[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1146
  • Last Modified:

4507R: high CPU usage + outages < 20sec

for a few times in the period we have had various hosts not being able to see each other and servers lost connection between them.
the issue manifested itself between 13:05 and 13:20 today and I noticed that although normal CPU usage is <40% in the period the CPU usage of the switch varies between 60 and 100%.
what can I do to identify the cause and/or what should we be doing while it is happening?
0
gddl630
Asked:
gddl630
  • 3
  • 3
1 Solution
 
Nayyar HH (CCIE RS)Network ArchitectCommented:
Can you post a show logging from the router, it should have logged the process hogging the CPU.
0
 
gddl630Author Commented:
is it possible that this type of logging is not enabled?
Apr  9 13:00:34: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15824) -> 10.30.0.20(1433), 1 packet
Apr  9 13:00:57: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15826) -> 10.30.0.20(445), 1 packet
Apr  9 13:01:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr  9 13:01:38: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15827) -> 10.30.0.20(1433), 1 packet
Apr  9 13:02:01: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15828) -> 10.30.0.20(445), 1 packet
Apr  9 13:02:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 1 packet
Apr  9 13:02:42: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15829) -> 10.30.0.20(1433), 1 packet
Apr  9 13:02:46: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15830) -> 10.30.0.77(2222), 1 packet
Apr  9 13:03:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 1 packet
Apr  9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15781) -> 10.30.0.20(137), 4 packets
Apr  9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15817) -> 10.30.0.77(2222), 2 packets
Apr  9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15816) -> 10.30.0.20(1433), 3 packets
Apr  9 13:03:05: %SEC-6-IPACCESSLOGDP: list 114 denied icmp 192.168.100.55 -> 10.30.0.20 (0/0), 10 packets
Apr  9 13:03:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15818) -> 10.30.0.20(445), 2 packets
Apr  9 13:03:34: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15834) -> 10.30.0.1(445), 1 packet
Apr  9 13:03:46: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15836) -> 10.30.0.20(1433), 1 packet
Apr  9 13:03:50: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15837) -> 10.30.0.1(137), 1 packet
Apr  9 13:03:55: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15839) -> 10.30.0.1(389), 1 packet
Apr  9 13:04:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 5 packets
Apr  9 13:04:09: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15843) -> 10.30.0.20(445), 1 packet
Apr  9 13:04:39: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15845) -> 10.30.0.1(389), 1 packet
Apr  9 13:04:50: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15846) -> 10.30.0.20(1433), 1 packet
Apr  9 13:05:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 4 packets
Apr  9 13:05:13: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15848) -> 10.30.0.20(445), 1 packet
Apr  9 13:05:54: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15849) -> 10.30.0.20(1433), 1 packet
Apr  9 13:06:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr  9 13:06:17: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15850) -> 10.30.0.20(445), 1 packet
Apr  9 13:06:58: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15851) -> 10.30.0.20(1433), 1 packet
Apr  9 13:07:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr  9 13:07:14: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15853) -> 10.30.0.2(389), 1 packet
Apr  9 13:07:21: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15858) -> 10.30.0.20(445), 1 packet
Apr  9 13:08:02: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15862) -> 10.30.0.20(1433), 1 packet
Apr  9 13:08:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 10 packets
Apr  9 13:08:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15781) -> 10.30.0.20(137), 7 packets
Apr  9 13:08:05: %SEC-6-IPACCESSLOGDP: list 114 denied icmp 192.168.100.55 -> 10.30.0.20 (0/0), 8 packets
Apr  9 13:08:07: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15863) -> 10.30.0.77(2222), 1 packet
Apr  9 13:08:25: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15864) -> 10.30.0.20(445), 1 packet
Apr  9 13:09:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Apr  9 13:09:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15840) -> 10.30.0.2(389), 2 packets
Apr  9 13:09:06: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15865) -> 10.30.0.20(1433), 1 packet
Apr  9 13:09:29: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15867) -> 10.30.0.20(445), 1 packet
Apr  9 13:10:05: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 2 packets
Apr  9 13:10:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15846) -> 10.30.0.20(1433), 2 packets
Apr  9 13:10:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15845) -> 10.30.0.1(389), 1 packet
Apr  9 13:10:10: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15868) -> 10.30.0.20(1433), 1 packet
Apr  9 13:11:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15848) -> 10.30.0.20(445), 1 packet
Apr  9 13:11:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15849) -> 10.30.0.20(1433), 2 packets
Apr  9 13:12:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15851) -> 10.30.0.20(1433), 1 packet
Apr  9 13:12:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15850) -> 10.30.0.20(445), 1 packet
Apr  9 13:12:07: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51926) -> 10.30.0.77(15871), 1 packet
Apr  9 13:12:28: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51928) -> 10.30.0.77(15871), 1 packet
Apr  9 13:12:49: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51934) -> 10.30.0.77(15871), 1 packet
Apr  9 13:13:01: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51951) -> 10.30.0.77(15871), 1 packet
Apr  9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15781) -> 10.30.0.20(137), 2 packets
Apr  9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15858) -> 10.30.0.20(445), 2 packets
Apr  9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15854) -> 10.30.0.1(389), 2 packets
Apr  9 13:13:05: %SEC-6-IPACCESSLOGDP: list 114 denied icmp 192.168.100.55 -> 10.30.0.20 (0/0), 4 packets
Apr  9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15853) -> 10.30.0.2(389), 1 packet
Apr  9 13:13:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15862) -> 10.30.0.20(1433), 1 packet
Apr  9 13:13:25: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51953) -> 10.30.0.77(15871), 1 packet
Apr  9 13:14:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15863) -> 10.30.0.77(2222), 1 packet
Apr  9 13:14:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15864) -> 10.30.0.20(445), 2 packets
Apr  9 13:15:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15865) -> 10.30.0.20(1433), 2 packets
Apr  9 13:15:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15867) -> 10.30.0.20(445), 2 packets
Apr  9 13:16:04: %SEC-6-IPACCESSLOGP: list 114 denied udp 192.168.100.55(15869) -> 10.30.0.1(137), 1 packet
Apr  9 13:16:42: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15870) -> 10.30.0.1(389), 1 packet
Apr  9 13:16:44: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15871) -> 10.30.0.1(389), 1 packet
Apr  9 13:16:48: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15873) -> 10.0.0.131(389), 1 packet
Apr  9 13:16:51: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15874) -> 10.30.0.2(389), 1 packet
Apr  9 13:16:53: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15875) -> 10.30.0.2(389), 1 packet
Apr  9 13:16:58: %SEC-6-IPACCESSLOGP: list 114 denied tcp 192.168.100.55(15877) -> 10.0.0.131(389), 1 packet
Apr  9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51926) -> 10.30.0.77(15871), 1 packet
Apr  9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51928) -> 10.30.0.77(15871), 1 packet
Apr  9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51934) -> 10.30.0.77(15871), 2 packets
Apr  9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51951) -> 10.30.0.77(15871), 2 packets
Apr  9 13:18:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51936) -> 10.30.0.77(15871), 3 packets
Apr  9 13:19:05: %SEC-6-IPACCESSLOGP: list 114 denied tcp 172.25.18.52(51953) -> 10.30.0.77(15871), 1 packet

Open in new window

0
 
Nayyar HH (CCIE RS)Network ArchitectCommented:
Since its logging 6-INFORMATIONAL, I would imagine it would log higher severity issues automatically. Can you post configuration?

There's nothing in those logs that really stand out.

Do you HAVE to log ACL hits?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
gddl630Author Commented:
ACL hits may have been enabled when migrating to a different ISP, can't think of another reason
4507R#sh run
Building configuration...

Current configuration : 73616 bytes
!
! Last configuration change at 12:17:53 BST Fri Feb 19 2010
! NVRAM config last updated at 13:53:39 BST Thu Jan 28 2010
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service compress-config
!
hostname 4507R
!
boot-start-marker
boot system bootflash:cat4000-i9s-mz.122-25.EWA5.bin
boot-end-marker
!
!
redundancy
 mode rpr
 main-cpu
  auto-sync standard
logging buffered 214748 debugging
no logging monitor
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
clock timezone BST 0
clock summer-time BST date Mar 30 2008 1:00 Oct 26 2008 2:00
qos
vtp domain ''
vtp mode transparent
ip subnet-zero
ip domain-name domain.com
ip name-server 10.30.0.1
ip name-server 10.30.0.2
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-11,20,23,26,40,76,100-121,1001-1002 priority 24576
port-channel load-balance src-dst-mac
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 2-9 
!
vlan 10
 name COMPANY-PIX-BT-inside
!
vlan 11,20,23 
!
vlan 26
 name ironport-gw
!
vlan 40
 name NWH-ROOF-Wireless
!
vlan 50
 name Eyecare-LG-Lab
!
vlan 76 
!
vlan 80
 name VOIP-Servers
!
vlan 100 
!
vlan 101
 name Tenant-Test
!
vlan 102
 name Tenant-Tenant1 
!
vlan 103
 name Tenant-Tenant2 
!
vlan 104
 name Tenant-Tenant3
!
vlan 105
 name Tenant-Tenant4
!
vlan 106
 name Tenant-Tenant5
!
vlan 107
 name Tenant-Tenant6
!
vlan 108
 name Tenant-Tenant7
!
vlan 109
 name Tenant-Tenant8
!
vlan 110
 name Tenant-Tenant9
!
vlan 111
 name Tenant-Tenant10
!
vlan 112
 name Tenant-Tenant11
!
vlan 113
 name Tenant-Tenant12
!
vlan 114
 name Tenant-Tenant13
!
vlan 115
 name Tenant-Tenant14
!
vlan 116
 name Tenant-Tenant15
!
vlan 117
 name Tenant-Tenant16
!
vlan 118
 name Tenant-Tenant17
!
vlan 119
 name Tenant-Tenant18
!
vlan 120
 name Tenant-Tenant19
!
vlan 121
 name Tenant-Tenant20
!
class-map match-all voip
  match access-group 100
class-map match-all rate-limit-tenants
  match access-group 106
class-map match-all rate-limit-freya
  match access-group 107
class-map match-all rate-limit-bad-tenants
  match access-group 109
!
!
policy-map rate-limit-tenants
  class rate-limit-tenants
    police 1.5 mbps 3 mbyte conform-action transmit exceed-action drop 
policy-map rate-limit-freya
  class rate-limit-freya
policy-map rate-limit-bad-tenants
  class rate-limit-bad-tenants
    police 512 kbps 1 mbyte conform-action transmit exceed-action drop 
policy-map QoS
  class voip
policy-map qos
  class voip
!
!
interface Port-channel1
 description EtherChannel 1 for SRV-FILER-1 CIFS on VLAN3
 switchport
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface Port-channel2
 description EtherChannel 2 for SRV-FILER-2 DB on VLAN3
 switchport
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface Port-channel3
 description EtherChannel 3 for 2-UL-10-1
 switchport
 switchport mode access
!
interface Port-channel5
 description SRV-FILE-1 EtherChannel 5 10.30.0.26
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel6
 description INDIA EtherChannel 6 10.30.0.25
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel7
 description MONICA EtherChannel 7 10.30.0.21
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel8
 description E2K7CCRNODE2 EtherChannel 8 10.30.0.14
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel9
 description ELECTRA EtherChannel 9 10.30.0.27
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel10
 description CHRISTINA EtherChannel 10 10.30.0.10
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel11
 description ELECTRA EtherChannel 11 10.30.0.27
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel12
 description ERICA EtherChannel 12 10.30.0.30
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel13
 description VERRAA EtherChannel 13 10.30.0.72
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel14
 description VERRAB EtherChannel 14 10.30.0.73
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel15
 description SRV-AV-GW EtherChannel 15 10.30.0.38
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel16
 description EMILYA EtherChannel 16 10.30.0.58
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel17
 description EMILYB EtherChannel 17 10.30.0.59
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel18
 description CAROLYN EtherChannel 18 10.30.0.56
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel19
 description MARIAH EtherChannel 19 10.30.0.55
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel20
 description JANE EtherChannel 20 10.30.0.59
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel21
 description TRINITY EtherChannel 21 10.30.0.254
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel22
 description CINDY EtherChannel 22 10.30.0.20
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel23
 description ATHENA EtherChannel 23 10.30.0.12
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel24
 description NOT IN USE
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel25
 description NWH-ASTERISK-2 EtherChannel LACP 25 10.30.0.84
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel26
 description SAMANTHA EtherChannel 26 10.30.0.24
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel27
 description MONICA NEW TEMP EtherChannel 27 10.30.0.29
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel28
 description ----- Tenants 192.168.100.0/24 vlan 100 LACP 28 -----
 switchport
 switchport access vlan 100
 switchport mode access
!
interface Port-channel29
 description ----- 2-LG 10.0.0.0/8 vlan 1 LACP 29 -----
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,50
 switchport mode trunk
!
interface Port-channel30
 description ISABELLA EtherChannel 30 10.30.0.13
 switchport
 switchport mode access
 spanning-tree portfast
!
interface Port-channel31
 description 4507R <-> 4507R-1 B EtherChannel 31
 switchport
 switchport mode access
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet2/1
!
interface GigabitEthernet2/2
!
interface GigabitEthernet3/1
 description SRV-FILER-1 A CIFS EtherChannel 1 172.16.0.3
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 1 mode on
!
interface GigabitEthernet3/2
 description SRV-FILER-1 C CIFS EtherChannel 1 172.16.0.2
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 1 mode on
!
interface GigabitEthernet3/3
 description SRV-FILER-2 A SQL EtherChannel 2 172.16.0.3
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 2 mode on
!
interface GigabitEthernet3/4
 description SRV-FILER-2 C SQL EtherChannel 2 172.16.0.3
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 2 mode on
!
interface GigabitEthernet3/5
 switchport mode access
 channel-group 31 mode desirable
!
interface GigabitEthernet3/6
 switchport mode access
 channel-group 31 mode desirable
!
interface GigabitEthernet4/1
 description SRV-FILER-1 B CIFS EtherChannel 1 172.16.0.2
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 1 mode on
!
interface GigabitEthernet4/2
 description SRV-FILER-1 D CIFS EtherChannel 1 172.16.0.2
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 1 mode on
!
interface GigabitEthernet4/3
 description SRV-FILER-2 B SQL EtherChannel 2 172.16.0.3
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 2 mode on
!
interface GigabitEthernet4/4
 description SRV-FILER-2 D SQL EtherChannel 2 172.16.0.3
 switchport access vlan 3
 switchport mode access
 flowcontrol receive off
 spanning-tree portfast
 channel-group 2 mode on
!
interface GigabitEthernet4/5
!
interface GigabitEthernet4/6
 description HP ProCurve 3400cl
!
interface GigabitEthernet5/1
 shutdown
!
interface GigabitEthernet5/2
 shutdown
!
interface GigabitEthernet5/3
 description CINDY A Etherchannel 22 10.30.0.20
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 22 mode active
!
interface GigabitEthernet5/4
 description CINDY B Etherchannel 22 10.30.0.20
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 22 mode active
!
interface GigabitEthernet5/5
 description Kaylee 10.30.0.108
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/6
 description Kaylee II
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/7
 description SRV-FILE-1 B Etherchannel 5 10.30.0.26
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 5 mode active
!
interface GigabitEthernet5/8
 shutdown
!
interface GigabitEthernet5/9
 description ----- Rack 1 - HP 2626 switch vlan 1 -----
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/10
 description ----- 2-4-U3 Uplink to TSM and Prog - gi5/10 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,8,26,40,100,101,106
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/11
 shutdown
!
interface GigabitEthernet5/12
 description MONICA NEW TEMP A EtherChannel 27 10.30.0.29
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 27 mode active
!
interface GigabitEthernet5/13
 description ----- 2-11-U1 - Gi5/13 - vlan 1,40,100,116 - Uplink 1 to 11th Floor -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,40,100,116
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/14
 description MONICA NEW TEMP B EtherChannel 27 10.30.0.29
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 27 mode active
!
interface GigabitEthernet5/15
 shutdown
!
interface GigabitEthernet5/16
 description 4507R-PDU-1-1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/17
 description VERRAA B Etherchannel 13 10.30.0.72
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 13 mode active
!
interface GigabitEthernet5/18
 description 4507R-PDU-1-2
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/19
 description ----- ironport-gw - vlan 26 - 192.168.26.222 -----
 switchport access vlan 26
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/20
 description 4507R-PDU-2-1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/21
 description VERRAB B Etherchannel 14 10.30.0.73
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 14 mode active
!
interface GigabitEthernet5/22
 description 4507R-PDU-2-2
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/23
 description ----- NWH-ASTERISK-2 - A - VLAN 80 - gi5/23 - 192.168.80.84 -----
 switchport access vlan 80
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet5/24
 description 4507R-PDU-3-1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/25
 shutdown
!
interface GigabitEthernet5/26
 description 4507R-PDU-3-2
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/27
 description ----- 2-7-U1 - Tenants 7th Floor - gi5/27 - vlan 1,100,105,110 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,105,110,120
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/28
 description 4507R-PDU-4-1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/29
 description ----- NWH-VOIP-1 - A - VLAN 80 - gi5/29 - 192.168.80.81 -----
 switchport access vlan 80
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet5/30
 description 4507R-PDU-4-2
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/31
 description ----- 2-5-U1 - Tenants 5th Floor - gi5/31 - vlan 1,100,111,112,113,114,115 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,111-115,118,119
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/32
 description 4507R-PDU-5-1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/33
 description EMILYA B Etherchannel 16 10.30.0.58
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 16 mode active
!
interface GigabitEthernet5/34
 shutdown
!
interface GigabitEthernet5/35
 description ----- NWH-VOIP-2 - A - VLAN 80 - gi5/35 - 192.168.80.82 -----
 switchport access vlan 80
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet5/36
 shutdown
!
interface GigabitEthernet5/37
 description Lauren 10.30.0.107
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/38
 description KAITLYN Websense
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet5/39
 description TEMPORARY UPS SNMP
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet5/40
 description TILL NETWORK 192.168.4.0/24 VLAN 4
 switchport access vlan 4
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/41
 description ----- 2-10-U1 - Gi5/41 - Uplink 1 to 10th Floor -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,106,117
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/42
 description ----- 2-2CC-U1 - NWH-2ND-SW-STOCK-ROOM - gi5/42 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,40,100
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/43
 description Lauren monitor
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/44
 shutdown
!
interface GigabitEthernet5/45
 description ----- 2-8-U1 - Tenants 8th Floor - VLAN 1,100,109 - Gi5/45 ------
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,109
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/46
 shutdown
!
interface GigabitEthernet5/47
 description 2-4-U2 Uplink to new office on 4th floor
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet5/48
 description NWH-RTR-BACKUP-DSL 10.0.2.1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet6/1
 description ----- 2-LG-U1 - LACP 29 - vlan 50 - 192.168.50.0/24 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,50
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
 channel-group 29 mode active
!
interface GigabitEthernet6/2
 description ----- NWH-ASTERISK-5 - A - VLAN 80 - gi6/2 - 192.168.80.87 -----
 switchport access vlan 80
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet6/3
 description ----- 2-6-U1 - NWH-6TH-SW-1-1 - gi6/3 VLANs 1,100,102,103,104,108,121 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,102-104,108,121
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/4
 description SRV-FILE-1 A Etherchannel 5 10.30.0.26
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 5 mode active
!
interface GigabitEthernet6/5
 description ----- NWH-ASTERISK-4 - A - VLAN 80 - gi6/5 - 192.168.80.86 -----
 switchport access vlan 80
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet6/6
 description ELECTRA A 10.30.0.27 EtherChannel 11
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 11 mode active
!
interface GigabitEthernet6/7
 description SAMANTHA A EtherChannel 26 10.30.0.24
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 26 mode active
!
interface GigabitEthernet6/8
 description CHRISTINA A EtherChannel 10 10.30.0.10
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 10 mode active
!
interface GigabitEthernet6/9
 shutdown
!
interface GigabitEthernet6/10
 description ----- KEELEY LEGAL ------
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/11
 description ----- 2-GND-U2 - vlan 1,100 - Gi6/11 -----
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/12
 description 2-U-10-2
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/13
 description 2-1-U4
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/14
 description 2-1-U3
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/15
 description INDIA A EtherChannel 6 10.30.0.25
 switchport mode access
 spanning-tree portfast
 channel-protocol lacp
 channel-group 6 mode active
!
interface GigabitEthernet6/16
 description 2-U-10-1 A EtherChannel 3 Uplink to 10range switch in rack
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 channel-group 3 mode on
!
interface GigabitEthernet6/17
 shutdown
!
interface GigabitEthernet6/18
 description ----- NWH-2ND-SW-1-1 (Tenants Rack) - vlan 1,100,105,108 - gi6/18 - Tenants A -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,105
 switchport mode trunk
 service-policy input rate-limit-bad-tenants
 service-policy output rate-limit-bad-tenants
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/19
 description ----- 2-9-U1 - Uplink to 9th Floor -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet6/20
 description CYPHER IDS PIX (inside) 10.30.200.1
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet6/21
 description E2K7CCRNODE1 10.30.0.13
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet6/22
 description E2K7CCRNODE2 A EtherChannel 8 10.30.0.14
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 8 mode active
!
interface GigabitEthernet6/23
 description ----- COMPANY-PIX-BT - vlan 10 - gi6/23 - 192.168.110.254 -----
 switchport access vlan 10
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet6/24
 description ----- Cisco PIX inside - vlan 5,8 - 192.168.10.254 - Gi6/24 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 5,8
 switchport mode trunk
 speed 100
 duplex full
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet7/1
 description ----- JESSICA - 10.30.0.76 - gi7/1 -----
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet7/2
 description EMILYA A Etherchannel 16 10.30.0.58
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 16 mode active
!
interface GigabitEthernet7/3
 description CLEO 10.30.0.93
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet7/4
 shutdown
!
interface GigabitEthernet7/5
 description FREYA 10.30.0.36
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
!
interface GigabitEthernet7/6
 description ELECTRA B 10.30.0.27 EtherChannel 11
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 11 mode active
!
interface GigabitEthernet7/7
 description SAMANTHA B EtherChannel 26 10.30.0.24
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 26 mode active
!
interface GigabitEthernet7/8
 description CHRISTINA B EtherChannel 10 10.30.0.10
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 10 mode active
!
interface GigabitEthernet7/9
 description VERRAA A Etherchannel 13 10.30.0.72
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 13 mode active
!
interface GigabitEthernet7/10
 shutdown
!
interface GigabitEthernet7/11
 description VERRAB A Etherchannel 14 10.30.0.73
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 14 mode active
!
interface GigabitEthernet7/12
 shutdown
!
interface GigabitEthernet7/13
 shutdown
!
interface GigabitEthernet7/14
 shutdown
!
interface GigabitEthernet7/15
 description INDIA B EtherChannel 6 10.30.0.25
 switchport mode access
 spanning-tree portfast
 channel-protocol lacp
 channel-group 6 mode active
!
interface GigabitEthernet7/16
 description 2-U-10-1 B EtherChannel 3 Uplink B to 10 range switch in rack
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 channel-group 3 mode on
!
interface GigabitEthernet7/17
 shutdown
!
interface GigabitEthernet7/18
 description ----- NWH-2ND-SW-1-TEMP (Tenants Rack) - vlan 1,107 - gi7/18 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,107
 switchport mode trunk
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet7/19
 shutdown
!
interface GigabitEthernet7/20
 shutdown
!
interface GigabitEthernet7/21
 shutdown
!
interface GigabitEthernet7/22
 shutdown
!
interface GigabitEthernet7/23
 description ----- NWH-EUSTON P2P fiber - vlan 5,7,8 - Gi7/23 -----
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 5,7,8
 switchport mode trunk
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
 shutdown
 speed 100
 duplex full
 flowcontrol receive off
 flowcontrol send off
!
interface GigabitEthernet7/24
 description E2K7CCRNODE2 B EtherChannel 8 10.30.0.14
 switchport mode access
 flowcontrol receive off
 flowcontrol send off
 spanning-tree portfast
 channel-protocol lacp
 channel-group 8 mode active
!
interface Vlan1
 description ----- vlan 1 - 10.0.0.0/8 -----
 ip address 10.10.0.1 255.0.0.0
 no ip redirects
!
interface Vlan3
 description ------ vlan 3 - 172.16.0.0/24 - SAN -----
 ip address 172.16.0.1 255.255.255.0
 no ip redirects
!
interface Vlan4
 description ----- vlan 4 - 192.168.4.0/24 - COFFEE & TEASE TILLS -----
 ip address 192.168.4.1 255.255.255.0
 ip access-group 104 in
 no ip redirects
!
interface Vlan5
 description ----- vlan 5 - 192.168.10.0/24 - COMPANY-PIX inside -----
 ip address 192.168.10.1 255.255.255.0
 no ip redirects
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 12122F46405B1F5D2B
 ip ospf hello-interval 1
 ip ospf retransmit-interval 1
!
interface Vlan7
 description ----- vlan 7 - 192.168.74.0/24 - NWH-Euston (Point-to-Point fiber) -----
 ip address 192.168.74.1 255.255.255.0
 no ip redirects
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 110233544542185505
 ip ospf hello-interval 1
 ip ospf retransmit-interval 1
!
interface Vlan8
 description ----- vlan 8 - 192.168.200.0/24 - DMZ -----
 ip address 192.168.200.4 255.255.255.0
 no ip redirects
!
interface Vlan10
 description ----- vlan  10 - 192.168.110.0/24 - COMPANY-PIX-BT inside -----
 ip address 192.168.110.1 255.255.255.0
 no ip redirects
!
interface Vlan11
 description ----- vlan 11 - 192.168.11.0/24 - Payware -----
 ip address 192.168.11.1 255.255.255.0
 no ip redirects
!
interface Vlan26
 description ----- vlan 26 - 192.168.26.0/24 - ironport-gw -----
 ip address 192.168.26.1 255.255.255.0
 no ip redirects
!
interface Vlan40
 description ----- NWH-ROOF-Wireless - Roof - vlan 40 - 192.168.40.0/24 -----
 ip address 192.168.40.1 255.255.255.0
 ip helper-address 10.30.0.1
 no ip redirects
!
interface Vlan50
 description ----- Eyecare-LG-Lab - Lower Ground - vlan 50 - 192.168.50.0/24 -----
 ip address 192.168.50.1 255.255.255.0
 ip helper-address 10.30.0.1
 no ip redirects
!
interface Vlan76
 description ----- NWH-WEM P2P Fiber vlan 76 int gi5/46 -----
 ip address 192.168.76.1 255.255.255.0
 no ip redirects
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 130E3D43595C17732A
 ip ospf hello-interval 1
 ip ospf retransmit-interval 1
!
interface Vlan80
 description ----- VOIP-Servers - vlan 80 - 192.168.80.0/24 -----
 ip address 192.168.80.1 255.255.255.0
 ip helper-address 10.30.0.1
 no ip redirects
!
interface Vlan100
 description ----- Tenants Internet rate limited ------
 ip address 192.168.1.1 255.255.255.0 secondary
 ip address 192.168.100.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan101
 description ----- VOIP Test - VLAN 101 - 172.25.1.0/24 -----
 ip address 172.25.1.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
 shutdown
!
interface Vlan102
 description ----- Tenant Tenant1 - Room 612 - VLAN 102 - 172.25.2.0/24 -----
 ip address 172.25.2.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan103
 description ----- Tenant Tenant2 - VLAN 103 - 172.25.3.0/24 -----
 ip address 172.25.3.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan104
 description ----- Tenant-Tenant3 - VLAN 104 - 172.25.4.0/24 -----
 ip address 172.25.4.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan105
 description ----- Tenant-Tenant4 - VLAN 105 - 172.25.5.0/24 -----
 ip address 172.25.5.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan106
 description ----- Tenant-Tenant5 - VLAN 106 - 172.25.6.0/24 -----
 ip address 172.25.6.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan107
 description ----- Tenant-Tenant6 - VLAN 107 - 172.25.7.0/24 -----
 ip address 172.25.7.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan108
 description ----- Tenant-Tenant7
 ip address 172.25.8.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan109
 description ----- Tenant-Tenant8 -----
 ip address 172.25.9.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan110
 description ----- Tenant-Tenant9 - 7th Floor - vlan 110 - 172.25.10.0/24 ----
 ip address 172.25.10.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan111
 description ------ Tenant-Tenant10 - 5th Floor - vlan 111 - 172.25.11.0/24 -----
 ip address 172.25.11.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan112
 description ------ Tenant-Tenant11 - 5th Floor - vlan 112 - 172.25.12.0/24 -----
 ip address 172.25.12.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan113
 description ------ Tenant-Tenant12 - 5th Floor - vlan 113 - 172.25.13.0/24 -----
 ip address 172.25.13.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan114
 description ------ Tenant-Tenant13 - 5th Floor - vlan 114 - 172.25.14.0/24 -----
 ip address 172.25.14.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan115
 description ----- Tenant-Tenant14 - 5th Floor - vlan 115 - 172.25.15.0/24 -----
 ip address 172.25.15.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan116
 description ----- Tenant-Tenant15 - 11th Floor - vlan 116 - 172.25.16.0/24 -----
 ip address 172.25.16.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan117
 description ----- Tenant-Tenant16 - 10th Floor - vlan 117 - 172.25.17.0/24 -----
 ip address 172.25.17.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan118
 description ----- Tenant-Tenant17 - 5th Floor - vlan 118 - 172.25.18.0/24 -----
 ip address 172.25.18.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan119
 description ----- Tenant18 - 5th Floor - vlan 119 - 172.25.19.0/24 -----
 ip address 172.25.19.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan120
 description ----- Tenant-Tenant19 - 7th Floor - vlan 120 - 172.25.20.0/24 -----
 ip address 172.25.20.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
interface Vlan121
 description ----- Tenant-Tenant20 - 6th Floor - vlan 121 - 172.25.21.0/24 -----
 ip address 172.25.21.1 255.255.255.0
 ip access-group 114 in
 ip helper-address 10.30.0.1
 no ip redirects
 service-policy input rate-limit-tenants
 service-policy output rate-limit-tenants
!
router ospf 1
 router-id 10.10.0.1
 log-adjacency-changes
 area 0 authentication message-digest
 redistribute connected
 redistribute static
 network 10.0.0.0 0.255.255.255 area 0
 network 172.16.0.0 0.0.255.255 area 0
 network 172.25.0.0 0.0.255.255 area 0
 network 192.168.7.0 0.0.0.255 area 0
 network 192.168.10.0 0.0.0.255 area 0
 network 192.168.20.0 0.0.0.255 area 0
 network 192.168.74.0 0.0.0.255 area 0
 network 192.168.76.0 0.0.0.255 area 0
 default-information originate
!
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip forward-protocol udp bootpc
ip route 0.0.0.0 0.0.0.0 192.168.110.254
ip route 10.30.0.80 255.255.255.255 192.168.80.80

"ip route entries containing external IPs removed"

ip http server
!
!
access-list 23 remark ---- Management access to router via telnet ----        
access-list 23 remark ---- Permit access from CYPHER (OSPF monitoring) ----                         
access-list 23 permit 10.30.200.1
access-list 23 remark ---- Permit access from TRINITY ----                                          
access-list 23 permit 10.30.0.254
access-list 100 remark VOIP (SIP/IAX/IAX2) traffic must get top priority
access-list 100 permit udp any any eq 4569
access-list 100 permit udp any any eq 5004
access-list 100 permit udp any any eq 5036
access-list 100 permit udp any any eq 5060
access-list 100 permit udp any any range 10000 20000
access-list 104 remark ----- Permit DNS -----
access-list 104 permit udp any host 10.30.0.1 eq domain
access-list 104 permit udp any host 10.30.0.2 eq domain
access-list 104 permit tcp host 192.168.4.3 eq 3389 host 10.0.0.59 gt 1024 log
access-list 104 permit tcp host 192.168.4.3 eq 3389 host 10.0.0.143 gt 1024 log
access-list 104 permit tcp host 192.168.4.3 eq 3389 host 10.0.0.117 gt 1024 log
access-list 104 remark ----- Permit ICMP from TRINITY for Monitoring ----
access-list 104 permit icmp any host 10.30.0.254
access-list 104 remark ----- Permit Innovations support for Till Network - outbound connections only ----
access-list 104 permit ip any 195.80.24.0 0.0.0.255 log
access-list 104 permit ip any host 219.64.82.217 log
access-list 104 permit ip any host 80.69.10.38 log
access-list 104 remark ----- Permit Andrew Smith access to Till Network ----
access-list 104 permit icmp any host 10.9.0.190
access-list 104 permit tcp any eq 3389 host 10.9.0.190
access-list 104 permit icmp any host 10.9.0.191
access-list 104 permit tcp any eq 3389 host 10.9.0.191
access-list 104 deny   ip any any
access-list 106 remark ----- Tenants QoS Rate Limiting -----
access-list 106 remark ----- Do not rate limit tenants VLAN 100 to our private networks -----
access-list 106 deny   ip 192.168.100.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 106 deny   ip 192.168.100.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 106 deny   ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 106 remark ------ Do not rate limit tenants private VLANs to our private networks -----
access-list 106 deny   ip 172.25.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 106 deny   ip 172.25.0.0 0.0.255.255 172.16.0.0 0.15.255.255
access-list 106 deny   ip 172.25.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 106 remark ------ Rate Limit all other Tenants access -----
access-list 106 permit ip 192.168.100.0 0.0.0.255 any
access-list 106 permit ip any 192.168.100.0 0.0.0.255
access-list 106 permit ip 172.25.0.0 0.0.255.255 any
access-list 106 permit ip any 172.25.0.0 0.0.255.255
access-list 106 remark ------ Do not rate limit everything else - what is left is COMPANY traffic -----
access-list 106 deny   ip any any
access-list 107 remark ----- Freya QoS Rate Limiting -----
access-list 107 remark ----- Do not rate limit private ranges -----
access-list 107 deny   ip host 10.30.0.36 10.0.0.0 0.255.255.255
access-list 107 deny   ip 10.0.0.0 0.255.255.255 host 10.30.0.36
access-list 107 deny   ip host 10.30.0.36 172.16.0.0 0.15.255.255
access-list 107 deny   ip 172.16.0.0 0.15.255.255 host 10.30.0.36
access-list 107 deny   ip host 10.30.0.36 192.168.0.0 0.0.255.255
access-list 107 deny   ip 192.168.0.0 0.0.255.255 host 10.30.0.36
access-list 107 remark ----- Rate limit freya ingress/egress internet -----
access-list 107 permit ip host 10.30.0.36 any
access-list 107 permit ip any host 10.30.0.36
access-list 108 remark ----- Test ACL -----
access-list 108 permit ip any any log
access-list 109 remark ----- Do not rate limit our private hosted services ranges ------
access-list 109 deny   ip any 10.0.0.0 0.255.255.255
access-list 109 deny   ip 10.0.0.0 0.255.255.255 any
access-list 109 deny   ip any 172.16.0.0 0.15.255.255
access-list 109 deny   ip 172.16.0.0 0.15.255.255 any
access-list 109 remark ----- Do not rate limit FTP, SMTP, HTTP, POP3, IMAP, HTTPS, SMTP-TLS, IMAPS ------
access-list 109 deny   tcp any gt 1024 any eq ftp
access-list 109 deny   tcp any gt 1024 any eq smtp
access-list 109 deny   tcp any gt 1024 any eq www
access-list 109 deny   tcp any gt 1024 any eq pop3
access-list 109 deny   tcp any gt 1024 any eq 143
access-list 109 deny   tcp any gt 1024 any eq 443
access-list 109 deny   tcp any gt 1024 any eq 587
access-list 109 deny   tcp any gt 1024 any eq 993
access-list 109 remark ----- Do not rate limit tenant hosted FTP, SMTP, HTTP, POP3, IMAP, HTTPS, SMTP-TLS, IMAPS ------
access-list 109 deny   tcp any eq ftp any gt 1024
access-list 109 deny   tcp any eq smtp any gt 1024
access-list 109 deny   tcp any eq www any gt 1024
access-list 109 deny   tcp any eq pop3 any gt 1024
access-list 109 deny   tcp any eq 143 any gt 1024
access-list 109 deny   tcp any eq 443 any gt 1024
access-list 109 deny   tcp any eq 587 any gt 1024
access-list 109 deny   tcp any eq 993 any gt 1024
access-list 109 remark ----- Rate limit known Bittorrent ports -----
access-list 109 permit tcp any gt 1024 any range 6881 6999
access-list 109 remark ----- Rate limit all other protocols ----
access-list 109 permit ip any any
access-list 111 remark ----- Tenants Network Restrictions 192.168.100.0/24 and VLANs on 172.25.0.0/16 -----                
access-list 111 remark ----- Permit ICMP to our DNS Servers -----                                                          
access-list 111 permit icmp any host 10.30.0.1
access-list 111 permit icmp any host 10.30.0.2
access-list 111 remark ----- Permit ICMP to our Public Web Server FREYA -----                                              
access-list 111 permit icmp any host 10.30.0.34
access-list 111 permit icmp any host 10.30.0.36
access-list 111 remark ----- Permit ICMP to our VOIP network                                                               
access-list 111 permit icmp any host 10.30.0.80
access-list 111 permit icmp any host 10.30.0.81
access-list 111 permit icmp any host 10.30.0.82
access-list 111 permit icmp any host 10.30.0.83
access-list 111 permit icmp any host 10.30.0.84
access-list 111 permit icmp any host 10.30.0.85
access-list 111 permit icmp any host 10.30.0.86
access-list 111 permit icmp any host 10.30.0.87
access-list 111 remark ----- Permit limited ICMP to anywhere ------                                                        
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any source-quench
access-list 111 remark ----- Permit 10.9.0.0/16 established connections only -----                                         
access-list 111 permit tcp any eq www 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit tcp any eq 443 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit tcp any eq 3389 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit tcp any eq 5900 10.9.0.0 0.0.255.255 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.80 eq ntp
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to our VOIP servers -----
access-list 111 permit tcp any eq www host 10.30.0.80 gt 1024 established
access-list 111 permit tcp any eq www host 10.30.0.81 gt 1024 established
access-list 111 permit tcp any eq www host 10.30.0.82 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.80 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.80 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.81 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.81 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.82 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.82 gt 1024
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-1 -----
access-list 111 permit tcp any eq www host 10.30.0.83 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.83 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.83 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.83 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-2 -----
access-list 111 permit tcp any eq www host 10.30.0.84 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.84 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.84 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.84 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-3 -----
access-list 111 permit tcp any eq www host 10.30.0.85 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.85 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.85 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.85 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-4 -----
access-list 111 permit tcp any eq www host 10.30.0.86 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.86 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.86 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.86 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-5 -----
access-list 111 permit tcp any eq www host 10.30.0.87 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.87 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.87 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.87 range 10000 20000
access-list 111 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-6 -----
access-list 111 permit tcp any eq www host 10.30.0.88 gt 1024 established
access-list 111 permit udp any gt 1024 host 10.30.0.88 eq 5060
access-list 111 permit udp any eq 5060 host 10.30.0.88 gt 1024
access-list 111 permit udp any gt 1024 host 10.30.0.88 range 10000 20000
access-list 111 remark ----- Permit access to freya www.COMPANYplc.com -----
access-list 111 permit tcp any gt 1024 host 10.30.0.34 eq www
access-list 111 permit tcp any gt 1024 host 10.30.0.34 eq 443
access-list 111 remark ----- Permit access to freya www.COMPANYplc1.com -----
access-list 111 permit tcp any gt 1024 host 10.30.0.36 eq www
access-list 111 permit tcp any gt 1024 host 10.30.0.36 eq 443
access-list 111 remark ----- Permit Tenant Tenant8 hosted services -----
access-list 111 permit tcp host 192.168.100.72 eq smtp any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq www any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq 443 any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq 3389 any gt 1024 established
access-list 111 permit tcp host 192.168.100.72 eq 4125 any gt 1024 established
access-list 111 remark ----- Permit DNS lookups to any DNS server -----
access-list 111 permit udp any gt 1024 any eq domain
access-list 111 remark ----- Permit DHCP requests -----
access-list 111 permit udp any eq bootpc any eq bootps
access-list 111 remark ----- Deny access to private ranges which will cover all our networks we wish to keep private -----
access-list 111 remark ----- Deny access to 10.0.0.0/8 -----
access-list 111 deny   ip any 10.0.0.0 0.255.255.255 log
access-list 111 remark ----- Deny access to 127.0.0.1 -----
access-list 111 deny   ip any host 127.0.0.1
access-list 111 remark ----- Deny access to 172.16.0.0-172.31.255.255 -----
access-list 111 deny   ip any 172.16.0.0 0.15.255.255
access-list 111 remark ----- Deny 192.168.0.0/16 -----
access-list 111 deny   ip any 192.168.0.0 0.0.255.255
access-list 111 remark ----- Internet access controlled by Cisco PIX acl_in -----
access-list 111 permit ip any any
access-list 114 remark ----- Tenants Network Restrictions 192.168.100.0/24 and VLANs on 172.25.0.0/16 -----                
access-list 114 remark ----- Permit ICMP to our DNS Servers -----                                                          
access-list 114 permit icmp any host 10.30.0.1
access-list 114 permit icmp any host 10.30.0.2
access-list 114 remark ----- Permit ICMP to our Public Web Server FREYA -----                                              
access-list 114 permit icmp any host 10.30.0.34
access-list 114 permit icmp any host 10.30.0.36
access-list 114 remark ----- Permit VOIP migration to 192.168.80.0/24 -----
access-list 114 permit ip any 192.168.80.0 0.0.0.255
access-list 114 remark ----- Permit ICMP to our VOIP network                                                               
access-list 114 permit icmp any host 10.30.0.80
access-list 114 permit icmp any host 10.30.0.81
access-list 114 permit icmp any host 10.30.0.82
access-list 114 permit icmp any host 10.30.0.83
access-list 114 permit icmp any host 10.30.0.84
access-list 114 permit icmp any host 10.30.0.85
access-list 114 permit icmp any host 10.30.0.86
access-list 114 permit icmp any host 10.30.0.87
access-list 114 remark ----- Permit limited ICMP to anywhere ------                                                        
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any packet-too-big
access-list 114 permit icmp any any source-quench
access-list 114 remark ----- Permit 10.9.0.0/16 established connections only -----                                         
access-list 114 permit tcp any eq www 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit tcp any eq 443 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit tcp any eq 3389 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit tcp any eq 5900 10.9.0.0 0.0.255.255 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.80 eq ntp
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to our VOIP servers -----                             
access-list 114 permit tcp any eq www host 10.30.0.80 gt 1024 established
access-list 114 permit tcp any eq www host 10.30.0.81 gt 1024 established
access-list 114 permit tcp any eq www host 10.30.0.82 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.80 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.80 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.81 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.81 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.82 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.82 gt 1024
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-1 -----                               
access-list 114 permit tcp any eq www host 10.30.0.83 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.83 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.83 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.83 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-2 -----                               
access-list 114 permit tcp any eq www host 10.30.0.84 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.84 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.84 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.84 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-3 -----                               
access-list 114 permit tcp any eq www host 10.30.0.85 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.85 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.85 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.85 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-4 -----                               
access-list 114 permit tcp any eq www host 10.30.0.86 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.86 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.86 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.86 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-5 -----                               
access-list 114 permit tcp any eq www host 10.30.0.87 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.87 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.87 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.87 range 10000 20000
access-list 114 remark ----- Permit SIP and RTP range 10000 to 20000 to NWH-ASTERISK-6 -----                               
access-list 114 permit tcp any eq www host 10.30.0.88 gt 1024 established
access-list 114 permit udp any gt 1024 host 10.30.0.88 eq 5060
access-list 114 permit udp any eq 5060 host 10.30.0.88 gt 1024
access-list 114 permit udp any gt 1024 host 10.30.0.88 range 10000 20000
access-list 114 remark ----- Permit access to freya www.COMPANYplc.com -----                                                 
access-list 114 permit tcp any gt 1024 host 10.30.0.34 eq www
access-list 114 permit tcp any gt 1024 host 10.30.0.34 eq 443
access-list 114 remark ----- Permit access to freya www.COMPANYplc1.com -----                                                
access-list 114 permit tcp any gt 1024 host 10.30.0.36 eq www
access-list 114 permit tcp any gt 1024 host 10.30.0.36 eq 443
access-list 114 remark ----- Permit Tenant Tenant8 hosted services -----                                                 
access-list 114 permit tcp host 192.168.100.72 eq smtp any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq www any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq 443 any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq 3389 any gt 1024 established
access-list 114 permit tcp host 192.168.100.72 eq 4125 any gt 1024 established
access-list 114 remark ----- Permit DNS lookups to any DNS server -----                                                    
access-list 114 permit udp any gt 1024 any eq domain
access-list 114 remark ----- Permit DHCP requests -----                                                                    
access-list 114 permit udp any eq bootpc any eq bootps
access-list 114 remark ----- Deny access to private ranges which will cover all our networks we wish to keep private ----- 
access-list 114 remark ----- Deny access to 10.0.0.0/8 -----                                                               
access-list 114 deny   ip any 10.0.0.0 0.255.255.255 log
access-list 114 remark ----- Deny access to 127.0.0.1 -----
access-list 114 deny   ip any host 127.0.0.1
access-list 114 remark ----- Deny access to 172.16.0.0-172.31.255.255 -----
access-list 114 deny   ip any 172.16.0.0 0.15.255.255
access-list 114 remark ----- Deny 192.168.0.0/16 -----
access-list 114 deny   ip any 192.168.0.0 0.0.255.255
access-list 114 remark ----- Internet access controlled by Cisco PIX acl_in -----
access-list 114 permit ip any any
access-list 120 remark ----- DMZ access list -----
access-list 130 remark ----- rate-limit-all ------
access-list 130 permit ip any any
access-list 150 remark ----- migrate internet to COMPANY-PIX-BT -----
access-list 150 deny   ip any 192.168.10.0 0.0.0.255
access-list 150 permit ip host 10.9.0.190 any
!
route-map migrate-internet permit 10
 match ip address 152
 set ip next-hop 192.168.10.254
!
snmp-server community snmpstring RO
snmp-server trap link ietf
snmp-server trap-source Vlan1
snmp-server contact 
snmp-server chassis-id Cisco4507R
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps stpx
snmp-server enable traps rf
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps copy-config
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal
snmp-server enable traps syslog
snmp-server enable traps bridge
snmp-server enable traps envmon
snmp-server enable traps hsrp
snmp-server enable traps bgp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rtr
snmp-server enable traps vlan-membership
snmp-server host 10.30.0.254 snmpstring
snmp-server host 10.30.0.109 snmpstring
snmp-server host 10.30.200.1 snmpstring
!
banner motd ^C
WARNING

Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.

Disconnect IMMEDIATELY if you are not an authorized user!

Cisco Catalyst 4507R
version 12.2
Copyright (C) 2007 Cisco Systems.  All Rights Reserved.
^C
!
line con 0
 password 7 10450518
 logging synchronous
 login
 stopbits 1
line vty 0 4
 access-class 23 in
 password 7 12120916
 logging synchronous
 login
line vty 5 15
 access-class 23 in
 password 7 12120916
 logging synchronous
 login
!
!
monitor session 1 source interface Gi6/23
monitor session 1 destination interface Gi5/43
monitor session 2 source interface Gi6/23
monitor session 2 destination interface Gi5/38
ntp clock-period 17179502
ntp update-calendar
ntp server 10.30.0.80 prefer
!
end

4507R#              

Open in new window

0
 
Nayyar HH (CCIE RS)Network ArchitectCommented:
Thanks.

I hope you dont have any debugging turned on? "show debug" and "undebug all" if needed.

Here's a good link that would guide you through the process. Please let me know if I can still be of help.

http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml
0
 
gddl630Author Commented:
no debugging, but thanks for the article
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now