Академический Документы
Профессиональный Документы
Культура Документы
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
!
ip
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
dhcp
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
excluded-address
10.8.61.1
10.8.64.1
10.8.65.1
10.8.70.1
10.8.71.1
10.8.74.1
10.8.75.1
10.8.80.1
10.8.81.1
10.8.84.1
10.8.85.1
10.8.16.1
10.8.17.1
10.8.61.255
10.8.64.15
10.8.65.255
10.8.70.15
10.8.71.255
10.8.74.15
10.8.75.255
10.8.80.15
10.8.81.255
10.8.84.15
10.8.85.255
10.8.16.15
10.8.17.255
!
ip dhcp pool vlan25
network 10.8.24.0 255.255.254.0
default-router 10.8.25.1
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan30
network 10.8.30.0 255.255.254.0
default-router 10.8.30.1
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan35
network 10.8.34.0 255.255.254.0
default-router 10.8.35.1
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan45
network 10.8.44.0 255.255.254.0
default-router 10.8.45.1
option 43 hex f104.0a01.0208
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan65
network 10.8.64.0 255.255.254.0
default-router 10.8.65.1
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan70
network 10.8.70.0 255.255.254.0
default-router 10.8.70.1
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan75
network 10.8.74.0 255.255.254.0
default-router 10.8.75.1
option 43 hex f104.0a01.0208
dns-server 10.1.11.13 10.1.11.16
!
ip dhcp pool vlan40
network 10.8.40.0 255.255.254.0
default-router 10.8.40.1
option 43 hex f104.0a01.0208
revision 1
instance 1 vlan 2, 16, 20, 25, 30, 35, 40, 45
instance 2 vlan 50, 55, 60, 65, 70, 75, 80, 85
!
spanning-tree mst 0-1 priority 24576
spanning-tree mst 2 priority 28672
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
interface Loopback0
ip address 10.8.0.2 255.255.255.255
!
interface Port-channel10
description TO_CBE0008_03_DS02
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-protocol lacp
channel-group 10 mode active
ip dhcp snooping trust
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-protocol lacp
channel-group 10 mode active
ip dhcp snooping trust
!
interface GigabitEthernet1/0/3
description TO_CBE0008_03_ER01
switchport access vlan 304
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/4
description To CBE0004_00_AS01_Gig 2/3
!
interface GigabitEthernet1/0/11
description To CBE0004_11_AS02_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 75
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/12
description To CBE0004_13_AS01_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 85
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/13
description To CBE0004_02_AS02_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/14
description To CBE0004_03_AS02_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 35
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/15
description To CBE0004_03_AS03_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 35
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/16
description TO_CBE0004_09_AS01_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 65
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/17
description To CBE0004_03_AS03_Gig 0/25
switchport trunk encapsulation dot1q
switchport trunk native vlan 35
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
!
interface GigabitEthernet1/0/18
description To CBE0004_07_AS01_Gig 0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 55
switchport mode trunk
switchport nonegotiate
ip verify source port-security
ip dhcp snooping trust
interface GigabitEthernet1/0/19
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.8.2.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 045809031C244F5C0C0D
standby 10 ip 10.8.2.1
standby 10 timers msec 100 msec 300
standby 10 priority 105
standby 10 preempt
standby 10 authentication md5 key-string 7 0327792E2627127E7E
spanning-tree guard root
!
interface Vlan5
ip address 10.8.3.18 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 01100401480E051D2458
ip ospf network point-to-point
!
interface Vlan6
no ip address
!
interface Vlan16
ip address 10.8.16.2 255.255.254.0
ip access-group INTERNET_USERS in
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 13061517180907382E30
standby 10 ip 10.8.16.1
standby 10 timers msec 100 msec 300
standby 10 preempt
standby 10 authentication md5 key-string 7 0327792E2627127E7E
spanning-tree guard root
!
interface Vlan20
ip address 10.8.20.2 255.255.254.0
ip access-group DATA_USERS in
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 13061517180907382E30
standby 10 ip 10.8.20.1
standby 10 timers msec 100 msec 300
standby 10 preempt
standby 10 authentication md5 key-string 7 0327792E2627127E7E
spanning-tree guard root
!
interface Vlan25
ip address 10.8.25.2 255.255.254.0
ip access-group DATA_USERS in
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 1414100E1F012939213C
standby 10 ip 10.8.25.1
standby 10 timers msec 100 msec 300
standby 10 preempt
standby 10 authentication md5 key-string 7 0327792E2627127E7E
spanning-tree guard root
!
interface Vlan30
ip address 10.8.30.2 255.255.254.0
ip access-group DATA_USERS in
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 0508040A32494D1B1C11
standby 10 ip 10.8.30.1
standby 10 timers msec 100 msec 300
standby 10 preempt
standby 10 authentication md5 key-string 7 0327792E2627127E7E
spanning-tree guard root
!
interface Vlan35
ip address 10.8.35.2 255.255.254.0
ip access-group DATA_USERS in
no ip redirects
no ip unreachables
no ip proxy-arp
!
no ip http server
no ip http secure-server
!
ip tacacs source-interface Vlan2
!
ip access-list extended DATA_USERS
deny ip 10.8.0.0 0.0.255.255 host 10.1.11.7
deny ip 10.8.0.0 0.0.255.255 host 10.1.11.8
permit ip 10.8.0.0 0.0.255.255 172.31.6.0 0.0.0.255
permit ip 10.8.0.0 0.0.255.255 172.31.3.0 0.0.0.255
permit ip 10.8.0.0 0.0.255.255 172.31.9.8 0.0.0.7
permit ip 10.8.54.0 0.0.1.255 172.31.9.16 0.0.0.7
permit ip 10.8.54.0 0.0.1.255 172.17.3.16 0.0.0.7
deny ip 10.8.0.0 0.0.255.255 172.31.0.0 0.0.255.255
permit ip any any
ip access-list extended INTERNET_USERS
permit ip any host 166.98.6.70
permit ip any host 72.21.91.29
permit ip any host 128.136.2.54
permit ip host 10.8.17.93 any
permit ip host 10.8.16.13 any
permit ip host 10.8.17.181 any
permit ip 10.8.16.0 0.0.1.255 host 10.3.16.181
permit ip 10.8.16.0 0.0.1.255 host 10.3.15.20
permit ip 10.8.16.0 0.0.1.255 host 10.3.15.11
permit ip 10.8.16.0 0.0.1.255 host 10.3.15.10
permit tcp 10.8.16.0 0.0.1.255 host 10.1.16.9 eq 3389
deny tcp 10.8.16.0 0.0.1.255 any eq 3389
permit ip 10.8.16.0 0.0.1.255 10.1.11.0 0.0.0.255
permit ip 10.8.16.0 0.0.1.255 10.3.11.0 0.0.0.255
permit ip 10.8.16.0 0.0.1.255 172.31.6.0 0.0.0.255
permit ip 10.8.16.0 0.0.1.255 host 10.1.11.7
permit ip 10.8.16.0 0.0.1.255 host 10.1.11.8
permit tcp 10.8.16.0 0.0.1.255 10.1.11.0 0.0.0.255 eq
permit tcp 10.8.16.0 0.0.1.255 10.1.11.0 0.0.0.255 eq
permit tcp 10.8.16.0 0.0.1.255 10.1.11.0 0.0.0.255 eq
permit tcp 10.8.16.0 0.0.1.255 10.3.11.0 0.0.0.255 eq
permit tcp 10.8.16.0 0.0.1.255 10.3.11.0 0.0.0.255 eq
permit tcp 10.8.16.0 0.0.1.255 10.3.11.0 0.0.0.255 eq
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.31.0.0 0.0.255.255
permit ip any any
!
ip sla enable reaction-alerts
logging esm config
logging source-interface Vlan2
logging 10.1.2.5
logging 10.1.2.2
logging 10.1.2.3
access-list 10 permit 10.8.24.22
access-list 10 permit 10.8.24.21
access-list 10 permit 10.8.55.5
access-list 10 permit 10.8.55.6
access-list 10 permit 10.8.55.14
access-list 10 permit 10.8.51.69
access-list 10 permit 10.8.55.136
access-list 10 permit 10.1.2.0 0.0.0.255
access-list 10 permit 10.2.2.0 0.0.0.255
access-list 10 permit 10.3.2.0 0.0.0.255
www
domain
443
443
domain
www
!
snmp-server engineID local 1234567890
snmp-server user CBESNMPCBE CBESNMPGR v2c
snmp-server group CBEAdmin v3 priv notify *tv.00000001.00000000.00000000.0000000
0.000000007F
snmp-server group CBESNMPGR v2c read CBERD
snmp-server group CBE_ADMINS-PRIV v3 priv notify *tv.00000001.00000000.00000000.
000000007F
snmp-server group CBE_ADMINS_PRIV v3 priv notify *tv.00000001.00000000.00000000.
000000007F
snmp-server view CBERD mib-2 included
snmp-server view CBERD cisco included
snmp-server host 10.1.2.2 version 3 priv CBEAdmin udp-port 161 snmp
snmp-server host 10.1.2.3 version 3 priv CBEAdmin udp-port 161 snmp
snmp-server host 10.1.2.5 version 3 priv CBEAdmin udp-port 161 snmp
tacacs-server host 10.1.2.4 single-connection
tacacs-server directed-request
tacacs-server key 7 047829232F08627D28
!
!
!
!
line con 0
exec-timeout 5 0
password 7 013024217B22283C00
authorization commands 15 CBEAdmin
accounting commands 15 CBEAdmin
logging synchronous
stopbits 1
line vty 0 4
access-class 10 in
exec-timeout 5 0
password 7 112A3B20373B253F25
authorization commands 15 CBEAdmin
accounting commands 15 CBEAdmin
transport input ssh
line vty 5 15
transport input none
!
ntp authentication-key 10 md5 0225267E25323F 7
ntp authenticate
ntp trusted-key 10
ntp server 10.1.2.10 key 10
end