication order dot1x mab
  336. authentication priority dot1x mab
  337. authentication port-control auto
  338. authentication violation restrict
  339. mab
  340. snmp trap mac-notification change added
  341. snmp trap mac-notification change removed
  342. dot1x pae authenticator
  343. dot1x timeout tx-period 10
  344. storm-control broadcast level 10.00
  345. storm-control multicast level 10.00
  346. storm-control action shutdown
  347. spanning-tree portfast
  348. spanning-tree bpduguard enable
  349. !
  350. interface GigabitEthernet0/9
  351. switchport access vlan 990
  352. switchport mode access
  353. switchport port-security mac-address sticky
  354. switchport port-security
  355. ip access-group ACL-DEFAULT in
  356. shutdown
  357. authentication event fail action next-method
  358. authentication host-mode multi-domain
  359. authentication order dot1x mab
  360. authentication priority dot1x mab
  361. authentication port-control auto
  362. authentication violation restrict
  363. mab
  364. snmp trap mac-notification change added
  365. snmp trap mac-notification change removed
  366. dot1x pae authenticator
  367. dot1x timeout tx-period 10
  368. storm-control broadcast level 10.00
  369. storm-control multicast level 10.00
  370. storm-control action shutdown
  371. spanning-tree portfast
  372. spanning-tree bpduguard enable
  373. !
  374. interface GigabitEthernet0/10
  375. switchport access vlan 990
  376. switchport mode access
  377. switchport port-security mac-address sticky
  378. switchport port-security
  379. ip access-group ACL-DEFAULT in
  380. shutdown
  381. authentication event fail action next-method
  382. authentication host-mode multi-domain
  383. authentication order dot1x mab
  384. authentication priority dot1x mab
  385. authentication port-control auto
  386. authentication violation restrict
  387. mab
  388. snmp trap mac-notification change added
  389. snmp trap mac-notification change removed
  390. dot1x pae authenticator
  391. dot1x timeout tx-period 10
  392. storm-control broadcast level 10.00
  393. storm-control multicast level 10.00
  394. storm-control action shutdown
  395. spanning-tree portfast
  396. spanning-tree bpduguard enable
  397. !
  398. interface GigabitEthernet0/11
  399. switchport access vlan 990
  400. switchport mode access
  401. switchport port-security mac-address sticky
  402. switchport port-security
  403. ip access-group ACL-DEFAULT in
  404. shutdown
  405. authentication event fail action next-method
  406. authentication host-mode multi-domain
  407. authentication order dot1x mab
  408. authentication priority dot1x mab
  409. authentication port-control auto
  410. authentication violation restrict
  411. mab
  412. snmp trap mac-notification change added
  413. snmp trap mac-notification change removed
  414. dot1x pae authenticator
  415. dot1x timeout tx-period 10
  416. storm-control broadcast level 10.00
  417. storm-control multicast level 10.00
  418. storm-control action shutdown
  419. spanning-tree portfast
  420. spanning-tree bpduguard enable
  421. !
  422. interface GigabitEthernet0/12
  423. switchport access vlan 990
  424. switchport mode access
  425. switchport port-security mac-address sticky
  426. switchport port-security
  427. ip access-group ACL-DEFAULT in
  428. shutdown
  429. authentication event fail action next-method
  430. authentication host-mode multi-domain
  431. authentication order dot1x mab
  432. authentication priority dot1x mab
  433. authentication port-control auto
  434. authentication violation restrict
  435. mab
  436. snmp trap mac-notification change added
  437. snmp trap mac-notification change removed
  438. dot1x pae authenticator
  439. dot1x timeout tx-period 10
  440. storm-control broadcast level 10.00
  441. storm-control multicast level 10.00
  442. storm-control action shutdown
  443. spanning-tree portfast
  444. spanning-tree bpduguard enable
  445. !
  446. interface GigabitEthernet0/13
  447. switchport access vlan 990
  448. switchport mode access
  449. switchport port-security mac-address sticky
  450. switchport port-security
  451. ip access-group ACL-DEFAULT in
  452. shutdown
  453. authentication event fail action next-method
  454. authentication host-mode multi-domain
  455. authentication order dot1x mab
  456. authentication priority dot1x mab
  457. authentication port-control auto
  458. authentication violation restrict
  459. mab
  460. snmp trap mac-notification change added
  461. snmp trap mac-notification change removed
  462. dot1x pae authenticator
  463. dot1x timeout tx-period 10
  464. storm-control broadcast level 10.00
  465. storm-control multicast level 10.00
  466. storm-control action shutdown
  467. spanning-tree portfast
  468. spanning-tree bpduguard enable
  469. !
  470. interface GigabitEthernet0/14
  471. switchport access vlan 990
  472. switchport mode access
  473. switchport port-security mac-address sticky
  474. switchport port-security
  475. ip access-group ACL-DEFAULT in
  476. shutdown
  477. authentication event fail action next-method
  478. authentication host-mode multi-domain
  479. authentication order dot1x mab
  480. authentication priority dot1x mab
  481. authentication port-control auto
  482. authentication violation restrict
  483. mab
  484. snmp trap mac-notification change added
  485. snmp trap mac-notification change removed
  486. dot1x pae authenticator
  487. dot1x timeout tx-period 10
  488. storm-control broadcast level 10.00
  489. storm-control multicast level 10.00
  490. storm-control action shutdown
  491. spanning-tree portfast
  492. spanning-tree bpduguard enable
  493. !
  494. interface GigabitEthernet0/15
  495. switchport access vlan 990
  496. switchport mode access
  497. switchport port-security mac-address sticky
  498. switchport port-security
  499. ip access-group ACL-DEFAULT in
  500. shutdown
  501. authentication event fail action next-method
  502. authentication host-mode multi-domain
  503. authentication order dot1x mab
  504. authentication priority dot1x mab
  505. authentication port-control auto
  506. authentication violation restrict
  507. mab
  508. snmp trap mac-notification change added
  509. snmp trap mac-notification change removed
  510. dot1x pae authenticator
  511. dot1x timeout tx-period 10
  512. storm-control broadcast level 10.00
  513. storm-control multicast level 10.00
  514. storm-control action shutdown
  515. spanning-tree portfast
  516. spanning-tree bpduguard enable
  517. !
  518. interface GigabitEthernet0/16
  519. switchport access vlan 990
  520. switchport mode access
  521. switchport port-security mac-address sticky
  522. switchport port-security
  523. ip access-group ACL-DEFAULT in
  524. shutdown
  525. authentication event fail action next-method
  526. authentication host-mode multi-domain
  527. authentication order dot1x mab
  528. authentication priority dot1x mab
  529. authentication port-control auto
  530. authentication violation restrict
  531. mab
  532. snmp trap mac-notification change added
  533. snmp trap mac-notification change removed
  534. dot1x pae authenticator
  535. dot1x timeout tx-period 10
  536. storm-control broadcast level 10.00
  537. storm-control multicast level 10.00
  538. storm-control action shutdown
  539. spanning-tree portfast
  540. spanning-tree bpduguard enable
  541. !
  542. interface GigabitEthernet0/17
  543. switchport access vlan 990
  544. switchport mode access
  545. switchport port-security mac-address sticky
  546. switchport port-security
  547. ip access-group ACL-DEFAULT in
  548. shutdown
  549. authentication event fail action next-method
  550. authentication host-mode multi-domain
  551. authentication order dot1x mab
  552. authentication priority dot1x mab
  553. authentication port-control auto
  554. authentication violation restrict
  555. mab
  556. snmp trap mac-notification change added
  557. snmp trap mac-notification change removed
  558. dot1x pae authenticator
  559. dot1x timeout tx-period 10
  560. storm-control broadcast level 10.00
  561. storm-control multicast level 10.00
  562. storm-control action shutdown
  563. spanning-tree portfast
  564. spanning-tree bpduguard enable
  565. !
  566. interface GigabitEthernet0/18
  567. switchport access vlan 990
  568. switchport mode access
  569. switchport port-security mac-address sticky
  570. switchport port-security
  571. ip access-group ACL-DEFAULT in
  572. shutdown
  573. authentication event fail action next-method
  574. authentication host-mode multi-domain
  575. authentication order dot1x mab
  576. authentication priority dot1x mab
  577. authentication port-control auto
  578. authentication violation restrict
  579. mab
  580. snmp trap mac-notification change added
  581. snmp trap mac-notification change removed
  582. dot1x pae authenticator
  583. dot1x timeout tx-period 10
  584. storm-control broadcast level 10.00
  585. storm-control multicast level 10.00
  586. storm-control action shutdown
  587. spanning-tree portfast
  588. spanning-tree bpduguard enable
  589. !
  590. interface GigabitEthernet0/19
  591. switchport access vlan 990
  592. switchport mode access
  593. switchport port-security mac-address sticky
  594. switchport port-security
  595. ip access-group ACL-DEFAULT in
  596. shutdown
  597. authentication event fail action next-method
  598. authentication host-mode multi-domain
  599. authentication order dot1x mab
  600. authentication priority dot1x mab
  601. authentication port-control auto
  602. authentication violation restrict
  603. mab
  604. snmp trap mac-notification change added
  605. snmp trap mac-notification change removed
  606. dot1x pae authenticator
  607. dot1x timeout tx-period 10
  608. storm-control broadcast level 10.00
  609. storm-control multicast level 10.00
  610. storm-control action shutdown
  611. spanning-tree portfast
  612. spanning-tree bpduguard enable
  613. !
  614. interface GigabitEthernet0/20
  615. switchport access vlan 990
  616. switchport mode access
  617. switchport port-security mac-address sticky
  618. switchport port-security
  619. ip access-group ACL-DEFAULT in
  620. shutdown
  621. authentication event fail action next-method
  622. authentication host-mode multi-domain
  623. authentication order dot1x mab
  624. authentication priority dot1x mab
  625. authentication port-control auto
  626. authentication violation restrict
  627. mab
  628. snmp trap mac-notification change added
  629. snmp trap mac-notification change removed
  630. dot1x pae authenticator
  631. dot1x timeout tx-period 10
  632. storm-control broadcast level 10.00
  633. storm-control multicast level 10.00
  634. storm-control action shutdown
  635. spanning-tree portfast
  636. spanning-tree bpduguard enable
  637. !
  638. interface GigabitEthernet0/21
  639. switchport access vlan 990
  640. switchport mode access
  641. switchport port-security mac-address sticky
  642. switchport port-security
  643. ip access-group ACL-DEFAULT in
  644. shutdown
  645. authentication event fail action next-method
  646. authentication host-mode multi-domain
  647. authentication order dot1x mab
  648. authentication priority dot1x mab
  649. authentication port-control auto
  650. authentication violation restrict
  651. mab
  652. snmp trap mac-notification change added
  653. snmp trap mac-notification change removed
  654. dot1x pae authenticator
  655. dot1x timeout tx-period 10
  656. storm-control broadcast level 10.00
  657. storm-control multicast level 10.00
  658. storm-control action shutdown
  659. spanning-tree portfast
  660. spanning-tree bpduguard enable
  661. !
  662. interface GigabitEthernet0/22
  663. switchport access vlan 990
  664. switchport mode access
  665. switchport port-security mac-address sticky
  666. switchport port-security
  667. ip access-group ACL-DEFAULT in
  668. shutdown
  669. authentication event fail action next-method
  670. authentication host-mode multi-domain
  671. authentication order dot1x mab
  672. authentication priority dot1x mab
  673. authentication port-control auto
  674. authentication violation restrict
  675. mab
  676. snmp trap mac-notification change added
  677. snmp trap mac-notification change removed
  678. dot1x pae authenticator
  679. dot1x timeout tx-period 10
  680. storm-control broadcast level 10.00
  681. storm-control multicast level 10.00
  682. storm-control action shutdown
  683. spanning-tree portfast
  684. spanning-tree bpduguard enable
  685. !
  686. interface GigabitEthernet0/23
  687. switchport access vlan 990
  688. switchport mode access
  689. switchport port-security mac-address sticky
  690. switchport port-security
  691. ip access-group ACL-DEFAULT in
  692. shutdown
  693. authentication event fail action next-method
  694. authentication host-mode multi-domain
  695. authentication order dot1x mab
  696. authentication priority dot1x mab
  697. authentication port-control auto
  698. authentication violation restrict
  699. mab
  700. snmp trap mac-notification change added
  701. snmp trap mac-notification change removed
  702. dot1x pae authenticator
  703. dot1x timeout tx-period 10
  704. storm-control broadcast level 10.00
  705. storm-control multicast level 10.00
  706. storm-control action shutdown
  707. spanning-tree portfast
  708. spanning-tree bpduguard enable
  709. !
  710. interface GigabitEthernet0/24
  711. switchport access vlan 990
  712. switchport mode access
  713. switchport port-security mac-address sticky
  714. switchport port-security
  715. ip access-group ACL-DEFAULT in
  716. shutdown
  717. authentication event fail action next-method
  718. authentication host-mode multi-domain
  719. authentication order dot1x mab
  720. authentication priority dot1x mab
  721. authentication port-control auto
  722. authentication violation restrict
  723. mab
  724. snmp trap mac-notification change added
  725. snmp trap mac-notification change removed
  726. dot1x pae authenticator
  727. dot1x timeout tx-period 10
  728. storm-control broadcast level 10.00
  729. storm-control multicast level 10.00
  730. storm-control action shutdown
  731. spanning-tree portfast
  732. spanning-tree bpduguard enable
  733. !
  734. interface GigabitEthernet1/1
  735. !
  736. interface GigabitEthernet1/2
  737. !
  738. interface GigabitEthernet1/3
  739. !
  740. interface GigabitEthernet1/4
  741. !
  742. interface TenGigabitEthernet1/1
  743. description "Connected to Core2"
  744. switchport trunk encapsulation dot1q
  745. switchport mode trunk
  746. bandwidth 10000000
  747. ip arp inspection trust
  748. flowcontrol receive on
  749. channel-group 12 mode on
  750. ip dhcp snooping trust
  751. !
  752. interface TenGigabitEthernet1/2
  753. description "Connected to Core1"
  754. switchport trunk encapsulation dot1q
  755. switchport mode trunk
  756. ip arp inspection trust
  757. flowcontrol receive on
  758. channel-group 12 mode on
  759. ip dhcp snooping trust
  760. !
  761. interface Vlan1
  762. no ip address
  763. shutdown
  764. !
  765. interface Vlan47
  766. ip address 10.208.47.54 255.255.255.0
  767. !
  768. ip default-gateway 10.208.47.254
  769. ip http server
  770. ip http secure-server
  771. !
  772. ip route 0.0.0.0 0.0.0.0 10.208.47.254
  773. !
  774. ip access-list extended ACL-DEFAULT
  775. permit udp any eq bootpc any eq bootps
  776. permit udp any any eq domain
  777. permit icmp any any
  778. permit udp any any eq tftp
  779. permit ip any host 10.208.47.19
  780. permit ip any host 10.208.47.20
  781. deny ip any any log
  782. ip access-list extended ACL-REDIRECT
  783. deny udp any eq bootpc any eq bootps
  784. deny udp any any eq domain
  785. deny ip any host 10.208.47.19
  786. permit tcp any any eq www
  787. permit tcp any any eq 443
  788. deny ip any any
  789. ip access-list extended permit
  790. permit ip any any
  791. !
  792. ip radius source-interface Vlan47
  793. logging origin-id ip
  794. logging host 10.208.47.19
  795. logging host 10.208.47.20
  796. access-list 12 permit 10.208.47.54
  797. access-list 12 permit 10.208.6.2
  798. access-list 90 permit 10.208.47.20
  799. access-list 90 permit 10.208.47.19
  800. !
  801. snmp-server group NMGROUP v3 auth
  802. snmp-server group NMGROUP v3 priv
  803. snmp-server group cisconms v3 auth read myview write myview access 90
  804. snmp-server group cisconms v3 priv
  805. snmp-server view myview iso included
  806. snmp-server trap-source Vlan47
  807. snmp-server enable traps snmp linkdown linkup
  808. snmp-server enable traps mac-notification change move threshold
  809. snmp-server host 10.208.47.19 informs version 3 priv snmpuser mac-notification
  810. snmp-server host 10.208.47.20 informs version 3 priv snmpuser mac-notification
  811. snmp-server host 10.208.47.19 version 3 auth snmpuser mac-notification
  812. snmp-server host 10.208.47.20 version 3 auth snmpuser mac-notification
  813. !
  814. radius-server attribute 6 on-for-login-auth
  815. radius-server attribute 8 include-in-access-req
  816. radius-server attribute 25 access-request include
  817. radius-server dead-criteria time 10 tries 3
  818. radius-server host 10.208.47.19 auth-port 1812 acct-port 1813 key 7 1106140419151909053E
  819. radius-server host 10.208.47.20 auth-port 1812 acct-port 1813 key 7 082E414F071E1712131F
  820. radius-server host 10.208.47.19 key 7 030B560A080833494F1D
  821. radius-server host 10.208.47.20 key 7 082E414F071E1712131F
  822. radius-server timeout 4
  823. radius-server vsa send accounting
  824. radius-server vsa send authentication
  825. !
  826. !
  827. banner exec C
  828. *************************************************************************************
  829. *
  830. * This node is the property of National Museum Changes to the hardware or software
  831. * of this node may only be performed by selected employees and/or contractors.
  832. *
  833. *************************************************************************************
  834. 
  835. !
  836. line con 0
  837. login authentication NO-RADIUS
  838. line vty 0 4
  839. exec-timeout 5 0
  840. transport input ssh
  841. line vty 5 14
  842. exec-timeout 5 0
  843. transport input ssh
  844. line vty 15
  845. exec-timeout 5 0
  846. transport input telnet ssh
  847. !
  848. ntp server 10.208.47.51
  849. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!