PengeBanken
From Teknologisk videncenter
PengeBanken Konfig filer
AAA01SWCO
version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AAA01SWCO ! enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/ ! username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/ aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! ! ! aaa session-id common mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ip subnet-zero ip routing ip domain-name pengebanken.dk ip name-server 172.16.241.11 ! ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 2,8-11 priority 24576 ! vlan internal allocation policy ascending ! ip ssh version 2 ! ! ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/3 description AAFS01 switchport access vlan 8 switchport mode access mls qos trust cos spanning-tree portfast ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/15 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/18 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/20 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/21 description Til_AHA01RT no switchport ip address 172.18.255.5 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 mls qos trust cos spanning-tree portfast ! interface FastEthernet0/22 description Til_AAA01SWOP switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,8-11 switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/23 description Til_AAA01SWCO switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,8-11 switchport mode trunk mls qos trust cos ! interface FastEthernet0/24 description Til_TDC MPLS no switchport ip address 172.18.255.1 255.255.255.252 mls qos trust cos ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 ip address dhcp shutdown ! interface Vlan2 description Management ip address 192.168.2.2 255.255.255.0 standby 2 ip 192.168.2.1 standby 2 timers msec 200 msec 800 standby 2 priority 110 standby 2 preempt delay minimum 300 ! interface Vlan8 description Common_Services ip address 172.18.8.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 8 ip 172.18.8.1 standby 8 timers msec 200 msec 800 standby 8 priority 110 standby 8 preempt delay minimum 300 ! interface Vlan9 description Administration ip address 172.18.9.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 9 ip 172.18.9.1 standby 9 timers msec 200 msec 800 standby 9 priority 110 standby 9 preempt delay minimum 300 ! interface Vlan10 description BankRaadgiver ip address 172.18.10.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 10 ip 172.18.10.1 standby 10 timers msec 200 msec 800 standby 10 priority 110 standby 10 preempt delay minimum 300 ! interface Vlan11 description IP-Telefoni ip address 172.18.11.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 11 ip 172.18.11.1 standby 11 timers msec 200 msec 800 standby 11 priority 110 standby 11 preempt delay minimum 300 ! router ospf 1 log-adjacency-changes network 172.18.0.0 0.0.255.255 area 0 default-information originate ! router bgp 65003 no synchronization bgp log-neighbor-changes redistribute connected neighbor 172.18.255.2 remote-as 65000 neighbor 172.18.255.2 description TDC_MPLS neighbor 172.18.255.2 soft-reconfiguration inbound neighbor 172.18.255.2 route-map 65003-RMAP-IN in neighbor 172.18.255.2 route-map 65003-RMAP-OUT out no auto-summary ! ip classless ip http server ip http secure-server ! ip radius source-interface Vlan2 ! ! ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32 ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 access-list 1 permit 172.16.241.17 access-list 1 permit 172.16.7.0 0.0.0.255 route-map 65003-RMAP-IN permit 10 match ip address prefix-list 65003-PRE-IN ! route-map 65003-RMAP-OUT permit 10 match ip address prefix-list 65003-PRE-OUT ! snmp-server community PengeBanken RO 1 radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! line con 0 line vty 5 15 ! ntp clock-period 17179326 ntp server 172.16.255.10 end
AAA01RT
version 12.4 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AAA01RT ! boot-start-marker boot-end-marker ! enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0 ! aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! aaa session-id common ! resource policy ! ip cef ! ! ! ! ip domain name pengebanken.dk ip name-server 172.16.241.11 ip ssh version 2 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9. ! ! class-map match-any MissionCritical-Trust match ip dscp af31 class-map match-any VoIP-RTP-Trust match ip dscp ef class-map match-any VoIP-Control-Trust match ip dscp cs3 class-map match-any Management-Trust match ip dscp cs2 ! ! policy-map PbPolicy class VoIP-RTP-Trust priority percent 25 class VoIP-Control-Trust bandwidth percent 5 class MissionCritical-Trust bandwidth percent 40 class Management-Trust bandwidth percent 5 class class-default fair-queue ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1 ! ! crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac ! crypto map PB_crypto_Map 10 ipsec-isakmp set peer 10.1.1.1 set transform-set PB-TransformSet match address Tunnel1_til_Aarhus ! ! ! ! ! interface Tunnel1 description Til_Aarhus ip address 172.16.254.6 255.255.255.252 ip mtu 1420 tunnel source FastEthernet0/0 tunnel destination 10.1.1.1 ! interface FastEthernet0/0 description Internet ip address 10.1.1.3 255.255.255.0 duplex auto speed auto crypto map PB_crypto_Map ! interface FastEthernet0/1 description Til_AHA01SWCO ip address 172.18.255.6 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 duplex auto speed auto service-policy output PbPolicy ! interface Serial0/2/0 no ip address shutdown no fair-queue clock rate 125000 ! interface Serial0/2/1 no ip address shutdown clock rate 125000 ! router ospf 1 log-adjacency-changes redistribute bgp 65003 metric 255 subnets network 172.18.255.6 0.0.0.0 area 0 default-information originate metric 255 ! router bgp 65003 no synchronization bgp log-neighbor-changes redistribute static redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.254.5 remote-as 65001 neighbor 172.16.254.5 description AHA01FW neighbor 172.16.254.5 route-map 65003-RMAP-IN in neighbor 172.16.254.5 route-map 65003-RMAP-OUT out default-information originate no auto-summary ! ip route 10.1.1.1 255.255.255.255 FastEthernet0/0 ! ! ip http server no ip http secure-server ! ip access-list extended Tunnel1_til_Aarhus permit gre host 10.1.1.3 host 10.1.1.1 ! ! ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32 ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 ip radius source-interface FastEthernet0/1 access-list 1 permit 172.16.241.17 access-list 1 permit 172.16.7.0 0.0.0.255 snmp-server community PengeBanken RO 1 ! ! ! route-map 65003-RMAP-IN permit 10 match ip address prefix-list 65003-PRE-IN ! route-map 65003-RMAP-OUT permit 10 match ip address prefix-list 65003-PLIST-OUT set as-path prepend 65003 65003 65003 65003 65003 65003 65003 ! ! ! radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 length 0 ! scheduler allocate 20000 1000 ntp server 172.16.255.10 end