Difference between revisions of "PengeBanken"

From Teknologisk videncenter
Jump to: navigation, search
m
 
(2 intermediate revisions by one other user not shown)
Line 1,023: Line 1,023:
 
</pre>
 
</pre>
  
 +
=Århus=
 
==AHA01FW==
 
==AHA01FW==
 
<pre>
 
<pre>
Line 3,640: Line 3,641:
  
  
==AAA01SWOP==
 
  
<pre>
+
 
version 12.1
 
no service pad
 
service timestamps debug uptime
 
service timestamps log uptime
 
no service password-encryption
 
!
 
hostname AAA01SWOP
 
!
 
aaa new-model
 
aaa authentication login default group radius local
 
aaa authorization exec default group radius local
 
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
!
 
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
 
wrr-queue bandwidth 10 20 70 1
 
wrr-queue cos-map 1 0 1
 
wrr-queue cos-map 2 2 4
 
wrr-queue cos-map 3 3 6 7
 
wrr-queue cos-map 4 5
 
errdisable recovery cause psecure-violation
 
errdisable recovery interval 600
 
!
 
class-map match-all ManagementSNMP
 
  match access-group name MatchSNMP
 
class-map match-all ManagementNF
 
  match access-group name MatchNF
 
class-map match-all MissionCritical
 
  match access-group name MatchBANK
 
class-map match-all ManagementRDP
 
  match access-group name MatchRDP
 
class-map match-all ManagementSSH
 
  match access-group name MatchSSH
 
!
 
!
 
policy-map PbPolicy
 
  class MissionCritical
 
    set ip dscp 26
 
  class ManagementRDP
 
    set ip dscp 16
 
  class ManagementSNMP
 
    set ip dscp 16
 
  class ManagementNF
 
    set ip dscp 16
 
  class ManagementSSH
 
    set ip dscp 16
 
!
 
mls qos map cos-dscp 0 8 16 24 32 46 48 56
 
ip subnet-zero
 
!
 
ip domain-name pengebanken.dk
 
ip name-server 172.16.241.11
 
ip ssh time-out 120
 
ip ssh authentication-retries 3
 
ip ssh version 2
 
!
 
no file verify auto
 
!
 
spanning-tree mode rapid-pvst
 
no spanning-tree optimize bpdu transmission
 
spanning-tree extend system-id
 
!
 
!
 
!
 
!
 
interface FastEthernet0/1
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/2
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/3
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/4
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/5
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/6
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/7
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/8
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/9
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/10
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/11
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/12
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/13
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/14
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/15
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/16
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/17
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/18
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/19
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/20
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/21
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/22
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/23
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface FastEthernet0/24
 
description < Office-Phone >
 
switchport access vlan 9
 
switchport mode access
 
switchport voice vlan 11
 
switchport port-security
 
switchport port-security maximum 2
 
switchport port-security aging time 2
 
switchport port-security aging type inactivity
 
mls qos trust device cisco-phone
 
mls qos trust cos
 
auto qos voip cisco-phone
 
macro description cisco-phone
 
spanning-tree portfast
 
spanning-tree bpduguard enable
 
!
 
interface GigabitEthernet0/1
 
description <Uplink to AAA01SWCO >
 
switchport mode trunk
 
mls qos trust cos
 
auto qos voip trust
 
!
 
interface GigabitEthernet0/2
 
description <Uplink to AAA02SWCO >
 
switchport mode trunk
 
mls qos trust cos
 
auto qos voip trust
 
!
 
interface Vlan1
 
no ip address
 
no ip route-cache
 
shutdown
 
!
 
interface Vlan2
 
ip address 192.168.2.4 255.255.255.0
 
no ip route-cache
 
!
 
ip default-gateway 192.168.2.1
 
ip http server
 
!
 
ip access-list extended MatchBANK
 
permit tcp any any eq 8439
 
ip access-list extended MatchNF
 
permit udp any any eq 9000
 
ip access-list extended MatchRDP
 
permit tcp any any eq 3389
 
ip access-list extended MatchSNMP
 
permit udp any any eq 167
 
ip access-list extended MatchSSH
 
permit tcp any any eq 22
 
ip radius source-interface Vlan2
 
access-list 1 permit 172.16.241.17
 
access-list 1 permit 172.16.0.0 0.0.0.255
 
snmp-server community PengeBanken RO 1
 
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 
radius-server retransmit 3
 
!
 
line con 0
 
line vty 0 4
 
access-class 1 in
 
length 0
 
transport input ssh
 
line vty 5 15
 
!
 
ntp clock-period 17180064
 
ntp server 172.16.255.10
 
!
 
end
 
</pre>
 
 
=Filial Viborg=
 
=Filial Viborg=
 
==VIA02SWCO==
 
==VIA02SWCO==
Line 5,456: Line 4,955:
 
end
 
end
 
</pre>
 
</pre>
 +
[[Category:Network]]

Latest revision as of 14:10, 14 September 2009

PengeBanken Konfig filer

Filial Ålborg

AAA01SWOP

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AAA01SWOP
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
errdisable recovery interval 600
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/5
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/11
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/12
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/13
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/21
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/24
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description <Uplink to AAA01SWCO >
 switchport mode trunk
 mls qos trust cos
 auto qos voip trust
!
interface GigabitEthernet0/2
 description <Uplink to AAA02SWCO >
 switchport mode trunk
 mls qos trust cos
 auto qos voip trust
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.2.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.2.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17180064
ntp server 172.16.255.10
!
end

AAA01SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01SWCO
!
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/
!
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 24576
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
! 
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 description AAFS01
 switchport access vlan 8
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA01RT
 no switchport
 ip address 172.18.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description Til_AAA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AAA01SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_TDC MPLS
 no switchport
 ip address 172.18.255.1 255.255.255.252
 mls qos trust cos
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.2.2 255.255.255.0
 standby 2 ip 192.168.2.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.18.8.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 8 ip 172.18.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.18.9.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 9 ip 172.18.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.18.10.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 10 ip 172.18.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.18.11.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 11 ip 172.18.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 network 172.18.0.0 0.0.255.255 area 0
 default-information originate
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 172.18.255.2 remote-as 65000
 neighbor 172.18.255.2 description TDC_MPLS
 neighbor 172.18.255.2 soft-reconfiguration inbound
 neighbor 172.18.255.2 route-map 65003-RMAP-IN in
 neighbor 172.18.255.2 route-map 65003-RMAP-OUT out
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
ip radius source-interface Vlan2 
!
!
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PRE-OUT
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 17179326
ntp server 172.16.255.10
end

AAA01RT

version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.1
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Aarhus
!
!
!
!
!
interface Tunnel1
 description Til_Aarhus
 ip address 172.16.254.6 255.255.255.252
 ip mtu 1420
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.1
 service-policy output PbPolicy
!
interface FastEthernet0/0
 description Internet
 ip address 10.1.1.3 255.255.255.0
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.18.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface Serial0/2/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/2/1
 no ip address
 shutdown
 clock rate 125000
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65003 metric 255 subnets
 network 172.18.255.6 0.0.0.0 area 0
 default-information originate metric 255
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.5 remote-as 65001
 neighbor 172.16.254.5 description AHA01FW
 neighbor 172.16.254.5 route-map 65003-RMAP-IN in
 neighbor 172.16.254.5 route-map 65003-RMAP-OUT out
 default-information originate
 no auto-summary
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
!
!
ip http server
no ip http secure-server
!
ip access-list extended Tunnel1_til_Aarhus
 permit gre host 10.1.1.3 host 10.1.1.1
!
!
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
!
!
!
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PLIST-OUT
 set as-path prepend 65003 65003 65003 65003 65003 65003 65003
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 length 0
!
scheduler allocate 20000 1000
ntp server 172.16.255.10
end

Århus

AHA01FW

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01FW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication ppp default if-needed group radius none
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
vpdn enable
!
vpdn-group VPN
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
!
!
class-map type inspect match-any OUTSIDE-DMZ-CMAP
 match protocol http
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
 match protocol tcp
 match protocol udp
 match protocol icmp
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
 match protocol tcp
 match protocol udp
!
!
policy-map type inspect OUTSIDE-DMZ-PMAP
 class type inspect OUTSIDE-DMZ-CMAP
  inspect
 class class-default
  drop log
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map type inspect INSIDE-OUTSIDE-PMAP
 class type inspect INSIDE-OUTSIDE-CMAP
  inspect
 class class-default
  drop log
policy-map type inspect OUTSIDE-INSIDE-PMAP
 class type inspect OUTSIDE-INSIDE-CMAP
  drop log
 class class-default
!
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 service-policy type inspect INSIDE-OUTSIDE-PMAP
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 service-policy type inspect OUTSIDE-INSIDE-PMAP
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 service-policy type inspect OUTSIDE-DMZ-PMAP
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.2
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Viborg
crypto map PB_crypto_Map 20 ipsec-isakmp 
 set peer 10.1.1.3
 set transform-set PB-TransformSet 
 match address Tunnel2_til_Aalborg
!
!
!
!
!
interface Tunnel1
 description Tunnel1_til_Viborg
 ip address 172.16.254.1 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.2
 service-policy output PbPolicy
!
interface Tunnel2
 description Tunnel2_til_Aalborg
 ip address 172.16.254.5 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.3
 service-policy output PbPolicy
!
interface Loopback0
 ip address 192.168.255.10 255.255.255.0
 zone-member security DMZ
!
interface FastEthernet0/0
 description internet
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 zone-member security OUTSIDE
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.16.255.10 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip route-cache flow
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface FastEthernet0/1/0
 description Til_AHA02SWCO
 switchport access vlan 990
 service-policy output PbPolicy
!
interface FastEthernet0/1/1
 description Til_AHA01RT
 switchport access vlan 991
 service-policy output PbPolicy
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Virtual-Template1 
 ip address 172.16.253.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 peer default ip address pool VPN-Pool
 ppp encrypt mppe auto
 ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
 no ip address
!
interface Vlan990
 ip address 172.16.255.22 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
interface Vlan991
 ip address 172.16.255.14 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
router ospf 1
 log-adjacency-changes
 passive-interface Tunnel1
 passive-interface Tunnel2
 network 172.16.255.10 0.0.0.0 area 0
 network 172.16.255.14 0.0.0.0 area 0
 network 172.16.255.22 0.0.0.0 area 0
 default-information originate
!
router bgp 65001
 bgp log-neighbor-changes
 neighbor 172.16.254.2 remote-as 65002
 neighbor 172.16.254.6 remote-as 65003
 !
 address-family ipv4
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.2 activate
 neighbor 172.16.254.6 activate
 default-information originate
 no auto-summary
 no synchronization
 exit-address-family
!
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
ip route 0.0.0.0 0.0.0.0 10.1.1.254
!
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 172.16.241.17 9000
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
!
ip access-list extended Tunnel1_til_Viborg
 permit gre host 10.1.1.1 host 10.1.1.2
ip access-list extended Tunnel2_til_Aalborg
 permit gre host 10.1.1.1 host 10.1.1.3
!
ip radius source-interface FastEthernet0/1 
access-list 10 permit 172.16.241.15
access-list 10 permit 172.16.0.0 0.15.255.255
snmp-server community PengeBanken RO
snmp-server host 172.16.241.17 version 2c PengeBanken 
!
!
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp clock-period 17178263
ntp server 217.198.208.66
end

AHA01RT

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu.
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0.
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
!
!
!
!
interface FastEthernet0/0
 description TDC_MPLS
 ip address 172.16.255.1 255.255.255.252
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface FastEthernet0/1
 description Til_AHA02SWCO
 ip address 172.16.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 auto qos voip trust 
 service-policy output PbPolicy
!
interface FastEthernet0/1.101
!
interface FastEthernet0/1/0
 description Til_AHA01SWCO
 switchport access vlan 990
 service-policy output PbPolicy
!
interface FastEthernet0/1/1
 description Til_AHA01FW
 switchport access vlan 991
 service-policy output PbPolicy
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Serial0/2/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Vlan1
 no ip address
!
interface Vlan990
 ip address 172.16.255.18 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
interface Vlan991
 ip address 172.16.255.13 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65001 subnets
 network 172.16.255.1 0.0.0.0 area 0
 network 172.16.255.5 0.0.0.0 area 0
 network 172.16.255.13 0.0.0.0 area 0
 network 172.16.255.18 0.0.0.0 area 0
!
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.255.2 remote-as 65000
 neighbor 172.16.255.2 description TDC_MPLS
 neighbor 172.16.255.2 next-hop-self
 neighbor 172.16.255.2 soft-reconfiguration inbound
 neighbor 172.16.255.2 route-map 65000-RMAP-OUT out
 default-information originate
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32
ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32
ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32
ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
snmp-server community PengeBanken RO
!
!
!
route-map 65000-RMAP-OUT permit 10
 match ip address prefix-list 65000-PLIST-OUT
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
!
scheduler allocate 20000 1000
ntp clock-period 17179809
ntp server 172.16.255.10
end

AHA01RTVG

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA01SWSL
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/2
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/3
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/5
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/6
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/7
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/8
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/9
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/10
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/11
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/12
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/13
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/14
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/15
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/16
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/17
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/18
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/19
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/20
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/21
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/23
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/24
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.5 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17179984
ntp server 172.16.255.10
!
end

AHA01SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01SWCO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$vBG2$emquo5iIZpvTzxCkqzzWv0
!
username admin privilege 15 secret 5 $1$S9Eb$TFTuP.RZAaTb9mJrha.7m0
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33 
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-201700352
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-201700352
 revocation-check none
 rsakeypair TP-self-signed-201700352
!
!
crypto pki certificate chain TP-self-signed-201700352
 certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 2,7-11 priority 24576
spanning-tree vlan 240-242 priority 28672
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 no switchport
 ip address 172.16.255.17 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 description Til_AHA01SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA02SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_AHA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AHA02SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11,240-242
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_AHA01FW
 no switchport
 ip address 172.16.255.9 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
interface Vlan2
 description Management
 ip address 192.168.0.2 255.255.255.0
 standby 2 ip 192.168.0.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan7
 description IT-administration
 ip address 172.16.0.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 7 ip 172.16.0.1
 standby 7 timers msec 200 msec 800
 standby 7 priority 110
 standby 7 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.16.8.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 8 ip 172.16.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.16.9.2 255.255.255.0
 ip access-group Administration in
 ip helper-address 172.16.241.11
 standby 9 ip 172.16.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.16.10.2 255.255.255.0
 ip access-group Bank in
 ip helper-address 172.16.241.11
 standby 10 ip 172.16.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.16.11.2 255.255.255.0
 ip access-group Telefoni in
 ip helper-address 172.16.241.11
 standby 11 ip 172.16.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
interface Vlan240
 description Servere
 ip address 172.16.240.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 240 ip 172.16.240.1
 standby 240 timers msec 200 msec 800
!
interface Vlan241
 description Servere
 ip address 172.16.241.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 241 ip 172.16.241.1
 standby 241 timers msec 200 msec 800
!
interface Vlan242
 description CallManager
 ip address 172.16.242.2 255.255.255.0
 ip helper-address 172.16.241.11
 standby 242 ip 172.16.242.1
 standby 242 timers msec 200 msec 800
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended Administration
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Bank
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Telefoni
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
!
ip radius source-interface Vlan2 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 36029105
ntp server 172.16.255.10
end

AHA02SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA02SWCO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GxFl$DbYT2MdQ4yNpD7UJ9Iv1S1
!
username admin privilege 15 secret 5 $1$m/MH$fgaAuE./eyP8ThL58GW/N0
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33 
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-3566145536
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3566145536
 revocation-check none
 rsakeypair TP-self-signed-3566145536
!
!
crypto pki certificate chain TP-self-signed-3566145536
 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 2,7-11 priority 28672
spanning-tree vlan 240-242 priority 24576
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface FastEthernet0/1
 description Til_AHA01RTVG
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 description Til_AHA01FW
 no switchport
 ip address 172.16.255.21 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 description Til_AHA01SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA02SWSL
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,240-242
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_AHA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AHA01SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,7-11,240-242
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_AHA01RT
 no switchport
 ip address 172.16.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
interface Vlan2
 description Management
 ip address 192.168.0.3 255.255.255.0
 standby 2 ip 192.168.0.1
 standby 2 timers msec 200 msec 800
!
interface Vlan7
 description IT-administration
 ip address 172.16.0.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 7 ip 172.16.0.1
 standby 7 timers msec 200 msec 800
!
interface Vlan8
 description Common_Services
 ip address 172.16.8.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 8 ip 172.16.8.1
 standby 8 timers msec 200 msec 800
!
interface Vlan9
 description Administration
 ip address 172.16.9.3 255.255.255.0
 ip access-group Administration in
 ip helper-address 172.16.241.11
 standby 9 ip 172.16.9.1
 standby 9 timers msec 200 msec 800
!
interface Vlan10
 description BankRaadgiver
 ip address 172.16.10.3 255.255.255.0
 ip access-group Bank in
 ip helper-address 172.16.241.11
 standby 10 ip 172.16.10.1
 standby 10 timers msec 200 msec 800
!
interface Vlan11
 description IP-Telefoni
 ip address 172.16.11.3 255.255.255.0
 ip access-group Telefoni in
 ip helper-address 172.16.241.11
 standby 11 ip 172.16.11.1
 standby 11 timers msec 200 msec 800
!
interface Vlan240
 description Servere
 ip address 172.16.240.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 240 ip 172.16.240.1
 standby 240 timers msec 200 msec 800
 standby 240 priority 110
 standby 240 preempt delay minimum 300
!
interface Vlan241
 description Servere
 ip address 172.16.241.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 241 ip 172.16.241.1
 standby 241 timers msec 200 msec 800
 standby 241 priority 110
 standby 241 preempt delay minimum 300
!
interface Vlan242
 description CallManager
 ip address 172.16.242.3 255.255.255.0
 ip helper-address 172.16.241.11
 standby 242 ip 172.16.242.1
 standby 242 timers msec 200 msec 800
 standby 242 priority 110
 standby 242 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended Administration
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Bank
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Telefoni
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
!
ip radius source-interface Vlan2 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 36029150
ntp server 172.16.255.10
end

AHA01SWOP

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA01SWOP
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
errdisable recovery interval 600
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust dscp
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/5
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/11
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/12
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/13
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/21
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/24
 description < Office-Phone >
 switchport access vlan 7
 switchport mode access
 switchport voice vlan 11
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 mls qos trust cos
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 speed 10
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 speed 10
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17179832
ntp server 172.16.255.10
!
end

AHA01SWSL

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA01SWSL
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/2
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/3
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/5
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/6
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/7
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/8
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/9
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/10
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/11
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/12
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/13
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/14
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/15
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/16
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/17
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/18
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/19
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/20
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/21
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/23
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/24
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.5 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17179994
ntp server 172.16.255.10
!
end

AHA02SWSL

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname AHA02SWSL
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/2
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/3
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/5
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/6
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/7
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/8
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/9
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/10
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/11
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/12
 description < Server >
 switchport access vlan 241
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/13
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/14
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/15
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/16
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/17
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/18
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/19
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/20
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/21
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/23
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/24
 description < Server >
 switchport access vlan 242
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description <Uplink to AHA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to AHA02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.6 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
!
ntp clock-period 17180096
ntp server 172.16.255.10
!
end



Filial Viborg

VIA02SWCO


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VIA02SWCO
!
enable secret 5 $1$e4ZP$h.AoOqEe1T8g2tm1rGjtj/
!
username admin privilege 15 secret 5 $1$zzrV$FHjI7ZjZ6S9ZWJ8IFxfPQ1
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 28672
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
! 
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 description VIFS01
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_VIA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_VIA01SWCO1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_VIA01RT
 no switchport
 ip address 172.17.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.1.3 255.255.255.0
 standby 2 ip 192.168.1.1
 standby 2 timers msec 200 msec 800
!
interface Vlan8
 description Common_Services
 ip address 172.17.8.3 255.255.255.0
 standby 8 ip 172.17.8.1
 standby 8 timers msec 200 msec 800
!
interface Vlan9
 description Administration
 ip address 172.17.9.3 255.255.255.0
 standby 9 ip 172.17.9.1
 standby 9 timers msec 200 msec 800
!
interface Vlan10
 description BankRaadgiver
 ip address 172.17.10.3 255.255.255.0
 standby 10 ip 172.17.10.1
 standby 10 timers msec 200 msec 800
!
interface Vlan11
 description IP-Telefoni
 ip address 172.17.11.3 255.255.255.0
 standby 11 ip 172.17.11.1
 standby 11 timers msec 200 msec 800
!
router ospf 1
 log-adjacency-changes
 network 172.17.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip classless
ip http server
ip http secure-server
!
!
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp server 172.16.255.10
end

VIA01SWCO


!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname VIA01SWCO
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$CjQy$2ViWy5DbihxoJ1X.HcDyh1
!
username admin privilege 15 secret 5 $1$U0Sf$m2vxqz9Xpz/ZIGE21E7HY.
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2 priority 24576
spanning-tree vlan 8 priority 24576
spanning-tree vlan 9 priority 24576
spanning-tree vlan 10 priority 24576
spanning-tree vlan 11 priority 24576
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/22
 description Til_VIA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 no ip address
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_VIA02SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 no ip address
 mls qos trust dscp
!
interface FastEthernet0/24
 description Til_TDC MPLS
 no switchport
 ip address 172.17.255.1 255.255.255.252
 mls qos trust cos
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.1.2 255.255.255.0
 no ip redirects
 standby 2 ip 192.168.1.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.17.8.2 255.255.255.0
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 8 ip 172.17.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.17.9.2 255.255.255.0
 ip access-group Administration in
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 9 ip 172.17.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.17.10.2 255.255.255.0
 ip access-group Bank in
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 10 ip 172.17.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.17.11.2 255.255.255.0
 ip access-group Telefoni in
 ip helper-address 172.17.8.11
 ip helper-address 172.16.241.11
 no ip redirects
 standby 11 ip 172.17.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65002 subnets
 network 172.17.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
 default-information originate
!
router bgp 65002
 bgp log-neighbor-changes
 redistribute connected
 neighbor 172.17.255.2 remote-as 65000
 neighbor 172.17.255.2 description TDC_MPLS
 neighbor 172.17.255.2 soft-reconfiguration inbound
 neighbor 172.17.255.2 route-map 65002-RMAP-IN in
 neighbor 172.17.255.2 route-map 65002-RMAP-OUT out
!
ip classless
ip http server
!
ip access-list extended Administration
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Bank
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.3.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip access-list extended Telefoni
 permit ip any 172.16.240.0 0.0.7.255
 deny   ip any 172.0.1.0 0.255.248.255
 deny   ip any 172.0.2.0 0.255.248.255
 deny   ip any 172.0.4.0 0.255.248.255
 deny   ip any 172.0.5.0 0.255.248.255
 deny   ip any 172.0.6.0 0.255.248.255
 deny   ip any 172.0.7.0 0.255.248.255
 permit ip any any
ip radius source-interface Vlan2
!
!
ip prefix-list 65002-PRE-IN seq 10 deny 172.17.0.0/16 le 32
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
!
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
access-list 101 permit ip any 172.16.240.0 0.0.7.255
access-list 101 deny   ip any 172.0.2.0 0.255.248.255
access-list 101 deny   ip any 172.0.3.0 0.255.248.255
access-list 101 deny   ip any 172.0.4.0 0.255.248.255
access-list 101 deny   ip any 172.0.5.0 0.255.248.255
access-list 101 deny   ip any 172.0.6.0 0.255.248.255
access-list 101 deny   ip any 172.0.7.0 0.255.248.255
access-list 101 permit ip any any
route-map 65002-RMAP-IN permit 10
 match ip address prefix-list 65002-PRE-IN
!
route-map 65002-RMAP-OUT permit 10
 match ip address prefix-list 65002-PRE-OUT
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 5 15
!
end

VIA01RT

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VIA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jcK0$h6.iMf2Chj5ZSmadD8YJb1
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$zK2S$Cg6yVpoyI0jjfuRuy6XBb1
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.1
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.1
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Aarhus
!
!
!
!
!
interface Tunnel1
 ip address 172.16.254.2 255.255.255.252
 ip mtu 1420
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.1
!
interface FastEthernet0/0
 description Internet
 ip address 10.1.1.2 255.255.255.0
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_VIA02SWCO
 ip address 172.17.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 125000
!
interface Serial0/2/0
 no ip address
 shutdown
 clock rate 2000000
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65002 metric 255 subnets
 network 172.17.255.6 0.0.0.0 area 0
 default-information originate metric 255
!
router bgp 65002
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.1 remote-as 65001
 neighbor 172.16.254.1 description AHA01FW
 neighbor 172.16.254.1 route-map 65002-RMAP-IN in
 neighbor 172.16.254.1 route-map 65002-RMAP-OUT out
 default-information originate
 no auto-summary
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
!
!
ip http server
no ip http secure-server
!
ip access-list extended Tunnel1_til_Aarhus
 permit gre host 10.1.1.2 host 10.1.1.1
!
!
ip prefix-list 65002-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 65002-PRE-IN seq 5 deny 172.17.0.0/16 le 32
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
!
!
!
route-map 65002-RMAP-IN permit 10
 match ip address prefix-list 65002-PRE-IN
!
route-map 65002-RMAP-OUT permit 10
 match ip address prefix-list 65002-PLIST-OUT
 set as-path prepend 65002 65002 65002 65002 65002 65002 65002
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp server 172.16.255.10
end

VIA01SWOP

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname VIA01SWOP
!
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
!
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.
wrr-queue bandwidth 10 20 70 1
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
errdisable recovery cause psecure-violation
errdisable recovery interval 600
!
class-map match-all ManagementSNMP
  match access-group name MatchSNMP
class-map match-all ManagementNF
  match access-group name MatchNF
class-map match-all MissionCritical
  match access-group name MatchBANK
class-map match-all ManagementRDP
  match access-group name MatchRDP
class-map match-all ManagementSSH
  match access-group name MatchSSH
!
!
policy-map PbPolicy
  class MissionCritical
    set ip dscp 26
  class ManagementRDP
    set ip dscp 16
  class ManagementSNMP
    set ip dscp 16
  class ManagementNF
    set ip dscp 16
  class ManagementSSH
    set ip dscp 16
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
ip subnet-zero
!
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
vtp domain BEO-LY
vtp mode transparent
!
no file verify auto
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2,8-9 
!
vlan 10
 name LYOLAN
!
vlan 11 
!
interface FastEthernet0/1
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/5
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/7
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/11
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/12
 description < Office-Phone >
 switchport access vlan 9
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/13
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/21
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/24
 description < Office-Phone >
 switchport access vlan 8
 switchport mode access
 switchport voice vlan 11
 switchport port-security
 switchport port-security maximum 2
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 service-policy input PbPolicy
 mls qos trust cos
 macro description cisco-phone | cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
 description <Uplink to VIA01SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface GigabitEthernet0/2
 description <Uplink to VI02SWCO >
 switchport mode trunk
 mls qos trust cos
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.1.4 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
!
ip access-list extended MatchBANK
 permit tcp any any eq 8439
ip access-list extended MatchNF
 permit udp any any eq 9000
ip access-list extended MatchRDP
 permit tcp any any eq 3389
ip access-list extended MatchSNMP
 permit udp any any eq 167
ip access-list extended MatchSSH
 permit tcp any any eq 22
ip radius source-interface Vlan2
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.0.0 0.0.0.255
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
radius-server retransmit 3
!
line con 0
line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
 transport input ssh
!
ntp clock-period 17179912
ntp server 172.16.255.10
!
end