Campus Switch Deployed as an Aggregation for VLANs Configuration Example
From DocWiki
Contents |
Introduction
This example shows the configuration of a campus switch (Catalyst 4K) deployed as an aggregation for VLANs.
Click on thumbnail to enlarge:
Configuration Description=
This configuration includes features typically enabled in a campus environment, including:
- DHCP
- VLANs
- AAA (RADIUS)
- Spanning tree
- Flexible netflow
- Multicast
- BGP
- OSPF
- PBR
- QoS
- Access lists
- Port channel
Show running-config
Building configuration... Current configuration : 32318 bytes ! ! Last configuration change at 00:11:40 EDT Wed Jun 16 2010 by nsite ! NVRAM config last updated at 00:02:07 EDT Wed Jun 16 2010 ! version 15.0 no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption service compress-config ! hostname 4507-CC0702 ! boot-start-marker boot system slot0:XO.EFT2.4 boot-end-marker ! logging buffered 20000000 logging rate-limit 10000 no logging console no logging cns-events enable password xxx ! username nsite password 0 xxx username itcampus password 0 xxx ! ! aaa new-model ! ! aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius aaa accounting system default start-stop group radius ! ! ! aaa session-id common clock timezone EDT -4 ! flow record myFirstTry match ipv4 source address match ipv4 destination address collect counter bytes ! ! flow exporter iosha-lnx6 destination 10.5.1.24 ! ! flow monitor myFirstMonitor record myFirstTry exporter iosha-lnx6 ! ip subnet-zero no ip domain-lookup ip domain-name cisco.com ip host linden 10.5.1.4 ip host stubbs 10.5.1.3 ip vrf Liin-intf ! ip vrf mgmtVrf ! ip multicast-routing ip dhcp snooping vlan 3201-3240 ip dhcp excluded-address 140.20.1.1 140.20.1.99 ip dhcp excluded-address 140.20.2.1 140.20.2.99 ip dhcp excluded-address 140.20.3.1 140.20.3.99 ip dhcp excluded-address 140.20.4.1 140.20.4.99 ip dhcp excluded-address 140.20.5.1 140.20.5.99 ip dhcp excluded-address 140.20.6.1 140.20.6.99 ip dhcp excluded-address 140.20.7.1 140.20.7.99 ip dhcp excluded-address 140.20.8.1 140.20.8.99 ip dhcp excluded-address 140.20.9.1 140.20.9.99 ip dhcp excluded-address 140.20.10.1 140.20.10.99 ip dhcp excluded-address 140.20.11.1 140.20.11.99 ip dhcp excluded-address 140.20.12.1 140.20.12.99 ip dhcp excluded-address 140.20.13.1 140.20.13.99 ip dhcp excluded-address 140.20.14.1 140.20.14.99 ip dhcp excluded-address 140.20.15.1 140.20.15.99 ip dhcp excluded-address 140.20.16.1 140.20.16.99 ip dhcp excluded-address 140.20.17.1 140.20.17.99 ip dhcp excluded-address 140.20.18.1 140.20.18.99 ip dhcp excluded-address 140.20.19.1 140.20.19.99 ip dhcp excluded-address 140.20.20.1 140.20.20.99 ip dhcp excluded-address 140.20.21.1 140.20.21.99 ip dhcp excluded-address 140.20.22.1 140.20.22.99 ip dhcp excluded-address 140.20.23.1 140.20.23.99 ip dhcp excluded-address 140.20.24.1 140.20.24.99 ip dhcp excluded-address 140.20.25.1 140.20.25.99 ip dhcp excluded-address 140.20.26.1 140.20.26.99 ip dhcp excluded-address 140.20.27.1 140.20.27.99 ip dhcp excluded-address 140.20.28.1 140.20.28.99 ip dhcp excluded-address 140.20.29.1 140.20.29.99 ip dhcp excluded-address 140.20.30.1 140.20.30.99 ip dhcp excluded-address 140.20.31.1 140.20.31.99 ip dhcp excluded-address 140.20.32.1 140.20.32.99 ip dhcp excluded-address 140.20.33.1 140.20.33.99 ip dhcp excluded-address 140.20.34.1 140.20.34.99 ip dhcp excluded-address 140.20.35.1 140.20.35.99 ip dhcp excluded-address 140.20.36.1 140.20.36.99 ip dhcp excluded-address 140.20.37.1 140.20.37.99 ip dhcp excluded-address 140.20.38.1 140.20.38.99 ip dhcp excluded-address 140.20.39.1 140.20.39.99 ip dhcp excluded-address 140.20.40.1 140.20.40.99 ip dhcp excluded-address 140.20.1.254 ip dhcp excluded-address 140.20.2.254 ip dhcp excluded-address 140.20.3.254 ip dhcp excluded-address 140.20.4.254 ip dhcp excluded-address 140.20.5.254 ip dhcp excluded-address 140.20.6.254 ip dhcp excluded-address 140.20.7.254 ip dhcp excluded-address 140.20.8.254 ip dhcp excluded-address 140.20.9.254 ip dhcp excluded-address 140.20.10.254 ip dhcp excluded-address 140.20.11.254 ip dhcp excluded-address 140.20.12.254 ip dhcp excluded-address 140.20.13.254 ip dhcp excluded-address 140.20.14.254 ip dhcp excluded-address 140.20.15.254 ip dhcp excluded-address 140.20.16.254 ip dhcp excluded-address 140.20.17.254 ip dhcp excluded-address 140.20.18.254 ip dhcp excluded-address 140.20.19.254 ip dhcp excluded-address 140.20.20.254 ip dhcp excluded-address 140.20.21.254 ip dhcp excluded-address 140.20.22.254 ip dhcp excluded-address 140.20.23.254 ip dhcp excluded-address 140.20.24.254 ip dhcp excluded-address 140.20.25.254 ip dhcp excluded-address 140.20.26.254 ip dhcp excluded-address 140.20.27.254 ip dhcp excluded-address 140.20.28.254 ip dhcp excluded-address 140.20.29.254 ip dhcp excluded-address 140.20.30.254 ip dhcp excluded-address 140.20.31.254 ip dhcp excluded-address 140.20.32.254 ip dhcp excluded-address 140.20.33.254 ip dhcp excluded-address 140.20.34.254 ip dhcp excluded-address 140.20.35.254 ip dhcp excluded-address 140.20.36.254 ip dhcp excluded-address 140.20.37.254 ip dhcp excluded-address 140.20.38.254 ip dhcp excluded-address 140.20.39.254 ip dhcp excluded-address 140.20.40.254 no ip dhcp ping packets ! ip dhcp pool vl341 network 140.20.1.0 255.255.255.0 default-router 140.20.1.3 domain-name cisco.com ! ip dhcp pool vl342 network 140.20.2.0 255.255.255.0 default-router 140.20.2.3 domain-name cisco.com ! ip dhcp pool vl343 network 140.20.3.0 255.255.255.0 default-router 140.20.3.3 domain-name cisco.com ! ip dhcp pool vl344 network 140.20.4.0 255.255.255.0 default-router 140.20.4.3 domain-name cisco.com ! ip dhcp pool vl345 network 140.20.5.0 255.255.255.0 default-router 140.20.5.3 domain-name cisco.com ! ip dhcp pool vl346 network 140.20.6.0 255.255.255.0 default-router 140.20.6.3 domain-name cisco.com ! ip dhcp pool vl347 network 140.20.7.0 255.255.255.0 default-router 140.20.7.3 domain-name cisco.com ! ip dhcp pool vl348 network 140.20.8.0 255.255.255.0 default-router 140.20.8.3 domain-name cisco.com ! ip dhcp pool vl349 network 140.20.9.0 255.255.255.0 default-router 140.20.9.3 domain-name cisco.com ! ip dhcp pool vl3410 network 140.20.10.0 255.255.255.0 default-router 140.20.10.3 domain-name cisco.com ! ip dhcp pool vl3411 network 140.20.11.0 255.255.255.0 default-router 140.20.11.3 domain-name cisco.com ! ip dhcp pool vl3412 network 140.20.12.0 255.255.255.0 default-router 140.20.12.3 domain-name cisco.com ! ip dhcp pool vl3413 network 140.20.13.0 255.255.255.0 default-router 140.20.13.3 domain-name cisco.com ! ip dhcp pool vl3414 network 140.20.14.0 255.255.255.0 default-router 140.20.14.3 domain-name cisco.com ! ip dhcp pool vl3415 network 140.20.15.0 255.255.255.0 default-router 140.20.15.3 domain-name cisco.com ! ip dhcp pool vl3416 network 140.20.16.0 255.255.255.0 default-router 140.20.16.3 domain-name cisco.com ! ip dhcp pool vl3417 network 140.20.17.0 255.255.255.0 default-router 140.20.17.2 domain-name cisco.com ! ip dhcp pool vl3418 network 140.20.18.0 255.255.255.0 default-router 140.20.18.2 domain-name cisco.com ! ip dhcp pool vl3419 network 140.20.19.0 255.255.255.0 default-router 140.20.19.2 domain-name cisco.com ! ip dhcp pool vl3420 network 140.20.20.0 255.255.255.0 default-router 140.20.20.2 domain-name cisco.com ! ip dhcp pool vl3421 network 140.20.21.0 255.255.255.0 default-router 140.20.21.2 domain-name cisco.com ! ip dhcp pool vl3422 network 140.20.22.0 255.255.255.0 default-router 140.20.22.2 domain-name cisco.com ! ip dhcp pool vl3423 network 140.20.23.0 255.255.255.0 default-router 140.20.23.2 domain-name cisco.com ! ip dhcp pool vl3424 network 140.20.24.0 255.255.255.0 default-router 140.20.24.2 domain-name cisco.com ! ip dhcp pool vl3425 network 140.20.25.0 255.255.255.0 default-router 140.20.25.2 domain-name cisco.com ! ip dhcp pool vl3426 network 140.20.26.0 255.255.255.0 default-router 140.20.26.2 domain-name cisco.com ! ip dhcp pool vl3427 network 140.20.27.0 255.255.255.0 default-router 140.20.27.2 domain-name cisco.com ! ip dhcp pool vl3428 network 140.20.28.0 255.255.255.0 default-router 140.20.28.2 domain-name cisco.com ! ip dhcp pool vl3429 network 140.20.29.0 255.255.255.0 default-router 140.20.29.2 domain-name cisco.com ! ip dhcp pool vl3430 network 140.20.30.0 255.255.255.0 default-router 140.20.30.2 domain-name cisco.com ! ip dhcp pool vl3431 network 140.20.31.0 255.255.255.0 default-router 140.20.31.2 domain-name cisco.com ! ip dhcp pool vl3432 network 140.20.32.0 255.255.255.0 default-router 140.20.32.2 domain-name cisco.com ! ip dhcp pool vl3433 network 140.20.33.0 255.255.255.0 default-router 140.20.33.2 domain-name cisco.com ! ip dhcp pool vl3434 network 140.20.34.0 255.255.255.0 default-router 140.20.34.2 domain-name cisco.com ! ip dhcp pool vl3435 network 140.20.35.0 255.255.255.0 default-router 140.20.35.2 domain-name cisco.com ! ip dhcp pool vl3436 network 140.20.36.0 255.255.255.0 default-router 140.20.36.2 domain-name cisco.com ! ip dhcp pool vl3437 network 140.20.37.0 255.255.255.0 default-router 140.20.37.2 domain-name cisco.com ! ip dhcp pool vl3438 network 140.20.38.0 255.255.255.0 default-router 140.20.38.2 domain-name cisco.com ! ip dhcp pool vl3439 network 140.20.39.0 255.255.255.0 default-router 140.20.39.2 domain-name cisco.com ! ip dhcp pool vl3440 network 140.20.40.0 255.255.255.0 default-router 140.20.40.2 domain-name cisco.com ! ! vtp domain nsite vtp mode transparent ! ! ! dot1x system-auth-control dot1x guest-vlan supplicant errdisable recovery cause pagp-flap errdisable recovery interval 30 power redundancy-mode redundant ! mac access-list extended macs permit host 0001.0001.0001 any permit host 0002.0002.0002 any permit host 0021.d8cd.cf7f any ! ! ! file prompt noisy ! spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id spanning-tree vlan 1,3400-3450 priority 24576 plogd kernel-debug exception coredump exception coredump maximum-files 5 ! redundancy mode sso ! vlan internal allocation policy ascending ! vlan 21,29,40 ! vlan 50 name SNMP2 ! vlan 990 remote-span ! vlan 3201-3240,3401-3440,4000-4003 lldp run ! ip ftp source-interface Vlan29 ip ftp username nsite ip ftp password lab ! class-map match-all macs match access-group name macs class-map match-all dbl match cos 1 ! policy-map macs class macs set cos 1 police 1000000 320000 policy-map dbl class dbl bandwidth percent 30 dbl ! ! ! interface Loopback4 ip address 4.4.4.4 255.255.255.255 ip pim sparse-dense-mode ! interface Port-channel12 switchport ! interface Port-channel31 switchport ! interface Port-channel41 switchport switchport trunk allowed vlan 990,3401-3440 switchport mode dynamic desirable ip flow monitor myFirstMonitor input ! interface Port-channel60 ip address 140.10.40.14 255.255.255.252 ip ospf message-digest-key 200 md5 IT-NOVA load-interval 30 speed 1000 duplex full ntp broadcast client ! interface Port-channel61 ip address 140.10.40.6 255.255.255.252 ip pim sparse-dense-mode ip ospf message-digest-key 200 md5 IT-NOVA ip ospf cost 10 load-interval 30 ! interface GigabitEthernet1/1 switchport trunk allowed vlan 990,3401-3440 switchport mode dynamic desirable ip flow monitor myFirstMonitor input channel-group 41 mode active ip dhcp snooping trust ! interface GigabitEthernet1/2 switchport trunk allowed vlan 990,3401-3440 switchport mode dynamic desirable ip flow monitor myFirstMonitor input channel-group 41 mode active ip dhcp snooping trust ! interface GigabitEthernet1/3 switchport trunk allowed vlan 990,3401-3440 switchport mode dynamic desirable ip flow monitor myFirstMonitor input channel-group 41 mode active ip dhcp snooping trust ! interface GigabitEthernet1/4 switchport trunk allowed vlan 990,3401-3440 switchport mode dynamic desirable ip flow monitor myFirstMonitor input channel-group 41 mode active ip dhcp snooping trust ! switchport trunk allowed vlan 990,3201-3240,3401-3440 switchport mode trunk udld port aggressive channel-group 12 mode active ! interface GigabitEthernet1/14 switchport trunk allowed vlan 990,3201-3240,3401-3440 switchport mode trunk udld port aggressive channel-group 12 mode active ! interface GigabitEthernet1/15 switchport trunk allowed vlan 990,3201-3240,3401-3440 switchport mode trunk udld port aggressive channel-group 12 mode active ! interface GigabitEthernet1/16 switchport trunk allowed vlan 990,3201-3240,3401-3440 switchport mode trunk udld port aggressive channel-group 12 mode active ! interface GigabitEthernet1/17 ! interface GigabitEthernet1/18 ! interface GigabitEthernet1/33 no switchport no ip address speed 1000 duplex full channel-group 60 mode desirable ! interface GigabitEthernet1/34 no switchport no ip address speed 1000 duplex full channel-group 60 mode desirable ! interface GigabitEthernet1/35 no switchport no ip address speed 1000 duplex full channel-group 60 mode desirable ! interface GigabitEthernet1/36 no switchport no ip address speed 1000 duplex full channel-group 60 mode desirable ! interface GigabitEthernet1/37 switchport access vlan 20 switchport mode access switchport voice vlan 21 switchport port-security maximum 6 switchport port-security switchport port-security violation restrict authentication event fail retry 3 action authorize vlan 4000 authentication event server dead action authorize vlan 4002 authentication event no-response action authorize vlan 4001 authentication event server alive action reinitialize authentication host-mode multi-host authentication order dot1x mab webauth authentication port-control auto authentication periodic authentication timer reauthenticate 120 mab eap dot1x pae authenticator dot1x timeout server-timeout 10 dot1x timeout tx-period 15 dot1x timeout supp-timeout 5 ! interface GigabitEthernet1/38 ! interface GigabitEthernet1/48 description MANAGEMENT PORT switchport access vlan 29 switchport mode access ! interface TenGigabitEthernet3/1 shutdown ! ! interface GigabitEthernet7/1 no switchport no ip address channel-group 61 mode desirable ! interface GigabitEthernet7/2 no switchport no ip address channel-group 61 mode desirable ! interface GigabitEthernet7/3 no switchport no ip address channel-group 61 mode desirable ! interface GigabitEthernet7/4 no switchport no ip address channel-group 61 mode desirable ! interface GigabitEthernet7/5 ! interface GigabitEthernet7/6 ! interface GigabitEthernet7/7 ! interface GigabitEthernet7/8 ! interface GigabitEthernet7/9 ! interface GigabitEthernet7/10 ! interface GigabitEthernet7/11 ! interface GigabitEthernet7/12 ! interface GigabitEthernet7/13 ! interface GigabitEthernet7/14 ! interface GigabitEthernet7/15 description SNMP2 switchport access vlan 50 switchport mode access ! interface GigabitEthernet7/16 ! interface GigabitEthernet7/39 switchport trunk allowed vlan 3201-3240 switchport mode dynamic desirable channel-group 31 mode active ! interface GigabitEthernet7/40 switchport trunk allowed vlan 3201-3240 switchport mode dynamic desirable channel-group 31 mode active ! ! interface Vlan1 no ip address ! interface Vlan29 description MANAGEMENT PORT ip address 10.29.7.2 255.255.0.0 ! interface Vlan50 ip address 50.1.7.2 255.0.0.0 ! interface Vlan3201 ip address 140.20.101.1 255.255.255.0 ip pim dr-priority 0 ip ospf cost 50 ! interface Vlan3202 ip address 140.20.102.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3203 ip address 140.20.103.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3204 ip address 140.20.104.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3205 ip address 140.20.105.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3206 ip address 140.20.106.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3207 ip address 140.20.107.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3208 ip address 140.20.108.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3209 ip address 140.20.109.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3210 ip address 140.20.110.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3211 ip address 140.20.111.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3212 ip address 140.20.112.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3213 ip address 140.20.113.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3214 ip address 140.20.114.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3215 ip address 140.20.115.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3216 ip address 140.20.116.1 255.255.255.0 ip ospf cost 50 ! interface Vlan3401 ip address 140.20.1.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3402 ip address 140.20.2.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3403 ip address 140.20.3.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3404 ip address 140.20.4.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3405 ip address 140.20.5.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3406 ip address 140.20.6.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3407 ip address 140.20.7.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3408 ip address 140.20.8.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3409 ip address 140.20.9.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3410 ip address 140.20.10.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3411 ip address 140.20.11.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3412 ip address 140.20.12.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3413 ip address 140.20.13.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3414 ip address 140.20.14.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3415 ip address 140.20.15.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3416 ip address 140.20.16.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3417 ip address 140.20.17.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3418 ip address 140.20.18.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3419 ip address 140.20.19.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3420 ip address 140.20.20.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3421 ip address 140.20.21.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3422 ip address 140.20.22.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3423 ip address 140.20.23.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3424 ip address 140.20.24.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3425 ip address 140.20.25.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3426 ip address 140.20.26.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3427 ip address 140.20.27.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3428 ip address 140.20.28.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3429 ip address 140.20.29.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3430 ip address 140.20.30.1 255.255.255.0 ip pim passive ip policy route-map pbr ! interface Vlan3431 ip address 140.20.31.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3432 ip address 140.20.32.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3433 ip address 140.20.33.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3434 ip address 140.20.34.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3435 ip address 140.20.35.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3436 ip address 140.20.36.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3437 ip address 140.20.37.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3438 ip address 140.20.38.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3439 ip address 140.20.39.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! interface Vlan3440 ip address 140.20.40.1 255.255.255.0 ip pim passive ip policy route-map pbr ip igmp version 3 ! router ospf 300 ispf log-adjacency-changes timers throttle spf 5 5000 90000 passive-interface Vlan3201 passive-interface Vlan3202 passive-interface Vlan3203 passive-interface Vlan3204 passive-interface Vlan3205 passive-interface Vlan3206 passive-interface Vlan3207 passive-interface Vlan3208 passive-interface Vlan3209 passive-interface Vlan3210 passive-interface Vlan3211 passive-interface Vlan3212 passive-interface Vlan3213 passive-interface Vlan3214 passive-interface Vlan3215 passive-interface Vlan3216 passive-interface Vlan3401 passive-interface Vlan3402 passive-interface Vlan3403 passive-interface Vlan3404 passive-interface Vlan3405 passive-interface Vlan3406 passive-interface Vlan3407 passive-interface Vlan3408 passive-interface Vlan3409 passive-interface Vlan3410 passive-interface Vlan3411 passive-interface Vlan3412 passive-interface Vlan3413 passive-interface Vlan3414 passive-interface Vlan3415 passive-interface Vlan3416 network 4.4.4.4 0.0.0.0 area 1 network 140.10.40.4 0.0.0.3 area 1 network 140.10.40.12 0.0.0.3 area 1 network 140.20.0.0 0.0.255.255 area 1 distribute-list prefix Block30Net in ! router bgp 1 no synchronization bgp log-neighbor-changes no auto-summary ! ip route 10.0.0.0 255.0.0.0 10.29.0.1 ip route 140.100.40.0 255.255.255.0 140.10.40.13 ip route 172.18.135.211 255.255.255.255 172.18.135.1 ip http server no ip http secure-server ! ip pim bidir-enable ip pim rp-address 20.10.7.1 ANYCAST no ip pim dm-fallback ip pim ssm range SSM ip mroute 141.101.1.0 255.255.255.0 140.10.40.5 ! ip access-list standard ANYCAST permit 238.0.0.0 0.0.255.255 ip access-list standard BIDIR permit 238.1.0.0 0.0.255.255 permit 239.0.0.0 0.0.0.255 ip access-list standard SSM permit 238.2.0.0 0.0.255.255 ! ! ! ip prefix-list Block30Net seq 5 deny 30.0.0.0/12 le 24 ip prefix-list Block30Net seq 10 deny 30.16.0.0/12 le 24 ip prefix-list Block30Net seq 15 deny 30.32.0.0/12 le 24 ip prefix-list Block30Net seq 20 permit 0.0.0.0/0 le 32 logging trap errors logging facility local4 logging source-interface Vlan29 logging 10.5.1.21 logging 10.5.1.4 logging 10.29.9.13 access-list 100 permit ip 140.20.1.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.2.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.4.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.5.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.6.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.7.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.8.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.9.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.10.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.11.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.12.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.13.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.14.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.15.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.16.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.17.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.18.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.19.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.20.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.21.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.22.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.23.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.24.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.25.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.26.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.27.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.28.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.29.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.30.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.31.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.32.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.33.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.34.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.35.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.36.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 100 permit ip 140.20.40.0 0.0.0.255 40.0.0.0 0.0.255.255 access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any host 140.100.40.101 access-list 102 permit udp any any eq 5060 access-list 102 permit udp any eq 5060 any access-list 102 permit tcp any eq 1755 any access-list 103 permit tcp any any eq smtp access-list 103 permit tcp any eq smtp any access-list 103 permit tcp any eq www any access-list 184 permit udp any any eq 1010 dscp cs4 access-list 184 permit udp any eq 1010 any dscp cs4 access-list 184 permit udp any any eq 2001 access-list 185 permit udp any eq 2001 any dscp ef access-list 185 permit udp any any range 16384 32768 access-list 185 permit udp any range 1024 1100 any dscp ef access-list 185 permit udp any any eq 2001 dscp ef access-list 187 permit udp any eq 554 any access-list 199 permit ip host 1.2.3.4 host 5.6.7.8 access-list 199 permit ip 140.101.0.0 0.0.255.255 140.20.0.0 0.0.255.255 ! route-map teet permit 10 ! route-map pbr permit 100 match ip address 100 set interface Port-channel61 ! snmp-server community 4500-TB1 RO snmp-server community public RW snmp-server trap timeout 45 snmp-server packetsize 512 snmp-server location RTP snmp-server contact IOSHA snmp-server chassis-id SANITY snmp-server enable traps snmp linkdown linkup coldstart warmstart snmp-server enable traps memory snmp-server enable traps cpu_threshold snmp-server enable traps rf snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps entity snmp-server enable traps flash insertion removal snmp-server enable traps storm-control trap-rate 1 snmp-server enable traps bgp snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps ipmulticast snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps syslog snmp-server host 10.5.1.24 version 2c 4500-TB1 snmp-server host 10.28.18.6 version 2c public snmp-server host 10.29.9.11 version 2c public udp-port 9898 config snmp-server host 10.29.9.9 version 2c public snmp-server host 50.1.1.1 version 2c public snmp-server host 50.1.1.1 version 2c public udp-port 9876 snmp-server manager ! radius-server dead-criteria time 60 radius-server host 10.29.9.12 auth-port 1645 acct-port 1646 test username test radius-server key cisco123 radius-server vsa send accounting radius-server vsa send authentication alias configure cdb do clear ip dhcp binding * alias configure sdb do sh ip dhcp binding alias configure sds do sh ip dhcp server statis alias configure cdss do clear ip dhcp server statis ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line vty 0 4 exec-timeout 0 0 password lab line vty 5 10 exec-timeout 0 0 password lab line vty 11 15 ! ! monitor session 1 source vlan 3201 , 3401 monitor session 1 filter packet-type good rx monitor session 1 filter ip access-group 199 monitor session 2 source interface Po41 monitor session 2 destination remote vlan 990 monitor session 2 filter packet-type good rx ntp clock-period 17254830 mac address-table notification mac-move end