gddl630
asked on
4507R: high CPU usage + outages < 20sec
for a few times in the period we have had various hosts not being able to see each other and servers lost connection between them.
the issue manifested itself between 13:05 and 13:20 today and I noticed that although normal CPU usage is <40% in the period the CPU usage of the switch varies between 60 and 100%.
what can I do to identify the cause and/or what should we be doing while it is happening?
the issue manifested itself between 13:05 and 13:20 today and I noticed that although normal CPU usage is <40% in the period the CPU usage of the switch varies between 60 and 100%.
what can I do to identify the cause and/or what should we be doing while it is happening?
Can you post a show logging from the router, it should have logged the process hogging the CPU.
ASKER
is it possible that this type of logging is not enabled?
Apr 9 13:00:34: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15824) -> 10.30.0.20(1433), 1 packet
Apr 9 13:00:57: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15826) -> 10.30.0.20(445), 1 packet
Apr 9 13:01:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr 9 13:01:38: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15827) -> 10.30.0.20(1433), 1 packet
Apr 9 13:02:01: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15828) -> 10.30.0.20(445), 1 packet
Apr 9 13:02:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 1 packet
Apr 9 13:02:42: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15829) -> 10.30.0.20(1433), 1 packet
Apr 9 13:02:46: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15830) -> 10.30.0.77(2222), 1 packet
Apr 9 13:03:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 1 packet
Apr 9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15781) -> 10.30.0.20(137), 4 packets
Apr 9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15817) -> 10.30.0.77(2222), 2 packets
Apr 9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15816) -> 10.30.0.20(1433), 3 packets
Apr 9 13:03:05: %SEC-6-IPACCESSLOGDP: list 114 denied icmp 192.168.100.55 -> 10.30.0.20 (0/0), 10 packets
Apr 9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15818) -> 10.30.0.20(445), 2 packets
Apr 9 13:03:34: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15834) -> 10.30.0.1(445), 1 packet
Apr 9 13:03:46: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15836) -> 10.30.0.20(1433), 1 packet
Apr 9 13:03:50: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15837) -> 10.30.0.1(137), 1 packet
Apr 9 13:03:55: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15839) -> 10.30.0.1(389), 1 packet
Apr 9 13:04:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 5 packets
Apr 9 13:04:09: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15843) -> 10.30.0.20(445), 1 packet
Apr 9 13:04:39: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15845) -> 10.30.0.1(389), 1 packet
Apr 9 13:04:50: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15846) -> 10.30.0.20(1433), 1 packet
Apr 9 13:05:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 4 packets
Apr 9 13:05:13: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15848) -> 10.30.0.20(445), 1 packet
Apr 9 13:05:54: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15849) -> 10.30.0.20(1433), 1 packet
Apr 9 13:06:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr 9 13:06:17: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15850) -> 10.30.0.20(445), 1 packet
Apr 9 13:06:58: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15851) -> 10.30.0.20(1433), 1 packet
Apr 9 13:07:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr 9 13:07:14: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15853) -> 10.30.0.2(389), 1 packet
Apr 9 13:07:21: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15858) -> 10.30.0.20(445), 1 packet
Apr 9 13:08:02: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15862) -> 10.30.0.20(1433), 1 packet
Apr 9 13:08:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 10 packets
Apr 9 13:08:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15781) -> 10.30.0.20(137), 7 packets
Apr 9 13:08:05: %SEC-6-IPACCESSLOGDP: list 114 denied icmp 192.168.100.55 -> 10.30.0.20 (0/0), 8 packets
Apr 9 13:08:07: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15863) -> 10.30.0.77(2222), 1 packet
Apr 9 13:08:25: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15864) -> 10.30.0.20(445), 1 packet
Apr 9 13:09:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr 9 13:09:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15840) -> 10.30.0.2(389), 2 packets
Apr 9 13:09:06: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15865) -> 10.30.0.20(1433), 1 packet
Apr 9 13:09:29: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15867) -> 10.30.0.20(445), 1 packet
Apr 9 13:10:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 2 packets
Apr 9 13:10:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15846) -> 10.30.0.20(1433), 2 packets
Apr 9 13:10:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15845) -> 10.30.0.1(389), 1 packet
Apr 9 13:10:10: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15868) -> 10.30.0.20(1433), 1 packet
Apr 9 13:11:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15848) -> 10.30.0.20(445), 1 packet
Apr 9 13:11:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15849) -> 10.30.0.20(1433), 2 packets
Apr 9 13:12:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15851) -> 10.30.0.20(1433), 1 packet
Apr 9 13:12:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15850) -> 10.30.0.20(445), 1 packet
Apr 9 13:12:07: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51926) -> 10.30.0.77(15871), 1 packet
Apr 9 13:12:28: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51928) -> 10.30.0.77(15871), 1 packet
Apr 9 13:12:49: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51934) -> 10.30.0.77(15871), 1 packet
Apr 9 13:13:01: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51951) -> 10.30.0.77(15871), 1 packet
Apr 9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15781) -> 10.30.0.20(137), 2 packets
Apr 9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15858) -> 10.30.0.20(445), 2 packets
Apr 9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15854) -> 10.30.0.1(389), 2 packets
Apr 9 13:13:05: %SEC-6-IPACCESSLOGDP: list 114 denied icmp 192.168.100.55 -> 10.30.0.20 (0/0), 4 packets
Apr 9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15853) -> 10.30.0.2(389), 1 packet
Apr 9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15862) -> 10.30.0.20(1433), 1 packet
Apr 9 13:13:25: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51953) -> 10.30.0.77(15871), 1 packet
Apr 9 13:14:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15863) -> 10.30.0.77(2222), 1 packet
Apr 9 13:14:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15864) -> 10.30.0.20(445), 2 packets
Apr 9 13:15:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15865) -> 10.30.0.20(1433), 2 packets
Apr 9 13:15:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15867) -> 10.30.0.20(445), 2 packets
Apr 9 13:16:04: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15869) -> 10.30.0.1(137), 1 packet
Apr 9 13:16:42: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15870) -> 10.30.0.1(389), 1 packet
Apr 9 13:16:44: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15871) -> 10.30.0.1(389), 1 packet
Apr 9 13:16:48: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15873) -> 10.0.0.131(389), 1 packet
Apr 9 13:16:51: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15874) -> 10.30.0.2(389), 1 packet
Apr 9 13:16:53: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15875) -> 10.30.0.2(389), 1 packet
Apr 9 13:16:58: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15877) -> 10.0.0.131(389), 1 packet
Apr 9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51926) -> 10.30.0.77(15871), 1 packet
Apr 9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51928) -> 10.30.0.77(15871), 1 packet
Apr 9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51934) -> 10.30.0.77(15871), 2 packets
Apr 9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51951) -> 10.30.0.77(15871), 2 packets
Apr 9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51936) -> 10.30.0.77(15871), 3 packets
Apr 9 13:19:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51953) -> 10.30.0.77(15871), 1 packet
Since its logging 6-INFORMATIONAL, I would imagine it would log higher severity issues automatically. Can you post configuration?
There's nothing in those logs that really stand out.
Do you HAVE to log ACL hits?
There's nothing in those logs that really stand out.
Do you HAVE to log ACL hits?
ASKER
ACL hits may have been enabled when migrating to a different ISP, can't think of another reason
4507R#sh run
Building configuration...
Current configuration : 73616 bytes
!
! Last configuration change at 12:17:53 BST Fri Feb 19 2010
! NVRAM config last updated at 13:53:39 BST Thu Jan 28 2010
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service compress-config
!
hostname 4507R
!
boot-start-marker
boot system bootflash:cat4000-i9s-mz.122-25.EWA5.bin
boot-end-marker
!
!
redundancy
mode rpr
main-cpu
auto-sync standard
logging buffered 214748 debugging
no logging monitor
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
clock timezone BST 0
clock summer-time BST date Mar 30 2008 1:00 Oct 26 2008 2:00
qos
vtp domain ''
vtp mode transparent
ip subnet-zero
ip domain-name domain.com
ip name-server 10.30.0.1
ip name-server 10.30.0.2
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-11,20,23,26,40,76,100-121,1001-1002 priority 24576
port-channel load-balance src-dst-mac
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 2-9
!
vlan 10
name COMPANY-PIX-BT-inside
!
vlan 11,20,23
!
vlan 26
name ironport-gw
!
vlan 40
name NWH-ROOF-Wireless
!
vlan 50
name Eyecare-LG-Lab
!
vlan 76
!
vlan 80
name VOIP-Servers
!
vlan 100
!
vlan 101
name Tenant-Test
!
vlan 102
name Tenant-Tenant1
!
vlan 103
name Tenant-Tenant2
!
vlan 104
name Tenant-Tenant3
!
vlan 105
name Tenant-Tenant4
!
vlan 106
name Tenant-Tenant5
!
vlan 107
name Tenant-Tenant6
!
vlan 108
name Tenant-Tenant7
!
vlan 109
name Tenant-Tenant8
!
vlan 110
name Tenant-Tenant9
!
vlan 111
name Tenant-Tenant10
!
vlan 112
name Tenant-Tenant11
!
vlan 113
name Tenant-Tenant12
!
vlan 114
name Tenant-Tenant13
!
vlan 115
name Tenant-Tenant14
!
vlan 116
name Tenant-Tenant15
!
vlan 117
name Tenant-Tenant16
!
vlan 118
name Tenant-Tenant17
!
vlan 119
name Tenant-Tenant18
!
vlan 120
name Tenant-Tenant19
!
vlan 121
name Tenant-Tenant20
!
class-map match-all voip
match access-group 100
class-map match-all rate-limit-tenants
match access-group 106
class-map match-all rate-limit-freya
match access-group 107
class-map match-all rate-limit-bad-tenants
match access-group 109
!
!
policy-map rate-limit-tenants
class rate-limit-tenants
police 1.5 mbps 3 mbyte conform-action transmit exceed-action drop
policy-map rate-limit-freya
class rate-limit-freya
policy-map rate-limit-bad-tenants
class rate-limit-bad-tenants
police 512 kbps 1 mbyte conform-action transmit exceed-action drop
policy-map QoS
class voip
policy-map qos
class voip
!
!
interface Port-channel1
description EtherChannel 1 for SRV-FILER-1 CIFS on VLAN3
switchport
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface Port-channel2
description EtherChannel 2 for SRV-FILER-2 DB on VLAN3
switchport
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface Port-channel3
description EtherChannel 3 for 2-UL-10-1
switchport
switchport mode access
!
interface Port-channel5
description SRV-FILE-1 EtherChannel 5 10.30.0.26
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel6
description INDIA EtherChannel 6 10.30.0.25
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel7
description MONICA EtherChannel 7 10.30.0.21
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel8
description E2K7CCRNODE2 EtherChannel 8 10.30.0.14
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel9
description ELECTRA EtherChannel 9 10.30.0.27
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel10
description CHRISTINA EtherChannel 10 10.30.0.10
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel11
description ELECTRA EtherChannel 11 10.30.0.27
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel12
description ERICA EtherChannel 12 10.30.0.30
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel13
description VERRAA EtherChannel 13 10.30.0.72
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel14
description VERRAB EtherChannel 14 10.30.0.73
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel15
description SRV-AV-GW EtherChannel 15 10.30.0.38
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel16
description EMILYA EtherChannel 16 10.30.0.58
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel17
description EMILYB EtherChannel 17 10.30.0.59
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel18
description CAROLYN EtherChannel 18 10.30.0.56
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel19
description MARIAH EtherChannel 19 10.30.0.55
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel20
description JANE EtherChannel 20 10.30.0.59
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel21
description TRINITY EtherChannel 21 10.30.0.254
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel22
description CINDY EtherChannel 22 10.30.0.20
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel23
description ATHENA EtherChannel 23 10.30.0.12
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel24
description NOT IN USE
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel25
description NWH-ASTERISK-2 EtherChannel LACP 25 10.30.0.84
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel26
description SAMANTHA EtherChannel 26 10.30.0.24
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel27
description MONICA NEW TEMP EtherChannel 27 10.30.0.29
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel28
description ----- Tenants 192.168.100.0/24 vlan 100 LACP 28 -----
switchport
switchport access vlan 100
switchport mode access
!
interface Port-channel29
description ----- 2-LG 10.0.0.0/8 vlan 1 LACP 29 -----
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50
switchport mode trunk
!
interface Port-channel30
description ISABELLA EtherChannel 30 10.30.0.13
switchport
switchport mode access
spanning-tree portfast
!
interface Port-channel31
description 4507R <-> 4507R-1 B EtherChannel 31
switchport
switchport mode access
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet2/1
!
interface GigabitEthernet2/2
!
interface GigabitEthernet3/1
description SRV-FILER-1 A CIFS EtherChannel 1 172.16.0.3
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 1 mode on
!
interface GigabitEthernet3/2
description SRV-FILER-1 C CIFS EtherChannel 1 172.16.0.2
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 1 mode on
!
interface GigabitEthernet3/3
description SRV-FILER-2 A SQL EtherChannel 2 172.16.0.3
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 2 mode on
!
interface GigabitEthernet3/4
description SRV-FILER-2 C SQL EtherChannel 2 172.16.0.3
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 2 mode on
!
interface GigabitEthernet3/5
switchport mode access
channel-group 31 mode desirable
!
interface GigabitEthernet3/6
switchport mode access
channel-group 31 mode desirable
!
interface GigabitEthernet4/1
description SRV-FILER-1 B CIFS EtherChannel 1 172.16.0.2
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 1 mode on
!
interface GigabitEthernet4/2
description SRV-FILER-1 D CIFS EtherChannel 1 172.16.0.2
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 1 mode on
!
interface GigabitEthernet4/3
description SRV-FILER-2 B SQL EtherChannel 2 172.16.0.3
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 2 mode on
!
interface GigabitEthernet4/4
description SRV-FILER-2 D SQL EtherChannel 2 172.16.0.3
switchport access vlan 3
switchport mode access
flowcontrol receive off
spanning-tree portfast
channel-group 2 mode on
!
interface GigabitEthernet4/5
!
interface GigabitEthernet4/6
description HP ProCurve 3400cl
!
interface GigabitEthernet5/1
shutdown
!
interface GigabitEthernet5/2
shutdown
!
interface GigabitEthernet5/3
description CINDY A Etherchannel 22 10.30.0.20
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 22 mode active
!
interface GigabitEthernet5/4
description CINDY B Etherchannel 22 10.30.0.20
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 22 mode active
!
interface GigabitEthernet5/5
description Kaylee 10.30.0.108
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/6
description Kaylee II
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/7
description SRV-FILE-1 B Etherchannel 5 10.30.0.26
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 5 mode active
!
interface GigabitEthernet5/8
shutdown
!
interface GigabitEthernet5/9
description ----- Rack 1 - HP 2626 switch vlan 1 -----
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/10
description ----- 2-4-U3 Uplink to TSM and Prog - gi5/10 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,8,26,40,100,101,106
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/11
shutdown
!
interface GigabitEthernet5/12
description MONICA NEW TEMP A EtherChannel 27 10.30.0.29
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 27 mode active
!
interface GigabitEthernet5/13
description ----- 2-11-U1 - Gi5/13 - vlan 1,40,100,116 - Uplink 1 to 11th Floor -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,100,116
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/14
description MONICA NEW TEMP B EtherChannel 27 10.30.0.29
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 27 mode active
!
interface GigabitEthernet5/15
shutdown
!
interface GigabitEthernet5/16
description 4507R-PDU-1-1
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/17
description VERRAA B Etherchannel 13 10.30.0.72
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 13 mode active
!
interface GigabitEthernet5/18
description 4507R-PDU-1-2
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/19
description ----- ironport-gw - vlan 26 - 192.168.26.222 -----
switchport access vlan 26
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/20
description 4507R-PDU-2-1
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/21
description VERRAB B Etherchannel 14 10.30.0.73
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 14 mode active
!
interface GigabitEthernet5/22
description 4507R-PDU-2-2
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/23
description ----- NWH-ASTERISK-2 - A - VLAN 80 - gi5/23 - 192.168.80.84 -----
switchport access vlan 80
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet5/24
description 4507R-PDU-3-1
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/25
shutdown
!
interface GigabitEthernet5/26
description 4507R-PDU-3-2
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/27
description ----- 2-7-U1 - Tenants 7th Floor - gi5/27 - vlan 1,100,105,110 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,105,110,120
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/28
description 4507R-PDU-4-1
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/29
description ----- NWH-VOIP-1 - A - VLAN 80 - gi5/29 - 192.168.80.81 -----
switchport access vlan 80
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet5/30
description 4507R-PDU-4-2
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/31
description ----- 2-5-U1 - Tenants 5th Floor - gi5/31 - vlan 1,100,111,112,113,114,115 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,111-115,118,119
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/32
description 4507R-PDU-5-1
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/33
description EMILYA B Etherchannel 16 10.30.0.58
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 16 mode active
!
interface GigabitEthernet5/34
shutdown
!
interface GigabitEthernet5/35
description ----- NWH-VOIP-2 - A - VLAN 80 - gi5/35 - 192.168.80.82 -----
switchport access vlan 80
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet5/36
shutdown
!
interface GigabitEthernet5/37
description Lauren 10.30.0.107
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/38
description KAITLYN Websense
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet5/39
description TEMPORARY UPS SNMP
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet5/40
description TILL NETWORK 192.168.4.0/24 VLAN 4
switchport access vlan 4
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/41
description ----- 2-10-U1 - Gi5/41 - Uplink 1 to 10th Floor -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,106,117
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/42
description ----- 2-2CC-U1 - NWH-2ND-SW-STOCK-ROOM - gi5/42 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,100
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/43
description Lauren monitor
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/44
shutdown
!
interface GigabitEthernet5/45
description ----- 2-8-U1 - Tenants 8th Floor - VLAN 1,100,109 - Gi5/45 ------
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,109
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/46
shutdown
!
interface GigabitEthernet5/47
description 2-4-U2 Uplink to new office on 4th floor
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet5/48
description NWH-RTR-BACKUP-DSL 10.0.2.1
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet6/1
description ----- 2-LG-U1 - LACP 29 - vlan 50 - 192.168.50.0/24 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50
switchport mode trunk
flowcontrol receive off
flowcontrol send off
channel-group 29 mode active
!
interface GigabitEthernet6/2
description ----- NWH-ASTERISK-5 - A - VLAN 80 - gi6/2 - 192.168.80.87 -----
switchport access vlan 80
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet6/3
description ----- 2-6-U1 - NWH-6TH-SW-1-1 - gi6/3 VLANs 1,100,102,103,104,108,121 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,102-104,108,121
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/4
description SRV-FILE-1 A Etherchannel 5 10.30.0.26
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 5 mode active
!
interface GigabitEthernet6/5
description ----- NWH-ASTERISK-4 - A - VLAN 80 - gi6/5 - 192.168.80.86 -----
switchport access vlan 80
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet6/6
description ELECTRA A 10.30.0.27 EtherChannel 11
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 11 mode active
!
interface GigabitEthernet6/7
description SAMANTHA A EtherChannel 26 10.30.0.24
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 26 mode active
!
interface GigabitEthernet6/8
description CHRISTINA A EtherChannel 10 10.30.0.10
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 10 mode active
!
interface GigabitEthernet6/9
shutdown
!
interface GigabitEthernet6/10
description ----- KEELEY LEGAL ------
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/11
description ----- 2-GND-U2 - vlan 1,100 - Gi6/11 -----
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/12
description 2-U-10-2
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/13
description 2-1-U4
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/14
description 2-1-U3
switchport mode access
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/15
description INDIA A EtherChannel 6 10.30.0.25
switchport mode access
spanning-tree portfast
channel-protocol lacp
channel-group 6 mode active
!
interface GigabitEthernet6/16
description 2-U-10-1 A EtherChannel 3 Uplink to 10range switch in rack
switchport mode access
flowcontrol receive off
flowcontrol send off
channel-group 3 mode on
!
interface GigabitEthernet6/17
shutdown
!
interface GigabitEthernet6/18
description ----- NWH-2ND-SW-1-1 (Tenants Rack) - vlan 1,100,105,108 - gi6/18 - Tenants A -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,105
switchport mode trunk
service-policy input rate-limit-bad-tenants
service-policy output rate-limit-bad-tenants
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/19
description ----- 2-9-U1 - Uplink to 9th Floor -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet6/20
description CYPHER IDS PIX (inside) 10.30.200.1
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet6/21
description E2K7CCRNODE1 10.30.0.13
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet6/22
description E2K7CCRNODE2 A EtherChannel 8 10.30.0.14
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 8 mode active
!
interface GigabitEthernet6/23
description ----- COMPANY-PIX-BT - vlan 10 - gi6/23 - 192.168.110.254 -----
switchport access vlan 10
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet6/24
description ----- Cisco PIX inside - vlan 5,8 - 192.168.10.254 - Gi6/24 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,8
switchport mode trunk
speed 100
duplex full
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet7/1
description ----- JESSICA - 10.30.0.76 - gi7/1 -----
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet7/2
description EMILYA A Etherchannel 16 10.30.0.58
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 16 mode active
!
interface GigabitEthernet7/3
description CLEO 10.30.0.93
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet7/4
shutdown
!
interface GigabitEthernet7/5
description FREYA 10.30.0.36
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
!
interface GigabitEthernet7/6
description ELECTRA B 10.30.0.27 EtherChannel 11
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 11 mode active
!
interface GigabitEthernet7/7
description SAMANTHA B EtherChannel 26 10.30.0.24
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 26 mode active
!
interface GigabitEthernet7/8
description CHRISTINA B EtherChannel 10 10.30.0.10
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 10 mode active
!
interface GigabitEthernet7/9
description VERRAA A Etherchannel 13 10.30.0.72
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 13 mode active
!
interface GigabitEthernet7/10
shutdown
!
interface GigabitEthernet7/11
description VERRAB A Etherchannel 14 10.30.0.73
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 14 mode active
!
interface GigabitEthernet7/12
shutdown
!
interface GigabitEthernet7/13
shutdown
!
interface GigabitEthernet7/14
shutdown
!
interface GigabitEthernet7/15
description INDIA B EtherChannel 6 10.30.0.25
switchport mode access
spanning-tree portfast
channel-protocol lacp
channel-group 6 mode active
!
interface GigabitEthernet7/16
description 2-U-10-1 B EtherChannel 3 Uplink B to 10 range switch in rack
switchport mode access
flowcontrol receive off
flowcontrol send off
channel-group 3 mode on
!
interface GigabitEthernet7/17
shutdown
!
interface GigabitEthernet7/18
description ----- NWH-2ND-SW-1-TEMP (Tenants Rack) - vlan 1,107 - gi7/18 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,107
switchport mode trunk
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet7/19
shutdown
!
interface GigabitEthernet7/20
shutdown
!
interface GigabitEthernet7/21
shutdown
!
interface GigabitEthernet7/22
shutdown
!
interface GigabitEthernet7/23
description ----- NWH-EUSTON P2P fiber - vlan 5,7,8 - Gi7/23 -----
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,7,8
switchport mode trunk
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
shutdown
speed 100
duplex full
flowcontrol receive off
flowcontrol send off
!
interface GigabitEthernet7/24
description E2K7CCRNODE2 B EtherChannel 8 10.30.0.14
switchport mode access
flowcontrol receive off
flowcontrol send off
spanning-tree portfast
channel-protocol lacp
channel-group 8 mode active
!
interface Vlan1
description ----- vlan 1 - 10.0.0.0/8 -----
ip address 10.10.0.1 255.0.0.0
no ip redirects
!
interface Vlan3
description ------ vlan 3 - 172.16.0.0/24 - SAN -----
ip address 172.16.0.1 255.255.255.0
no ip redirects
!
interface Vlan4
description ----- vlan 4 - 192.168.4.0/24 - COFFEE & TEASE TILLS -----
ip address 192.168.4.1 255.255.255.0
ip access-group 104 in
no ip redirects
!
interface Vlan5
description ----- vlan 5 - 192.168.10.0/24 - COMPANY-PIX inside -----
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 12122F46405B1F5D2B
ip ospf hello-interval 1
ip ospf retransmit-interval 1
!
interface Vlan7
description ----- vlan 7 - 192.168.74.0/24 - NWH-Euston (Point-to-Point fiber) -----
ip address 192.168.74.1 255.255.255.0
no ip redirects
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 110233544542185505
ip ospf hello-interval 1
ip ospf retransmit-interval 1
!
interface Vlan8
description ----- vlan 8 - 192.168.200.0/24 - DMZ -----
ip address 192.168.200.4 255.255.255.0
no ip redirects
!
interface Vlan10
description ----- vlan 10 - 192.168.110.0/24 - COMPANY-PIX-BT inside -----
ip address 192.168.110.1 255.255.255.0
no ip redirects
!
interface Vlan11
description ----- vlan 11 - 192.168.11.0/24 - Payware -----
ip address 192.168.11.1 255.255.255.0
no ip redirects
!
interface Vlan26
description ----- vlan 26 - 192.168.26.0/24 - ironport-gw -----
ip address 192.168.26.1 255.255.255.0
no ip redirects
!
interface Vlan40
description ----- NWH-ROOF-Wireless - Roof - vlan 40 - 192.168.40.0/24 -----
ip address 192.168.40.1 255.255.255.0
ip helper-address 10.30.0.1
no ip redirects
!
interface Vlan50
description ----- Eyecare-LG-Lab - Lower Ground - vlan 50 - 192.168.50.0/24 -----
ip address 192.168.50.1 255.255.255.0
ip helper-address 10.30.0.1
no ip redirects
!
interface Vlan76
description ----- NWH-WEM P2P Fiber vlan 76 int gi5/46 -----
ip address 192.168.76.1 255.255.255.0
no ip redirects
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 130E3D43595C17732A
ip ospf hello-interval 1
ip ospf retransmit-interval 1
!
interface Vlan80
description ----- VOIP-Servers - vlan 80 - 192.168.80.0/24 -----
ip address 192.168.80.1 255.255.255.0
ip helper-address 10.30.0.1
no ip redirects
!
interface Vlan100
description ----- Tenants Internet rate limited ------
ip address 192.168.1.1 255.255.255.0 secondary
ip address 192.168.100.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan101
description ----- VOIP Test - VLAN 101 - 172.25.1.0/24 -----
ip address 172.25.1.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
shutdown
!
interface Vlan102
description ----- Tenant Tenant1 - Room 612 - VLAN 102 - 172.25.2.0/24 -----
ip address 172.25.2.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan103
description ----- Tenant Tenant2 - VLAN 103 - 172.25.3.0/24 -----
ip address 172.25.3.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan104
description ----- Tenant-Tenant3 - VLAN 104 - 172.25.4.0/24 -----
ip address 172.25.4.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan105
description ----- Tenant-Tenant4 - VLAN 105 - 172.25.5.0/24 -----
ip address 172.25.5.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan106
description ----- Tenant-Tenant5 - VLAN 106 - 172.25.6.0/24 -----
ip address 172.25.6.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan107
description ----- Tenant-Tenant6 - VLAN 107 - 172.25.7.0/24 -----
ip address 172.25.7.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan108
description ----- Tenant-Tenant7
ip address 172.25.8.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan109
description ----- Tenant-Tenant8 -----
ip address 172.25.9.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan110
description ----- Tenant-Tenant9 - 7th Floor - vlan 110 - 172.25.10.0/24 ----
ip address 172.25.10.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan111
description ------ Tenant-Tenant10 - 5th Floor - vlan 111 - 172.25.11.0/24 -----
ip address 172.25.11.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan112
description ------ Tenant-Tenant11 - 5th Floor - vlan 112 - 172.25.12.0/24 -----
ip address 172.25.12.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan113
description ------ Tenant-Tenant12 - 5th Floor - vlan 113 - 172.25.13.0/24 -----
ip address 172.25.13.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan114
description ------ Tenant-Tenant13 - 5th Floor - vlan 114 - 172.25.14.0/24 -----
ip address 172.25.14.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan115
description ----- Tenant-Tenant14 - 5th Floor - vlan 115 - 172.25.15.0/24 -----
ip address 172.25.15.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan116
description ----- Tenant-Tenant15 - 11th Floor - vlan 116 - 172.25.16.0/24 -----
ip address 172.25.16.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan117
description ----- Tenant-Tenant16 - 10th Floor - vlan 117 - 172.25.17.0/24 -----
ip address 172.25.17.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan118
description ----- Tenant-Tenant17 - 5th Floor - vlan 118 - 172.25.18.0/24 -----
ip address 172.25.18.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan119
description ----- Tenant18 - 5th Floor - vlan 119 - 172.25.19.0/24 -----
ip address 172.25.19.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan120
description ----- Tenant-Tenant19 - 7th Floor - vlan 120 - 172.25.20.0/24 -----
ip address 172.25.20.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
interface Vlan121
description ----- Tenant-Tenant20 - 6th Floor - vlan 121 - 172.25.21.0/24 -----
ip address 172.25.21.1 255.255.255.0
ip access-group 114 in
ip helper-address 10.30.0.1
no ip redirects
service-policy input rate-limit-tenants
service-policy output rate-limit-tenants
!
router ospf 1
router-id 10.10.0.1
log-adjacency-changes
area 0 authentication message-digest
redistribute connected
redistribute static
network 10.0.0.0 0.255.255.255 area 0
network 172.16.0.0 0.0.255.255 area 0
network 172.25.0.0 0.0.255.255 area 0
network 192.168.7.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.74.0 0.0.0.255 area 0
network 192.168.76.0 0.0.0.255 area 0
default-information originate
!
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip forward-protocol udp bootpc
ip route 0.0.0.0 0.0.0.0 192.168.110.254
ip route 10.30.0.80 255.255.255.255 192.168.80.80
"ip route entries containing external IPs removed"
ip http server
!
!
access-list 23 remark ---- Management access to router via telnet ----
access-list 23 remark ---- Permit access from CYPHER (OSPF monitoring) ----
access-list 23 permit 10.30.200.1
access-list 23 remark ---- Permit access from TRINITY ----
access-list 23 permit 10.30.0.254
access-list 100 remark VOIP (SIP/IAX/IAX2) traffic must get top priority
access-list 100 permit udp any any eq 4569
access-list 100 permit udp any any eq 5004
access-list 100 permit udp any any eq 5036
access-list 100 permit udp any any eq 5060
access-list 100 permit udp any any range 10000 20000
access-list 104 remark ----- Permit DNS -----
access-list 104 permit udp any host 10.30.0.1 eq domain
access-list 104 permit udp any host 10.30.0.2 eq domain
access-list 104 permit tcp host 192.168.4.3 eq 3389 host 10.0.0.59 gt 1024 log
access-list 104 permit tcp host 192.168.4.3 eq 3389 host 10.0.0.143 gt 1024 log
access-list 104 permit tcp host 192.168.4.3 eq 3389 host 10.0.0.117 gt 1024 log
access-list 104 remark ----- Permit ICMP from TRINITY for Monitoring ----
access-list 104 permit icmp any host 10.30.0.254
access-list 104 remark ----- Permit Innovations support for Till Network - outbound connections only ----
access-list 104 permit ip any 195.80.24.0 0.0.0.255 log
access-list 104 permit ip any host 219.64.82.217 log
access-list 104 permit ip any host 80.69.10.38 log
access-list 104 remark ----- Permit Andrew Smith access to Till Network ----
access-list 104 permit icmp any host 10.9.0.190
access-list 104 permit tcp any eq 3389 host 10.9.0.190
access-list 104 permit icmp any host 10.9.0.191
access-list 104 permit tcp any eq 3389 host 10.9.0.191
access-list 104 deny ip any any
access-list 106 remark ----- Tenants QoS Rate Limiting -----
access-list 106 remark ----- Do not rate limit tenants VLAN 100 to our private networks -----
access-list 106 deny ip 192.168.100.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 106 deny ip 192.168.100.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 106 deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 106 remark ------ Do not rate limit tenants private VLANs to our private networks -----
access-list 106 deny ip 172.25.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 106 deny ip 172.25.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 106 deny ip 172.25.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 106 remark ------ Rate Limit all other Tenants access -----
access-list 106 permit ip 192.168.100.0 0.0.0.255 any
access-list 106 permit ip any 192.168.100.0 0.0.0.255
access-list 106 permit ip 172.25.0.0 0.0.255.255 any
access-list 106 permit ip any 172.25.0.0 0.0.255.255
access-list 106 remark ------ Do not rate limit everything else - what is left is COMPANY traffic -----
access-list 106 deny ip any any
access-list 107 remark ----- Freya QoS Rate Limiting -----
access-list 107 remark ----- Do not rate limit private ranges -----
access-list 107 deny ip host 10.30.0.36 10.0.0.0 0.255.255.255
access-list 107 deny ip 10.0.0.0 0.255.255.255 host 10.30.0.36
access-list 107 deny ip host 10.30.0.36 172.16.0.0 0.15.255.255
access-list 107 deny ip 172.16.0.0 0.15.255.255 host 10.30.0.36
access-list 107 deny ip host 10.30.0.36 192.168.0.0 0.0.255.255
access-list 107 deny ip 192.168.0.0 0.0.255.255 host 10.30.0.36
access-list 107 remark ----- Rate limit freya ingress/egress internet -----
access-list 107 permit ip host 10.30.0.36 any
access-list 107 permit ip any host 10.30.0.36
access-list 108 remark ----- Test ACL -----
access-list 108 permit ip any any log
access-list 109 remark ----- Do not rate limit our private hosted services ranges ------
access-list 109 deny ip any 10.0.0.0 0.255.255.255
access-list 109 deny ip 10.0.0.0 0.255.255.255 any
access-list 109 deny ip any 172.16.0.0 0.15.255.255
access-list 109 deny ip 172.16.0.0 0.15.255.255 any
access-list 109 remark ----- Do not rate limit FTP, SMTP, HTTP, POP3, IMAP, HTTPS, SMTP-TLS, IMAPS ------
access-list 109 deny tcp any gt 1024 any eq ftp
access-list 109 deny tcp any gt 1024 any eq smtp
access-list 109 deny tcp any gt 1024 any eq www
access-list 109 deny tcp any gt 1024 any eq pop3
access-list 109 deny tcp any gt 1024 any eq 143
access-list 109 deny tcp any gt 1024 any eq 443
access-list 109 deny tcp any gt 1024 any eq 587
access-list 109 deny tcp any gt 1024 any eq 993
access-list 109 remark ----- Do not rate limit tenant hosted FTP, SMTP, HTTP, POP3, IMAP, HTTPS, SMTP-TLS, IMAPS ------
access-list 109 deny tcp any eq ftp any gt 1024
access-list 109 deny tcp any eq smtp any gt 1024
access-list 109 deny tcp any eq www any gt 1024
access-list 109 deny tcp any eq pop3 any gt 1024
access-list 109 deny tcp any eq 143 any gt 1024
access-list 109 deny tcp any eq 443 any gt 1024
access-list 109 deny tcp any eq 587 any gt 1024
access-list 109 deny tcp any eq 993 any gt 1024
access-list 109 remark ----- Rate limit known Bittorrent ports -----
access-list 109 permit tcp any gt 1024 any range 6881 6999
access-list 109 remark ----- Rate limit all other protocols ----
access-list 109 permit ip any any
access-list 111 remark ----- Tenants Network Restrictions 192.168.100.0/24 and VLANs on 172.25.0.0/16 -----
access-list 111 remark ----- Permit ICMP to our DNS Servers -----
access-list 111 permit icmp any host 10.30.0.1
access-list 111 permit icmp any host 10.30.0.2
access-list 111 remark ----- Permit ICMP to our Public Web Server FREYA -----
access-list 111 permit icmp any host 10.30.0.34
access-list 111 permit icmp any host 10.30.0.36
access-list 111 remark ----- Permit ICMP to our VOIP network
access-list 111 permit icmp any host 10.30.0.80
access-list 111 permit icmp any host 10.30.0.81
access-list 111 permit icmp any host 10.30.0.82
access-list 111 permit icmp any host 10.30.0.83
access-list 111 permit icmp any host 10.30.0.84
access-list 111 permit icmp any host 10.30.0.85
access-list 111 permit icmp any host 10.30.0.86
access-list 111 permit icmp any host 10.30.0.87
access-list 111 remark ----- Permit limited ICMP to anywhere ------
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any source-quench
access-list 111 remark ----- Permit 10.9.0.0/16 established connections only -----
access-list 111 permit tcp any eq www 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit tcp any eq 443 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit tcp any eq 3389 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit tcp any eq 5900 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.80 eq ntp
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to our VOIP servers -----
access-list 111 permit tcp any eq www host 10.30.0.80 gt 1024 established
access-list 111 permit tcp any eq www host 10.30.0.81 gt 1024 established
access-list 111 permit tcp any eq www host 10.30.0.82 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.80 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.80 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.81 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.81 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.82 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.82 gt 1024
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-1 -----
access-list 111 permit tcp any eq www host 10.30.0.83 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.83 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.83 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.83 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-2 -----
access-list 111 permit tcp any eq www host 10.30.0.84 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.84 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.84 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.84 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-3 -----
access-list 111 permit tcp any eq www host 10.30.0.85 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.85 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.85 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.85 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-4 -----
access-list 111 permit tcp any eq www host 10.30.0.86 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.86 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.86 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.86 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-5 -----
access-list 111 permit tcp any eq www host 10.30.0.87 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.87 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.87 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.87 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-6 -----
access-list 111 permit tcp any eq www host 10.30.0.88 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.88 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.88 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.88 range 10000 20000
access-list 111 remark ----- Permit access to freya www.COMPANYplc.com -----
access-list 111 permit tcp any gt 1024 host 10.30.0.34 eq www
access-list 111 permit tcp any gt 1024 host 10.30.0.34 eq 443
access-list 111 remark ----- Permit access to freya www.COMPANYplc1.com -----
access-list 111 permit tcp any gt 1024 host 10.30.0.36 eq www
access-list 111 permit tcp any gt 1024 host 10.30.0.36 eq 443
access-list 111 remark ----- Permit Tenant Tenant8 hosted services -----
access-list 111 permit tcp host 192.168.100.72 eq smtp any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq www any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq 443 any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq 3389 any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq 4125 any gt 1024 established
access-list 111 remark ----- Permit DNS lookups to any DNS server -----
access-list 111 permit udp any gt 1024 any eq domain
access-list 111 remark ----- Permit DHCP requests -----
access-list 111 permit udp any eq bootpc any eq bootps
access-list 111 remark ----- Deny access to private ranges which will cover all our networks we wish to keep private -----
access-list 111 remark ----- Deny access to 10.0.0.0/8 -----
access-list 111 deny ip any 10.0.0.0 0.255.255.255 log
access-list 111 remark ----- Deny access to 127.0.0.1 -----
access-list 111 deny ip any host 127.0.0.1
access-list 111 remark ----- Deny access to 172.16.0.0-172.31.255.255 -----
access-list 111 deny ip any 172.16.0.0 0.15.255.255
access-list 111 remark ----- Deny 192.168.0.0/16 -----
access-list 111 deny ip any 192.168.0.0 0.0.255.255
access-list 111 remark ----- Internet access controlled by Cisco PIX acl_in -----
access-list 111 permit ip any any
access-list 114 remark ----- Tenants Network Restrictions 192.168.100.0/24 and VLANs on 172.25.0.0/16 -----
access-list 114 remark ----- Permit ICMP to our DNS Servers -----
access-list 114 permit icmp any host 10.30.0.1
access-list 114 permit icmp any host 10.30.0.2
access-list 114 remark ----- Permit ICMP to our Public Web Server FREYA -----
access-list 114 permit icmp any host 10.30.0.34
access-list 114 permit icmp any host 10.30.0.36
access-list 114 remark ----- Permit VOIP migration to 192.168.80.0/24 -----
access-list 114 permit ip any 192.168.80.0 0.0.0.255
access-list 114 remark ----- Permit ICMP to our VOIP network
access-list 114 permit icmp any host 10.30.0.80
access-list 114 permit icmp any host 10.30.0.81
access-list 114 permit icmp any host 10.30.0.82
access-list 114 permit icmp any host 10.30.0.83
access-list 114 permit icmp any host 10.30.0.84
access-list 114 permit icmp any host 10.30.0.85
access-list 114 permit icmp any host 10.30.0.86
access-list 114 permit icmp any host 10.30.0.87
access-list 114 remark ----- Permit limited ICMP to anywhere ------
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any packet-too-big
access-list 114 permit icmp any any source-quench
access-list 114 remark ----- Permit 10.9.0.0/16 established connections only -----
access-list 114 permit tcp any eq www 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit tcp any eq 443 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit tcp any eq 3389 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit tcp any eq 5900 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.80 eq ntp
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to our VOIP servers -----
access-list 114 permit tcp any eq www host 10.30.0.80 gt 1024 established
access-list 114 permit tcp any eq www host 10.30.0.81 gt 1024 established
access-list 114 permit tcp any eq www host 10.30.0.82 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.80 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.80 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.81 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.81 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.82 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.82 gt 1024
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-1 -----
access-list 114 permit tcp any eq www host 10.30.0.83 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.83 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.83 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.83 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-2 -----
access-list 114 permit tcp any eq www host 10.30.0.84 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.84 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.84 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.84 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-3 -----
access-list 114 permit tcp any eq www host 10.30.0.85 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.85 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.85 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.85 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-4 -----
access-list 114 permit tcp any eq www host 10.30.0.86 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.86 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.86 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.86 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-5 -----
access-list 114 permit tcp any eq www host 10.30.0.87 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.87 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.87 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.87 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-6 -----
access-list 114 permit tcp any eq www host 10.30.0.88 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.88 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.88 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.88 range 10000 20000
access-list 114 remark ----- Permit access to freya www.COMPANYplc.com -----
access-list 114 permit tcp any gt 1024 host 10.30.0.34 eq www
access-list 114 permit tcp any gt 1024 host 10.30.0.34 eq 443
access-list 114 remark ----- Permit access to freya www.COMPANYplc1.com -----
access-list 114 permit tcp any gt 1024 host 10.30.0.36 eq www
access-list 114 permit tcp any gt 1024 host 10.30.0.36 eq 443
access-list 114 remark ----- Permit Tenant Tenant8 hosted services -----
access-list 114 permit tcp host 192.168.100.72 eq smtp any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq www any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq 443 any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq 3389 any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq 4125 any gt 1024 established
access-list 114 remark ----- Permit DNS lookups to any DNS server -----
access-list 114 permit udp any gt 1024 any eq domain
access-list 114 remark ----- Permit DHCP requests -----
access-list 114 permit udp any eq bootpc any eq bootps
access-list 114 remark ----- Deny access to private ranges which will cover all our networks we wish to keep private -----
access-list 114 remark ----- Deny access to 10.0.0.0/8 -----
access-list 114 deny ip any 10.0.0.0 0.255.255.255 log
access-list 114 remark ----- Deny access to 127.0.0.1 -----
access-list 114 deny ip any host 127.0.0.1
access-list 114 remark ----- Deny access to 172.16.0.0-172.31.255.255 -----
access-list 114 deny ip any 172.16.0.0 0.15.255.255
access-list 114 remark ----- Deny 192.168.0.0/16 -----
access-list 114 deny ip any 192.168.0.0 0.0.255.255
access-list 114 remark ----- Internet access controlled by Cisco PIX acl_in -----
access-list 114 permit ip any any
access-list 120 remark ----- DMZ access list -----
access-list 130 remark ----- rate-limit-all ------
access-list 130 permit ip any any
access-list 150 remark ----- migrate internet to COMPANY-PIX-BT -----
access-list 150 deny ip any 192.168.10.0 0.0.0.255
access-list 150 permit ip host 10.9.0.190 any
!
route-map migrate-internet permit 10
match ip address 152
set ip next-hop 192.168.10.254
!
snmp-server community snmpstring RO
snmp-server trap link ietf
snmp-server trap-source Vlan1
snmp-server contact
snmp-server chassis-id Cisco4507R
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps stpx
snmp-server enable traps rf
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps copy-config
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal
snmp-server enable traps syslog
snmp-server enable traps bridge
snmp-server enable traps envmon
snmp-server enable traps hsrp
snmp-server enable traps bgp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rtr
snmp-server enable traps vlan-membership
snmp-server host 10.30.0.254 snmpstring
snmp-server host 10.30.0.109 snmpstring
snmp-server host 10.30.200.1 snmpstring
!
banner motd ^C
WARNING
Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.
Disconnect IMMEDIATELY if you are not an authorized user!
Cisco Catalyst 4507R
version 12.2
Copyright (C) 2007 Cisco Systems. All Rights Reserved.
^C
!
line con 0
password 7 10450518
logging synchronous
login
stopbits 1
line vty 0 4
access-class 23 in
password 7 12120916
logging synchronous
login
line vty 5 15
access-class 23 in
password 7 12120916
logging synchronous
login
!
!
monitor session 1 source interface Gi6/23
monitor session 1 destination interface Gi5/43
monitor session 2 source interface Gi6/23
monitor session 2 destination interface Gi5/38
ntp clock-period 17179502
ntp update-calendar
ntp server 10.30.0.80 prefer
!
end
4507R#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no debugging, but thanks for the article