Difference between revisions of "PengeBanken"

From Teknologisk videncenter
Jump to: navigation, search
m
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
PengeBanken
 
PengeBanken
 
Konfig filer
 
Konfig filer
 
+
=Filial Ålborg=
==AAA01SWCO==
+
==AAA01SWOP==
  
 
<pre>
 
<pre>
version 12.2
+
version 12.1
 
no service pad
 
no service pad
service timestamps debug datetime msec
+
service timestamps debug uptime
service timestamps log datetime msec
+
service timestamps log uptime
 
no service password-encryption
 
no service password-encryption
 
!
 
!
hostname AAA01SWCO
+
hostname AAA01SWOP
!
 
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/
 
 
!
 
!
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/
 
 
aaa new-model
 
aaa new-model
 +
aaa authentication login default group radius local
 +
aaa authorization exec default group radius local
 +
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
!
 
!
 +
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 +
wrr-queue bandwidth 10 20 70 1
 +
wrr-queue cos-map 1 0 1
 +
wrr-queue cos-map 2 2 4
 +
wrr-queue cos-map 3 3 6 7
 +
wrr-queue cos-map 4 5
 +
errdisable recovery cause psecure-violation
 +
errdisable recovery interval 600
 
!
 
!
aaa authentication login default group radius local
+
class-map match-all ManagementSNMP
aaa authorization exec default group radius local
+
  match access-group name MatchSNMP
 +
class-map match-all ManagementNF
 +
  match access-group name MatchNF
 +
class-map match-all MissionCritical
 +
  match access-group name MatchBANK
 +
class-map match-all ManagementRDP
 +
  match access-group name MatchRDP
 +
class-map match-all ManagementSSH
 +
  match access-group name MatchSSH
 
!
 
!
 
!
 
!
!
+
policy-map PbPolicy
aaa session-id common
+
  class MissionCritical
mls qos map cos-dscp 0 8 16 24 32 46 48 56
+
    set ip dscp 26
mls qos min-reserve 5 170
+
  class ManagementRDP
mls qos min-reserve 6 85
+
    set ip dscp 16
mls qos min-reserve 7 51
+
  class ManagementSNMP
mls qos min-reserve 8 34
+
    set ip dscp 16
mls qos
+
  class ManagementNF
 +
    set ip dscp 16
 +
  class ManagementSSH
 +
    set ip dscp 16
 +
!
 +
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 
ip subnet-zero
 
ip subnet-zero
ip routing
+
!
 
ip domain-name pengebanken.dk
 
ip domain-name pengebanken.dk
 
ip name-server 172.16.241.11
 
ip name-server 172.16.241.11
 +
ip ssh time-out 120
 +
ip ssh authentication-retries 3
 +
ip ssh version 2
 
!
 
!
!
+
no file verify auto
!
 
!
 
!
 
!
 
 
!
 
!
 
spanning-tree mode rapid-pvst
 
spanning-tree mode rapid-pvst
 +
no spanning-tree optimize bpdu transmission
 
spanning-tree extend system-id
 
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 24576
 
 
!
 
!
vlan internal allocation policy ascending
 
!
 
ip ssh version 2
 
!
 
!
 
 
!
 
!
 
!
 
!
 
!
 
!
 
interface FastEthernet0/1
 
interface FastEthernet0/1
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
  mls qos trust cos
+
  switchport mode access
  spanning-tree guard root
+
switchport voice vlan 11
!
+
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 +
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 +
!
 
interface FastEthernet0/2
 
interface FastEthernet0/2
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/3
 
interface FastEthernet0/3
  description AAFS01
+
  description < Office-Phone >
  switchport access vlan 8
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/4
 
interface FastEthernet0/4
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/5
 
interface FastEthernet0/5
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/6
 
interface FastEthernet0/6
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
!
+
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 +
!
 
interface FastEthernet0/7
 
interface FastEthernet0/7
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/8
 
interface FastEthernet0/8
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/9
 
interface FastEthernet0/9
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
  mls qos trust cos
+
  switchport mode access
  spanning-tree guard root
+
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 +
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/10
 
interface FastEthernet0/10
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/11
 
interface FastEthernet0/11
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/12
 
interface FastEthernet0/12
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/13
 
interface FastEthernet0/13
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/14
 
interface FastEthernet0/14
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/15
 
interface FastEthernet0/15
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/16
 
interface FastEthernet0/16
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/17
 
interface FastEthernet0/17
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
  mls qos trust cos
+
  switchport mode access
  spanning-tree guard root
+
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 +
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/18
 
interface FastEthernet0/18
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/19
 
interface FastEthernet0/19
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/20
 
interface FastEthernet0/20
  switchport trunk encapsulation dot1q
+
description < Office-Phone >
  switchport mode trunk
+
  switchport access vlan 9
 +
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/21
 
interface FastEthernet0/21
  description Til_AHA01RT
+
  description < Office-Phone >
  no switchport
+
switchport access vlan 9
  ip address 172.18.255.5 255.255.255.252
+
switchport mode access
  ip ospf network point-to-point
+
  switchport voice vlan 11
  ip ospf dead-interval minimal hello-multiplier 3
+
  switchport port-security
 +
  switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
  switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/22
 
interface FastEthernet0/22
  description Til_AAA01SWOP
+
  description < Office-Phone >
  switchport trunk encapsulation dot1q
+
switchport access vlan 9
  switchport trunk allowed vlan 2,8-11
+
  switchport mode access
  switchport mode trunk
+
  switchport voice vlan 11
  mls qos trust cos
+
switchport port-security
  spanning-tree guard root
+
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
  switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 +
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/23
 
interface FastEthernet0/23
  description Til_AAA01SWCO
+
  description < Office-Phone >
  switchport trunk encapsulation dot1q
+
  switchport access vlan 9
  switchport trunk allowed vlan 2,8-11
+
  switchport mode access
  switchport mode trunk
+
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
  switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/24
 
interface FastEthernet0/24
  description Til_TDC MPLS
+
  description < Office-Phone >
  no switchport
+
  switchport access vlan 9
  ip address 172.18.255.1 255.255.255.252
+
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
mls qos trust device cisco-phone
 
  mls qos trust cos
 
  mls qos trust cos
 +
auto qos voip cisco-phone
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface GigabitEthernet0/1
 
interface GigabitEthernet0/1
  switchport mode dynamic desirable
+
description <Uplink to AAA01SWCO >
 +
  switchport mode trunk
 +
mls qos trust cos
 +
auto qos voip trust
 
!
 
!
 
interface GigabitEthernet0/2
 
interface GigabitEthernet0/2
  switchport mode dynamic desirable
+
description <Uplink to AAA02SWCO >
 +
  switchport mode trunk
 +
mls qos trust cos
 +
auto qos voip trust
 
!
 
!
 
interface Vlan1
 
interface Vlan1
  ip address dhcp
+
  no ip address
 +
no ip route-cache
 
  shutdown
 
  shutdown
 
!
 
!
 
interface Vlan2
 
interface Vlan2
description Management
+
  ip address 192.168.2.4 255.255.255.0
  ip address 192.168.2.2 255.255.255.0
+
  no ip route-cache
  standby 2 ip 192.168.2.1
 
standby 2 timers msec 200 msec 800
 
standby 2 priority 110
 
standby 2 preempt delay minimum 300
 
 
!
 
!
interface Vlan8
+
ip default-gateway 192.168.2.1
description Common_Services
+
ip http server
ip address 172.18.8.2 255.255.255.0
 
ip helper-address 172.18.8.11
 
ip helper-address 172.16.241.11
 
standby 8 ip 172.18.8.1
 
standby 8 timers msec 200 msec 800
 
standby 8 priority 110
 
standby 8 preempt delay minimum 300
 
 
!
 
!
interface Vlan9
+
ip access-list extended MatchBANK
  description Administration
+
  permit tcp any any eq 8439
  ip address 172.18.9.2 255.255.255.0
+
ip access-list extended MatchNF
  ip helper-address 172.18.8.11
+
  permit udp any any eq 9000
  ip helper-address 172.16.241.11
+
ip access-list extended MatchRDP
standby 9 ip 172.18.9.1
+
permit tcp any any eq 3389
standby 9 timers msec 200 msec 800
+
ip access-list extended MatchSNMP
standby 9 priority 110
+
  permit udp any any eq 167
standby 9 preempt delay minimum 300
+
ip access-list extended MatchSSH
 +
  permit tcp any any eq 22
 +
ip radius source-interface Vlan2
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.0.0 0.0.0.255
 +
snmp-server community PengeBanken RO 1
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
radius-server retransmit 3
 
!
 
!
interface Vlan10
+
line con 0
description BankRaadgiver
+
line vty 0 4
ip address 172.18.10.2 255.255.255.0
+
  access-class 1 in
  ip helper-address 172.18.8.11
+
  length 0
ip helper-address 172.16.241.11
+
  transport input ssh
standby 10 ip 172.18.10.1
+
line vty 5 15
  standby 10 timers msec 200 msec 800
 
  standby 10 priority 110
 
standby 10 preempt delay minimum 300
 
 
!
 
!
interface Vlan11
+
ntp clock-period 17180064
description IP-Telefoni
+
ntp server 172.16.255.10
ip address 172.18.11.2 255.255.255.0
 
ip helper-address 172.18.8.11
 
ip helper-address 172.16.241.11
 
standby 11 ip 172.18.11.1
 
standby 11 timers msec 200 msec 800
 
standby 11 priority 110
 
standby 11 preempt delay minimum 300
 
 
!
 
!
router ospf 1
+
end
log-adjacency-changes
+
</pre>
network 172.18.0.0 0.0.255.255 area 0
+
 
default-information originate
+
==AAA01SWCO==
 +
 
 +
<pre>
 +
version 12.2
 +
no service pad
 +
service timestamps debug datetime msec
 +
service timestamps log datetime msec
 +
no service password-encryption
 
!
 
!
router bgp 65003
+
hostname AAA01SWCO
no synchronization
 
bgp log-neighbor-changes
 
redistribute connected
 
neighbor 172.18.255.2 remote-as 65000
 
neighbor 172.18.255.2 description TDC_MPLS
 
neighbor 172.18.255.2 soft-reconfiguration inbound
 
neighbor 172.18.255.2 route-map 65003-RMAP-IN in
 
neighbor 172.18.255.2 route-map 65003-RMAP-OUT out
 
no auto-summary
 
 
!
 
!
ip classless
+
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/
ip http server
 
ip http secure-server
 
 
!
 
!
ip radius source-interface Vlan2
+
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/
 +
aaa new-model
 
!
 
!
 
!
 
!
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32
+
aaa authentication login default group radius local
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
+
aaa authorization exec default group radius local
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
 
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.7.0 0.0.0.255
 
route-map 65003-RMAP-IN permit 10
 
match ip address prefix-list 65003-PRE-IN
 
 
!
 
!
route-map 65003-RMAP-OUT permit 10
 
match ip address prefix-list 65003-PRE-OUT
 
 
!
 
!
snmp-server community PengeBanken RO 1
 
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
 
!
 
!
control-plane
+
aaa session-id common
 +
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 +
mls qos min-reserve 5 170
 +
mls qos min-reserve 6 85
 +
mls qos min-reserve 7 51
 +
mls qos min-reserve 8 34
 +
mls qos
 +
ip subnet-zero
 +
ip routing
 +
ip domain-name pengebanken.dk
 +
ip name-server 172.16.241.11
 
!
 
!
 
!
 
!
line con 0
 
line vty 5 15
 
 
!
 
!
ntp clock-period 17179326
 
ntp server 172.16.255.10
 
end
 
</pre>
 
 
==AAA01RT==
 
<pre>
 
version 12.4
 
service config
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
 
!
 
!
hostname AAA01RT
 
 
!
 
!
boot-start-marker
 
boot-end-marker
 
 
!
 
!
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0
 
 
!
 
!
aaa new-model
+
spanning-tree mode rapid-pvst
 +
spanning-tree extend system-id
 +
spanning-tree vlan 2,8-11 priority 24576
 
!
 
!
 +
vlan internal allocation policy ascending
 
!
 
!
aaa authentication login default group radius local
+
ip ssh version 2
aaa authorization exec default group radius local
 
 
!
 
!
aaa session-id common
+
!
 
!
 
!
resource policy
 
 
!
 
!
ip cef
 
 
!
 
!
 +
interface FastEthernet0/1
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/2
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/3
 +
description AAFS01
 +
switchport access vlan 8
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
ip domain name pengebanken.dk
+
interface FastEthernet0/4
ip name-server 172.16.241.11
+
switchport trunk encapsulation dot1q
ip ssh version 2
+
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/5
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/6
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
voice-card 0
+
interface FastEthernet0/7
!
+
switchport trunk encapsulation dot1q
!
+
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/8
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/9
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/10
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/11
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/12
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/13
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/14
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/15
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/16
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/17
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/18
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/19
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/20
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/21
 +
description Til_AHA01RT
 +
no switchport
 +
ip address 172.18.255.5 255.255.255.252
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.
+
interface FastEthernet0/22
 +
description Til_AAA01SWOP
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,8-11
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/23
 +
description Til_AAA01SWCO
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,8-11
 +
switchport mode trunk
 +
mls qos trust cos
 
!
 
!
class-map match-any MissionCritical-Trust
+
interface FastEthernet0/24
  match ip dscp af31
+
  description Til_TDC MPLS
class-map match-any VoIP-RTP-Trust
+
  no switchport
  match ip dscp ef
+
  ip address 172.18.255.1 255.255.255.252
class-map match-any VoIP-Control-Trust
+
  mls qos trust cos
  match ip dscp cs3
 
class-map match-any Management-Trust
 
  match ip dscp cs2
 
 
!
 
!
 +
interface GigabitEthernet0/1
 +
switchport mode dynamic desirable
 
!
 
!
policy-map PbPolicy
+
interface GigabitEthernet0/2
  class VoIP-RTP-Trust
+
  switchport mode dynamic desirable
  priority percent 25
 
class VoIP-Control-Trust
 
  bandwidth percent 5
 
class MissionCritical-Trust
 
  bandwidth percent 40
 
class Management-Trust
 
  bandwidth percent 5
 
class class-default
 
  fair-queue
 
 
!
 
!
!
+
interface Vlan1
 +
ip address dhcp
 +
shutdown
 
!
 
!
crypto isakmp policy 10
+
interface Vlan2
  encr aes 256
+
  description Management
  authentication pre-share
+
  ip address 192.168.2.2 255.255.255.0
  group 5
+
  standby 2 ip 192.168.2.1
lifetime 1000
+
standby 2 timers msec 200 msec 800
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1
+
standby 2 priority 110
 +
standby 2 preempt delay minimum 300
 
!
 
!
 +
interface Vlan8
 +
description Common_Services
 +
ip address 172.18.8.2 255.255.255.0
 +
ip helper-address 172.18.8.11
 +
ip helper-address 172.16.241.11
 +
standby 8 ip 172.18.8.1
 +
standby 8 timers msec 200 msec 800
 +
standby 8 priority 110
 +
standby 8 preempt delay minimum 300
 
!
 
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
+
interface Vlan9
 +
description Administration
 +
ip address 172.18.9.2 255.255.255.0
 +
ip helper-address 172.18.8.11
 +
ip helper-address 172.16.241.11
 +
standby 9 ip 172.18.9.1
 +
standby 9 timers msec 200 msec 800
 +
standby 9 priority 110
 +
standby 9 preempt delay minimum 300
 
!
 
!
crypto map PB_crypto_Map 10 ipsec-isakmp
+
interface Vlan10
  set peer 10.1.1.1
+
description BankRaadgiver
  set transform-set PB-TransformSet
+
ip address 172.18.10.2 255.255.255.0
  match address Tunnel1_til_Aarhus
+
ip helper-address 172.18.8.11
 +
  ip helper-address 172.16.241.11
 +
standby 10 ip 172.18.10.1
 +
  standby 10 timers msec 200 msec 800
 +
standby 10 priority 110
 +
  standby 10 preempt delay minimum 300
 
!
 
!
 +
interface Vlan11
 +
description IP-Telefoni
 +
ip address 172.18.11.2 255.255.255.0
 +
ip helper-address 172.18.8.11
 +
ip helper-address 172.16.241.11
 +
standby 11 ip 172.18.11.1
 +
standby 11 timers msec 200 msec 800
 +
standby 11 priority 110
 +
standby 11 preempt delay minimum 300
 
!
 
!
 +
router ospf 1
 +
log-adjacency-changes
 +
network 172.18.0.0 0.0.255.255 area 0
 +
default-information originate
 
!
 
!
 +
router bgp 65003
 +
no synchronization
 +
bgp log-neighbor-changes
 +
redistribute connected
 +
neighbor 172.18.255.2 remote-as 65000
 +
neighbor 172.18.255.2 description TDC_MPLS
 +
neighbor 172.18.255.2 soft-reconfiguration inbound
 +
neighbor 172.18.255.2 route-map 65003-RMAP-IN in
 +
neighbor 172.18.255.2 route-map 65003-RMAP-OUT out
 +
no auto-summary
 
!
 
!
 +
ip classless
 +
ip http server
 +
ip http secure-server
 
!
 
!
interface Tunnel1
+
ip radius source-interface Vlan2
description Til_Aarhus
 
ip address 172.16.254.6 255.255.255.252
 
ip mtu 1420
 
tunnel source FastEthernet0/0
 
tunnel destination 10.1.1.1
 
service-policy output PbPolicy
 
 
!
 
!
interface FastEthernet0/0
 
description Internet
 
ip address 10.1.1.3 255.255.255.0
 
duplex auto
 
speed auto
 
crypto map PB_crypto_Map
 
 
!
 
!
interface FastEthernet0/1
+
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32
description Til_AHA01SWCO
+
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip address 172.18.255.6 255.255.255.252
+
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip ospf network point-to-point
+
access-list 1 permit 172.16.241.17
  ip ospf dead-interval minimal hello-multiplier 3
+
access-list 1 permit 172.16.7.0 0.0.0.255
duplex auto
+
route-map 65003-RMAP-IN permit 10
speed auto
+
  match ip address prefix-list 65003-PRE-IN
service-policy output PbPolicy
 
 
!
 
!
interface Serial0/2/0
+
route-map 65003-RMAP-OUT permit 10
  no ip address
+
  match ip address prefix-list 65003-PRE-OUT
shutdown
 
no fair-queue
 
clock rate 125000
 
 
!
 
!
interface Serial0/2/1
+
snmp-server community PengeBanken RO 1
no ip address
+
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
shutdown
 
clock rate 125000
 
 
!
 
!
router ospf 1
+
control-plane
log-adjacency-changes
 
redistribute bgp 65003 metric 255 subnets
 
network 172.18.255.6 0.0.0.0 area 0
 
default-information originate metric 255
 
 
!
 
!
router bgp 65003
 
no synchronization
 
bgp log-neighbor-changes
 
redistribute static
 
redistribute ospf 1 match internal external 1 external 2
 
neighbor 172.16.254.5 remote-as 65001
 
neighbor 172.16.254.5 description AHA01FW
 
neighbor 172.16.254.5 route-map 65003-RMAP-IN in
 
neighbor 172.16.254.5 route-map 65003-RMAP-OUT out
 
default-information originate
 
no auto-summary
 
 
!
 
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
+
line con 0
 +
line vty 5 15
 
!
 
!
 +
ntp clock-period 17179326
 +
ntp server 172.16.255.10
 +
end
 +
</pre>
 +
 +
==AAA01RT==
 +
<pre>
 +
version 12.4
 +
service config
 +
service timestamps debug datetime msec
 +
service timestamps log datetime msec
 +
no service password-encryption
 
!
 
!
ip http server
+
hostname AAA01RT
no ip http secure-server
 
!
 
ip access-list extended Tunnel1_til_Aarhus
 
permit gre host 10.1.1.3 host 10.1.1.1
 
!
 
 
!
 
!
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
+
boot-start-marker
 +
boot-end-marker
 
!
 
!
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32
+
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
 
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
 
ip radius source-interface FastEthernet0/1
 
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.7.0 0.0.0.255
 
snmp-server community PengeBanken RO 1
 
 
!
 
!
 +
aaa new-model
 
!
 
!
 
!
 
!
route-map 65003-RMAP-IN permit 10
+
aaa authentication login default group radius local
match ip address prefix-list 65003-PRE-IN
+
aaa authorization exec default group radius local
 
!
 
!
route-map 65003-RMAP-OUT permit 10
+
aaa session-id common
match ip address prefix-list 65003-PLIST-OUT
 
set as-path prepend 65003 65003 65003 65003 65003 65003 65003
 
 
!
 
!
 +
resource policy
 
!
 
!
 +
ip cef
 
!
 
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
 
!
 
!
control-plane
 
 
!
 
!
 
!
 
!
 +
ip domain name pengebanken.dk
 +
ip name-server 172.16.241.11
 +
ip ssh version 2
 
!
 
!
 
!
 
!
 
!
 
!
 +
voice-card 0
 
!
 
!
 
!
 
!
Line 508: Line 858:
 
!
 
!
 
!
 
!
line con 0
 
line aux 0
 
line vty 0 4
 
length 0
 
 
!
 
!
scheduler allocate 20000 1000
 
ntp server 172.16.255.10
 
end
 
</pre>
 
 
==AHA01FW==
 
<pre>
 
version 12.4
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
 
!
 
!
hostname AHA01FW
 
 
!
 
!
boot-start-marker
 
boot-end-marker
 
 
!
 
!
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
 
 
!
 
!
aaa new-model
 
 
!
 
!
 
!
 
!
aaa authentication login default group radius local
 
aaa authentication ppp default if-needed group radius none
 
aaa authorization exec default group radius local
 
 
!
 
!
aaa session-id common
 
 
!
 
!
resource policy
 
 
!
 
!
ip cef
 
 
!
 
!
 
!
 
!
 +
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.
 
!
 
!
 
!
 
!
no ip domain lookup
+
class-map match-any MissionCritical-Trust
ip domain name pengebanken.dk
+
match ip dscp af31
ip name-server 172.16.241.11
+
class-map match-any VoIP-RTP-Trust
ip ssh version 2
+
match ip dscp ef
vpdn enable
+
class-map match-any VoIP-Control-Trust
!
+
match ip dscp cs3
vpdn-group VPN
+
class-map match-any Management-Trust
! Default PPTP VPDN group
+
  match ip dscp cs2
  accept-dialin
 
  protocol pptp
 
  virtual-template 1
 
 
!
 
!
 
!
 
!
 +
policy-map PbPolicy
 +
class VoIP-RTP-Trust
 +
  priority percent 25
 +
class VoIP-Control-Trust
 +
  bandwidth percent 5
 +
class MissionCritical-Trust
 +
  bandwidth percent 40
 +
class Management-Trust
 +
  bandwidth percent 5
 +
class class-default
 +
  fair-queue
 
!
 
!
 +
!
 
!
 
!
voice-card 0
+
crypto isakmp policy 10
!
+
encr aes 256
!
+
authentication pre-share
!
+
group 5
 +
lifetime 1000
 +
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1
 
!
 
!
 
!
 
!
 +
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
 
!
 
!
 +
crypto map PB_crypto_Map 10 ipsec-isakmp
 +
set peer 10.1.1.1
 +
set transform-set PB-TransformSet
 +
match address Tunnel1_til_Aarhus
 
!
 
!
 
!
 
!
Line 575: Line 916:
 
!
 
!
 
!
 
!
 +
interface Tunnel1
 +
description Til_Aarhus
 +
ip address 172.16.254.6 255.255.255.252
 +
ip mtu 1420
 +
tunnel source FastEthernet0/0
 +
tunnel destination 10.1.1.1
 +
service-policy output PbPolicy
 
!
 
!
 +
interface FastEthernet0/0
 +
description Internet
 +
ip address 10.1.1.3 255.255.255.0
 +
duplex auto
 +
speed auto
 +
crypto map PB_crypto_Map
 
!
 
!
 +
interface FastEthernet0/1
 +
description Til_AHA01SWCO
 +
ip address 172.18.255.6 255.255.255.252
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
duplex auto
 +
speed auto
 +
service-policy output PbPolicy
 
!
 
!
 +
interface Serial0/2/0
 +
no ip address
 +
shutdown
 +
no fair-queue
 +
clock rate 125000
 
!
 
!
 +
interface Serial0/2/1
 +
no ip address
 +
shutdown
 +
clock rate 125000
 
!
 
!
 +
router ospf 1
 +
log-adjacency-changes
 +
redistribute bgp 65003 metric 255 subnets
 +
network 172.18.255.6 0.0.0.0 area 0
 +
default-information originate metric 255
 
!
 
!
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
+
router bgp 65003
 +
no synchronization
 +
bgp log-neighbor-changes
 +
redistribute static
 +
redistribute ospf 1 match internal external 1 external 2
 +
neighbor 172.16.254.5 remote-as 65001
 +
neighbor 172.16.254.5 description AHA01FW
 +
neighbor 172.16.254.5 route-map 65003-RMAP-IN in
 +
neighbor 172.16.254.5 route-map 65003-RMAP-OUT out
 +
default-information originate
 +
no auto-summary
 +
!
 +
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
 
!
 
!
 
!
 
!
class-map type inspect match-any OUTSIDE-DMZ-CMAP
+
ip http server
match protocol http
+
no ip http secure-server
class-map match-any MissionCritical-Trust
+
!
match ip dscp af31
+
ip access-list extended Tunnel1_til_Aarhus
class-map match-any VoIP-RTP-Trust
+
  permit gre host 10.1.1.3 host 10.1.1.1
match ip dscp ef
 
class-map match-any VoIP-Control-Trust
 
match ip dscp cs3
 
class-map match-any Management-Trust
 
match ip dscp cs2
 
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
 
match protocol tcp
 
match protocol udp
 
match protocol icmp
 
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
 
match protocol tcp
 
  match protocol udp
 
 
!
 
!
 
!
 
!
policy-map type inspect OUTSIDE-DMZ-PMAP
+
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
class type inspect OUTSIDE-DMZ-CMAP
+
!
  inspect
+
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32
class class-default
+
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
  drop log
+
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
policy-map PbPolicy
+
ip radius source-interface FastEthernet0/1
class VoIP-RTP-Trust
+
access-list 1 permit 172.16.241.17
  priority percent 25
+
access-list 1 permit 172.16.7.0 0.0.0.255
class VoIP-Control-Trust
+
snmp-server community PengeBanken RO 1
  bandwidth percent 5
+
!
class MissionCritical-Trust
+
!
  bandwidth percent 40
+
!
class Management-Trust
+
route-map 65003-RMAP-IN permit 10
  bandwidth percent 5
+
  match ip address prefix-list 65003-PRE-IN
class class-default
+
!
  fair-queue
+
route-map 65003-RMAP-OUT permit 10
policy-map type inspect INSIDE-OUTSIDE-PMAP
+
  match ip address prefix-list 65003-PLIST-OUT
  class type inspect INSIDE-OUTSIDE-CMAP
+
  set as-path prepend 65003 65003 65003 65003 65003 65003 65003
  inspect
 
class class-default
 
  drop log
 
policy-map type inspect OUTSIDE-INSIDE-PMAP
 
  class type inspect OUTSIDE-INSIDE-CMAP
 
  drop log
 
  class class-default
 
 
!
 
!
zone security INSIDE
 
zone security OUTSIDE
 
zone security DMZ
 
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 
service-policy type inspect INSIDE-OUTSIDE-PMAP
 
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 
service-policy type inspect OUTSIDE-INSIDE-PMAP
 
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 
service-policy type inspect OUTSIDE-DMZ-PMAP
 
!
 
 
!
 
!
crypto isakmp policy 10
 
encr aes 256
 
authentication pre-share
 
group 5
 
lifetime 1000
 
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
 
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
 
 
!
 
!
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
!
 +
control-plane
 
!
 
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
 
 
!
 
!
crypto map PB_crypto_Map 10 ipsec-isakmp
 
set peer 10.1.1.2
 
set transform-set PB-TransformSet
 
match address Tunnel1_til_Viborg
 
crypto map PB_crypto_Map 20 ipsec-isakmp
 
set peer 10.1.1.3
 
set transform-set PB-TransformSet
 
match address Tunnel2_til_Aalborg
 
 
!
 
!
 
!
 
!
Line 664: Line 1,010:
 
!
 
!
 
!
 
!
interface Tunnel1
 
description Tunnel1_til_Viborg
 
ip address 172.16.254.1 255.255.255.252
 
ip mtu 1420
 
ip nat inside
 
ip virtual-reassembly
 
zone-member security INSIDE
 
tunnel source FastEthernet0/0
 
tunnel destination 10.1.1.2
 
service-policy output PbPolicy
 
 
!
 
!
interface Tunnel2
 
description Tunnel2_til_Aalborg
 
ip address 172.16.254.5 255.255.255.252
 
ip mtu 1420
 
ip nat inside
 
ip virtual-reassembly
 
zone-member security INSIDE
 
tunnel source FastEthernet0/0
 
tunnel destination 10.1.1.3
 
service-policy output PbPolicy
 
 
!
 
!
interface Loopback0
 
ip address 192.168.255.10 255.255.255.0
 
zone-member security DMZ
 
 
!
 
!
interface FastEthernet0/0
+
line con 0
description internet
+
line aux 0
ip address 10.1.1.1 255.255.255.0
+
line vty 0 4
  ip nat outside
+
  length 0
ip virtual-reassembly
 
zone-member security OUTSIDE
 
duplex auto
 
speed auto
 
crypto map PB_crypto_Map
 
 
!
 
!
interface FastEthernet0/1
+
scheduler allocate 20000 1000
description Til_AHA01SWCO
+
ntp server 172.16.255.10
ip address 172.16.255.10 255.255.255.252
+
end
ip nat inside
+
</pre>
ip virtual-reassembly
+
 
zone-member security INSIDE
+
=Århus=
ip route-cache flow
+
==AHA01FW==
ip ospf network point-to-point
+
<pre>
ip ospf dead-interval minimal hello-multiplier 3
+
version 12.4
duplex auto
+
service timestamps debug datetime msec
speed auto
+
service timestamps log datetime msec
service-policy output PbPolicy
+
no service password-encryption
 
!
 
!
interface FastEthernet0/1/0
+
hostname AHA01FW
description Til_AHA02SWCO
 
switchport access vlan 990
 
service-policy output PbPolicy
 
 
!
 
!
interface FastEthernet0/1/1
+
boot-start-marker
description Til_AHA01RT
+
boot-end-marker
switchport access vlan 991
 
service-policy output PbPolicy
 
 
!
 
!
interface FastEthernet0/1/2
+
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
 
!
 
!
interface FastEthernet0/1/3
+
aaa new-model
 
!
 
!
interface Virtual-Template1
 
ip address 172.16.253.1 255.255.255.0
 
ip nat inside
 
ip virtual-reassembly
 
zone-member security INSIDE
 
peer default ip address pool VPN-Pool
 
ppp encrypt mppe auto
 
ppp authentication ms-chap ms-chap-v2
 
 
!
 
!
interface Vlan1
+
aaa authentication login default group radius local
no ip address
+
aaa authentication ppp default if-needed group radius none
 +
aaa authorization exec default group radius local
 
!
 
!
interface Vlan990
+
aaa session-id common
ip address 172.16.255.22 255.255.255.252
 
ip nat inside
 
ip virtual-reassembly
 
zone-member security INSIDE
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
 
!
 
!
interface Vlan991
+
resource policy
ip address 172.16.255.14 255.255.255.252
 
ip nat inside
 
ip virtual-reassembly
 
zone-member security INSIDE
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
 
!
 
!
router ospf 1
+
ip cef
log-adjacency-changes
 
passive-interface Tunnel1
 
passive-interface Tunnel2
 
network 172.16.255.10 0.0.0.0 area 0
 
network 172.16.255.14 0.0.0.0 area 0
 
network 172.16.255.22 0.0.0.0 area 0
 
default-information originate
 
 
!
 
!
router bgp 65001
 
bgp log-neighbor-changes
 
neighbor 172.16.254.2 remote-as 65002
 
neighbor 172.16.254.6 remote-as 65003
 
!
 
address-family ipv4
 
redistribute static
 
redistribute ospf 1 match internal external 1 external 2
 
neighbor 172.16.254.2 activate
 
neighbor 172.16.254.6 activate
 
default-information originate
 
no auto-summary
 
no synchronization
 
exit-address-family
 
 
!
 
!
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
 
ip route 0.0.0.0 0.0.0.0 10.1.1.254
 
 
!
 
!
ip flow-export source FastEthernet0/1
 
ip flow-export version 5
 
ip flow-export destination 172.16.241.17 9000
 
 
!
 
!
ip http server
+
no ip domain lookup
no ip http secure-server
+
ip domain name pengebanken.dk
ip nat inside source list 10 interface FastEthernet0/0 overload
+
ip name-server 172.16.241.11
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
+
ip ssh version 2
 +
vpdn enable
 
!
 
!
ip access-list extended Tunnel1_til_Viborg
+
vpdn-group VPN
  permit gre host 10.1.1.1 host 10.1.1.2
+
! Default PPTP VPDN group
ip access-list extended Tunnel2_til_Aalborg
+
  accept-dialin
permit gre host 10.1.1.1 host 10.1.1.3
+
  protocol pptp
 +
  virtual-template 1
 
!
 
!
ip radius source-interface FastEthernet0/1
 
access-list 10 permit 172.16.241.15
 
access-list 10 permit 172.16.0.0 0.15.255.255
 
snmp-server community PengeBanken RO
 
snmp-server host 172.16.241.17 version 2c PengeBanken
 
 
!
 
!
 
!
 
!
 
!
 
!
 +
voice-card 0
 
!
 
!
 
!
 
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
 
!
 
!
control-plane
 
 
!
 
!
 
!
 
!
Line 819: Line 1,083:
 
!
 
!
 
!
 
!
line con 0
 
line aux 0
 
line vty 0 4
 
 
!
 
!
scheduler allocate 20000 1000
 
ntp clock-period 17178263
 
ntp server 217.198.208.66
 
end
 
</pre>
 
 
==AHA01RT==
 
<pre>
 
version 12.4
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
 
!
 
!
hostname AHA01RT
 
 
!
 
!
boot-start-marker
 
boot-end-marker
 
 
!
 
!
enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu.
+
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
 
!
 
!
aaa new-model
 
 
!
 
!
!
+
class-map type inspect match-any OUTSIDE-DMZ-CMAP
aaa authentication login default group radius local
+
match protocol http
aaa authorization exec default group radius local
+
class-map match-any MissionCritical-Trust
!
+
match ip dscp af31
aaa session-id common
+
class-map match-any VoIP-RTP-Trust
!
+
match ip dscp ef
resource policy
+
class-map match-any VoIP-Control-Trust
!
+
match ip dscp cs3
ip cef
+
class-map match-any Management-Trust
!
+
match ip dscp cs2
!
+
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
!
+
match protocol tcp
!
+
match protocol udp
ip domain name pengebanken.dk
+
match protocol icmp
ip name-server 172.16.241.11
+
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
ip ssh version 2
+
match protocol tcp
!
+
match protocol udp
!
 
!
 
voice-card 0
 
 
!
 
!
 
!
 
!
 +
policy-map type inspect OUTSIDE-DMZ-PMAP
 +
class type inspect OUTSIDE-DMZ-CMAP
 +
  inspect
 +
class class-default
 +
  drop log
 +
policy-map PbPolicy
 +
class VoIP-RTP-Trust
 +
  priority percent 25
 +
class VoIP-Control-Trust
 +
  bandwidth percent 5
 +
class MissionCritical-Trust
 +
  bandwidth percent 40
 +
class Management-Trust
 +
  bandwidth percent 5
 +
class class-default
 +
  fair-queue
 +
policy-map type inspect INSIDE-OUTSIDE-PMAP
 +
class type inspect INSIDE-OUTSIDE-CMAP
 +
  inspect
 +
class class-default
 +
  drop log
 +
policy-map type inspect OUTSIDE-INSIDE-PMAP
 +
class type inspect OUTSIDE-INSIDE-CMAP
 +
  drop log
 +
class class-default
 
!
 
!
 +
zone security INSIDE
 +
zone security OUTSIDE
 +
zone security DMZ
 +
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 +
service-policy type inspect INSIDE-OUTSIDE-PMAP
 +
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 +
service-policy type inspect OUTSIDE-INSIDE-PMAP
 +
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 +
service-policy type inspect OUTSIDE-DMZ-PMAP
 +
!
 
!
 
!
 +
crypto isakmp policy 10
 +
encr aes 256
 +
authentication pre-share
 +
group 5
 +
lifetime 1000
 +
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
 +
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
 
!
 
!
 
!
 
!
 +
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
 
!
 
!
 +
crypto map PB_crypto_Map 10 ipsec-isakmp
 +
set peer 10.1.1.2
 +
set transform-set PB-TransformSet
 +
match address Tunnel1_til_Viborg
 +
crypto map PB_crypto_Map 20 ipsec-isakmp
 +
set peer 10.1.1.3
 +
set transform-set PB-TransformSet
 +
match address Tunnel2_til_Aalborg
 
!
 
!
 
!
 
!
Line 877: Line 1,170:
 
!
 
!
 
!
 
!
 +
interface Tunnel1
 +
description Tunnel1_til_Viborg
 +
ip address 172.16.254.1 255.255.255.252
 +
ip mtu 1420
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
tunnel source FastEthernet0/0
 +
tunnel destination 10.1.1.2
 +
service-policy output PbPolicy
 
!
 
!
 +
interface Tunnel2
 +
description Tunnel2_til_Aalborg
 +
ip address 172.16.254.5 255.255.255.252
 +
ip mtu 1420
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
tunnel source FastEthernet0/0
 +
tunnel destination 10.1.1.3
 +
service-policy output PbPolicy
 
!
 
!
 +
interface Loopback0
 +
ip address 192.168.255.10 255.255.255.0
 +
zone-member security DMZ
 
!
 
!
 +
interface FastEthernet0/0
 +
description internet
 +
ip address 10.1.1.1 255.255.255.0
 +
ip nat outside
 +
ip virtual-reassembly
 +
zone-member security OUTSIDE
 +
duplex auto
 +
speed auto
 +
crypto map PB_crypto_Map
 
!
 
!
 +
interface FastEthernet0/1
 +
description Til_AHA01SWCO
 +
ip address 172.16.255.10 255.255.255.252
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
ip route-cache flow
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
duplex auto
 +
speed auto
 +
service-policy output PbPolicy
 
!
 
!
username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0.
+
interface FastEthernet0/1/0
 +
description Til_AHA02SWCO
 +
switchport access vlan 990
 +
service-policy output PbPolicy
 
!
 
!
 +
interface FastEthernet0/1/1
 +
description Til_AHA01RT
 +
switchport access vlan 991
 +
service-policy output PbPolicy
 
!
 
!
class-map match-any MissionCritical-Trust
+
interface FastEthernet0/1/2
match ip dscp af31
 
class-map match-any VoIP-RTP-Trust
 
match ip dscp ef
 
class-map match-any VoIP-Control-Trust
 
match ip dscp cs3
 
class-map match-any Management-Trust
 
match ip dscp cs2
 
 
!
 
!
 +
interface FastEthernet0/1/3
 
!
 
!
policy-map PbPolicy
+
interface Virtual-Template1
  class VoIP-RTP-Trust
+
  ip address 172.16.253.1 255.255.255.0
  priority percent 25
+
ip nat inside
  class VoIP-Control-Trust
+
  ip virtual-reassembly
  bandwidth percent 5
+
  zone-member security INSIDE
  class MissionCritical-Trust
+
  peer default ip address pool VPN-Pool
  bandwidth percent 40
+
ppp encrypt mppe auto
  class Management-Trust
+
  ppp authentication ms-chap ms-chap-v2
  bandwidth percent 5
 
  class class-default
 
  fair-queue
 
 
!
 
!
!
+
interface Vlan1
 +
no ip address
 
!
 
!
 +
interface Vlan990
 +
ip address 172.16.255.22 255.255.255.252
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 
!
 
!
!
+
interface Vlan991
!
+
  ip address 172.16.255.14 255.255.255.252
!
+
  ip nat inside
interface FastEthernet0/0
+
  ip virtual-reassembly
description TDC_MPLS
+
  zone-member security INSIDE
  ip address 172.16.255.1 255.255.255.252
 
  duplex auto
 
  speed auto
 
  service-policy output PbPolicy
 
!
 
interface FastEthernet0/1
 
description Til_AHA02SWCO
 
ip address 172.16.255.5 255.255.255.252
 
 
  ip ospf network point-to-point
 
  ip ospf network point-to-point
 
  ip ospf dead-interval minimal hello-multiplier 3
 
  ip ospf dead-interval minimal hello-multiplier 3
duplex auto
 
speed auto
 
auto qos voip trust
 
service-policy output PbPolicy
 
 
!
 
!
interface FastEthernet0/1.101
+
router ospf 1
 +
log-adjacency-changes
 +
passive-interface Tunnel1
 +
passive-interface Tunnel2
 +
network 172.16.255.10 0.0.0.0 area 0
 +
network 172.16.255.14 0.0.0.0 area 0
 +
network 172.16.255.22 0.0.0.0 area 0
 +
default-information originate
 
!
 
!
interface FastEthernet0/1/0
+
router bgp 65001
  description Til_AHA01SWCO
+
bgp log-neighbor-changes
  switchport access vlan 990
+
neighbor 172.16.254.2 remote-as 65002
  service-policy output PbPolicy
+
neighbor 172.16.254.6 remote-as 65003
 +
!
 +
address-family ipv4
 +
redistribute static
 +
redistribute ospf 1 match internal external 1 external 2
 +
neighbor 172.16.254.2 activate
 +
neighbor 172.16.254.6 activate
 +
  default-information originate
 +
  no auto-summary
 +
  no synchronization
 +
exit-address-family
 
!
 
!
interface FastEthernet0/1/1
+
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
description Til_AHA01FW
+
ip route 0.0.0.0 0.0.0.0 10.1.1.254
switchport access vlan 991
 
service-policy output PbPolicy
 
 
!
 
!
interface FastEthernet0/1/2
+
ip flow-export source FastEthernet0/1
 +
ip flow-export version 5
 +
ip flow-export destination 172.16.241.17 9000
 
!
 
!
interface FastEthernet0/1/3
+
ip http server
 +
no ip http secure-server
 +
ip nat inside source list 10 interface FastEthernet0/0 overload
 +
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
 
!
 
!
interface Serial0/2/0
+
ip access-list extended Tunnel1_til_Viborg
  no ip address
+
permit gre host 10.1.1.1 host 10.1.1.2
shutdown
+
ip access-list extended Tunnel2_til_Aalborg
clock rate 2000000
+
  permit gre host 10.1.1.1 host 10.1.1.3
 +
!
 +
ip radius source-interface FastEthernet0/1
 +
access-list 10 permit 172.16.241.15
 +
access-list 10 permit 172.16.0.0 0.15.255.255
 +
snmp-server community PengeBanken RO
 +
snmp-server host 172.16.241.17 version 2c PengeBanken
 
!
 
!
interface Vlan1
 
no ip address
 
 
!
 
!
interface Vlan990
 
ip address 172.16.255.18 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
 
!
 
!
interface Vlan991
 
ip address 172.16.255.13 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
 
!
 
!
router ospf 1
 
log-adjacency-changes
 
redistribute bgp 65001 subnets
 
network 172.16.255.1 0.0.0.0 area 0
 
network 172.16.255.5 0.0.0.0 area 0
 
network 172.16.255.13 0.0.0.0 area 0
 
network 172.16.255.18 0.0.0.0 area 0
 
 
!
 
!
router bgp 65001
+
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
no synchronization
 
bgp log-neighbor-changes
 
redistribute connected
 
redistribute ospf 1 match internal external 1 external 2
 
neighbor 172.16.255.2 remote-as 65000
 
neighbor 172.16.255.2 description TDC_MPLS
 
neighbor 172.16.255.2 next-hop-self
 
neighbor 172.16.255.2 soft-reconfiguration inbound
 
neighbor 172.16.255.2 route-map 65000-RMAP-OUT out
 
default-information originate
 
no auto-summary
 
 
!
 
!
!
+
control-plane
!
 
ip http server
 
no ip http secure-server
 
!
 
!
 
ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32
 
ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32
 
ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32
 
ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32
 
ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32
 
ip radius source-interface FastEthernet0/1
 
snmp-server community PengeBanken RO
 
!
 
!
 
!
 
route-map 65000-RMAP-OUT permit 10
 
match ip address prefix-list 65000-PLIST-OUT
 
!
 
!
 
!
 
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
!
 
control-plane
 
 
!
 
!
 
!
 
!
Line 1,022: Line 1,328:
 
line aux 0
 
line aux 0
 
line vty 0 4
 
line vty 0 4
password cisco
 
 
!
 
!
 
scheduler allocate 20000 1000
 
scheduler allocate 20000 1000
ntp clock-period 17179809
+
ntp clock-period 17178263
ntp server 172.16.255.10
+
ntp server 217.198.208.66
 
end
 
end
 
</pre>
 
</pre>
==AHA01SWCO==
+
 
 +
==AHA01RT==
 
<pre>
 
<pre>
version 12.2
+
version 12.4
no service pad
 
 
service timestamps debug datetime msec
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
no service password-encryption
 
!
 
!
hostname AHA01SWCO
+
hostname AHA01RT
 
!
 
!
 
boot-start-marker
 
boot-start-marker
 
boot-end-marker
 
boot-end-marker
 
!
 
!
enable secret 5 $1$vBG2$emquo5iIZpvTzxCkqzzWv0
+
enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu.
 
!
 
!
username admin privilege 15 secret 5 $1$S9Eb$TFTuP.RZAaTb9mJrha.7m0
 
 
aaa new-model
 
aaa new-model
 
!
 
!
Line 1,050: Line 1,354:
 
aaa authentication login default group radius local
 
aaa authentication login default group radius local
 
aaa authorization exec default group radius local  
 
aaa authorization exec default group radius local  
 +
!
 +
aaa session-id common
 +
!
 +
resource policy
 +
!
 +
ip cef
 +
!
 +
!
 +
!
 +
!
 +
ip domain name pengebanken.dk
 +
ip name-server 172.16.241.11
 +
ip ssh version 2
 +
!
 +
!
 +
!
 +
voice-card 0
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 
!
 
!
 
!
 
!
 
!
 
!
aaa session-id common
 
system mtu routing 1500
 
ip subnet-zero
 
ip routing
 
ip domain-name pengebanken.dk
 
ip name-server 172.16.241.11
 
 
!
 
!
 
!
 
!
 
!
 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 
mls qos srr-queue input bandwidth 90 10
 
mls qos srr-queue input threshold 1 8 16
 
mls qos srr-queue input threshold 2 34 66
 
mls qos srr-queue input buffers 67 33
 
mls qos srr-queue input cos-map queue 1 threshold 2 1
 
mls qos srr-queue input cos-map queue 1 threshold 3 0
 
mls qos srr-queue input cos-map queue 2 threshold 1 2
 
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
 
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
 
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
 
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
 
mls qos srr-queue input dscp-map queue 1 threshold 3 32
 
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
 
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
 
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
 
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
 
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
 
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
 
mls qos srr-queue output cos-map queue 1 threshold 3 5
 
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
 
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
 
mls qos srr-queue output cos-map queue 4 threshold 2 1
 
mls qos srr-queue output cos-map queue 4 threshold 3 0
 
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
 
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
 
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
 
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
 
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
 
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
 
mls qos srr-queue output dscp-map queue 4 threshold 1 8
 
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
 
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
 
mls qos queue-set output 1 threshold 1 138 138 92 138
 
mls qos queue-set output 1 threshold 2 138 138 92 400
 
mls qos queue-set output 1 threshold 3 36 77 100 318
 
mls qos queue-set output 1 threshold 4 20 50 67 400
 
mls qos queue-set output 2 threshold 1 149 149 100 149
 
mls qos queue-set output 2 threshold 2 118 118 100 235
 
mls qos queue-set output 2 threshold 3 41 68 100 272
 
mls qos queue-set output 2 threshold 4 42 72 100 242
 
mls qos queue-set output 1 buffers 10 10 26 54
 
mls qos queue-set output 2 buffers 16 6 17 61
 
mls qos
 
 
!
 
!
crypto pki trustpoint TP-self-signed-201700352
+
username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0.
enrollment selfsigned
 
subject-name cn=IOS-Self-Signed-Certificate-201700352
 
revocation-check none
 
rsakeypair TP-self-signed-201700352
 
!
 
!
 
crypto pki certificate chain TP-self-signed-201700352
 
certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer
 
 
!
 
!
 
!
 
!
 +
class-map match-any MissionCritical-Trust
 +
match ip dscp af31
 +
class-map match-any VoIP-RTP-Trust
 +
match ip dscp ef
 +
class-map match-any VoIP-Control-Trust
 +
match ip dscp cs3
 +
class-map match-any Management-Trust
 +
match ip dscp cs2
 
!
 
!
 
!
 
!
 +
policy-map PbPolicy
 +
class VoIP-RTP-Trust
 +
  priority percent 25
 +
class VoIP-Control-Trust
 +
  bandwidth percent 5
 +
class MissionCritical-Trust
 +
  bandwidth percent 40
 +
class Management-Trust
 +
  bandwidth percent 5
 +
class class-default
 +
  fair-queue
 
!
 
!
 +
!
 
!
 
!
spanning-tree mode rapid-pvst
 
spanning-tree etherchannel guard misconfig
 
spanning-tree extend system-id
 
spanning-tree vlan 2,7-11 priority 24576
 
spanning-tree vlan 240-242 priority 28672
 
 
!
 
!
vlan internal allocation policy ascending
 
 
!
 
!
ip ssh version 2
 
 
!
 
!
 
!
 
!
 +
interface FastEthernet0/0
 +
description TDC_MPLS
 +
ip address 172.16.255.1 255.255.255.252
 +
duplex auto
 +
speed auto
 +
service-policy output PbPolicy
 
!
 
!
 
interface FastEthernet0/1
 
interface FastEthernet0/1
  switchport trunk encapsulation dot1q
+
  description Til_AHA02SWCO
  switchport mode trunk
+
  ip address 172.16.255.5 255.255.255.252
  mls qos trust cos
+
  ip ospf network point-to-point
  spanning-tree guard root
+
ip ospf dead-interval minimal hello-multiplier 3
 +
duplex auto
 +
speed auto
 +
auto qos voip trust  
 +
  service-policy output PbPolicy
 
!
 
!
interface FastEthernet0/2
+
interface FastEthernet0/1.101
switchport trunk encapsulation dot1q
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/3
+
interface FastEthernet0/1/0
  switchport trunk encapsulation dot1q
+
  description Til_AHA01SWCO
  switchport mode trunk
+
  switchport access vlan 990
mls qos trust cos
+
  service-policy output PbPolicy
  spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/4
+
interface FastEthernet0/1/1
  switchport trunk encapsulation dot1q
+
  description Til_AHA01FW
  switchport mode trunk
+
  switchport access vlan 991
mls qos trust cos
+
  service-policy output PbPolicy
  spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/5
+
interface FastEthernet0/1/2
switchport trunk encapsulation dot1q
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/6
+
interface FastEthernet0/1/3
switchport trunk encapsulation dot1q
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/7
+
interface Serial0/2/0
switchport trunk encapsulation dot1q
+
  no ip address
  switchport mode trunk
+
  shutdown
  mls qos trust cos
+
  clock rate 2000000
  spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/8
+
interface Vlan1
  switchport trunk encapsulation dot1q
+
  no ip address
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/9
+
interface Vlan990
  switchport trunk encapsulation dot1q
+
  ip address 172.16.255.18 255.255.255.252
  switchport mode trunk
+
  ip ospf network point-to-point
  mls qos trust cos
+
  ip ospf dead-interval minimal hello-multiplier 3
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/10
+
interface Vlan991
  switchport trunk encapsulation dot1q
+
  ip address 172.16.255.13 255.255.255.252
  switchport mode trunk
+
  ip ospf network point-to-point
  mls qos trust cos
+
  ip ospf dead-interval minimal hello-multiplier 3
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/11
+
router ospf 1
  switchport trunk encapsulation dot1q
+
  log-adjacency-changes
  switchport mode trunk
+
redistribute bgp 65001 subnets
  mls qos trust cos
+
  network 172.16.255.1 0.0.0.0 area 0
  spanning-tree guard root
+
  network 172.16.255.5 0.0.0.0 area 0
 +
  network 172.16.255.13 0.0.0.0 area 0
 +
network 172.16.255.18 0.0.0.0 area 0
 
!
 
!
interface FastEthernet0/12
+
router bgp 65001
  switchport trunk encapsulation dot1q
+
  no synchronization
  switchport mode trunk
+
  bgp log-neighbor-changes
  mls qos trust cos
+
redistribute connected
  spanning-tree guard root
+
  redistribute ospf 1 match internal external 1 external 2
!
+
  neighbor 172.16.255.2 remote-as 65000
interface FastEthernet0/13
+
neighbor 172.16.255.2 description TDC_MPLS
  switchport trunk encapsulation dot1q
+
neighbor 172.16.255.2 next-hop-self
  switchport mode trunk
+
  neighbor 172.16.255.2 soft-reconfiguration inbound
  mls qos trust cos
+
  neighbor 172.16.255.2 route-map 65000-RMAP-OUT out
  spanning-tree guard root
+
  default-information originate
 +
  no auto-summary
 
!
 
!
interface FastEthernet0/14
 
switchport trunk encapsulation dot1q
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/15
 
switchport trunk encapsulation dot1q
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/16
+
ip http server
switchport trunk encapsulation dot1q
+
no ip http secure-server
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/17
 
switchport trunk encapsulation dot1q
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/18
+
ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32
switchport trunk encapsulation dot1q
+
ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32
switchport mode trunk
+
ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32
mls qos trust cos
+
ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32
spanning-tree guard root
+
ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32
 +
ip radius source-interface FastEthernet0/1
 +
snmp-server community PengeBanken RO
 +
!
 
!
 
!
interface FastEthernet0/19
 
no switchport
 
ip address 172.16.255.17 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/20
+
route-map 65000-RMAP-OUT permit 10
  description Til_AHA01SWSL
+
  match ip address prefix-list 65000-PLIST-OUT
switchport trunk encapsulation dot1q
 
switchport trunk allowed vlan 2,240-242
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/21
 
description Til_AHA02SWSL
 
switchport trunk encapsulation dot1q
 
switchport trunk allowed vlan 2,240-242
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/22
 
description Til_AHA01SWOP
 
switchport trunk encapsulation dot1q
 
switchport trunk allowed vlan 2,7-11
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/23
+
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
description Til_AHA02SWCO
+
!
switchport trunk encapsulation dot1q
+
control-plane
switchport trunk allowed vlan 2,7-11,240-242
+
!
switchport mode trunk
 
mls qos trust cos
 
 
!
 
!
interface FastEthernet0/24
 
description Til_AHA01FW
 
no switchport
 
ip address 172.16.255.9 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
mls qos trust cos
 
 
!
 
!
interface GigabitEthernet0/1
 
 
!
 
!
interface GigabitEthernet0/2
 
 
!
 
!
interface Vlan1
 
no ip address
 
 
!
 
!
interface Vlan2
 
description Management
 
ip address 192.168.0.2 255.255.255.0
 
standby 2 ip 192.168.0.1
 
standby 2 timers msec 200 msec 800
 
standby 2 priority 110
 
standby 2 preempt delay minimum 300
 
 
!
 
!
interface Vlan7
 
description IT-administration
 
ip address 172.16.0.2 255.255.255.0
 
ip helper-address 172.16.241.11
 
standby 7 ip 172.16.0.1
 
standby 7 timers msec 200 msec 800
 
standby 7 priority 110
 
standby 7 preempt delay minimum 300
 
 
!
 
!
interface Vlan8
 
description Common_Services
 
ip address 172.16.8.2 255.255.255.0
 
ip helper-address 172.16.241.11
 
standby 8 ip 172.16.8.1
 
standby 8 timers msec 200 msec 800
 
standby 8 priority 110
 
standby 8 preempt delay minimum 300
 
 
!
 
!
interface Vlan9
 
description Administration
 
ip address 172.16.9.2 255.255.255.0
 
ip access-group Administration in
 
ip helper-address 172.16.241.11
 
standby 9 ip 172.16.9.1
 
standby 9 timers msec 200 msec 800
 
standby 9 priority 110
 
standby 9 preempt delay minimum 300
 
 
!
 
!
interface Vlan10
+
line con 0
description BankRaadgiver
+
line aux 0
ip address 172.16.10.2 255.255.255.0
+
line vty 0 4
  ip access-group Bank in
+
  password cisco
ip helper-address 172.16.241.11
 
standby 10 ip 172.16.10.1
 
standby 10 timers msec 200 msec 800
 
standby 10 priority 110
 
standby 10 preempt delay minimum 300
 
 
!
 
!
interface Vlan11
+
scheduler allocate 20000 1000
description IP-Telefoni
+
ntp clock-period 17179809
ip address 172.16.11.2 255.255.255.0
+
ntp server 172.16.255.10
ip access-group Telefoni in
+
end
ip helper-address 172.16.241.11
+
</pre>
standby 11 ip 172.16.11.1
+
==AHA01RTVG==
standby 11 timers msec 200 msec 800
+
<pre>
standby 11 priority 110
+
version 12.1
standby 11 preempt delay minimum 300
+
no service pad
 +
service timestamps debug uptime
 +
service timestamps log uptime
 +
no service password-encryption
 
!
 
!
interface Vlan240
+
hostname AHA01SWSL
description Servere
 
ip address 172.16.240.2 255.255.255.0
 
ip helper-address 172.16.241.11
 
standby 240 ip 172.16.240.1
 
standby 240 timers msec 200 msec 800
 
 
!
 
!
interface Vlan241
+
aaa new-model
description Servere
+
aaa authentication login default group radius local
ip address 172.16.241.2 255.255.255.0
+
aaa authorization exec default group radius local
ip helper-address 172.16.241.11
+
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
standby 241 ip 172.16.241.1
 
standby 241 timers msec 200 msec 800
 
 
!
 
!
interface Vlan242
+
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
description CallManager
+
wrr-queue bandwidth 10 20 70 1
ip address 172.16.242.2 255.255.255.0
+
wrr-queue cos-map 1 0 1
ip helper-address 172.16.241.11
+
wrr-queue cos-map 2 2 4
standby 242 ip 172.16.242.1
+
wrr-queue cos-map 3 3 6 7
standby 242 timers msec 200 msec 800
+
wrr-queue cos-map 4 5
 
!
 
!
router ospf 1
+
class-map match-all ManagementSNMP
log-adjacency-changes
+
  match access-group name MatchSNMP
network 172.16.0.0 0.0.255.255 area 0
+
class-map match-all ManagementNF
network 192.168.0.0 0.0.0.255 area 0
+
  match access-group name MatchNF
 +
class-map match-all MissionCritical
 +
  match access-group name MatchBANK
 +
class-map match-all ManagementRDP
 +
  match access-group name MatchRDP
 +
class-map match-all ManagementSSH
 +
  match access-group name MatchSSH
 
!
 
!
ip classless
 
ip http server
 
ip http secure-server
 
 
!
 
!
 +
policy-map PbPolicy
 +
  class MissionCritical
 +
    set ip dscp 26
 +
  class ManagementRDP
 +
    set ip dscp 16
 +
  class ManagementSNMP
 +
    set ip dscp 16
 +
  class ManagementNF
 +
    set ip dscp 16
 +
  class ManagementSSH
 +
    set ip dscp 16
 
!
 
!
ip access-list extended Administration
+
mls qos map cos-dscp 0 8 16 24 32 46 48 56
permit ip any 172.16.240.0 0.0.7.255
+
ip subnet-zero
deny  ip any 172.0.2.0 0.255.248.255
 
deny  ip any 172.0.3.0 0.255.248.255
 
deny  ip any 172.0.4.0 0.255.248.255
 
deny  ip any 172.0.5.0 0.255.248.255
 
deny  ip any 172.0.6.0 0.255.248.255
 
deny  ip any 172.0.7.0 0.255.248.255
 
permit ip any any
 
ip access-list extended Bank
 
permit ip any 172.16.240.0 0.0.7.255
 
deny  ip any 172.0.1.0 0.255.248.255
 
deny  ip any 172.0.3.0 0.255.248.255
 
deny  ip any 172.0.4.0 0.255.248.255
 
deny  ip any 172.0.5.0 0.255.248.255
 
deny  ip any 172.0.6.0 0.255.248.255
 
deny  ip any 172.0.7.0 0.255.248.255
 
permit ip any any
 
ip access-list extended Telefoni
 
permit ip any 172.16.240.0 0.0.7.255
 
deny  ip any 172.0.1.0 0.255.248.255
 
deny  ip any 172.0.2.0 0.255.248.255
 
deny  ip any 172.0.4.0 0.255.248.255
 
deny  ip any 172.0.5.0 0.255.248.255
 
deny  ip any 172.0.6.0 0.255.248.255
 
deny  ip any 172.0.7.0 0.255.248.255
 
permit ip any any
 
!
 
ip radius source-interface Vlan2
 
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.0.0 0.0.0.255
 
 
!
 
!
snmp-server community PengeBanken RO 1
+
ip domain-name pengebanken.dk
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
+
ip name-server 172.16.241.11
 +
ip ssh time-out 120
 +
ip ssh authentication-retries 3
 +
ip ssh version 2
 
!
 
!
control-plane
+
no file verify auto
 
!
 
!
 +
spanning-tree mode rapid-pvst
 +
no spanning-tree optimize bpdu transmission
 +
spanning-tree extend system-id
 
!
 
!
line con 0
 
line vty 5 15
 
 
!
 
!
ntp clock-period 36029105
 
ntp server 172.16.255.10
 
end
 
</pre>
 
 
==AHA02SWCO==
 
<pre>
 
version 12.2
 
no service pad
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
 
!
 
!
hostname AHA02SWCO
 
 
!
 
!
boot-start-marker
+
interface FastEthernet0/1
boot-end-marker
+
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
enable secret 5 $1$GxFl$DbYT2MdQ4yNpD7UJ9Iv1S1
+
interface FastEthernet0/2
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
username admin privilege 15 secret 5 $1$m/MH$fgaAuE./eyP8ThL58GW/N0
+
interface FastEthernet0/3
aaa new-model
+
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
 +
interface FastEthernet0/4
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
aaa authentication login default group radius local
+
interface FastEthernet0/5
aaa authorization exec default group radius local
+
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
 +
interface FastEthernet0/6
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
 +
interface FastEthernet0/7
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
aaa session-id common
+
interface FastEthernet0/8
system mtu routing 1500
+
description < Server >
ip subnet-zero
+
switchport access vlan 241
ip routing
+
switchport mode access
ip domain-name pengebanken.dk
+
mls qos trust cos
ip name-server 172.16.241.11
+
spanning-tree portfast
 
!
 
!
 +
interface FastEthernet0/9
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 +
!
 +
interface FastEthernet0/10
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 +
!
 +
interface FastEthernet0/11
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 +
!
 +
interface FastEthernet0/12
 +
description < Server >
 +
switchport access vlan 241
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
 +
interface FastEthernet0/13
 +
description < Server >
 +
switchport access vlan 242
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree portfast
 
!
 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
+
interface FastEthernet0/14
mls qos srr-queue input bandwidth 90 10
+
description < Server >
mls qos srr-queue input threshold 1 8 16
+
switchport access vlan 242
mls qos srr-queue input threshold 2 34 66
+
switchport mode access
mls qos srr-queue input buffers 67 33
+
mls qos trust cos
mls qos srr-queue input cos-map queue 1 threshold 2 1
+
  spanning-tree portfast
mls qos srr-queue input cos-map queue 1 threshold 3 0
 
mls qos srr-queue input cos-map queue 2 threshold 1 2
 
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
 
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
 
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
 
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
 
mls qos srr-queue input dscp-map queue 1 threshold 3 32
 
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
 
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
 
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
 
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
 
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
 
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
 
mls qos srr-queue output cos-map queue 1 threshold 3 5
 
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
 
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
 
mls qos srr-queue output cos-map queue 4 threshold 2 1
 
mls qos srr-queue output cos-map queue 4 threshold 3 0
 
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
 
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
 
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
 
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
 
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
 
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
 
mls qos srr-queue output dscp-map queue 4 threshold 1 8
 
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
 
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
 
mls qos queue-set output 1 threshold 1 138 138 92 138
 
mls qos queue-set output 1 threshold 2 138 138 92 400
 
mls qos queue-set output 1 threshold 3 36 77 100 318
 
mls qos queue-set output 1 threshold 4 20 50 67 400
 
mls qos queue-set output 2 threshold 1 149 149 100 149
 
mls qos queue-set output 2 threshold 2 118 118 100 235
 
mls qos queue-set output 2 threshold 3 41 68 100 272
 
mls qos queue-set output 2 threshold 4 42 72 100 242
 
mls qos queue-set output 1 buffers 10 10 26 54
 
mls qos queue-set output 2 buffers 16 6 17 61
 
mls qos
 
!
 
crypto pki trustpoint TP-self-signed-3566145536
 
  enrollment selfsigned
 
subject-name cn=IOS-Self-Signed-Certificate-3566145536
 
revocation-check none
 
rsakeypair TP-self-signed-3566145536
 
!
 
 
!
 
!
crypto pki certificate chain TP-self-signed-3566145536
+
interface FastEthernet0/15
certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer
+
  description < Server >
!
 
!
 
!
 
!
 
!
 
!
 
spanning-tree mode rapid-pvst
 
spanning-tree etherchannel guard misconfig
 
spanning-tree extend system-id
 
spanning-tree vlan 2,7-11 priority 28672
 
spanning-tree vlan 240-242 priority 24576
 
!
 
vlan internal allocation policy ascending
 
!
 
ip ssh version 2
 
!
 
!
 
!
 
interface FastEthernet0/1
 
  description Til_AHA01RTVG
 
 
  switchport access vlan 242
 
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/2
+
interface FastEthernet0/16
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/3
+
interface FastEthernet0/17
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/4
+
interface FastEthernet0/18
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/5
+
interface FastEthernet0/19
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/6
+
interface FastEthernet0/20
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/7
+
interface FastEthernet0/21
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/8
+
interface FastEthernet0/22
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/9
+
interface FastEthernet0/23
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/10
+
interface FastEthernet0/24
  switchport trunk encapsulation dot1q
+
description < Server >
  switchport mode trunk
+
  switchport access vlan 242
 +
  switchport mode access
 
  mls qos trust cos
 
  mls qos trust cos
  spanning-tree guard root
+
  spanning-tree portfast
 
!
 
!
interface FastEthernet0/11
+
interface GigabitEthernet0/1
  switchport trunk encapsulation dot1q
+
  description <Uplink to AHA01SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 
  mls qos trust cos
 
  mls qos trust cos
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/12
+
interface GigabitEthernet0/2
  switchport trunk encapsulation dot1q
+
  description <Uplink to AHA02SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 
  mls qos trust cos
 
  mls qos trust cos
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/13
+
interface Vlan1
  switchport trunk encapsulation dot1q
+
  no ip address
  switchport mode trunk
+
  no ip route-cache
mls qos trust cos
+
  shutdown
  spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/14
+
interface Vlan2
  switchport trunk encapsulation dot1q
+
  ip address 192.168.0.5 255.255.255.0
  switchport mode trunk
+
  no ip route-cache
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/15
+
ip default-gateway 192.168.0.1
switchport trunk encapsulation dot1q
+
ip http server
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/16
+
ip access-list extended MatchBANK
  switchport trunk encapsulation dot1q
+
  permit tcp any any eq 8439
  switchport mode trunk
+
ip access-list extended MatchNF
  mls qos trust cos
+
  permit udp any any eq 9000
  spanning-tree guard root
+
ip access-list extended MatchRDP
 +
  permit tcp any any eq 3389
 +
ip access-list extended MatchSNMP
 +
  permit udp any any eq 167
 +
ip access-list extended MatchSSH
 +
permit tcp any any eq 22
 +
ip radius source-interface Vlan2
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.0.0 0.0.0.255
 +
snmp-server community PengeBanken RO 1
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
radius-server retransmit 3
 
!
 
!
interface FastEthernet0/17
+
line con 0
  switchport trunk encapsulation dot1q
+
line vty 0 4
  switchport mode trunk
+
  access-class 1 in
  mls qos trust cos
+
  length 0
spanning-tree guard root
+
  transport input ssh
 +
line vty 5 15
 
!
 
!
interface FastEthernet0/18
+
ntp clock-period 17179984
switchport trunk encapsulation dot1q
+
ntp server 172.16.255.10
switchport mode trunk
+
!
mls qos trust cos
+
end
spanning-tree guard root
+
</pre>
 +
==AHA01SWCO==
 +
<pre>
 +
version 12.2
 +
no service pad
 +
service timestamps debug datetime msec
 +
service timestamps log datetime msec
 +
no service password-encryption
 
!
 
!
interface FastEthernet0/19
+
hostname AHA01SWCO
description Til_AHA01FW
 
no switchport
 
ip address 172.16.255.21 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/20
+
boot-start-marker
description Til_AHA01SWSL
+
boot-end-marker
switchport trunk encapsulation dot1q
 
switchport trunk allowed vlan 2,240-242
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/21
+
enable secret 5 $1$vBG2$emquo5iIZpvTzxCkqzzWv0
description Til_AHA02SWSL
+
!
switchport trunk encapsulation dot1q
+
username admin privilege 15 secret 5 $1$S9Eb$TFTuP.RZAaTb9mJrha.7m0
switchport trunk allowed vlan 2,240-242
+
aaa new-model
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/22
 
description Til_AHA01SWOP
 
switchport trunk encapsulation dot1q
 
switchport trunk allowed vlan 2,7-11
 
switchport mode trunk
 
mls qos trust cos
 
spanning-tree guard root
 
 
!
 
!
interface FastEthernet0/23
+
aaa authentication login default group radius local
description Til_AHA01SWCO
+
aaa authorization exec default group radius local
switchport trunk encapsulation dot1q
 
switchport trunk allowed vlan 2,7-11,240-242
 
switchport mode trunk
 
mls qos trust cos
 
 
!
 
!
interface FastEthernet0/24
 
description Til_AHA01RT
 
no switchport
 
ip address 172.16.255.6 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
mls qos trust cos
 
 
!
 
!
interface GigabitEthernet0/1
 
 
!
 
!
interface GigabitEthernet0/2
+
aaa session-id common
 +
system mtu routing 1500
 +
ip subnet-zero
 +
ip routing
 +
ip domain-name pengebanken.dk
 +
ip name-server 172.16.241.11
 
!
 
!
interface Vlan1
 
no ip address
 
 
!
 
!
interface Vlan2
 
description Management
 
ip address 192.168.0.3 255.255.255.0
 
standby 2 ip 192.168.0.1
 
standby 2 timers msec 200 msec 800
 
 
!
 
!
interface Vlan7
+
mls qos map cos-dscp 0 8 16 24 32 46 48 56
description IT-administration
+
mls qos srr-queue input bandwidth 90 10
ip address 172.16.0.3 255.255.255.0
+
mls qos srr-queue input threshold 1 8 16
ip helper-address 172.16.241.11
+
mls qos srr-queue input threshold 2 34 66
standby 7 ip 172.16.0.1
+
mls qos srr-queue input buffers 67 33
standby 7 timers msec 200 msec 800
+
mls qos srr-queue input cos-map queue 1 threshold 2 1
!
+
mls qos srr-queue input cos-map queue 1 threshold 3 0
interface Vlan8
+
mls qos srr-queue input cos-map queue 2 threshold 1 2
description Common_Services
+
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
ip address 172.16.8.3 255.255.255.0
+
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
ip helper-address 172.16.241.11
+
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
standby 8 ip 172.16.8.1
+
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
standby 8 timers msec 200 msec 800
+
mls qos srr-queue input dscp-map queue 1 threshold 3 32
!
+
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
interface Vlan9
+
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
description Administration
+
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
ip address 172.16.9.3 255.255.255.0
+
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
ip access-group Administration in
+
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
ip helper-address 172.16.241.11
+
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
standby 9 ip 172.16.9.1
+
mls qos srr-queue output cos-map queue 1 threshold 3 5
standby 9 timers msec 200 msec 800
+
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
!
+
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
interface Vlan10
+
mls qos srr-queue output cos-map queue 4 threshold 2 1
  description BankRaadgiver
+
mls qos srr-queue output cos-map queue 4 threshold 3 0
  ip address 172.16.10.3 255.255.255.0
+
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
  ip access-group Bank in
+
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
  ip helper-address 172.16.241.11
+
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
standby 10 ip 172.16.10.1
+
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
standby 10 timers msec 200 msec 800
+
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
 +
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
 +
mls qos srr-queue output dscp-map queue 4 threshold 1 8
 +
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
 +
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
 +
mls qos queue-set output 1 threshold 1 138 138 92 138
 +
mls qos queue-set output 1 threshold 2 138 138 92 400
 +
mls qos queue-set output 1 threshold 3 36 77 100 318
 +
mls qos queue-set output 1 threshold 4 20 50 67 400
 +
mls qos queue-set output 2 threshold 1 149 149 100 149
 +
mls qos queue-set output 2 threshold 2 118 118 100 235
 +
mls qos queue-set output 2 threshold 3 41 68 100 272
 +
mls qos queue-set output 2 threshold 4 42 72 100 242
 +
mls qos queue-set output 1 buffers 10 10 26 54
 +
mls qos queue-set output 2 buffers 16 6 17 61
 +
mls qos
 +
!
 +
crypto pki trustpoint TP-self-signed-201700352
 +
  enrollment selfsigned
 +
  subject-name cn=IOS-Self-Signed-Certificate-201700352
 +
  revocation-check none
 +
  rsakeypair TP-self-signed-201700352
 
!
 
!
interface Vlan11
 
description IP-Telefoni
 
ip address 172.16.11.3 255.255.255.0
 
ip access-group Telefoni in
 
ip helper-address 172.16.241.11
 
standby 11 ip 172.16.11.1
 
standby 11 timers msec 200 msec 800
 
 
!
 
!
interface Vlan240
+
crypto pki certificate chain TP-self-signed-201700352
  description Servere
+
  certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer
ip address 172.16.240.3 255.255.255.0
+
!
ip helper-address 172.16.241.11
 
standby 240 ip 172.16.240.1
 
standby 240 timers msec 200 msec 800
 
standby 240 priority 110
 
standby 240 preempt delay minimum 300
 
 
!
 
!
interface Vlan241
 
description Servere
 
ip address 172.16.241.3 255.255.255.0
 
ip helper-address 172.16.241.11
 
standby 241 ip 172.16.241.1
 
standby 241 timers msec 200 msec 800
 
standby 241 priority 110
 
standby 241 preempt delay minimum 300
 
 
!
 
!
interface Vlan242
 
description CallManager
 
ip address 172.16.242.3 255.255.255.0
 
ip helper-address 172.16.241.11
 
standby 242 ip 172.16.242.1
 
standby 242 timers msec 200 msec 800
 
standby 242 priority 110
 
standby 242 preempt delay minimum 300
 
 
!
 
!
router ospf 1
 
log-adjacency-changes
 
network 172.16.0.0 0.0.255.255 area 0
 
network 192.168.0.0 0.0.0.255 area 0
 
 
!
 
!
ip classless
 
ip http server
 
ip http secure-server
 
 
!
 
!
 +
spanning-tree mode rapid-pvst
 +
spanning-tree etherchannel guard misconfig
 +
spanning-tree extend system-id
 +
spanning-tree vlan 2,7-11 priority 24576
 +
spanning-tree vlan 240-242 priority 28672
 
!
 
!
ip access-list extended Administration
+
vlan internal allocation policy ascending
permit ip any 172.16.240.0 0.0.7.255
 
deny  ip any 172.0.2.0 0.255.248.255
 
deny  ip any 172.0.3.0 0.255.248.255
 
deny  ip any 172.0.4.0 0.255.248.255
 
deny  ip any 172.0.5.0 0.255.248.255
 
deny  ip any 172.0.6.0 0.255.248.255
 
deny  ip any 172.0.7.0 0.255.248.255
 
permit ip any any
 
ip access-list extended Bank
 
permit ip any 172.16.240.0 0.0.7.255
 
deny  ip any 172.0.1.0 0.255.248.255
 
deny  ip any 172.0.3.0 0.255.248.255
 
deny  ip any 172.0.4.0 0.255.248.255
 
deny  ip any 172.0.5.0 0.255.248.255
 
deny  ip any 172.0.6.0 0.255.248.255
 
deny  ip any 172.0.7.0 0.255.248.255
 
permit ip any any
 
ip access-list extended Telefoni
 
permit ip any 172.16.240.0 0.0.7.255
 
deny  ip any 172.0.1.0 0.255.248.255
 
deny  ip any 172.0.2.0 0.255.248.255
 
deny  ip any 172.0.4.0 0.255.248.255
 
deny  ip any 172.0.5.0 0.255.248.255
 
deny  ip any 172.0.6.0 0.255.248.255
 
deny  ip any 172.0.7.0 0.255.248.255
 
permit ip any any
 
 
!
 
!
ip radius source-interface Vlan2
+
ip ssh version 2
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.0.0 0.0.0.255
 
 
!
 
!
snmp-server community PengeBanken RO 1
 
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
 
!
 
!
control-plane
 
 
!
 
!
 +
interface FastEthernet0/1
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
line con 0
+
interface FastEthernet0/2
line vty 5 15
+
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
ntp clock-period 36029150
+
interface FastEthernet0/3
ntp server 172.16.255.10
+
switchport trunk encapsulation dot1q
end
+
switchport mode trunk
</pre>
+
mls qos trust cos
==VIA01RT==
+
spanning-tree guard root
<pre>
 
version 12.4
 
service timestamps debug datetime msec
 
service timestamps log datetime msec
 
no service password-encryption
 
 
!
 
!
hostname VIA01RT
+
interface FastEthernet0/4
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
boot-start-marker
+
interface FastEthernet0/5
boot-end-marker
+
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
enable secret 5 $1$jcK0$h6.iMf2Chj5ZSmadD8YJb1
+
interface FastEthernet0/6
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
aaa new-model
+
interface FastEthernet0/7
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/8
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
aaa authentication login default group radius local
+
interface FastEthernet0/9
aaa authorization exec default group radius local
+
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
aaa session-id common
+
interface FastEthernet0/10
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
resource policy
+
interface FastEthernet0/11
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
ip cef
+
interface FastEthernet0/12
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/13
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/14
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/15
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
ip domain name pengebanken.dk
+
interface FastEthernet0/16
ip name-server 172.16.241.11
+
switchport trunk encapsulation dot1q
ip ssh version 2
+
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/17
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/18
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
voice-card 0
+
interface FastEthernet0/19
!
+
no switchport
!
+
ip address 172.16.255.17 255.255.255.252
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/20
 +
description Til_AHA01SWSL
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,240-242
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/21
 +
description Til_AHA02SWSL
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,240-242
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/22
 +
description Til_AHA01SWOP
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,7-11
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/23
 +
description Til_AHA02SWCO
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,7-11,240-242
 +
switchport mode trunk
 +
mls qos trust cos
 
!
 
!
 +
interface FastEthernet0/24
 +
description Til_AHA01FW
 +
no switchport
 +
ip address 172.16.255.9 255.255.255.252
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
mls qos trust cos
 
!
 
!
 +
interface GigabitEthernet0/1
 
!
 
!
 +
interface GigabitEthernet0/2
 
!
 
!
 +
interface Vlan1
 +
no ip address
 
!
 
!
 +
interface Vlan2
 +
description Management
 +
ip address 192.168.0.2 255.255.255.0
 +
standby 2 ip 192.168.0.1
 +
standby 2 timers msec 200 msec 800
 +
standby 2 priority 110
 +
standby 2 preempt delay minimum 300
 
!
 
!
 +
interface Vlan7
 +
description IT-administration
 +
ip address 172.16.0.2 255.255.255.0
 +
ip helper-address 172.16.241.11
 +
standby 7 ip 172.16.0.1
 +
standby 7 timers msec 200 msec 800
 +
standby 7 priority 110
 +
standby 7 preempt delay minimum 300
 
!
 
!
 +
interface Vlan8
 +
description Common_Services
 +
ip address 172.16.8.2 255.255.255.0
 +
ip helper-address 172.16.241.11
 +
standby 8 ip 172.16.8.1
 +
standby 8 timers msec 200 msec 800
 +
standby 8 priority 110
 +
standby 8 preempt delay minimum 300
 
!
 
!
 +
interface Vlan9
 +
description Administration
 +
ip address 172.16.9.2 255.255.255.0
 +
ip access-group Administration in
 +
ip helper-address 172.16.241.11
 +
standby 9 ip 172.16.9.1
 +
standby 9 timers msec 200 msec 800
 +
standby 9 priority 110
 +
standby 9 preempt delay minimum 300
 
!
 
!
 +
interface Vlan10
 +
description BankRaadgiver
 +
ip address 172.16.10.2 255.255.255.0
 +
ip access-group Bank in
 +
ip helper-address 172.16.241.11
 +
standby 10 ip 172.16.10.1
 +
standby 10 timers msec 200 msec 800
 +
standby 10 priority 110
 +
standby 10 preempt delay minimum 300
 
!
 
!
 +
interface Vlan11
 +
description IP-Telefoni
 +
ip address 172.16.11.2 255.255.255.0
 +
ip access-group Telefoni in
 +
ip helper-address 172.16.241.11
 +
standby 11 ip 172.16.11.1
 +
standby 11 timers msec 200 msec 800
 +
standby 11 priority 110
 +
standby 11 preempt delay minimum 300
 
!
 
!
username admin privilege 15 secret 5 $1$zK2S$Cg6yVpoyI0jjfuRuy6XBb1
+
interface Vlan240
 +
description Servere
 +
ip address 172.16.240.2 255.255.255.0
 +
ip helper-address 172.16.241.11
 +
standby 240 ip 172.16.240.1
 +
standby 240 timers msec 200 msec 800
 
!
 
!
 +
interface Vlan241
 +
description Servere
 +
ip address 172.16.241.2 255.255.255.0
 +
ip helper-address 172.16.241.11
 +
standby 241 ip 172.16.241.1
 +
standby 241 timers msec 200 msec 800
 
!
 
!
class-map match-any MissionCritical-Trust
+
interface Vlan242
  match ip dscp af31
+
description CallManager
class-map match-any VoIP-RTP-Trust
+
  ip address 172.16.242.2 255.255.255.0
  match ip dscp ef
+
  ip helper-address 172.16.241.11
class-map match-any VoIP-Control-Trust
+
  standby 242 ip 172.16.242.1
  match ip dscp cs3
+
  standby 242 timers msec 200 msec 800
class-map match-any Management-Trust
 
  match ip dscp cs2
 
 
!
 
!
 +
router ospf 1
 +
log-adjacency-changes
 +
network 172.16.0.0 0.0.255.255 area 0
 +
network 192.168.0.0 0.0.0.255 area 0
 
!
 
!
policy-map PbPolicy
+
ip classless
class VoIP-RTP-Trust
+
ip http server
  priority percent 25
+
ip http secure-server
class VoIP-Control-Trust
 
  bandwidth percent 5
 
class MissionCritical-Trust
 
  bandwidth percent 40
 
class Management-Trust
 
  bandwidth percent 5
 
class class-default
 
  fair-queue
 
 
!
 
!
!
 
!
 
crypto isakmp policy 10
 
encr aes 256
 
authentication pre-share
 
group 5
 
lifetime 1000
 
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.1
 
 
!
 
!
 +
ip access-list extended Administration
 +
permit ip any 172.16.240.0 0.0.7.255
 +
deny  ip any 172.0.2.0 0.255.248.255
 +
deny  ip any 172.0.3.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
permit ip any any
 +
ip access-list extended Bank
 +
permit ip any 172.16.240.0 0.0.7.255
 +
deny  ip any 172.0.1.0 0.255.248.255
 +
deny  ip any 172.0.3.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
permit ip any any
 +
ip access-list extended Telefoni
 +
permit ip any 172.16.240.0 0.0.7.255
 +
deny  ip any 172.0.1.0 0.255.248.255
 +
deny  ip any 172.0.2.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
permit ip any any
 
!
 
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
+
ip radius source-interface Vlan2
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.0.0 0.0.0.255
 
!
 
!
crypto map PB_crypto_Map 10 ipsec-isakmp
+
snmp-server community PengeBanken RO 1
set peer 10.1.1.1
+
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
set transform-set PB-TransformSet
 
match address Tunnel1_til_Aarhus
 
 
!
 
!
 +
control-plane
 
!
 
!
 
!
 
!
 +
line con 0
 +
line vty 5 15
 
!
 
!
 +
ntp clock-period 36029105
 +
ntp server 172.16.255.10
 +
end
 +
</pre>
 +
 +
==AHA02SWCO==
 +
<pre>
 +
version 12.2
 +
no service pad
 +
service timestamps debug datetime msec
 +
service timestamps log datetime msec
 +
no service password-encryption
 
!
 
!
interface Tunnel1
+
hostname AHA02SWCO
ip address 172.16.254.2 255.255.255.252
 
ip mtu 1420
 
tunnel source FastEthernet0/0
 
tunnel destination 10.1.1.1
 
!
 
interface FastEthernet0/0
 
description Internet
 
ip address 10.1.1.2 255.255.255.0
 
duplex auto
 
speed auto
 
crypto map PB_crypto_Map
 
 
!
 
!
interface FastEthernet0/1
+
boot-start-marker
description Til_VIA02SWCO
+
boot-end-marker
ip address 172.17.255.6 255.255.255.252
 
ip ospf network point-to-point
 
ip ospf dead-interval minimal hello-multiplier 3
 
duplex auto
 
speed auto
 
service-policy output PbPolicy
 
 
!
 
!
interface Serial0/1/0
+
enable secret 5 $1$GxFl$DbYT2MdQ4yNpD7UJ9Iv1S1
no ip address
 
shutdown
 
no fair-queue
 
clock rate 125000
 
 
!
 
!
interface Serial0/1/1
+
username admin privilege 15 secret 5 $1$m/MH$fgaAuE./eyP8ThL58GW/N0
no ip address
+
aaa new-model
shutdown
 
clock rate 125000
 
 
!
 
!
interface Serial0/2/0
 
no ip address
 
shutdown
 
clock rate 2000000
 
 
!
 
!
router ospf 1
+
aaa authentication login default group radius local
log-adjacency-changes
+
aaa authorization exec default group radius local
redistribute bgp 65002 metric 255 subnets
 
network 172.17.255.6 0.0.0.0 area 0
 
default-information originate metric 255
 
 
!
 
!
router bgp 65002
 
no synchronization
 
bgp log-neighbor-changes
 
redistribute static
 
redistribute ospf 1 match internal external 1 external 2
 
neighbor 172.16.254.1 remote-as 65001
 
neighbor 172.16.254.1 description AHA01FW
 
neighbor 172.16.254.1 route-map 65002-RMAP-IN in
 
neighbor 172.16.254.1 route-map 65002-RMAP-OUT out
 
default-information originate
 
no auto-summary
 
 
!
 
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
 
 
!
 
!
 +
aaa session-id common
 +
system mtu routing 1500
 +
ip subnet-zero
 +
ip routing
 +
ip domain-name pengebanken.dk
 +
ip name-server 172.16.241.11
 
!
 
!
ip http server
 
no ip http secure-server
 
 
!
 
!
ip access-list extended Tunnel1_til_Aarhus
 
permit gre host 10.1.1.2 host 10.1.1.1
 
 
!
 
!
 +
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 +
mls qos srr-queue input bandwidth 90 10
 +
mls qos srr-queue input threshold 1 8 16
 +
mls qos srr-queue input threshold 2 34 66
 +
mls qos srr-queue input buffers 67 33
 +
mls qos srr-queue input cos-map queue 1 threshold 2 1
 +
mls qos srr-queue input cos-map queue 1 threshold 3 0
 +
mls qos srr-queue input cos-map queue 2 threshold 1 2
 +
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
 +
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
 +
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
 +
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
 +
mls qos srr-queue input dscp-map queue 1 threshold 3 32
 +
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
 +
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
 +
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
 +
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
 +
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
 +
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
 +
mls qos srr-queue output cos-map queue 1 threshold 3 5
 +
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
 +
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
 +
mls qos srr-queue output cos-map queue 4 threshold 2 1
 +
mls qos srr-queue output cos-map queue 4 threshold 3 0
 +
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
 +
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
 +
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
 +
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
 +
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
 +
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
 +
mls qos srr-queue output dscp-map queue 4 threshold 1 8
 +
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
 +
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
 +
mls qos queue-set output 1 threshold 1 138 138 92 138
 +
mls qos queue-set output 1 threshold 2 138 138 92 400
 +
mls qos queue-set output 1 threshold 3 36 77 100 318
 +
mls qos queue-set output 1 threshold 4 20 50 67 400
 +
mls qos queue-set output 2 threshold 1 149 149 100 149
 +
mls qos queue-set output 2 threshold 2 118 118 100 235
 +
mls qos queue-set output 2 threshold 3 41 68 100 272
 +
mls qos queue-set output 2 threshold 4 42 72 100 242
 +
mls qos queue-set output 1 buffers 10 10 26 54
 +
mls qos queue-set output 2 buffers 16 6 17 61
 +
mls qos
 
!
 
!
ip prefix-list 65002-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
+
crypto pki trustpoint TP-self-signed-3566145536
!
+
enrollment selfsigned
ip prefix-list 65002-PRE-IN seq 5 deny 172.17.0.0/16 le 32
+
subject-name cn=IOS-Self-Signed-Certificate-3566145536
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
+
revocation-check none
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
+
rsakeypair TP-self-signed-3566145536
ip radius source-interface FastEthernet0/1
 
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.7.0 0.0.0.255
 
snmp-server community PengeBanken RO 1
 
!
 
 
!
 
!
 
!
 
!
route-map 65002-RMAP-IN permit 10
+
crypto pki certificate chain TP-self-signed-3566145536
  match ip address prefix-list 65002-PRE-IN
+
  certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer
 
!
 
!
route-map 65002-RMAP-OUT permit 10
 
match ip address prefix-list 65002-PLIST-OUT
 
set as-path prepend 65002 65002 65002 65002 65002 65002 65002
 
 
!
 
!
 
!
 
!
 
!
 
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
 
!
 
!
control-plane
 
 
!
 
!
 +
spanning-tree mode rapid-pvst
 +
spanning-tree etherchannel guard misconfig
 +
spanning-tree extend system-id
 +
spanning-tree vlan 2,7-11 priority 28672
 +
spanning-tree vlan 240-242 priority 24576
 
!
 
!
 +
vlan internal allocation policy ascending
 
!
 
!
 +
ip ssh version 2
 
!
 
!
 
!
 
!
 
!
 
!
 +
interface FastEthernet0/1
 +
description Til_AHA01RTVG
 +
switchport access vlan 242
 +
switchport mode access
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/2
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/3
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/4
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
line con 0
+
interface FastEthernet0/5
line aux 0
+
switchport trunk encapsulation dot1q
line vty 0 4
+
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
scheduler allocate 20000 1000
+
interface FastEthernet0/6
ntp server 172.16.255.10
+
switchport trunk encapsulation dot1q
end
+
switchport mode trunk
</pre>
+
mls qos trust cos
 
+
spanning-tree guard root
==AHA01SWOP==
 
 
 
<pre>
 
version 12.1
 
no service pad
 
service timestamps debug uptime
 
service timestamps log uptime
 
no service password-encryption
 
 
!
 
!
hostname AHA01SWOP
+
interface FastEthernet0/7
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
aaa new-model
+
interface FastEthernet0/8
aaa authentication login default group radius local
+
switchport trunk encapsulation dot1q
aaa authorization exec default group radius local
+
switchport mode trunk
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
+
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
+
interface FastEthernet0/9
wrr-queue bandwidth 10 20 70 1
+
switchport trunk encapsulation dot1q
wrr-queue cos-map 1 0 1
+
switchport mode trunk
wrr-queue cos-map 2 2 4
+
mls qos trust cos
wrr-queue cos-map 3 3 6 7
+
spanning-tree guard root
wrr-queue cos-map 4 5
 
errdisable recovery cause psecure-violation
 
errdisable recovery interval 600
 
 
!
 
!
class-map match-all ManagementSNMP
+
interface FastEthernet0/10
  match access-group name MatchSNMP
+
switchport trunk encapsulation dot1q
class-map match-all ManagementNF
+
switchport mode trunk
  match access-group name MatchNF
+
mls qos trust cos
class-map match-all MissionCritical
+
spanning-tree guard root
  match access-group name MatchBANK
 
class-map match-all ManagementRDP
 
  match access-group name MatchRDP
 
class-map match-all ManagementSSH
 
  match access-group name MatchSSH
 
 
!
 
!
 +
interface FastEthernet0/11
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
policy-map PbPolicy
+
interface FastEthernet0/12
  class MissionCritical
+
switchport trunk encapsulation dot1q
    set ip dscp 26
+
switchport mode trunk
  class ManagementRDP
+
mls qos trust cos
    set ip dscp 16
+
spanning-tree guard root
  class ManagementSNMP
 
    set ip dscp 16
 
  class ManagementNF
 
    set ip dscp 16
 
  class ManagementSSH
 
    set ip dscp 16
 
 
!
 
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
+
interface FastEthernet0/13
ip subnet-zero
+
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
ip domain-name pengebanken.dk
+
interface FastEthernet0/14
ip name-server 172.16.241.11
+
switchport trunk encapsulation dot1q
ip ssh time-out 120
+
switchport mode trunk
ip ssh authentication-retries 3
+
mls qos trust cos
ip ssh version 2
+
spanning-tree guard root
 
!
 
!
no file verify auto
+
interface FastEthernet0/15
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
spanning-tree mode rapid-pvst
+
interface FastEthernet0/16
no spanning-tree optimize bpdu transmission
+
switchport trunk encapsulation dot1q
spanning-tree extend system-id
+
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/17
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/18
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
 +
interface FastEthernet0/19
 +
description Til_AHA01FW
 +
no switchport
 +
ip address 172.16.255.21 255.255.255.252
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
mls qos trust cos
 +
spanning-tree guard root
 
!
 
!
interface FastEthernet0/1
+
interface FastEthernet0/20
  description < Office-Phone >
+
  description Til_AHA01SWSL
  switchport access vlan 7
+
  switchport trunk encapsulation dot1q
  switchport mode access
+
  switchport trunk allowed vlan 2,240-242
switchport voice vlan 11
+
  switchport mode trunk
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust dscp
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/2
 
description < Office-Phone >
 
switchport access vlan 7
 
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone
+
  spanning-tree guard root
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/3
+
interface FastEthernet0/21
  description < Office-Phone >
+
  description Til_AHA02SWSL
switchport access vlan 7
+
  switchport trunk encapsulation dot1q
  switchport mode access
+
  switchport trunk allowed vlan 2,240-242
  switchport voice vlan 11
+
  switchport mode trunk
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
  switchport port-security aging type inactivity
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone
+
  spanning-tree guard root
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/4
+
interface FastEthernet0/22
  description < Office-Phone >
+
  description Til_AHA01SWOP
switchport access vlan 7
+
  switchport trunk encapsulation dot1q
  switchport mode access
+
  switchport trunk allowed vlan 2,7-11
  switchport voice vlan 11
+
  switchport mode trunk
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
  switchport port-security aging type inactivity
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone
+
  spanning-tree guard root
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/5
+
interface FastEthernet0/23
  description < Office-Phone >
+
  description Til_AHA01SWCO
  switchport access vlan 9
+
switchport trunk encapsulation dot1q
  switchport mode access
+
  switchport trunk allowed vlan 2,7-11,240-242
  switchport voice vlan 11
+
  switchport mode trunk
  switchport port-security
+
mls qos trust cos
  switchport port-security maximum 2
+
!
  switchport port-security aging time 2
+
interface FastEthernet0/24
  switchport port-security aging type inactivity
+
  description Til_AHA01RT
 +
  no switchport
 +
  ip address 172.16.255.6 255.255.255.252
 +
  ip ospf network point-to-point
 +
  ip ospf dead-interval minimal hello-multiplier 3
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/6
+
interface GigabitEthernet0/1
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/7
+
interface GigabitEthernet0/2
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/8
+
interface Vlan1
  description < Office-Phone >
+
  no ip address
switchport access vlan 9
+
!
switchport mode access
+
interface Vlan2
  switchport voice vlan 11
+
  description Management
  switchport port-security
+
  ip address 192.168.0.3 255.255.255.0
  switchport port-security maximum 2
+
  standby 2 ip 192.168.0.1
  switchport port-security aging time 2
+
  standby 2 timers msec 200 msec 800
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/9
+
interface Vlan7
  description < Office-Phone >
+
  description IT-administration
  switchport access vlan 9
+
  ip address 172.16.0.3 255.255.255.0
  switchport mode access
+
  ip helper-address 172.16.241.11
switchport voice vlan 11
+
  standby 7 ip 172.16.0.1
  switchport port-security
+
  standby 7 timers msec 200 msec 800
switchport port-security maximum 2
 
switchport port-security aging time 2
 
  switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/10
+
interface Vlan8
  description < Office-Phone >
+
  description Common_Services
  switchport access vlan 9
+
  ip address 172.16.8.3 255.255.255.0
  switchport mode access
+
  ip helper-address 172.16.241.11
switchport voice vlan 11
+
  standby 8 ip 172.16.8.1
  switchport port-security
+
  standby 8 timers msec 200 msec 800
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/11
+
interface Vlan9
  description < Office-Phone >
+
  description Administration
  switchport access vlan 9
+
  ip address 172.16.9.3 255.255.255.0
  switchport mode access
+
  ip access-group Administration in
switchport voice vlan 11
+
  ip helper-address 172.16.241.11
switchport port-security
+
  standby 9 ip 172.16.9.1
  switchport port-security maximum 2
+
  standby 9 timers msec 200 msec 800
  switchport port-security aging time 2
 
  switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/12
+
interface Vlan10
  description < Office-Phone >
+
  description BankRaadgiver
  switchport access vlan 9
+
  ip address 172.16.10.3 255.255.255.0
  switchport mode access
+
  ip access-group Bank in
switchport voice vlan 11
+
  ip helper-address 172.16.241.11
switchport port-security
+
  standby 10 ip 172.16.10.1
  switchport port-security maximum 2
+
  standby 10 timers msec 200 msec 800
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/13
+
interface Vlan11
  description < Office-Phone >
+
  description IP-Telefoni
  switchport access vlan 7
+
  ip address 172.16.11.3 255.255.255.0
  switchport mode access
+
  ip access-group Telefoni in
switchport voice vlan 11
+
  ip helper-address 172.16.241.11
switchport port-security
+
  standby 11 ip 172.16.11.1
  switchport port-security maximum 2
+
  standby 11 timers msec 200 msec 800
  switchport port-security aging time 2
 
  switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/14
+
interface Vlan240
  description < Office-Phone >
+
  description Servere
  switchport access vlan 9
+
  ip address 172.16.240.3 255.255.255.0
  switchport mode access
+
  ip helper-address 172.16.241.11
switchport voice vlan 11
+
  standby 240 ip 172.16.240.1
  switchport port-security
+
  standby 240 timers msec 200 msec 800
switchport port-security maximum 2
+
  standby 240 priority 110
switchport port-security aging time 2
+
  standby 240 preempt delay minimum 300
switchport port-security aging type inactivity
 
mls qos trust cos
 
  macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/15
+
interface Vlan241
  description < Office-Phone >
+
  description Servere
  switchport access vlan 9
+
  ip address 172.16.241.3 255.255.255.0
  switchport mode access
+
  ip helper-address 172.16.241.11
switchport voice vlan 11
+
  standby 241 ip 172.16.241.1
  switchport port-security
+
  standby 241 timers msec 200 msec 800
switchport port-security maximum 2
+
  standby 241 priority 110
switchport port-security aging time 2
+
  standby 241 preempt delay minimum 300
switchport port-security aging type inactivity
 
mls qos trust cos
 
  macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/16
+
interface Vlan242
  description < Office-Phone >
+
  description CallManager
  switchport access vlan 9
+
  ip address 172.16.242.3 255.255.255.0
  switchport mode access
+
  ip helper-address 172.16.241.11
  switchport voice vlan 11
+
  standby 242 ip 172.16.242.1
  switchport port-security
+
  standby 242 timers msec 200 msec 800
  switchport port-security maximum 2
+
  standby 242 priority 110
  switchport port-security aging time 2
+
  standby 242 preempt delay minimum 300
switchport port-security aging type inactivity
+
!
mls qos trust cos
+
router ospf 1
  macro description cisco-phone
+
  log-adjacency-changes
  spanning-tree portfast
+
  network 172.16.0.0 0.0.255.255 area 0
  spanning-tree bpduguard enable
+
  network 192.168.0.0 0.0.0.255 area 0
 
!
 
!
interface FastEthernet0/17
+
ip classless
description < Office-Phone >
+
ip http server
switchport access vlan 9
+
ip http secure-server
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/18
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/19
+
ip access-list extended Administration
  description < Office-Phone >
+
permit ip any 172.16.240.0 0.0.7.255
  switchport access vlan 9
+
deny  ip any 172.0.2.0 0.255.248.255
  switchport mode access
+
deny  ip any 172.0.3.0 0.255.248.255
  switchport voice vlan 11
+
deny  ip any 172.0.4.0 0.255.248.255
  switchport port-security
+
deny  ip any 172.0.5.0 0.255.248.255
  switchport port-security maximum 2
+
deny  ip any 172.0.6.0 0.255.248.255
  switchport port-security aging time 2
+
deny  ip any 172.0.7.0 0.255.248.255
  switchport port-security aging type inactivity
+
  permit ip any any
  mls qos trust cos
+
ip access-list extended Bank
  macro description cisco-phone
+
permit ip any 172.16.240.0 0.0.7.255
spanning-tree portfast
+
deny  ip any 172.0.1.0 0.255.248.255
spanning-tree bpduguard enable
+
  deny  ip any 172.0.3.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
  permit ip any any
 +
ip access-list extended Telefoni
 +
  permit ip any 172.16.240.0 0.0.7.255
 +
  deny  ip any 172.0.1.0 0.255.248.255
 +
  deny  ip any 172.0.2.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
  deny  ip any 172.0.5.0 0.255.248.255
 +
  deny  ip any 172.0.6.0 0.255.248.255
 +
  deny  ip any 172.0.7.0 0.255.248.255
 +
  permit ip any any
 +
!
 +
ip radius source-interface Vlan2
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.0.0 0.0.0.255
 
!
 
!
interface FastEthernet0/20
+
snmp-server community PengeBanken RO 1
description < Office-Phone >
+
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
switchport access vlan 9
+
!
switchport mode access
+
control-plane
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/21
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/22
+
line con 0
description < Office-Phone >
+
line vty 5 15
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface FastEthernet0/23
+
ntp clock-period 36029150
description < Office-Phone >
+
ntp server 172.16.255.10
switchport access vlan 9
+
end
switchport mode access
+
</pre>
switchport voice vlan 11
+
 
switchport port-security
+
==AHA01SWOP==
switchport port-security maximum 2
+
 
switchport port-security aging time 2
+
<pre>
switchport port-security aging type inactivity
+
version 12.1
mls qos trust cos
+
no service pad
macro description cisco-phone
+
service timestamps debug uptime
spanning-tree portfast
+
service timestamps log uptime
spanning-tree bpduguard enable
+
no service password-encryption
 
!
 
!
interface FastEthernet0/24
+
hostname AHA01SWOP
description < Office-Phone >
 
switchport access vlan 7
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust cos
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
interface GigabitEthernet0/1
+
aaa new-model
description <Uplink to AHA01SWCO >
+
aaa authentication login default group radius local
switchport mode trunk
+
aaa authorization exec default group radius local
speed 10
+
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
mls qos trust cos
 
 
!
 
!
interface GigabitEthernet0/2
+
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
description <Uplink to AHA02SWCO >
+
wrr-queue bandwidth 10 20 70 1
switchport mode trunk
+
wrr-queue cos-map 1 0 1
speed 10
+
wrr-queue cos-map 2 2 4
mls qos trust cos
+
wrr-queue cos-map 3 3 6 7
 +
wrr-queue cos-map 4 5
 +
errdisable recovery cause psecure-violation
 +
errdisable recovery interval 600
 
!
 
!
interface Vlan1
+
class-map match-all ManagementSNMP
no ip address
+
  match access-group name MatchSNMP
no ip route-cache
+
class-map match-all ManagementNF
shutdown
+
  match access-group name MatchNF
 +
class-map match-all MissionCritical
 +
  match access-group name MatchBANK
 +
class-map match-all ManagementRDP
 +
  match access-group name MatchRDP
 +
class-map match-all ManagementSSH
 +
  match access-group name MatchSSH
 
!
 
!
interface Vlan2
 
ip address 192.168.0.4 255.255.255.0
 
no ip route-cache
 
 
!
 
!
ip default-gateway 192.168.0.1
+
policy-map PbPolicy
ip http server
+
  class MissionCritical
!
+
    set ip dscp 26
ip access-list extended MatchBANK
+
  class ManagementRDP
permit tcp any any eq 8439
+
    set ip dscp 16
ip access-list extended MatchNF
+
  class ManagementSNMP
permit udp any any eq 9000
+
    set ip dscp 16
ip access-list extended MatchRDP
+
  class ManagementNF
permit tcp any any eq 3389
+
    set ip dscp 16
ip access-list extended MatchSNMP
+
  class ManagementSSH
permit udp any any eq 167
+
    set ip dscp 16
ip access-list extended MatchSSH
+
!
permit tcp any any eq 22
+
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip radius source-interface Vlan2
+
ip subnet-zero
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.0.0 0.0.0.255
 
snmp-server community PengeBanken RO 1
 
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
radius-server retransmit 3
 
 
!
 
!
line con 0
+
ip domain-name pengebanken.dk
line vty 0 4
+
ip name-server 172.16.241.11
access-class 1 in
+
ip ssh time-out 120
length 0
+
ip ssh authentication-retries 3
transport input ssh
+
ip ssh version 2
line vty 5 15
 
 
!
 
!
ntp clock-period 17179832
+
no file verify auto
ntp server 172.16.255.10
 
 
!
 
!
end
+
spanning-tree mode rapid-pvst
</pre>
+
no spanning-tree optimize bpdu transmission
 
+
spanning-tree extend system-id
==AHA01SWSL==
 
 
 
<pre>
 
version 12.1
 
no service pad
 
service timestamps debug uptime
 
service timestamps log uptime
 
no service password-encryption
 
 
!
 
!
hostname AHA01SWSL
 
 
!
 
!
aaa new-model
 
aaa authentication login default group radius local
 
aaa authorization exec default group radius local
 
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
 
!
 
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
wrr-queue bandwidth 10 20 70 1
 
wrr-queue cos-map 1 0 1
 
wrr-queue cos-map 2 2 4
 
wrr-queue cos-map 3 3 6 7
 
wrr-queue cos-map 4 5
 
 
!
 
!
class-map match-all ManagementSNMP
+
interface FastEthernet0/1
  match access-group name MatchSNMP
+
description < Office-Phone >
class-map match-all ManagementNF
+
switchport access vlan 7
  match access-group name MatchNF
+
switchport mode access
class-map match-all MissionCritical
+
switchport voice vlan 11
  match access-group name MatchBANK
+
switchport port-security
class-map match-all ManagementRDP
+
switchport port-security maximum 2
  match access-group name MatchRDP
+
switchport port-security aging time 2
class-map match-all ManagementSSH
+
switchport port-security aging type inactivity
  match access-group name MatchSSH
+
mls qos trust dscp
 +
macro description cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
!
+
interface FastEthernet0/2
policy-map PbPolicy
+
  description < Office-Phone >
  class MissionCritical
+
  switchport access vlan 7
    set ip dscp 26
 
  class ManagementRDP
 
    set ip dscp 16
 
  class ManagementSNMP
 
    set ip dscp 16
 
  class ManagementNF
 
    set ip dscp 16
 
  class ManagementSSH
 
    set ip dscp 16
 
!
 
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 
ip subnet-zero
 
!
 
ip domain-name pengebanken.dk
 
ip name-server 172.16.241.11
 
ip ssh time-out 120
 
ip ssh authentication-retries 3
 
ip ssh version 2
 
!
 
no file verify auto
 
!
 
spanning-tree mode rapid-pvst
 
no spanning-tree optimize bpdu transmission
 
spanning-tree extend system-id
 
!
 
!
 
!
 
!
 
interface FastEthernet0/1
 
  description < Server >
 
switchport access vlan 241
 
switchport mode access
 
mls qos trust cos
 
spanning-tree portfast
 
!
 
interface FastEthernet0/2
 
description < Server >
 
  switchport access vlan 241
 
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/3
 
interface FastEthernet0/3
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 7
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/4
 
interface FastEthernet0/4
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 7
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/5
 
interface FastEthernet0/5
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/6
 
interface FastEthernet0/6
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/7
 
interface FastEthernet0/7
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/8
 
interface FastEthernet0/8
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/9
 
interface FastEthernet0/9
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/10
 
interface FastEthernet0/10
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/11
 
interface FastEthernet0/11
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/12
 
interface FastEthernet0/12
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 241
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/13
 
interface FastEthernet0/13
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 7
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/14
 
interface FastEthernet0/14
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/15
 
interface FastEthernet0/15
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/16
 
interface FastEthernet0/16
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/17
 
interface FastEthernet0/17
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/18
 
interface FastEthernet0/18
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/19
 
interface FastEthernet0/19
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/20
 
interface FastEthernet0/20
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/21
 
interface FastEthernet0/21
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/22
 
interface FastEthernet0/22
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/23
 
interface FastEthernet0/23
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 9
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/24
 
interface FastEthernet0/24
  description < Server >
+
  description < Office-Phone >
  switchport access vlan 242
+
  switchport access vlan 7
 
  switchport mode access
 
  switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 
  mls qos trust cos
 
  mls qos trust cos
 +
macro description cisco-phone
 
  spanning-tree portfast
 
  spanning-tree portfast
 +
spanning-tree bpduguard enable
 
!
 
!
 
interface GigabitEthernet0/1
 
interface GigabitEthernet0/1
 
  description <Uplink to AHA01SWCO >
 
  description <Uplink to AHA01SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 +
speed 10
 
  mls qos trust cos
 
  mls qos trust cos
 
!
 
!
Line 2,728: Line 3,024:
 
  description <Uplink to AHA02SWCO >
 
  description <Uplink to AHA02SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 +
speed 10
 
  mls qos trust cos
 
  mls qos trust cos
 
!
 
!
Line 2,736: Line 3,033:
 
!
 
!
 
interface Vlan2
 
interface Vlan2
  ip address 192.168.0.5 255.255.255.0
+
  ip address 192.168.0.4 255.255.255.0
 
  no ip route-cache
 
  no ip route-cache
 
!
 
!
Line 2,766: Line 3,063:
 
line vty 5 15
 
line vty 5 15
 
!
 
!
ntp clock-period 17179994
+
ntp clock-period 17179832
 
ntp server 172.16.255.10
 
ntp server 172.16.255.10
 
!
 
!
Line 2,772: Line 3,069:
 
</pre>
 
</pre>
  
==AHA02SWSL==
+
==AHA01SWSL==
  
 
<pre>
 
<pre>
Line 2,781: Line 3,078:
 
no service password-encryption
 
no service password-encryption
 
!
 
!
hostname AHA02SWSL
+
hostname AHA01SWSL
 
!
 
!
 
aaa new-model
 
aaa new-model
Line 3,021: Line 3,318:
 
!
 
!
 
interface Vlan2
 
interface Vlan2
  ip address 192.168.0.6 255.255.255.0
+
  ip address 192.168.0.5 255.255.255.0
 
  no ip route-cache
 
  no ip route-cache
 
!
 
!
Line 3,051: Line 3,348:
 
line vty 5 15
 
line vty 5 15
 
!
 
!
ntp clock-period 17180096
+
ntp clock-period 17179994
 
ntp server 172.16.255.10
 
ntp server 172.16.255.10
 
!
 
!
Line 3,057: Line 3,354:
 
</pre>
 
</pre>
  
==VIA01SWOP==
+
==AHA02SWSL==
  
 
<pre>
 
<pre>
Line 3,066: Line 3,363:
 
no service password-encryption
 
no service password-encryption
 
!
 
!
hostname VIA01SWOP
+
hostname AHA02SWSL
 
!
 
!
 
aaa new-model
 
aaa new-model
Line 3,079: Line 3,376:
 
wrr-queue cos-map 3 3 6 7
 
wrr-queue cos-map 3 3 6 7
 
wrr-queue cos-map 4 5
 
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
 
errdisable recovery interval 600
 
 
!
 
!
 
class-map match-all ManagementSNMP
 
class-map match-all ManagementSNMP
Line 3,114: Line 3,409:
 
ip ssh authentication-retries 3
 
ip ssh authentication-retries 3
 
ip ssh version 2
 
ip ssh version 2
vtp domain BEO-LY
 
vtp mode transparent
 
 
!
 
!
 
no file verify auto
 
no file verify auto
Line 3,125: Line 3,418:
 
!
 
!
 
!
 
!
!
 
vlan 2,8-9
 
!
 
vlan 10
 
name LYOLAN
 
!
 
vlan 11
 
 
!
 
!
 
interface FastEthernet0/1
 
interface FastEthernet0/1
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/2
 
interface FastEthernet0/2
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/3
 
interface FastEthernet0/3
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/4
 
interface FastEthernet0/4
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/5
 
interface FastEthernet0/5
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/6
 
interface FastEthernet0/6
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
+
  mls qos trust cos
switchport port-security
+
  spanning-tree portfast
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
  mls qos trust cos
 
macro description cisco-phone | cisco-phone
 
  spanning-tree portfast
 
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/7
 
interface FastEthernet0/7
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/8
 
interface FastEthernet0/8
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/9
 
interface FastEthernet0/9
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/10
 
interface FastEthernet0/10
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/11
 
interface FastEthernet0/11
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/12
 
interface FastEthernet0/12
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 9
+
  switchport access vlan 241
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/13
 
interface FastEthernet0/13
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
+
  mls qos trust cos
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
  mls qos trust cos
 
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/14
 
interface FastEthernet0/14
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/15
 
interface FastEthernet0/15
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/16
 
interface FastEthernet0/16
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/17
 
interface FastEthernet0/17
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/18
 
interface FastEthernet0/18
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/19
 
interface FastEthernet0/19
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/20
 
interface FastEthernet0/20
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
+
  mls qos trust cos
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
  mls qos trust cos
 
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/21
 
interface FastEthernet0/21
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/22
 
interface FastEthernet0/22
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/23
 
interface FastEthernet0/23
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/24
 
interface FastEthernet0/24
  description < Office-Phone >
+
  description < Server >
  switchport access vlan 8
+
  switchport access vlan 242
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
service-policy input PbPolicy
 
 
  mls qos trust cos
 
  mls qos trust cos
macro description cisco-phone | cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface GigabitEthernet0/1
 
interface GigabitEthernet0/1
  description <Uplink to VIA01SWCO >
+
  description <Uplink to AHA01SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 
  mls qos trust cos
 
  mls qos trust cos
 
!
 
!
 
interface GigabitEthernet0/2
 
interface GigabitEthernet0/2
  description <Uplink to VI02SWCO >
+
  description <Uplink to AHA02SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 
  mls qos trust cos
 
  mls qos trust cos
Line 3,509: Line 3,603:
 
!
 
!
 
interface Vlan2
 
interface Vlan2
  ip address 192.168.1.4 255.255.255.0
+
  ip address 192.168.0.6 255.255.255.0
 
  no ip route-cache
 
  no ip route-cache
 
!
 
!
ip default-gateway 192.168.1.1
+
ip default-gateway 192.168.0.1
 
ip http server
 
ip http server
 
!
 
!
Line 3,538: Line 3,632:
 
  transport input ssh
 
  transport input ssh
 
line vty 5 15
 
line vty 5 15
transport input ssh
 
 
!
 
!
ntp clock-period 17179912
+
ntp clock-period 17180096
 
ntp server 172.16.255.10
 
ntp server 172.16.255.10
 
!
 
!
Line 3,546: Line 3,639:
 
</pre>
 
</pre>
  
==AAA01SWOP==
 
  
 +
 +
 +
 +
=Filial Viborg=
 +
==VIA02SWCO==
 
<pre>
 
<pre>
version 12.1
+
 
 +
!
 +
version 12.2
 
no service pad
 
no service pad
service timestamps debug uptime
+
service timestamps debug datetime msec
service timestamps log uptime
+
service timestamps log datetime msec
 
no service password-encryption
 
no service password-encryption
 
!
 
!
hostname AAA01SWOP
+
hostname VIA02SWCO
 +
!
 +
enable secret 5 $1$e4ZP$h.AoOqEe1T8g2tm1rGjtj/
 
!
 
!
 +
username admin privilege 15 secret 5 $1$zzrV$FHjI7ZjZ6S9ZWJ8IFxfPQ1
 
aaa new-model
 
aaa new-model
 +
!
 +
!
 
aaa authentication login default group radius local
 
aaa authentication login default group radius local
aaa authorization exec default group radius local
+
aaa authorization exec default group radius local  
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
 
!
 
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
wrr-queue bandwidth 10 20 70 1
 
wrr-queue cos-map 1 0 1
 
wrr-queue cos-map 2 2 4
 
wrr-queue cos-map 3 3 6 7
 
wrr-queue cos-map 4 5
 
errdisable recovery cause psecure-violation
 
errdisable recovery interval 600
 
!
 
class-map match-all ManagementSNMP
 
  match access-group name MatchSNMP
 
class-map match-all ManagementNF
 
  match access-group name MatchNF
 
class-map match-all MissionCritical
 
  match access-group name MatchBANK
 
class-map match-all ManagementRDP
 
  match access-group name MatchRDP
 
class-map match-all ManagementSSH
 
  match access-group name MatchSSH
 
 
!
 
!
 
!
 
!
policy-map PbPolicy
+
aaa session-id common
  class MissionCritical
 
    set ip dscp 26
 
  class ManagementRDP
 
    set ip dscp 16
 
  class ManagementSNMP
 
    set ip dscp 16
 
  class ManagementNF
 
    set ip dscp 16
 
  class ManagementSSH
 
    set ip dscp 16
 
!
 
 
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 +
mls qos min-reserve 5 170
 +
mls qos min-reserve 6 85
 +
mls qos min-reserve 7 51
 +
mls qos min-reserve 8 34
 +
mls qos
 
ip subnet-zero
 
ip subnet-zero
!
+
ip routing
 
ip domain-name pengebanken.dk
 
ip domain-name pengebanken.dk
 
ip name-server 172.16.241.11
 
ip name-server 172.16.241.11
ip ssh time-out 120
 
ip ssh authentication-retries 3
 
ip ssh version 2
 
 
!
 
!
no file verify auto
+
!
 +
!
 +
!
 +
!
 +
!
 
!
 
!
 
spanning-tree mode rapid-pvst
 
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
 
 
spanning-tree extend system-id
 
spanning-tree extend system-id
 +
spanning-tree vlan 2,8-11 priority 28672
 
!
 
!
 +
vlan internal allocation policy ascending
 +
!
 +
ip ssh version 2
 +
!
 +
!
 
!
 
!
 
!
 
!
 
!
 
!
 
interface FastEthernet0/1
 
interface FastEthernet0/1
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/2
 
interface FastEthernet0/2
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/3
 
interface FastEthernet0/3
  description < Office-Phone >
+
  description VIFS01
  switchport access vlan 9
+
  switchport access vlan 8
 
  switchport mode access
 
  switchport mode access
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/4
 
interface FastEthernet0/4
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/5
 
interface FastEthernet0/5
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
+
!
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
!
 
 
interface FastEthernet0/6
 
interface FastEthernet0/6
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/7
 
interface FastEthernet0/7
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/8
 
interface FastEthernet0/8
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
+
  mls qos trust cos
switchport voice vlan 11
+
  spanning-tree guard root
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
  mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/9
 
interface FastEthernet0/9
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/10
 
interface FastEthernet0/10
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/11
 
interface FastEthernet0/11
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/12
 
interface FastEthernet0/12
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/13
 
interface FastEthernet0/13
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/14
 
interface FastEthernet0/14
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/15
 
interface FastEthernet0/15
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/16
 
interface FastEthernet0/16
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
+
  mls qos trust cos
switchport voice vlan 11
+
  spanning-tree guard root
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
  mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/17
 
interface FastEthernet0/17
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/18
 
interface FastEthernet0/18
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
+
!
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
!
 
 
interface FastEthernet0/19
 
interface FastEthernet0/19
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/20
 
interface FastEthernet0/20
description < Office-Phone >
+
  switchport trunk encapsulation dot1q
  switchport access vlan 9
+
  switchport mode trunk
  switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip cisco-phone
+
  spanning-tree guard root
macro description cisco-phone
 
spanning-tree portfast
 
  spanning-tree bpduguard enable
 
 
!
 
!
 
interface FastEthernet0/21
 
interface FastEthernet0/21
  description < Office-Phone >
+
switchport trunk encapsulation dot1q
  switchport access vlan 9
+
switchport mode trunk
  switchport mode access
+
mls qos trust cos
  switchport voice vlan 11
+
spanning-tree guard root
  switchport port-security
+
!
  switchport port-security maximum 2
+
interface FastEthernet0/22
  switchport port-security aging time 2
+
description Til_VIA01SWOP
  switchport port-security aging type inactivity
+
switchport trunk encapsulation dot1q
  mls qos trust device cisco-phone
+
switchport trunk allowed vlan 2,8-11
  mls qos trust cos
+
switchport mode trunk
  auto qos voip cisco-phone
+
mls qos trust cos
  macro description cisco-phone
+
spanning-tree guard root
  spanning-tree portfast
+
!
  spanning-tree bpduguard enable
+
interface FastEthernet0/23
!
+
description Til_VIA01SWCO1
interface FastEthernet0/22
+
switchport trunk encapsulation dot1q
  description < Office-Phone >
+
switchport trunk allowed vlan 2,8-11
  switchport access vlan 9
+
switchport mode trunk
  switchport mode access
+
mls qos trust cos
  switchport voice vlan 11
+
!
  switchport port-security
+
interface FastEthernet0/24
  switchport port-security maximum 2
+
description Til_VIA01RT
  switchport port-security aging time 2
+
no switchport
  switchport port-security aging type inactivity
+
ip address 172.17.255.5 255.255.255.252
  mls qos trust device cisco-phone
+
ip ospf network point-to-point
  mls qos trust cos
+
ip ospf dead-interval minimal hello-multiplier 3
  auto qos voip cisco-phone
+
mls qos trust cos
  macro description cisco-phone
+
!
  spanning-tree portfast
+
interface GigabitEthernet0/1
  spanning-tree bpduguard enable
+
switchport mode dynamic desirable
!
+
!
interface FastEthernet0/23
+
interface GigabitEthernet0/2
  description < Office-Phone >
+
switchport mode dynamic desirable
  switchport access vlan 9
+
!
  switchport mode access
+
interface Vlan1
  switchport voice vlan 11
+
ip address dhcp
  switchport port-security
+
shutdown
  switchport port-security maximum 2
+
!
  switchport port-security aging time 2
+
interface Vlan2
  switchport port-security aging type inactivity
+
description Management
  mls qos trust device cisco-phone
+
ip address 192.168.1.3 255.255.255.0
  mls qos trust cos
+
standby 2 ip 192.168.1.1
  auto qos voip cisco-phone
+
standby 2 timers msec 200 msec 800
  macro description cisco-phone
+
!
  spanning-tree portfast
+
interface Vlan8
 +
description Common_Services
 +
ip address 172.17.8.3 255.255.255.0
 +
standby 8 ip 172.17.8.1
 +
standby 8 timers msec 200 msec 800
 +
!
 +
interface Vlan9
 +
description Administration
 +
ip address 172.17.9.3 255.255.255.0
 +
standby 9 ip 172.17.9.1
 +
standby 9 timers msec 200 msec 800
 +
!
 +
interface Vlan10
 +
description BankRaadgiver
 +
ip address 172.17.10.3 255.255.255.0
 +
standby 10 ip 172.17.10.1
 +
standby 10 timers msec 200 msec 800
 +
!
 +
interface Vlan11
 +
description IP-Telefoni
 +
ip address 172.17.11.3 255.255.255.0
 +
standby 11 ip 172.17.11.1
 +
standby 11 timers msec 200 msec 800
 +
!
 +
router ospf 1
 +
log-adjacency-changes
 +
network 172.17.0.0 0.0.255.255 area 0
 +
network 192.168.1.0 0.0.0.255 area 0
 +
!
 +
ip classless
 +
ip http server
 +
ip http secure-server
 +
!
 +
!
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.7.0 0.0.0.255
 +
snmp-server community PengeBanken RO 1
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
!
 +
control-plane
 +
!
 +
!
 +
line con 0
 +
line vty 5 15
 +
!
 +
ntp server 172.16.255.10
 +
end
 +
</pre>
 +
 
 +
==VIA01SWCO==
 +
<pre>
 +
 
 +
!
 +
version 12.1
 +
no service pad
 +
service timestamps debug uptime
 +
service timestamps log uptime
 +
no service password-encryption
 +
!
 +
hostname VIA01SWCO
 +
!
 +
aaa new-model
 +
aaa authentication login default group radius local
 +
aaa authorization exec default group radius local
 +
enable secret 5 $1$CjQy$2ViWy5DbihxoJ1X.HcDyh1
 +
!
 +
username admin privilege 15 secret 5 $1$U0Sf$m2vxqz9Xpz/ZIGE21E7HY.
 +
ip subnet-zero
 +
ip routing
 +
ip domain-name pengebanken.dk
 +
ip name-server 172.16.241.11
 +
!
 +
!
 +
!
 +
spanning-tree mode rapid-pvst
 +
spanning-tree extend system-id
 +
spanning-tree vlan 2 priority 24576
 +
spanning-tree vlan 8 priority 24576
 +
spanning-tree vlan 9 priority 24576
 +
spanning-tree vlan 10 priority 24576
 +
spanning-tree vlan 11 priority 24576
 +
!
 +
!
 +
!
 +
interface FastEthernet0/1
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/2
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/3
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/4
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/5
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/6
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/7
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/8
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/9
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/10
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/11
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/12
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/13
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/14
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/15
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/16
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/17
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/18
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/19
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/20
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/21
 +
switchport trunk encapsulation dot1q
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/22
 +
description Til_VIA01SWOP
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,8-11
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust cos
 +
spanning-tree guard root
 +
!
 +
interface FastEthernet0/23
 +
description Til_VIA02SWCO
 +
switchport trunk encapsulation dot1q
 +
switchport trunk allowed vlan 2,8-11
 +
switchport mode trunk
 +
no ip address
 +
mls qos trust dscp
 +
!
 +
interface FastEthernet0/24
 +
description Til_TDC MPLS
 +
no switchport
 +
ip address 172.17.255.1 255.255.255.252
 +
mls qos trust cos
 +
!
 +
interface GigabitEthernet0/1
 +
no ip address
 +
!
 +
interface GigabitEthernet0/2
 +
no ip address
 +
!
 +
interface Vlan1
 +
no ip address
 +
shutdown
 +
!
 +
interface Vlan2
 +
description Management
 +
ip address 192.168.1.2 255.255.255.0
 +
no ip redirects
 +
standby 2 ip 192.168.1.1
 +
standby 2 timers msec 200 msec 800
 +
standby 2 priority 110
 +
standby 2 preempt delay minimum 300
 +
!
 +
interface Vlan8
 +
description Common_Services
 +
ip address 172.17.8.2 255.255.255.0
 +
ip helper-address 172.17.8.11
 +
ip helper-address 172.16.241.11
 +
no ip redirects
 +
standby 8 ip 172.17.8.1
 +
standby 8 timers msec 200 msec 800
 +
standby 8 priority 110
 +
standby 8 preempt delay minimum 300
 +
!
 +
interface Vlan9
 +
description Administration
 +
ip address 172.17.9.2 255.255.255.0
 +
ip access-group Administration in
 +
ip helper-address 172.17.8.11
 +
ip helper-address 172.16.241.11
 +
no ip redirects
 +
standby 9 ip 172.17.9.1
 +
standby 9 timers msec 200 msec 800
 +
standby 9 priority 110
 +
standby 9 preempt delay minimum 300
 +
!
 +
interface Vlan10
 +
description BankRaadgiver
 +
ip address 172.17.10.2 255.255.255.0
 +
ip access-group Bank in
 +
ip helper-address 172.17.8.11
 +
ip helper-address 172.16.241.11
 +
no ip redirects
 +
standby 10 ip 172.17.10.1
 +
standby 10 timers msec 200 msec 800
 +
standby 10 priority 110
 +
standby 10 preempt delay minimum 300
 +
!
 +
interface Vlan11
 +
description IP-Telefoni
 +
ip address 172.17.11.2 255.255.255.0
 +
ip access-group Telefoni in
 +
ip helper-address 172.17.8.11
 +
ip helper-address 172.16.241.11
 +
no ip redirects
 +
standby 11 ip 172.17.11.1
 +
standby 11 timers msec 200 msec 800
 +
standby 11 priority 110
 +
standby 11 preempt delay minimum 300
 +
!
 +
router ospf 1
 +
log-adjacency-changes
 +
redistribute bgp 65002 subnets
 +
network 172.17.0.0 0.0.255.255 area 0
 +
network 192.168.1.0 0.0.0.255 area 0
 +
default-information originate
 +
!
 +
router bgp 65002
 +
bgp log-neighbor-changes
 +
redistribute connected
 +
neighbor 172.17.255.2 remote-as 65000
 +
neighbor 172.17.255.2 description TDC_MPLS
 +
neighbor 172.17.255.2 soft-reconfiguration inbound
 +
neighbor 172.17.255.2 route-map 65002-RMAP-IN in
 +
neighbor 172.17.255.2 route-map 65002-RMAP-OUT out
 +
!
 +
ip classless
 +
ip http server
 +
!
 +
ip access-list extended Administration
 +
permit ip any 172.16.240.0 0.0.7.255
 +
deny  ip any 172.0.2.0 0.255.248.255
 +
deny  ip any 172.0.3.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
permit ip any any
 +
ip access-list extended Bank
 +
permit ip any 172.16.240.0 0.0.7.255
 +
deny  ip any 172.0.1.0 0.255.248.255
 +
deny  ip any 172.0.3.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
permit ip any any
 +
ip access-list extended Telefoni
 +
permit ip any 172.16.240.0 0.0.7.255
 +
deny  ip any 172.0.1.0 0.255.248.255
 +
deny  ip any 172.0.2.0 0.255.248.255
 +
deny  ip any 172.0.4.0 0.255.248.255
 +
deny  ip any 172.0.5.0 0.255.248.255
 +
deny  ip any 172.0.6.0 0.255.248.255
 +
deny  ip any 172.0.7.0 0.255.248.255
 +
permit ip any any
 +
ip radius source-interface Vlan2
 +
!
 +
!
 +
ip prefix-list 65002-PRE-IN seq 10 deny 172.17.0.0/16 le 32
 +
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
 +
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
 +
!
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.7.0 0.0.0.255
 +
access-list 101 permit ip any 172.16.240.0 0.0.7.255
 +
access-list 101 deny  ip any 172.0.2.0 0.255.248.255
 +
access-list 101 deny  ip any 172.0.3.0 0.255.248.255
 +
access-list 101 deny  ip any 172.0.4.0 0.255.248.255
 +
access-list 101 deny  ip any 172.0.5.0 0.255.248.255
 +
access-list 101 deny  ip any 172.0.6.0 0.255.248.255
 +
access-list 101 deny  ip any 172.0.7.0 0.255.248.255
 +
access-list 101 permit ip any any
 +
route-map 65002-RMAP-IN permit 10
 +
match ip address prefix-list 65002-PRE-IN
 +
!
 +
route-map 65002-RMAP-OUT permit 10
 +
match ip address prefix-list 65002-PRE-OUT
 +
!
 +
snmp-server community PengeBanken RO 1
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
radius-server retransmit 3
 +
!
 +
line con 0
 +
line vty 5 15
 +
!
 +
end
 +
</pre>
 +
==VIA01RT==
 +
<pre>
 +
version 12.4
 +
service timestamps debug datetime msec
 +
service timestamps log datetime msec
 +
no service password-encryption
 +
!
 +
hostname VIA01RT
 +
!
 +
boot-start-marker
 +
boot-end-marker
 +
!
 +
enable secret 5 $1$jcK0$h6.iMf2Chj5ZSmadD8YJb1
 +
!
 +
aaa new-model
 +
!
 +
!
 +
aaa authentication login default group radius local
 +
aaa authorization exec default group radius local
 +
!
 +
aaa session-id common
 +
!
 +
resource policy
 +
!
 +
ip cef
 +
!
 +
!
 +
!
 +
!
 +
ip domain name pengebanken.dk
 +
ip name-server 172.16.241.11
 +
ip ssh version 2
 +
!
 +
!
 +
!
 +
voice-card 0
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
username admin privilege 15 secret 5 $1$zK2S$Cg6yVpoyI0jjfuRuy6XBb1
 +
!
 +
!
 +
class-map match-any MissionCritical-Trust
 +
match ip dscp af31
 +
class-map match-any VoIP-RTP-Trust
 +
match ip dscp ef
 +
class-map match-any VoIP-Control-Trust
 +
match ip dscp cs3
 +
class-map match-any Management-Trust
 +
match ip dscp cs2
 +
!
 +
!
 +
policy-map PbPolicy
 +
class VoIP-RTP-Trust
 +
  priority percent 25
 +
class VoIP-Control-Trust
 +
  bandwidth percent 5
 +
class MissionCritical-Trust
 +
  bandwidth percent 40
 +
class Management-Trust
 +
  bandwidth percent 5
 +
class class-default
 +
  fair-queue
 +
!
 +
!
 +
!
 +
crypto isakmp policy 10
 +
encr aes 256
 +
authentication pre-share
 +
group 5
 +
lifetime 1000
 +
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.1
 +
!
 +
!
 +
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
 +
!
 +
crypto map PB_crypto_Map 10 ipsec-isakmp
 +
set peer 10.1.1.1
 +
set transform-set PB-TransformSet
 +
match address Tunnel1_til_Aarhus
 +
!
 +
!
 +
!
 +
!
 +
!
 +
interface Tunnel1
 +
ip address 172.16.254.2 255.255.255.252
 +
ip mtu 1420
 +
tunnel source FastEthernet0/0
 +
tunnel destination 10.1.1.1
 +
!
 +
interface FastEthernet0/0
 +
description Internet
 +
ip address 10.1.1.2 255.255.255.0
 +
duplex auto
 +
speed auto
 +
crypto map PB_crypto_Map
 +
!
 +
interface FastEthernet0/1
 +
description Til_VIA02SWCO
 +
ip address 172.17.255.6 255.255.255.252
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
duplex auto
 +
speed auto
 +
service-policy output PbPolicy
 +
!
 +
interface Serial0/1/0
 +
no ip address
 +
shutdown
 +
no fair-queue
 +
clock rate 125000
 +
!
 +
interface Serial0/1/1
 +
no ip address
 +
shutdown
 +
clock rate 125000
 +
!
 +
interface Serial0/2/0
 +
no ip address
 +
shutdown
 +
clock rate 2000000
 +
!
 +
router ospf 1
 +
log-adjacency-changes
 +
redistribute bgp 65002 metric 255 subnets
 +
network 172.17.255.6 0.0.0.0 area 0
 +
default-information originate metric 255
 +
!
 +
router bgp 65002
 +
no synchronization
 +
bgp log-neighbor-changes
 +
redistribute static
 +
redistribute ospf 1 match internal external 1 external 2
 +
neighbor 172.16.254.1 remote-as 65001
 +
neighbor 172.16.254.1 description AHA01FW
 +
neighbor 172.16.254.1 route-map 65002-RMAP-IN in
 +
neighbor 172.16.254.1 route-map 65002-RMAP-OUT out
 +
default-information originate
 +
no auto-summary
 +
!
 +
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
 +
!
 +
!
 +
ip http server
 +
no ip http secure-server
 +
!
 +
ip access-list extended Tunnel1_til_Aarhus
 +
permit gre host 10.1.1.2 host 10.1.1.1
 +
!
 +
!
 +
ip prefix-list 65002-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
 +
!
 +
ip prefix-list 65002-PRE-IN seq 5 deny 172.17.0.0/16 le 32
 +
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
 +
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
 +
ip radius source-interface FastEthernet0/1
 +
access-list 1 permit 172.16.241.17
 +
access-list 1 permit 172.16.7.0 0.0.0.255
 +
snmp-server community PengeBanken RO 1
 +
!
 +
!
 +
!
 +
route-map 65002-RMAP-IN permit 10
 +
match ip address prefix-list 65002-PRE-IN
 +
!
 +
route-map 65002-RMAP-OUT permit 10
 +
match ip address prefix-list 65002-PLIST-OUT
 +
set as-path prepend 65002 65002 65002 65002 65002 65002 65002
 +
!
 +
!
 +
!
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
!
 +
control-plane
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
line con 0
 +
line aux 0
 +
line vty 0 4
 +
!
 +
scheduler allocate 20000 1000
 +
ntp server 172.16.255.10
 +
end
 +
</pre>
 +
==VIA01SWOP==
 +
 
 +
<pre>
 +
version 12.1
 +
no service pad
 +
service timestamps debug uptime
 +
service timestamps log uptime
 +
no service password-encryption
 +
!
 +
hostname VIA01SWOP
 +
!
 +
aaa new-model
 +
aaa authentication login default group radius local
 +
aaa authorization exec default group radius local
 +
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 +
!
 +
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 +
wrr-queue bandwidth 10 20 70 1
 +
wrr-queue cos-map 1 0 1
 +
wrr-queue cos-map 2 2 4
 +
wrr-queue cos-map 3 3 6 7
 +
wrr-queue cos-map 4 5
 +
errdisable recovery cause psecure-violation
 +
errdisable recovery interval 600
 +
!
 +
class-map match-all ManagementSNMP
 +
  match access-group name MatchSNMP
 +
class-map match-all ManagementNF
 +
  match access-group name MatchNF
 +
class-map match-all MissionCritical
 +
  match access-group name MatchBANK
 +
class-map match-all ManagementRDP
 +
  match access-group name MatchRDP
 +
class-map match-all ManagementSSH
 +
  match access-group name MatchSSH
 +
!
 +
!
 +
policy-map PbPolicy
 +
  class MissionCritical
 +
    set ip dscp 26
 +
  class ManagementRDP
 +
    set ip dscp 16
 +
  class ManagementSNMP
 +
    set ip dscp 16
 +
  class ManagementNF
 +
    set ip dscp 16
 +
  class ManagementSSH
 +
    set ip dscp 16
 +
!
 +
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 +
ip subnet-zero
 +
!
 +
ip domain-name pengebanken.dk
 +
ip name-server 172.16.241.11
 +
ip ssh time-out 120
 +
ip ssh authentication-retries 3
 +
ip ssh version 2
 +
vtp domain BEO-LY
 +
vtp mode transparent
 +
!
 +
no file verify auto
 +
!
 +
spanning-tree mode rapid-pvst
 +
no spanning-tree optimize bpdu transmission
 +
spanning-tree extend system-id
 +
!
 +
!
 +
!
 +
!
 +
vlan 2,8-9
 +
!
 +
vlan 10
 +
name LYOLAN
 +
!
 +
vlan 11
 +
!
 +
interface FastEthernet0/1
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/2
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/3
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/4
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/5
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/6
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/7
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/8
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/9
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/10
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/11
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/12
 +
  description < Office-Phone >
 +
  switchport access vlan 9
 +
  switchport mode access
 +
  switchport voice vlan 11
 +
  switchport port-security
 +
  switchport port-security maximum 2
 +
  switchport port-security aging time 2
 +
  switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
  mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/13
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
  mls qos trust cos
 +
  macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/14
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/15
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
  macro description cisco-phone | cisco-phone
 +
  spanning-tree portfast
 +
  spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/16
 +
  description < Office-Phone >
 +
  switchport access vlan 8
 +
  switchport mode access
 +
  switchport voice vlan 11
 +
  switchport port-security
 +
  switchport port-security maximum 2
 +
  switchport port-security aging time 2
 +
  switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
  mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/17
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
  mls qos trust cos
 +
  macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/18
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/19
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
  macro description cisco-phone | cisco-phone
 +
  spanning-tree portfast
 +
  spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/20
 +
  description < Office-Phone >
 +
  switchport access vlan 8
 +
  switchport mode access
 +
  switchport voice vlan 11
 +
  switchport port-security
 +
  switchport port-security maximum 2
 +
  switchport port-security aging time 2
 +
  switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
  mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/21
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
  mls qos trust cos
 +
  macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/22
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
macro description cisco-phone | cisco-phone
 +
spanning-tree portfast
 +
spanning-tree bpduguard enable
 +
!
 +
interface FastEthernet0/23
 +
description < Office-Phone >
 +
switchport access vlan 8
 +
switchport mode access
 +
switchport voice vlan 11
 +
switchport port-security
 +
switchport port-security maximum 2
 +
switchport port-security aging time 2
 +
switchport port-security aging type inactivity
 +
service-policy input PbPolicy
 +
mls qos trust cos
 +
  macro description cisco-phone | cisco-phone
 +
  spanning-tree portfast
 
  spanning-tree bpduguard enable
 
  spanning-tree bpduguard enable
 
!
 
!
 
interface FastEthernet0/24
 
interface FastEthernet0/24
 
  description < Office-Phone >
 
  description < Office-Phone >
  switchport access vlan 9
+
  switchport access vlan 8
 
  switchport mode access
 
  switchport mode access
 
  switchport voice vlan 11
 
  switchport voice vlan 11
Line 3,990: Line 4,897:
 
  switchport port-security aging time 2
 
  switchport port-security aging time 2
 
  switchport port-security aging type inactivity
 
  switchport port-security aging type inactivity
  mls qos trust device cisco-phone
+
  service-policy input PbPolicy
 
  mls qos trust cos
 
  mls qos trust cos
  auto qos voip cisco-phone
+
  macro description cisco-phone | cisco-phone
macro description cisco-phone
 
 
  spanning-tree portfast
 
  spanning-tree portfast
 
  spanning-tree bpduguard enable
 
  spanning-tree bpduguard enable
 
!
 
!
 
interface GigabitEthernet0/1
 
interface GigabitEthernet0/1
  description <Uplink to AAA01SWCO >
+
  description <Uplink to VIA01SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip trust
 
 
!
 
!
 
interface GigabitEthernet0/2
 
interface GigabitEthernet0/2
  description <Uplink to AAA02SWCO >
+
  description <Uplink to VI02SWCO >
 
  switchport mode trunk
 
  switchport mode trunk
 
  mls qos trust cos
 
  mls qos trust cos
auto qos voip trust
 
 
!
 
!
 
interface Vlan1
 
interface Vlan1
Line 4,015: Line 4,919:
 
!
 
!
 
interface Vlan2
 
interface Vlan2
  ip address 192.168.2.4 255.255.255.0
+
  ip address 192.168.1.4 255.255.255.0
 
  no ip route-cache
 
  no ip route-cache
 
!
 
!
ip default-gateway 192.168.2.1
+
ip default-gateway 192.168.1.1
 
ip http server
 
ip http server
 
!
 
!
Line 4,044: Line 4,948:
 
  transport input ssh
 
  transport input ssh
 
line vty 5 15
 
line vty 5 15
 +
transport input ssh
 
!
 
!
ntp clock-period 17180064
+
ntp clock-period 17179912
 
ntp server 172.16.255.10
 
ntp server 172.16.255.10
 
!
 
!
 
end
 
end
 
</pre>
 
</pre>
 +
[[Category:Network]]

Latest revision as of 14:10, 14 September 2009

PengeBanken Konfig filer

Filial Ålborg

AAA01SWOP

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AAA01SWOP
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
errdisable recovery interval 600
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/5
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/11
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/12
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/13
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/21
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/24
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description <Uplink to AAA01SWCO >
 switchport mode trunk
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet0/2
 description <Uplink to AAA02SWCO >
 switchport mode trunk
 mls qos trust cos
 auto qos voip trust
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.2.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.2.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17180064
ntp server 172.16.255.10
!
end

AAA01SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01SWCO
!
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/
!
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 24576
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
! 
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 description AAFS01
 switchport access vlan 8
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA01RT
 no switchport
 ip address 172.18.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description Til_AAA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AAA01SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_TDC MPLS
 no switchport
 ip address 172.18.255.1 255.255.255.252
 mls qos trust cos
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.2.2 255.255.255.0
 standby 2 ip 192.168.2.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.18.8.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 8 ip 172.18.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.18.9.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 9 ip 172.18.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.18.10.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 10 ip 172.18.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.18.11.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 11 ip 172.18.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 network 172.18.0.0 0.0.255.255 area 0
 default-information originate
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 172.18.255.2 remote-as 65000
 neighbor 172.18.255.2 description TDC_MPLS
 neighbor 172.18.255.2 soft-reconfiguration inbound
 neighbor 172.18.255.2 route-map 65003-RMAP-IN in
 neighbor 172.18.255.2 route-map 65003-RMAP-OUT out
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
ip radius source-interface Vlan2 
!
!
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PRE-OUT
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 17179326
ntp server 172.16.255.10
end

AAA01RT

version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.1
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Aarhus
!
!
!
!
!
interface Tunnel1
 description Til_Aarhus
 ip address 172.16.254.6 255.255.255.252
 ip mtu 1420
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.1
 service-policy output PbPolicy
!
interface FastEthernet0/0
 description Internet
 ip address 10.1.1.3 255.255.255.0
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.18.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface Serial0/2/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/2/1
 no ip address
 shutdown
 clock rate 125000
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65003 metric 255 subnets
 network 172.18.255.6 0.0.0.0 area 0
 default-information originate metric 255
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.5 remote-as 65001
 neighbor 172.16.254.5 description AHA01FW
 neighbor 172.16.254.5 route-map 65003-RMAP-IN in
 neighbor 172.16.254.5 route-map 65003-RMAP-OUT out
 default-information originate
 no auto-summary
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
!
!
ip http server
no ip http secure-server
!
ip access-list extended Tunnel1_til_Aarhus
 permit gre host 10.1.1.3 host 10.1.1.1
!
!
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
!
!
!
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PLIST-OUT
 set as-path prepend 65003 65003 65003 65003 65003 65003 65003
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 length 0
!
scheduler allocate 20000 1000
ntp server 172.16.255.10
end

Århus

AHA01FW

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01FW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication ppp default if-needed group radius none
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
vpdn enable
!
vpdn-group VPN
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
!
!
class-map type inspect match-any OUTSIDE-DMZ-CMAP
 match protocol http
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
 match protocol tcp
 match protocol udp
 match protocol icmp
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
 match protocol tcp
 match protocol udp
!
!
policy-map type inspect OUTSIDE-DMZ-PMAP
 class type inspect OUTSIDE-DMZ-CMAP
  inspect
 class class-default
  drop log
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map type inspect INSIDE-OUTSIDE-PMAP
 class type inspect INSIDE-OUTSIDE-CMAP
  inspect
 class class-default
  drop log
policy-map type inspect OUTSIDE-INSIDE-PMAP
 class type inspect OUTSIDE-INSIDE-CMAP
  drop log
 class class-default
!
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 service-policy type inspect INSIDE-OUTSIDE-PMAP
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 service-policy type inspect OUTSIDE-INSIDE-PMAP
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 service-policy type inspect OUTSIDE-DMZ-PMAP
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.2
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Viborg
crypto map PB_crypto_Map 20 ipsec-isakmp 
 set peer 10.1.1.3
 set transform-set PB-TransformSet 
 match address Tunnel2_til_Aalborg
!
!
!
!
!
interface Tunnel1
 description Tunnel1_til_Viborg
 ip address 172.16.254.1 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.2
 service-policy output PbPolicy
!
interface Tunnel2
 description Tunnel2_til_Aalborg
 ip address 172.16.254.5 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.3
 service-policy output PbPolicy
!
interface Loopback0
 ip address 192.168.255.10 255.255.255.0
 zone-member security DMZ
!
interface FastEthernet0/0
 description internet
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 zone-member security OUTSIDE
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.16.255.10 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip route-cache flow
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface FastEthernet0/1/0
 description Til_AHA02SWCO
 switchport access vlan 990
 service-policy output PbPolicy
!
interface FastEthernet0/1/1
 description Til_AHA01RT
 switchport access vlan 991
 service-policy output PbPolicy
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Virtual-Template1 
 ip address 172.16.253.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 peer default ip address pool VPN-Pool
 ppp encrypt mppe auto
 ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
 no ip address
!
interface Vlan990
 ip address 172.16.255.22 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
interface Vlan991
 ip address 172.16.255.14 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
router ospf 1
 log-adjacency-changes
 passive-interface Tunnel1
 passive-interface Tunnel2
 network 172.16.255.10 0.0.0.0 area 0
 network 172.16.255.14 0.0.0.0 area 0
 network 172.16.255.22 0.0.0.0 area 0
 default-information originate
!
router bgp 65001
 bgp log-neighbor-changes
 neighbor 172.16.254.2 remote-as 65002
 neighbor 172.16.254.6 remote-as 65003
 !
 address-family ipv4
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.2 activate
 neighbor 172.16.254.6 activate
 default-information originate
 no auto-summary
 no synchronization
 exit-address-family
!
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
ip route 0.0.0.0 0.0.0.0 10.1.1.254
!
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 172.16.241.17 9000
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
!
ip access-list extended Tunnel1_til_Viborg
 permit gre host 10.1.1.1 host 10.1.1.2
ip access-list extended Tunnel2_til_Aalborg
 permit gre host 10.1.1.1 host 10.1.1.3
!
ip radius source-interface FastEthernet0/1 
access-list 10 permit 172.16.241.15
access-list 10 permit 172.16.0.0 0.15.255.255
snmp-server community PengeBanken RO
snmp-server host 172.16.241.17 version 2c PengeBanken 
!
!
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp clock-period 17178263
ntp server 217.198.208.66
end

AHA01RT

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu.
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0.
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
!
!
!
!
interface FastEthernet0/0
 description TDC_MPLS
 ip address 172.16.255.1 255.255.255.252
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface FastEthernet0/1
 description Til_AHA02SWCO
 ip address 172.16.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 auto qos voip trust 
 service-policy output PbPolicy
!
interface FastEthernet0/1.101
!
interface FastEthernet0/1/0
 description Til_AHA01SWCO
 switchport access vlan 990
 service-policy output PbPolicy
!
interface FastEthernet0/1/1
 description Til_AHA01FW
 switchport access vlan 991
 service-policy output PbPolicy
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Serial0/2/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Vlan1
 no ip address
!
interface Vlan990
 ip address 172.16.255.18 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
interface Vlan991
 ip address 172.16.255.13 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65001 subnets
 network 172.16.255.1 0.0.0.0 area 0
 network 172.16.255.5 0.0.0.0 area 0
 network 172.16.255.13 0.0.0.0 area 0
 network 172.16.255.18 0.0.0.0 area 0
!
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.255.2 remote-as 65000
 neighbor 172.16.255.2 description TDC_MPLS
 neighbor 172.16.255.2 next-hop-self
 neighbor 172.16.255.2 soft-reconfiguration inbound
 neighbor 172.16.255.2 route-map 65000-RMAP-OUT out
 default-information originate
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32
ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32
ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32
ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
snmp-server community PengeBanken RO
!
!
!
route-map 65000-RMAP-OUT permit 10
 match ip address prefix-list 65000-PLIST-OUT
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
!
scheduler allocate 20000 1000
ntp clock-period 17179809
ntp server 172.16.255.10
end

AHA01RTVG

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA01SWSL
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/2
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/3
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/5
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/6
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/7
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/8
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/9
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/10
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/11
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/12
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/13
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/14
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/15
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/16
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/17
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/18
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/19
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/20
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/21
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/23
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/24
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.5 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17179984
ntp server 172.16.255.10
!
end

AHA01SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01SWCO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$vBG2$emquo5iIZpvTzxCkqzzWv0
!
username admin privilege 15 secret 5 $1$S9Eb$TFTuP.RZAaTb9mJrha.7m0
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33 
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-201700352
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-201700352
 revocation-check none
 rsakeypair TP-self-signed-201700352
!
!
crypto pki certificate chain TP-self-signed-201700352
 certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 2,7-11 priority 24576
spanning-tree vlan 240-242 priority 28672
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 no switchport
 ip address 172.16.255.17 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 description Til_AHA01SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA02SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_AHA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AHA02SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11,240-242
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_AHA01FW
 no switchport
 ip address 172.16.255.9 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
interface Vlan2
 description Management
 ip address 192.168.0.2 255.255.255.0
 standby 2 ip 192.168.0.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan7
 description IT-administration
 ip address 172.16.0.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 7 ip 172.16.0.1
 standby 7 timers msec 200 msec 800
 standby 7 priority 110
 standby 7 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.16.8.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 8 ip 172.16.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.16.9.2 255.255.255.0
 ip access-group Administration in
 ip helper-address 172.16.241.11
 standby 9 ip 172.16.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.16.10.2 255.255.255.0
 ip access-group Bank in
 ip helper-address 172.16.241.11
 standby 10 ip 172.16.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.16.11.2 255.255.255.0
 ip access-group Telefoni in
 ip helper-address 172.16.241.11
 standby 11 ip 172.16.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
interface Vlan240
 description Servere
 ip address 172.16.240.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 240 ip 172.16.240.1
 standby 240 timers msec 200 msec 800
!
interface Vlan241
 description Servere
 ip address 172.16.241.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 241 ip 172.16.241.1
 standby 241 timers msec 200 msec 800
!
interface Vlan242
 description CallManager
 ip address 172.16.242.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 242 ip 172.16.242.1
 standby 242 timers msec 200 msec 800
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended Administration
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Bank
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Telefoni
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
!
ip radius source-interface Vlan2 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 36029105
ntp server 172.16.255.10
end

AHA02SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA02SWCO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GxFl$DbYT2MdQ4yNpD7UJ9Iv1S1
!
username admin privilege 15 secret 5 $1$m/MH$fgaAuE./eyP8ThL58GW/N0
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33 
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-3566145536
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3566145536
 revocation-check none
 rsakeypair TP-self-signed-3566145536
!
!
crypto pki certificate chain TP-self-signed-3566145536
 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 2,7-11 priority 28672
spanning-tree vlan 240-242 priority 24576
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface FastEthernet0/1
 description Til_AHA01RTVG
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 description Til_AHA01FW
 no switchport
 ip address 172.16.255.21 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 description Til_AHA01SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA02SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_AHA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AHA01SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11,240-242
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_AHA01RT
 no switchport
 ip address 172.16.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
interface Vlan2
 description Management
 ip address 192.168.0.3 255.255.255.0
 standby 2 ip 192.168.0.1
 standby 2 timers msec 200 msec 800
!
interface Vlan7
 description IT-administration
 ip address 172.16.0.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 7 ip 172.16.0.1
 standby 7 timers msec 200 msec 800
!
interface Vlan8
 description Common_Services
 ip address 172.16.8.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 8 ip 172.16.8.1
 standby 8 timers msec 200 msec 800
!
interface Vlan9
 description Administration
 ip address 172.16.9.3 255.255.255.0
 ip access-group Administration in
 ip helper-address 172.16.241.11
 standby 9 ip 172.16.9.1
 standby 9 timers msec 200 msec 800
!
interface Vlan10
 description BankRaadgiver
 ip address 172.16.10.3 255.255.255.0
 ip access-group Bank in
 ip helper-address 172.16.241.11
 standby 10 ip 172.16.10.1
 standby 10 timers msec 200 msec 800
!
interface Vlan11
 description IP-Telefoni
 ip address 172.16.11.3 255.255.255.0
 ip access-group Telefoni in
 ip helper-address 172.16.241.11
 standby 11 ip 172.16.11.1
 standby 11 timers msec 200 msec 800
!
interface Vlan240
 description Servere
 ip address 172.16.240.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 240 ip 172.16.240.1
 standby 240 timers msec 200 msec 800
 standby 240 priority 110
 standby 240 preempt delay minimum 300
!
interface Vlan241
 description Servere
 ip address 172.16.241.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 241 ip 172.16.241.1
 standby 241 timers msec 200 msec 800
 standby 241 priority 110
 standby 241 preempt delay minimum 300
!
interface Vlan242
 description CallManager
 ip address 172.16.242.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 242 ip 172.16.242.1
 standby 242 timers msec 200 msec 800
 standby 242 priority 110
 standby 242 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended Administration
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Bank
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Telefoni
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
!
ip radius source-interface Vlan2 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 36029150
ntp server 172.16.255.10
end

AHA01SWOP

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA01SWOP
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
errdisable recovery interval 600
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust dscp
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/5
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/11
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/12
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/13
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/21
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/24
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 speed 10
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 speed 10
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17179832
ntp server 172.16.255.10
!
end

AHA01SWSL

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA01SWSL
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/2
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/3
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/5
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/6
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/7
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/8
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/9
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/10
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/11
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/12
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/13
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/14
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/15
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/16
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/17
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/18
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/19
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/20
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/21
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/23
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/24
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.5 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17179994
ntp server 172.16.255.10
!
end

AHA02SWSL

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA02SWSL
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/2
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/3
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/5
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/6
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/7
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/8
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/9
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/10
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/11
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/12
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/13
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/14
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/15
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/16
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/17
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/18
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/19
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/20
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/21
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/23
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/24
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.6 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17180096
ntp server 172.16.255.10
!
end



Filial Viborg

VIA02SWCO


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VIA02SWCO
!
enable secret 5 $1$e4ZP$h.AoOqEe1T8g2tm1rGjtj/
!
username admin privilege 15 secret 5 $1$zzrV$FHjI7ZjZ6S9ZWJ8IFxfPQ1
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 28672
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
! 
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 description VIFS01
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_VIA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_VIA01SWCO1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_VIA01RT
 no switchport
 ip address 172.17.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.1.3 255.255.255.0
 standby 2 ip 192.168.1.1
 standby 2 timers msec 200 msec 800
!
interface Vlan8
 description Common_Services
 ip address 172.17.8.3 255.255.255.0
 standby 8 ip 172.17.8.1
 standby 8 timers msec 200 msec 800
!
interface Vlan9
 description Administration
 ip address 172.17.9.3 255.255.255.0
 standby 9 ip 172.17.9.1
 standby 9 timers msec 200 msec 800
!
interface Vlan10
 description BankRaadgiver
 ip address 172.17.10.3 255.255.255.0
 standby 10 ip 172.17.10.1
 standby 10 timers msec 200 msec 800
!
interface Vlan11
 description IP-Telefoni
 ip address 172.17.11.3 255.255.255.0
 standby 11 ip 172.17.11.1
 standby 11 timers msec 200 msec 800
!
router ospf 1
 log-adjacency-changes
 network 172.17.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
!
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp server 172.16.255.10
end

VIA01SWCO


!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname VIA01SWCO
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$CjQy$2ViWy5DbihxoJ1X.HcDyh1
!
username admin privilege 15 secret 5 $1$U0Sf$m2vxqz9Xpz/ZIGE21E7HY.
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2 priority 24576
spanning-tree vlan 8 priority 24576
spanning-tree vlan 9 priority 24576
spanning-tree vlan 10 priority 24576
spanning-tree vlan 11 priority 24576
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_VIA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_VIA02SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 no ip address
 mls qos trust dscp
!
interface FastEthernet0/24
 description Til_TDC MPLS
 no switchport
 ip address 172.17.255.1 255.255.255.252
 mls qos trust cos
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.1.2 255.255.255.0
 no ip redirects
 standby 2 ip 192.168.1.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.17.8.2 255.255.255.0
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 8 ip 172.17.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.17.9.2 255.255.255.0
 ip access-group Administration in
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 9 ip 172.17.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.17.10.2 255.255.255.0
 ip access-group Bank in
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 10 ip 172.17.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.17.11.2 255.255.255.0
 ip access-group Telefoni in
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 11 ip 172.17.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65002 subnets
 network 172.17.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
 default-information originate
!
router bgp 65002
 bgp log-neighbor-changes
 redistribute connected
 neighbor 172.17.255.2 remote-as 65000
 neighbor 172.17.255.2 description TDC_MPLS
 neighbor 172.17.255.2 soft-reconfiguration inbound
 neighbor 172.17.255.2 route-map 65002-RMAP-IN in
 neighbor 172.17.255.2 route-map 65002-RMAP-OUT out
!
ip classless
ip http server
!
ip access-list extended Administration
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Bank
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Telefoni
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip radius source-interface Vlan2
!
!
ip prefix-list 65002-PRE-IN seq 10 deny 172.17.0.0/16 le 32
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
!
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
access-list 101 permit ip any 172.16.240.0 0.0.7.255
access-list 101 deny   ip any 172.0.2.0 0.255.248.255
access-list 101 deny   ip any 172.0.3.0 0.255.248.255
access-list 101 deny   ip any 172.0.4.0 0.255.248.255
access-list 101 deny   ip any 172.0.5.0 0.255.248.255
access-list 101 deny   ip any 172.0.6.0 0.255.248.255
access-list 101 deny   ip any 172.0.7.0 0.255.248.255
access-list 101 permit ip any any
route-map 65002-RMAP-IN permit 10
 match ip address prefix-list 65002-PRE-IN
!
route-map 65002-RMAP-OUT permit 10
 match ip address prefix-list 65002-PRE-OUT
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 5 15
!
end

VIA01RT

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VIA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jcK0$h6.iMf2Chj5ZSmadD8YJb1
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$zK2S$Cg6yVpoyI0jjfuRuy6XBb1
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.1
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.1
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Aarhus
!
!
!
!
!
interface Tunnel1
 ip address 172.16.254.2 255.255.255.252
 ip mtu 1420
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.1
!
interface FastEthernet0/0
 description Internet
 ip address 10.1.1.2 255.255.255.0
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_VIA02SWCO
 ip address 172.17.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 125000
!
interface Serial0/2/0
 no ip address
 shutdown
 clock rate 2000000
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65002 metric 255 subnets
 network 172.17.255.6 0.0.0.0 area 0
 default-information originate metric 255
!
router bgp 65002
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.1 remote-as 65001
 neighbor 172.16.254.1 description AHA01FW
 neighbor 172.16.254.1 route-map 65002-RMAP-IN in
 neighbor 172.16.254.1 route-map 65002-RMAP-OUT out
 default-information originate
 no auto-summary
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
!
!
ip http server
no ip http secure-server
!
ip access-list extended Tunnel1_til_Aarhus
 permit gre host 10.1.1.2 host 10.1.1.1
!
!
ip prefix-list 65002-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 65002-PRE-IN seq 5 deny 172.17.0.0/16 le 32
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
!
!
!
route-map 65002-RMAP-IN permit 10
 match ip address prefix-list 65002-PRE-IN
!
route-map 65002-RMAP-OUT permit 10
 match ip address prefix-list 65002-PLIST-OUT
 set as-path prepend 65002 65002 65002 65002 65002 65002 65002
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp server 172.16.255.10
end

VIA01SWOP

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname VIA01SWOP
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
errdisable recovery interval 600
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
vtp domain BEO-LY
vtp mode transparent
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2,8-9 
!
vlan 10
 name LYOLAN
!
vlan 11 
!
interface FastEthernet0/1
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/5
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/11
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/12
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/13
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/21
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/24
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description <Uplink to VIA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to VI02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.1.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
 transport input ssh
!
ntp clock-period 17179912
ntp server 172.16.255.10
!
end