Schools SRA Configuration Supplement

Table Of Contents

Schools SRA Configuration Supplement

Contents

Network Diagram

Validated Platforms and Software Versions

Network Infrastructure

Emerging Technologies

Configurations

District Office

Access

Core/Distribution

WAN Aggregation

PSTN Edge

School 1

Access

Core/Distribution/WAN Edge

PSTN Edge

School 100

Access

Core/Distribution/WAN Edge

PSTN Edge

Schools SRA Configuration Supplement

---

Contents

This document, contains the network diagram, and a list of all the platforms and software releases which were validated for the Schools Service Ready Architecture. The last section includes the configurations for each platform (CLI only, no GUI).

Provides a efficient and flexible network architecture for secondary schools, while enabling advanced services, such as security, unified wireless access, unified voice communications services, and presence services. The network is designed to meet the needs of the education environment:

•Academic Excellence

•Administrative Efficiency

•School safety and security

Network Diagram

Figure 1 Physical Topology

Validated Platforms and Software Versions

Network Infrastructure

Table 1 School SRA Network Infrastructure

School Location	Platform	Role	Software
District Office	2960	Access	12.2(50)SE
	2975 - Stackwise		12.2(46)EX
	3560		12.2(50)SE
	3750		12.2(50)SE
	3750 - Stackwise		12.2(50)SE
	4507R-E - Sup6E/SupV	Core/Distribution	12.2(52)SG
	3750ME	WAN Aggregation	12.2(50)SE
	2851	PSTN Edge	12.4(15)T1
	WLC 4400 - 2100	Wireless LAN Controller	6.0
	Mobile Service Engine	Location	6.0
County school 1	2960	Access	12.2(50)SE
	3560
	3750
	3750 - Stackwise
	4507R-E - SupV-10GE	Core/Distribution/WAN Edge	12.2(52)SG
	2851	PSTN Edge	12.4(15)T1
	WLC 4400 - 2100	Wireless LAN Controller	6.0
	NAC Appliance	Network Admission	4.5
County school 2-99	3750	Core/Distribution/WAN Edge	12.2(50)SE
County school 100	2960	Access	12.2(50)SE
	3560
	3750
	3750 - Stackwise
	3750 - Stackwise	Core/Distribution/WAN Edge	12.2(50)SE
	2851	PSTN Edge	12.4(15)T1
	WLC 4400 - 2100	Wireless LAN Controller	6.0
	NAC Appliance	Network Admission	4.5

Emerging Technologies

Table 2 Emerging Technologies

School Location	Platform	Role	Software
District Office	CUCM	Call Manager	7.0
	Presence Server	Presence	7.0
	7960G	IP Phone
	7965G
	7975G
	7985G	Video Phone
	ASA5520	Firewall	8.0
	WSA
	NAC Appliance (CAS, CAM)	Network Admission	4.5.1
	Cisco ACS	Radius Server	4.2
County school 1	7960G	IP Phone
	7965G
	7975G
County school 2-99	Emulated IP Phones	IP Phone
County school 100	7960G	IP Phone
	7965G
	7975G
	NAC Appliance (CAM, CAS)	Network Admission	4.5.1
	Cisco ACS	Radius Server	4.2

Configurations

This section contains a copy of the complete configuration for each platform validated in the School Service Ready Architecture validation (only for platforms with CLI configurations, does not include GUI configurations).

---

Note Externally accessible IP addresses and passwords have been replaced with descriptive text.

---

District Office

Access

Cr24-2960-DO

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr24-2960-DO

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$XK8W$tZTDCYAq5eBMNKtqjisAw.

enable password 7 104D000A0618

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

!

!

ip dhcp snooping vlan 101-110

no ip dhcp snooping information option

ip dhcp snooping

no ip domain-lookup

ip arp inspection vlan 101-110

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR

 enrollment selfsigned

 serial-number

 revocation-check none

 rsakeypair HTTPS_SS_CERT_KEYPAIR

!

!

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR

 certificate self-signed 01 nvram:F9154780host#2E2E.cer

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 101

 name cr2960_Dept1_VLAN

!

vlan 102

 name cr2960_Dept2_VLAN

!

vlan 103

 name cr2960_Dept3_VLAN

!

vlan 104

 name cr2960_Dept4_VLAN

!

vlan 105

 name cr2960_Dept5_VLAN

!

vlan 106

 name cr2960_Dept6_VLAN

!

vlan 107

 name cr2960_Dept7_VLAN

!

vlan 108

 name cr2960_Dept8_VLAN

!

vlan 109

 name cr2960_Dept9_VLAN

!

vlan 110

 name cr2960_Dept10_VLAN

!

vlan 201

 name Guest_VLAN

!

vlan 802

 name Hopping_VLAN

!

vlan 900

 name Mgmt_VLAN

!

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 1000000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 1000000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 1000000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 1000000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

interface Loopback0

 ip address 10.125.100.2 255.255.255.255

 no ip route-cache

!

interface Port-channel1

 description Connected to cr24-4507-DO

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,201,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 101

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 102

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface FastEthernet0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 103

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 104

 switchport mode access

 switchport block unicast

 switchport voice vlan 105

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface FastEthernet0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 106

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 107

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 108

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

 description Connected to IXIA - ALM - 2/1

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/11

 description Connected to IXIA - STX - 3/1

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

 description Connected to FlashNet

 switchport mode access

 load-interval 30

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

!

interface GigabitEthernet0/1

 description Connected to cr24-4507-DO

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,201,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/2

 description Connected to cr24-4507-DO

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,201,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

 description Connected to FlashNet

 ip address 172.26.160.188 255.255.254.0

 no ip redirects

 no ip proxy-arp

 no ip route-cache

!

interface Vlan900

 ip address 10.125.34.2 255.255.255.224

 no ip redirects

 no ip unreachables

 no ip route-cache

 load-interval 30

!

no ip http server

no ip http secure-server

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 01100F1758044A5E731F

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028997

ntp server 172.26.160.10

end

Cr26-2975-DO  

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr26-2975-DO

!

boot-start-marker

boot-end-marker

!

enable password 7 094F471A1A0A

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c2975gs-48ps-l

switch 2 provision ws-c2975gs-48ps-l

switch 3 provision ws-c2975gs-48ps-l

stack-mac persistent timer 0

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

!

!

ip dhcp snooping vlan 111-120

no ip dhcp snooping information option

ip dhcp snooping

no ip domain-lookup

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2  24

mls qos srr-queue input dscp-map queue 1 threshold 3  48 56

mls qos srr-queue input dscp-map queue 2 threshold 3  32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3  32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1  16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1  36 38

mls qos srr-queue output dscp-map queue 2 threshold 2  24

mls qos srr-queue output dscp-map queue 2 threshold 3  48 56

mls qos srr-queue output dscp-map queue 3 threshold 3  0

mls qos srr-queue output dscp-map queue 4 threshold 1  8

mls qos srr-queue output dscp-map queue 4 threshold 2  10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

!

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 111-120 

!

vlan 202

 name Guest_VLAN

!

vlan 803

 name Hopping_VLAN

!

vlan 900

 name Mgmt_VLAN

!

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

interface Loopback0

 ip address 10.125.100.3 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/1

 description CONNECTED TO UNTRUSTED-PC

 switchport access vlan 111

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

!

interface GigabitEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 112

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

!

interface GigabitEthernet1/0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 113

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface GigabitEthernet1/0/29

!

interface GigabitEthernet1/0/30

!

interface GigabitEthernet1/0/31

!

interface GigabitEthernet1/0/32

!

interface GigabitEthernet1/0/33

!

interface GigabitEthernet1/0/34

!

interface GigabitEthernet1/0/35

!

interface GigabitEthernet1/0/36

!

interface GigabitEthernet1/0/37

!

interface GigabitEthernet1/0/38

!

interface GigabitEthernet1/0/39

!

interface GigabitEthernet1/0/40

!

interface GigabitEthernet1/0/41

!

interface GigabitEthernet1/0/42

!

interface GigabitEthernet1/0/43

!

interface GigabitEthernet1/0/44

!

interface GigabitEthernet1/0/45

!

interface GigabitEthernet1/0/46

!

interface GigabitEthernet1/0/47

!

interface GigabitEthernet1/0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet1/0/49

 description Connected to cr24-4507-DO

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/50

!

interface GigabitEthernet1/0/51

!

interface GigabitEthernet1/0/52

!

interface GigabitEthernet2/0/1

!

interface GigabitEthernet2/0/2

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface GigabitEthernet2/0/29

!

interface GigabitEthernet2/0/30

!

interface GigabitEthernet2/0/31

!

interface GigabitEthernet2/0/32

!

interface GigabitEthernet2/0/33

!

interface GigabitEthernet2/0/34

!

interface GigabitEthernet2/0/35

!

interface GigabitEthernet2/0/36

!

interface GigabitEthernet2/0/37

!

interface GigabitEthernet2/0/38

!

interface GigabitEthernet2/0/39

!

interface GigabitEthernet2/0/40

!

interface GigabitEthernet2/0/41

!

interface GigabitEthernet2/0/42

!

interface GigabitEthernet2/0/43

!

interface GigabitEthernet2/0/44

!

interface GigabitEthernet2/0/45

!

interface GigabitEthernet2/0/46

!

interface GigabitEthernet2/0/47

!

interface GigabitEthernet2/0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet2/0/49

!

interface GigabitEthernet2/0/50

!

interface GigabitEthernet2/0/51

!

interface GigabitEthernet2/0/52

!

interface GigabitEthernet3/0/1

 description CONNECTED TO PHONE+PC

 switchport access vlan 114

 switchport mode access

 switchport block unicast

 switchport voice vlan 115

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

!

interface GigabitEthernet3/0/2

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 116

 switchport mode access

 switchport block unicast

 switchport port-security

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet3/0/3

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 117

 switchport mode access

 switchport block unicast

 switchport port-security

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet3/0/4

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 118

 switchport mode access

 switchport block unicast

 switchport port-security

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 dot1x mac-auth-bypass

 dot1x pae authenticator

 dot1x violation-mode protect

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet3/0/5

!

interface GigabitEthernet3/0/6

!

interface GigabitEthernet3/0/7

!

interface GigabitEthernet3/0/8

!

interface GigabitEthernet3/0/9

!

interface GigabitEthernet3/0/10

 description Connected to IXIA - ALM - 2/2

 switchport trunk native vlan 202

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 spanning-tree guard root

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet3/0/11

 description Connected to IXIA - STX - 3/2

 switchport trunk native vlan 202

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 spanning-tree guard root

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet3/0/12

!

interface GigabitEthernet3/0/13

!

interface GigabitEthernet3/0/14

!

interface GigabitEthernet3/0/15

!

interface GigabitEthernet3/0/16

!

interface GigabitEthernet3/0/17

!

interface GigabitEthernet3/0/18

!

interface GigabitEthernet3/0/19

!

interface GigabitEthernet3/0/20

!

interface GigabitEthernet3/0/21

!

interface GigabitEthernet3/0/22

!

interface GigabitEthernet3/0/23

!

interface GigabitEthernet3/0/24

!

interface GigabitEthernet3/0/25

!

interface GigabitEthernet3/0/26

!

interface GigabitEthernet3/0/27

!

interface GigabitEthernet3/0/28

!

interface GigabitEthernet3/0/29

!

interface GigabitEthernet3/0/30

!

interface GigabitEthernet3/0/31

!

interface GigabitEthernet3/0/32

!

interface GigabitEthernet3/0/33

!

interface GigabitEthernet3/0/34

!

interface GigabitEthernet3/0/35

!

interface GigabitEthernet3/0/36

!

interface GigabitEthernet3/0/37

!

interface GigabitEthernet3/0/38

!

interface GigabitEthernet3/0/39

!

interface GigabitEthernet3/0/40

!

interface GigabitEthernet3/0/41

!

interface GigabitEthernet3/0/42

!

interface GigabitEthernet3/0/43

!

interface GigabitEthernet3/0/44

!

interface GigabitEthernet3/0/45

!

interface GigabitEthernet3/0/46

!

interface GigabitEthernet3/0/47

!

interface GigabitEthernet3/0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet3/0/49

 description Connected to cr24-4507-DO

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet3/0/50

!

interface GigabitEthernet3/0/51

!

interface GigabitEthernet3/0/52

!

interface Vlan1

 ip address dhcp

 shutdown

!

interface Vlan2

 description Connected to FlashNet - DO NOT ROUTE

 ip address 172.26.160.190 255.255.254.0

 no ip redirects

 no ip proxy-arp

 load-interval 30

!

interface Vlan900

 description Mgmt_VLAN

 ip address 10.125.34.3 255.255.255.224

 no ip redirects

 no ip unreachables

 load-interval 30

!

no ip http server

no ip http secure-server

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 094F471A1A0A5B43595F

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

 logging synchronous

 speed 115200

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

 logging synchronous

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028631

ntp server 172.26.160.10

end

Cr24-3560r-DO

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr24-3560r-DO

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$nwph$/o52o3VuKVOHNwYCaEu/w.

enable password 7 13061E010803

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip dhcp snooping vlan 11-20

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 11-20

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 045802150C2E

!

crypto pki trustpoint TP-self-signed-3151740416

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-3151740416

 revocation-check none

 rsakeypair TP-self-signed-3151740416

!

!

crypto pki certificate chain TP-self-signed-3151740416

 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 11-20 

!

vlan 203

 name Guest_VLAN

!

ip ftp username nimishguest

ip ftp password 7 030A5F0C130A3258

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.125.100.4 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 no switchport

 dampening

 ip address 10.125.32.1 255.255.255.254

 ip pim sparse-mode

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface FastEthernet0/1

 description CONNECTED TO UNTRUSTED-PC

 switchport access vlan 11

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 12

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface FastEthernet0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 13

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 14

 switchport mode access

 switchport block unicast

 switchport voice vlan 15

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface FastEthernet0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 16

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 17

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 18

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/8

 no mdix auto

!

interface FastEthernet0/9

 switchport access vlan 11

 switchport mode access

 no mdix auto

 spanning-tree portfast

!

interface FastEthernet0/10

 description Connected to IXIA - ALM - 2/3

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 203

 switchport trunk allowed vlan 11-20

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/11

 description Connected to IXIA - STX - 3/3

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 203

 switchport trunk allowed vlan 11-20

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/12

 no mdix auto

!

interface FastEthernet0/13

 no mdix auto

!

interface FastEthernet0/14

 no mdix auto

!

interface FastEthernet0/15

 no mdix auto

!

interface FastEthernet0/16

 no mdix auto

!

interface FastEthernet0/17

 no mdix auto

!

interface FastEthernet0/18

 no mdix auto

!

interface FastEthernet0/19

 no mdix auto

!

interface FastEthernet0/20

 no mdix auto

!

interface FastEthernet0/21

 no mdix auto

!

interface FastEthernet0/22

 no mdix auto

!

interface FastEthernet0/23

 no mdix auto

!

interface FastEthernet0/24

 no mdix auto

!

interface FastEthernet0/25

 no mdix auto

!

interface FastEthernet0/26

 no mdix auto

!

interface FastEthernet0/27

 no mdix auto

!

interface FastEthernet0/28

 no mdix auto

!

interface FastEthernet0/29

 no mdix auto

!

interface FastEthernet0/30

 no mdix auto

!

interface FastEthernet0/31

 no mdix auto

!

interface FastEthernet0/32

 no mdix auto

!

interface FastEthernet0/33

 no mdix auto

!

interface FastEthernet0/34

 no mdix auto

!

interface FastEthernet0/35

 no mdix auto

!

interface FastEthernet0/36

 no mdix auto

!

interface FastEthernet0/37

 no mdix auto

!

interface FastEthernet0/38

 no mdix auto

!

interface FastEthernet0/39

 no mdix auto

!

interface FastEthernet0/40

 no mdix auto

!

interface FastEthernet0/41

 no mdix auto

!

interface FastEthernet0/42

 no mdix auto

!

interface FastEthernet0/43

 no mdix auto

!

interface FastEthernet0/44

 no mdix auto

!

interface FastEthernet0/45

 no mdix auto

!

interface FastEthernet0/46

 no mdix auto

!

interface FastEthernet0/47

 no mdix auto

!

interface FastEthernet0/48

 no switchport

 ip address 172.26.160.187 255.255.254.0

 no ip redirects

 no ip proxy-arp

 no mdix auto

!

interface GigabitEthernet0/1

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet0/2

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan11

 dampening

 ip address 10.125.11.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan12

 dampening

 ip address 10.125.11.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan13

 dampening

 ip address 10.125.12.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan14

 dampening

 ip address 10.125.12.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan15

 dampening

 ip address 10.125.13.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan16

 dampening

 ip address 10.125.13.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan17

 dampening

 ip address 10.125.14.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan18

 dampening

 ip address 10.125.14.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan19

 dampening

 ip address 10.125.15.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan20

 dampening

 ip address 10.125.15.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

!

router eigrp 100

 passive-interface default

 no passive-interface Port-channel1

 no auto-summary

 eigrp router-id 10.125.100.4

 eigrp stub connected

 network 10.125.0.0 0.0.255.255

!

ip classless

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 00071A15075447575D72

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

 logging synchronous

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028444

ntp server 172.26.160.10

end

Cr25-3750-DO

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr25-3750-DO

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$rZnh$VH5sfvkInDxIlKe6HvlHO.

enable password 7 094F471A1A0A

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750g-24ts-1u

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

no ip domain-lookup

!

!

ip dhcp snooping vlan 121-130

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 121-130

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint TP-self-signed-250233728

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-250233728

 revocation-check none

 rsakeypair TP-self-signed-250233728

!

!

crypto pki certificate chain TP-self-signed-250233728

 certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 121

 name cr25_3750_Dept21

!

vlan 122

 name cr25_3750_Dept22

!

vlan 123

 name cr25_3750_Dept23

!

vlan 124

 name cr25_3750_Dept24

!

vlan 125

 name cr25_3750_Dept25

!

vlan 126

 name cr25_3750_Dept26

!

vlan 127

 name cr25_3750_Dept27

!

vlan 128

 name cr25_3750_Dept28

!

vlan 129

 name cr25_3750_Dept29

!

vlan 130

 name cr25_3750_Dept30

!

vlan 204

 name Guest_VLAN

!

vlan 804

 name Hopping_VLAN

!

vlan 900

 name Mgmt_VLAN

!

ip ftp username nimishguest

ip ftp password 7 0701254B5B0C0A11

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.125.100.5 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,204,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 121

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 122

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 123

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface GigabitEthernet1/0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 124

 switchport mode access

 switchport block unicast

 switchport voice vlan 125

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 126

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 127

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 128

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/8

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

 description Connected to IXIA - ALM - 2/4

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/11

 description Connected to IXIA - STX - 3/4

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

 description Flashnet DO NOT ROUTE

 no switchport

 ip address 172.26.160.200 255.255.254.0

 no ip proxy-arp

 duplex full

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,204,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/28

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,204,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan900

 description Mgmt_VLAN

 ip address 10.125.34.4 255.255.255.224

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 13061E010803487B7977

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36029250

ntp server 172.26.160.10

end

Cr26-3750r-DO

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr26-3750r-DO

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$d/Sc$Ha0.t0aRa.T2i2rSdNk7e1

enable password 7 05080F1C2243

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750e-24pd

switch 2 provision ws-c3750e-24pd

switch 3 provision ws-c3750e-24pd

stack-mac persistent timer 0

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip dhcp snooping vlan 11-20

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 11-20

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 104D000A0618

!

crypto pki trustpoint TP-self-signed-1384443008

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1384443008

 revocation-check none

 rsakeypair TP-self-signed-1384443008

!

crypto pki trustpoint TP-self-signed-721582080

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-721582080

 revocation-check none

 rsakeypair TP-self-signed-721582080

!

!

crypto pki certificate chain TP-self-signed-1384443008

 certificate self-signed 

  quit

crypto pki certificate chain TP-self-signed-721582080

license boot level ipservices switch 1

license boot level ipservices switch 3

license boot level ipservices

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 11-20 

!

vlan 205

 name Guest_VLAN

!

vlan 900 

!

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.125.100.6 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 no switchport

 dampening

 ip address 10.125.32.3 255.255.255.254

 ip pim sparse-mode

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface FastEthernet0

 no ip address

 no ip route-cache cef

 no ip route-cache

 no ip mroute-cache

 shutdown

!

interface GigabitEthernet1/0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 11

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 12

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 13

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface GigabitEthernet1/0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 14

 switchport mode access

 switchport block unicast

 switchport voice vlan 15

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 16

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 17

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 18

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/8

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/9

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/10

 description Connected to IXIA - ALM - 2/5

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 11-20

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/11

 description Connected to IXIA - STX - 4/1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 11-20

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/12

 description Connected to FlashNet

 switchport access vlan 900

 switchport mode access

 load-interval 30

 spanning-tree portfast

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 ip pim sparse-mode

 ip hold-time eigrp 100 20

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface TenGigabitEthernet1/0/1

!

interface TenGigabitEthernet1/0/2

!

interface GigabitEthernet2/0/1

!

interface GigabitEthernet2/0/2

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

 description FlashNet - DO NOT ROUTE

 switchport access vlan 900

 switchport mode access

 load-interval 30

 spanning-tree portfast

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

!

interface GigabitEthernet2/0/25

 channel-protocol lacp

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface TenGigabitEthernet2/0/1

!

interface TenGigabitEthernet2/0/2

!

interface GigabitEthernet3/0/1

!

interface GigabitEthernet3/0/2

!

interface GigabitEthernet3/0/3

!

interface GigabitEthernet3/0/4

!

interface GigabitEthernet3/0/5

!

interface GigabitEthernet3/0/6

!

interface GigabitEthernet3/0/7

!

interface GigabitEthernet3/0/8

!

interface GigabitEthernet3/0/9

!

interface GigabitEthernet3/0/10

!

interface GigabitEthernet3/0/11

!

interface GigabitEthernet3/0/12

 description FlashNet - DO NOT ROUTE

 switchport access vlan 900

 switchport mode access

 load-interval 30

 spanning-tree portfast

!

interface GigabitEthernet3/0/13

!

interface GigabitEthernet3/0/14

!

interface GigabitEthernet3/0/15

!

interface GigabitEthernet3/0/16

!

interface GigabitEthernet3/0/17

!

interface GigabitEthernet3/0/18

!

interface GigabitEthernet3/0/19

!

interface GigabitEthernet3/0/20

!

interface GigabitEthernet3/0/21

!

interface GigabitEthernet3/0/22

!

interface GigabitEthernet3/0/23

!

interface GigabitEthernet3/0/24

!

interface GigabitEthernet3/0/25

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet3/0/26

!

interface GigabitEthernet3/0/27

!

interface GigabitEthernet3/0/28

!

interface TenGigabitEthernet3/0/1

!

interface TenGigabitEthernet3/0/2

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan11

 dampening

 ip address 10.125.21.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan12

 dampening

 ip address 10.125.21.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan13

 dampening

 ip address 10.125.22.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan14

 dampening

 ip address 10.125.22.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan15

 dampening

 ip address 10.125.23.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan16

 dampening

 ip address 10.125.23.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan17

 dampening

 ip address 10.125.24.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan18

 dampening

 ip address 10.125.24.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan19

 dampening

 ip address 10.125.25.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan20

 dampening

 ip address 10.125.25.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan900

 ip address 172.26.158.238 255.255.254.0

 no ip redirects

 no ip proxy-arp

 load-interval 30

!

!

router eigrp 100

 passive-interface default

 no passive-interface Port-channel1

 no auto-summary

 eigrp router-id 10.125.100.6

 eigrp stub connected

 network 10.125.0.0 0.0.255.255

 nsf

!

ip classless

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 02050D48080943701E1D

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36026851

ntp server 172.26.158.10

end

Cr25-3750s-DO   

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr25-3750s-DO

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$wQrW$jkV1e46Qfbs8PzbR/vO7O/

enable password 7 02050D480809

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750g-24ts

switch 2 provision ws-c3750g-24ts

stack-mac persistent timer 0

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

no ip domain-lookup

!

!

ip dhcp snooping vlan 131-140

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 131-140

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint TP-self-signed-1942438528

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1942438528

 revocation-check none

 rsakeypair TP-self-signed-1942438528

!

!

crypto pki certificate chain TP-self-signed-1942438528

 certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 131

 name cr26_3750s_Dept31

!

vlan 132

 name cr26_3750s_Dept32

!

vlan 133

 name cr26_3750s_Dept33

!

vlan 134

 name cr26_3750s_Dept34

!

vlan 135

 name cr26_3750s_Dept35

!

vlan 136

 name cr26_3750s_Dept36

!

vlan 137

 name cr26_3750s_Dept37

!

vlan 138

 name cr26_3750s_Dept38

!

vlan 139

 name cr26_3750s_Dept39

!

vlan 140

 name cr26_3750s_Dept40

!

vlan 206

 name Guest_VLAN

!

vlan 805

 name Hopping_VLAN

!

vlan 900

 name Mgmt_VLAN

!

ip ftp username nimishguest

ip ftp password 7 09424A0E0C000406

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.125.100.7 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140,900

 switchport mode trunk

 ip arp inspection trust

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 131

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 133

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone-Policy

 ip verify source

!

interface GigabitEthernet1/0/4

 ip arp inspection limit rate 100

!

interface GigabitEthernet1/0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 136

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 authentication open

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 137

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 authentication open

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 138

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 authentication open

 mab

 mls qos trust dscp

 dot1x pae authenticator

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

 description Connected to IXIA - ALM - 2/6

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/11

 description Connected to IXIA - STX - 4/2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

 description Flashnet DO NOT ROUTE

 switchport access vlan 2

 switchport mode access

!

interface GigabitEthernet1/0/25

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface GigabitEthernet2/0/1

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 132

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface GigabitEthernet2/0/2

 ip arp inspection limit rate 100

!

interface GigabitEthernet2/0/3

 description CONNECTED TO PHONE+PC

 switchport access vlan 134

 switchport mode access

 switchport block unicast

 switchport voice vlan 135

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface GigabitEthernet2/0/4

 ip arp inspection limit rate 100

!

interface GigabitEthernet2/0/5

 ip arp inspection limit rate 100

!

interface GigabitEthernet2/0/6

 ip arp inspection limit rate 100

!

interface GigabitEthernet2/0/7

 ip arp inspection limit rate 100

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

 description Flashnet DO NOT ROUTE

 switchport access vlan 2

 switchport mode access

!

interface GigabitEthernet2/0/25

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140,900

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 description Flashnet DO NOT ROUTE

 ip address 172.26.160.201 255.255.254.0

 no ip redirects

 no ip proxy-arp

!

interface Vlan900

 description Mgmt_VLAN

 ip address 10.125.34.5 255.255.255.224

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 094F471A1A0A5B43595F

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028937

ntp server 172.26.160.10

end

Cr26-3750DC-DO

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009 by cisco

! NVRAM config last updated at 22:53:54 EDT Wed Sep 2 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr26-3750DC-DO

!

boot-start-marker

boot-end-marker

!

enable password 7 070C285F4D06

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750g-12s

switch 2 provision ws-c3750g-12s

switch 3 provision ws-c3750g-12s

stack-mac persistent timer 0

system mtu routing 1500

vtp domain District-Office

vtp mode transparent

ip subnet-zero

no ip domain-lookup

!

!

ip multicast-routing distributed

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint TP-self-signed-721633024

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-721633024

 revocation-check none

 rsakeypair TP-self-signed-721633024

!

!

crypto pki certificate chain TP-self-signed-721633024

 certificate self-signed 01 nvram:IOS-Self-Sig#3434.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_Vlan

!

vlan 141

 name cr26_3750s_DC_Group1

!

vlan 142

 name cr26_3750s_DC_Group2

!

vlan 143

 name cr26_3750s_DC_Group3

!

vlan 144

 name cr26_3750s_DC_Group4

!

vlan 145

 name cr26_3750s_DC_Group5

!

vlan 146

 name cr26_3750s_DC_Group6

!

vlan 147

 name cr26_3750s_DC_Group7

!

vlan 148

 name cr26_3750s_DC_Group8

!

vlan 149

 name cr26_3750s_DC_Group9

!

vlan 150

 name cr26_3750s_DC_Grou10

!

vlan 806

 name Hopping_Vlan

!

vlan 900

 name Mgmt_VLAN

!

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.125.100.8 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 141-150,900

 switchport mode trunk

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 141

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

!

interface GigabitEthernet1/0/3

 description Connected to IXIA - LSM - 1/3

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 142

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/4

 description Connected to IXIA - LSM - 1/4

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 143

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/5

 description Connected to IXIA - LSM - 1/5

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 144

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/6

 description Connected to IXIA - LSM - 1/6

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 145

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/7

 description Connected to IXIA - LSM - 1/7

 switchport access vlan 141

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/8

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 141-150,900

 switchport mode trunk

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/9

 description Connected to cr25-w2k-2

 switchport access vlan 141

!

interface GigabitEthernet1/0/10

 switchport access vlan 141

!

interface GigabitEthernet1/0/11

 switchport access vlan 141

!

interface GigabitEthernet1/0/12

 switchport access vlan 2

 switchport mode access

!

interface GigabitEthernet2/0/1

 switchport access vlan 141

!

interface GigabitEthernet2/0/2

 switchport access vlan 141

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

 switchport access vlan 2

 switchport mode access

!

interface GigabitEthernet3/0/1

 description Connected to IXIA - LSM - 1/7

 switchport access vlan 141

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 146

 switchport mode trunk

 switchport nonegotiate

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet3/0/2

 description CONNECTED TO PHONE

 switchport access vlan 141

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone-Policy

!

interface GigabitEthernet3/0/3

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 141

 mls qos trust dscp

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet3/0/4

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 141

 priority-queue out 

 mls qos trust dscp

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet3/0/5

 switchport access vlan 141

!

interface GigabitEthernet3/0/6

 switchport access vlan 141

!

interface GigabitEthernet3/0/7

 switchport access vlan 141

!

interface GigabitEthernet3/0/8

 description Connected to cr24-4507-DO

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 806

 switchport trunk allowed vlan 141-150,900

 switchport mode trunk

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet3/0/9

 switchport access vlan 141

 speed 100

 duplex half

!

interface GigabitEthernet3/0/10

!

interface GigabitEthernet3/0/11

 switchport access vlan 141

!

interface GigabitEthernet3/0/12

 switchport access vlan 2

 switchport mode access

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 description FlashNet VLAN

 ip address 172.26.160.189 255.255.254.0

 no ip redirects

 no ip proxy-arp

!

interface Vlan900

 description Mgmt_VLAN

 ip address 10.125.34.6 255.255.255.224

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

ip classless

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 02050D48080943701E1D

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028995

ntp server 172.26.160.10

end

Core/Distribution

Cr24-4507-D 

!

! Last configuration change at 22:53:38 EDT Wed Sep 2 2009

! NVRAM config last updated at 22:53:55 EDT Wed Sep 2 2009

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

service compress-config

!

hostname cr24-4507-DO

!

boot-start-marker

boot system flash slot0:cat4500e-entservicesk9-mz.122-53.SG

boot-end-marker

!

enable secret 5 $1$UMTH$xnQm5GcPPGxmEWdUoGWj7.

enable password 7 094F471A1A0A

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

hw-module uplink mode shared-backplane

hw-module module 3 port-group 1 select gigabitethernet

hw-module module 4 port-group 1 select gigabitethernet

ip subnet-zero

no ip domain-lookup

!

!

ip vrf mgmtVrf

!

ip multicast-routing 

vtp domain District-Office

vtp mode transparent

!

!

table-map WLC-DSCP-COS

 default copy

!

!

key chain eigrp-key

 key 1

   key-string 7 045802150C2E

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery interval 120

power redundancy-mode redundant

!

!

!

!

!

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

spanning-tree vlan 1-4094 priority 24576

!

redundancy

 mode sso

 main-cpu

  auto-sync standard

!

process-max-time 20

vlan internal allocation policy ascending

!

vlan 11-20 

!

vlan 101

 name cr24_2960_Dept1

!

vlan 102

 name cr24_2960_Dept2

!

vlan 103

 name cr24_2960_Dept3

!

vlan 104

 name cr24_2960_Dept4

!

vlan 105

 name cr24_2960_Dept5

!

vlan 106

 name cr24_2960_Dept6

!

vlan 107

 name cr24_2960_Dept7

!

vlan 108

 name cr24_2960_Dept8

!

vlan 109

 name cr24_2960_Dept9

!

vlan 110

 name cr24_2960_Dept10

!

vlan 111

 name cr24_3550_Dept11

!

vlan 112

 name cr24_3550_Dept12

!

vlan 113

 name cr24_3550_Dept13

!

vlan 114

 name cr24_3550_Dept14

!

vlan 115

 name cr24_3550_Dept15

!

vlan 116

 name cr24_3550_Dept16

!

vlan 117

 name cr24_3550_Dept17

!

vlan 118

 name cr24_3550_Dept18

!

vlan 119

 name cr24_3550_Dept19

!

vlan 120

 name cr24_3550_Dept20

!

vlan 121

 name cr25_3750_Dept21

!

vlan 122

 name cr25_3750_Dept22

!

vlan 123

 name cr25_3750_Dept23

!

vlan 124

 name cr25_3750_Dept24

!

vlan 125

 name cr25_3750_Dept25

!

vlan 126

 name cr25_3750_Dept26

!

vlan 127

 name cr25_3750_Dept27

!

vlan 128

 name cr25_3750_Dept28

!

vlan 129

 name cr25_3750_Dept29

!

vlan 130

 name cr25_3750_Dept30

!

vlan 131

 name cr26_3750s_Dept31

!

vlan 132

 name cr26_3750s_Dept32

!

vlan 133

 name cr26_3750s_Dept33

!

vlan 134

 name cr26_3750s_Dept34

!

vlan 135

 name cr26_3750s_Dept35

!

vlan 136

 name cr26_3750s_Dept36

!

vlan 137

 name cr26_3750s_Dept37

!

vlan 138

 name cr26_3750s_Dept38

!

vlan 139

 name cr26_3750s_Dept39

!

vlan 140

 name cr26_3750s_Dept40

!

vlan 141

 name cr26_3750s_DC_Group1

!

vlan 142

 name cr26_3750s_DC_Group2

!

vlan 143

 name cr26_3750s_DC_Group3

!

vlan 144

 name cr26_3750s_DC_Group4

!

vlan 145

 name cr26_3750s_DC_Group5

!

vlan 146

 name cr26_3750s_DC_Group6

!

vlan 147

 name cr26_3750s_DC_Group7

!

vlan 148

 name cr26_3750s_DC_Group8

!

vlan 149

 name cr26_3750s_DC_Group9

!

vlan 150

 name cr26_3750s_DC_Grou10

!

vlan 200

 name cr24_4507_FW_Inside

!

vlan 801

 name cr24_3750DC_Hopping

!

vlan 802

 name cr25_3550_Hopping

!

vlan 803

 name cr24_2975_Hopping

!

vlan 804

 name cr24_3560_Hopping

!

vlan 805

 name cr24_3750_Hopping

!

vlan 806

 name cr26_3750DC_Hopping

!

vlan 900

 name Mgmt_VLAN

!

ip ftp username nimishguest

ip ftp password 7 000A1701115E1812

!

class-map match-all MULTIMEDIA-STREAMING-QUEUE

 match  dscp af31  af32  af33 

class-map match-any CONTROL-MGMT-QUEUE

 match  dscp cs7 

 match  dscp cs6 

 match  dscp cs3 

 match  dscp cs2 

class-map match-all TRANSACTIONAL-DATA-QUEUE

 match  dscp af21  af22  af23 

class-map match-all COPP-CRITICAL-APPLICATIONS

 match access-group name COPP-CRITICAL-APPLICATIONS

class-map match-all COPP-FILE-MANAGEMENT

 match access-group name COPP-FILE-MANAGEMENT

class-map match-all SCAVENGER-QUEUE

 match  dscp cs1 

class-map match-all COPP-MONITORING

 match access-group name COPP-MONITORING

class-map match-all MULTIMEDIA-CONFERENCING-QUEUE

 match  dscp af41  af42  af43 

class-map match-all BULK-DATA-QUEUE

 match  dscp af11  af12  af13 

class-map match-all COPP-INTERACTIVE-MANAGEMENT

 match access-group name COPP-INTERACTIVE-MANAGEMENT

class-map match-any PRIORITY-QUEUE

 match  dscp ef 

 match  dscp cs5 

 match  dscp cs4 

class-map match-all COPP-UNDESIRABLE

 match access-group name COPP-UNDESIRABLE

class-map match-all COPP-IGP

 match access-group name COPP-IGP

!

!

policy-map EGRESS-POLICY

 class PRIORITY-QUEUE

    priority

 class CONTROL-MGMT-QUEUE

    bandwidth remaining percent 10

 class MULTIMEDIA-CONFERENCING-QUEUE

    bandwidth remaining percent 10

 class MULTIMEDIA-STREAMING-QUEUE

    bandwidth remaining percent 10

 class TRANSACTIONAL-DATA-QUEUE

    bandwidth remaining percent 10

    dbl

 class BULK-DATA-QUEUE

    bandwidth remaining percent 4

    dbl

 class SCAVENGER-QUEUE

    bandwidth remaining percent 1

 class class-default

    bandwidth remaining percent 25

    dbl

policy-map PQ-POLICER

 class PRIORITY-QUEUE

    police cir 300000000

      conform-action transmit 

      exceed-action drop 

policy-map system-cpp-policy

 class COPP-IGP

    police cir 300000 bc 3000 be 3000

      conform-action transmit 

      exceed-action drop 

      violate-action drop 

 class COPP-INTERACTIVE-MANAGEMENT

    police cir 500000 bc 5000 be 5000

      conform-action transmit 

      exceed-action drop 

      violate-action drop 

 class COPP-FILE-MANAGEMENT

    police cir 6000000 bc 60000 be 60000

      conform-action transmit 

      exceed-action drop 

      violate-action drop 

 class COPP-MONITORING

    police cir 900000 bc 9000 be 9000

      conform-action transmit 

      exceed-action drop 

      violate-action drop 

 class COPP-CRITICAL-APPLICATIONS

    police cir 900000 bc 9000 be 9000

      conform-action transmit 

      exceed-action drop 

      violate-action drop 

 class COPP-UNDESIRABLE

    police cir 32000 bc 3000 be 3000

      conform-action drop 

      exceed-action drop 

      violate-action drop 

 class class-default

    police cir 500000 bc 5000 be 5000

      conform-action transmit 

      exceed-action drop 

      violate-action drop 

!

!

!

interface Loopback0

 ip address 10.125.100.1 255.255.255.255

!

interface Loopback1

 description RP

 ip address 10.125.100.100 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-3750ME-DO

 dampening

 ip address 10.125.32.4 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel2

 description Connected to cr24-2851-DO

 ip address 10.125.32.6 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel11

 description Connected to cr24-2960-DO

 switchport

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel12

 description Connected to cr24-2975-DO

 switchport

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel13

 description Connected to cr24-3560r-DO

 dampening

 ip address 10.125.32.0 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel14

 description Connected to cr25-3750-DO

 switchport

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel15

 description Connected to cr26-3750r-DO

 dampening

 ip address 10.125.32.2 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel16

 description Connected to cr25-3750s-DO

 switchport

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface Port-channel17

 description Connected to cr26-3750DC-DO

 switchport

 switchport trunk native vlan 806

 switchport trunk allowed vlan 141-150,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 service-policy output PQ-POLICER

!

interface FastEthernet1

 ip vrf forwarding mgmtVrf

 no ip address

 speed auto

 duplex auto

!

interface GigabitEthernet1/1

 description Connected to cr24-2960-DO

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol pagp

 channel-group 11 mode desirable

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet1/2

 description Connected to cr24-2975-DO

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 12 mode active

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet1/3

 description Connected to cr24-3560r-DO

 no switchport

 dampening

 no ip address

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-group 13 mode desirable

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet1/4

 description Connected to cr25-3750-DO

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol pagp

 channel-group 14 mode desirable

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet1/5

 description Connected to cr26-3750-DO

 no switchport

 dampening

 no ip address

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 15 mode active

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet1/6

 description Connected to cr26-3750s-DO

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 16 mode active

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet2/1

 description Connected to cr24-2960-DO

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol pagp

 channel-group 11 mode desirable

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet2/2

 description Connected to cr24-2975-DO

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 12 mode active

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet2/3

 description Connected to cr24-3560r-DO

 no switchport

 dampening

 no ip address

 logging event link-status

 load-interval 30

 udld port

 channel-group 13 mode desirable

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet2/4

 description Connected to cr25-3750-DO

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol pagp

 channel-group 14 mode desirable

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet2/5

 description Connected to cr26-3750-DO

 no switchport

 dampening

 no ip address

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 15 mode active

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet2/6

 description Connected to cr26-3750s-DO

 switchport trunk native vlan 805

 switchport trunk allowed vlan 131-140,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 16 mode active

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface TenGigabitEthernet3/1

!

interface TenGigabitEthernet3/2

!

interface GigabitEthernet3/3

!

interface GigabitEthernet3/4

 no switchport

 no ip address

 load-interval 30

!

interface GigabitEthernet3/5

 no switchport

 no ip address

 load-interval 30

!

interface GigabitEthernet3/6

 no switchport

 no ip address

 load-interval 30

!

interface TenGigabitEthernet4/1

!

interface TenGigabitEthernet4/2

!

interface GigabitEthernet4/3

!

interface GigabitEthernet4/4

 description backup link to cr26-asa5520-DO

 switchport access vlan 200

 switchport mode access

 switchport block unicast

 load-interval 30

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet4/5

 no switchport

 no ip address

 load-interval 30

!

interface GigabitEthernet4/6

 no switchport

 no ip address

 load-interval 30

!

interface GigabitEthernet5/1

 switchport trunk native vlan 806

 switchport trunk allowed vlan 141-150,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 17 mode active

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet5/2

!

interface GigabitEthernet5/3

 description Connected to cr26-asa5520-DO

 switchport access vlan 200

 switchport mode access

 switchport block unicast

 load-interval 30

 media-type rj45

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet5/4

 no switchport

 no ip address

 load-interval 30

 shutdown

 media-type rj45

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet5/5

!

interface GigabitEthernet5/6

 description Connected to cr24-3750ME-DO

 no switchport

 dampening

 no ip address

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol pagp

 channel-group 1 mode desirable

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet6/1

 switchport trunk native vlan 806

 switchport trunk allowed vlan 141-150,900

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol lacp

 channel-group 17 mode active

 spanning-tree guard root

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet6/2

 load-interval 30

!

interface GigabitEthernet6/3

 description Connects to IronPort WSA T1 (L4TM)

 media-type rj45

 speed 1000

 duplex full

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet6/4

 description Connected to IronPort

 media-type rj45

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet6/5

!

interface GigabitEthernet6/6

 description Connected to cr24-3750ME-DO

 no switchport

 dampening

 no ip address

 load-interval 30

 carrier-delay msec 0

 udld port

 channel-protocol pagp

 channel-group 1 mode desirable

 service-policy output EGRESS-POLICY

!

interface GigabitEthernet7/1

 description Connected to FlashNet - DO NOT ROUTE

 no switchport

 ip address 172.26.160.185 255.255.252.0

 no ip redirects

 no ip proxy-arp

 load-interval 30

!

interface GigabitEthernet7/2

 switchport mode trunk

!

interface GigabitEthernet7/3

 description Connects to IronPort WSA P1

 switchport access vlan 200

 switchport mode access

 switchport block unicast

 load-interval 30

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet7/4

!

interface GigabitEthernet7/5

!

interface GigabitEthernet7/6

!

interface GigabitEthernet7/7

!

interface GigabitEthernet7/8

!

interface GigabitEthernet7/9

!

interface GigabitEthernet7/10

!

interface GigabitEthernet7/11

!

interface GigabitEthernet7/12

!

interface GigabitEthernet7/13

!

interface GigabitEthernet7/14

!

interface GigabitEthernet7/15

!

interface GigabitEthernet7/16

!

interface GigabitEthernet7/17

!

interface GigabitEthernet7/18

!

interface GigabitEthernet7/19

!

interface GigabitEthernet7/20

!

interface GigabitEthernet7/21

!

interface GigabitEthernet7/22

!

interface GigabitEthernet7/23

!

interface GigabitEthernet7/24

!

interface GigabitEthernet7/25

!

interface GigabitEthernet7/26

!

interface GigabitEthernet7/27

!

interface GigabitEthernet7/28

!

interface GigabitEthernet7/29

!

interface GigabitEthernet7/30

!

interface GigabitEthernet7/31

!

interface GigabitEthernet7/32

!

interface GigabitEthernet7/33

!

interface GigabitEthernet7/34

!

interface GigabitEthernet7/35

!

interface GigabitEthernet7/36

!

interface GigabitEthernet7/37

!

interface GigabitEthernet7/38

!

interface GigabitEthernet7/39

!

interface GigabitEthernet7/40

!

interface GigabitEthernet7/41

!

interface GigabitEthernet7/42

!

interface GigabitEthernet7/43

!

interface GigabitEthernet7/44

!

interface GigabitEthernet7/45

!

interface GigabitEthernet7/46

!

interface GigabitEthernet7/47

!

interface GigabitEthernet7/48

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan101

 description Connected to cr24_2960_Dept_1_VLAN

 dampening

 ip address 10.125.1.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan102

 description Connected to cr24_2960_Dept_2_VLAN

 dampening

 ip address 10.125.1.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan103

 description Connected to cr24_2960_Dept_3_VLAN

 dampening

 ip address 10.125.2.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan104

 description Connected to cr24_2960_Dept_4_VLAN

 dampening

 ip address 10.125.2.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan105

 description Connected to cr24_2960_Dept_5_VLAN

 dampening

 ip address 10.125.3.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan106

 description Connected to cr24_2960_Dept_6_VLAN

 dampening

 ip address 10.125.3.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan107

 description Connected to cr24_2960_Dept_7_VLAN

 dampening

 ip address 10.125.4.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan108

 description Connected to cr24_2960_Dept_8_VLAN

 dampening

 ip address 10.125.4.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan109

 description Connected to cr24_2960_Dept_9_VLAN

 dampening

 ip address 10.125.5.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan110

 description Connected to cr24_2960_Dept_10_VLAN

 dampening

 ip address 10.125.5.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan111

 description Connected to cr24_2975_Dept_11_VLAN

 dampening

 ip address 10.125.6.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan112

 description Connected to cr24_2975_Dept_12_VLAN

 dampening

 ip address 10.125.6.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan113

 description Connected to cr24_2975_Dept_13_VLAN

 dampening

 ip address 10.125.7.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan114

 description Connected to cr24_2975_Dept_14_VLAN

 dampening

 ip address 10.125.7.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan115

 description Connected to cr24_2975_Dept_15_VLAN

 dampening

 ip address 10.125.8.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan116

 description Connected to cr24_2975_Dept_16_VLAN

 dampening

 ip address 10.125.8.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan117

 description Connected to cr24_2975_Dept_17_VLAN

 dampening

 ip address 10.125.9.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan118

 description Connected to cr24_2975_Dept_18_VLAN

 dampening

 ip address 10.125.9.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan119

 description Connected to cr24_2975_Dept_19_VLAN

 dampening

 ip address 10.125.10.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan120

 description Connected to cr24_2975_Dept_20_VLAN

 dampening

 ip address 10.125.10.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan121

 description Connected to cr26_3750_Dept_31_VLAN

 dampening

 ip address 10.125.16.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan122

 description Connected to cr26_3750_Dept_32_VLAN

 dampening

 ip address 10.125.16.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan123

 description Connected to cr26_3750_Dept_33_VLAN

 dampening

 ip address 10.125.17.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan124

 description Connected to cr26_3750_Dept_34_VLAN

 dampening

 ip address 10.125.17.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan125

 description Connected to cr26_3750_Dept_35_VLAN

 dampening

 ip address 10.125.18.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan126

 description Connected to cr26_3750_Dept_36_VLAN

 dampening

 ip address 10.125.18.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan127

 description Connected to cr26_3750_Dept_37_VLAN

 dampening

 ip address 10.125.19.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan128

 description Connected to cr26_3750_Dept_38_VLAN

 dampening

 ip address 10.125.19.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan129

 description Connected to cr26_3750_Dept_39_VLAN

 dampening

 ip address 10.125.20.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan130

 description Connected to cr26_3750_Dept_40_VLAN

 dampening

 ip address 10.125.20.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan131

 description Connected to cr25_3750s_Dept_31_VLAN

 dampening

 ip address 10.125.26.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan132

 description Connected to cr25_3750s_Dept_32_VLAN

 dampening

 ip address 10.125.26.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan133

 description Connected to cr25_3750s_Dept_33_VLAN

 dampening

 ip address 10.125.27.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan134

 description Connected to cr25_3750s_Dept_34_VLAN

 dampening

 ip address 10.125.27.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan135

 description Connected to cr25_3750s_Dept_35_VLAN

 dampening

 ip address 10.125.28.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan136

 description Connected to cr25_3750s_Dept_36_VLAN

 dampening

 ip address 10.125.28.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan137

 description Connected to cr25_3750s_Dept_37_VLAN

 dampening

 ip address 10.125.29.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan138

 description Connected to cr25_3750s_Dept_38_VLAN

 dampening

 ip address 10.125.29.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan139

 description Connected to cr25_3750s_Dept_39_VLAN

 dampening

 ip address 10.125.30.1 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan140

 description Connected to cr25_3750s_Dept_40_VLAN

 dampening

 ip address 10.125.30.129 255.255.255.128

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan141

 dampening

 ip address 10.125.31.1 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan142

 dampening

 ip address 10.125.31.17 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan143

 dampening

 ip address 10.125.31.33 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan144

 dampening

 ip address 10.125.31.49 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan145

 dampening

 ip address 10.125.31.65 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan146

 dampening

 ip address 10.125.31.81 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim dr-priority 100

 ip pim sparse-mode

 load-interval 30

!

interface Vlan147

 dampening

 ip address 10.125.31.97 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan148

 dampening

 ip address 10.125.31.113 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan149

 dampening

 ip address 10.125.31.129 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan150

 dampening

 ip address 10.125.31.145 255.255.255.240

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan200

 description Connected to cr24_ASA_Inside_Port

 dampening

 ip address 10.125.33.9 255.255.255.0

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5

 logging event link-status

 load-interval 30

 carrier-delay msec 0

!

interface Vlan900

 description Mgmt_VLAN

 dampening

 ip address 10.125.34.1 255.255.255.224

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip pim dr-priority 100

 ip pim sparse-mode

 ip summary-address eigrp 100 10.125.0.0 255.255.0.0 5

 load-interval 30

!

!

router eigrp 100

 passive-interface default

 no passive-interface Vlan200

 no passive-interface GigabitEthernet3/3

 no passive-interface GigabitEthernet4/3

 no passive-interface GigabitEthernet4/4

 no passive-interface GigabitEthernet4/6

 no passive-interface GigabitEthernet5/4

 no passive-interface GigabitEthernet5/5

 no passive-interface GigabitEthernet5/6

 no passive-interface GigabitEthernet6/2

 no passive-interface GigabitEthernet6/5

 no passive-interface GigabitEthernet6/6

 no passive-interface Port-channel1

 no passive-interface Port-channel13

 no passive-interface Port-channel15

 no passive-interface Port-channel17

 distribute-list route-map EIGRP_STUB_ROUTES out Vlan200

 distribute-list route-map EIGRP_STUB_ROUTES out Port-channel13

 distribute-list route-map EIGRP_STUB_ROUTES out Port-channel15

 no auto-summary

 eigrp router-id 10.125.100.1

 network 10.125.0.0 0.0.255.255

 nsf

!

no ip http server

no ip http secure-server

!

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended COPP-CRITICAL-APPLICATIONS

 remark DHCP

 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps

 permit udp host 10.125.31.2 eq bootps any eq bootps

ip access-list extended COPP-FILE-MANAGEMENT

 remark (initiated) FTP (active and passive)

 permit tcp 172.26.160.0 0.0.3.255 eq ftp host 172.26.160.185 gt 1023 established

 permit tcp 172.26.160.0 0.0.3.255 eq ftp-data host 172.26.160.185 gt 1023

 permit tcp 172.26.160.0 0.0.3.255 gt 1023 host 172.26.160.185 gt 1023 established

 remark (initiated) TFTP

 permit udp 172.26.160.0 0.0.3.255 gt 1023 host 172.26.160.185 gt 1023

ip access-list extended COPP-IGP

 remark IGP (EIGRP)

 permit eigrp any host 224.0.0.10

 permit eigrp any any

ip access-list extended COPP-INTERACTIVE-MANAGEMENT

 remark RADIUS (return traffic)

 permit udp host 10.125.31.4 host 10.125.100.2

 remark SSH

 permit tcp 10.124.0.0 0.3.255.255 host 10.125.100.2 eq 22

 remark SNMP

 permit udp host 172.26.160.100 host 10.125.100.2 eq snmp

 remark NTP

 permit udp host 172.26.160.10 host 172.26.160.185 eq ntp

ip access-list extended COPP-MONITORING

 remark PING-ECHO

 permit icmp any any echo

 remark PING-ECHO-REPLY

 permit icmp any any echo-reply

 remark TRACEROUTE

 permit icmp any any ttl-exceeded

 permit icmp any any port-unreachable

ip access-list extended COPP-UNDESIRABLE

 remark UNDESIRABLE

 permit udp any any eq 1434

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

!

access-list 1 permit 0.0.0.0

access-list 1 permit 10.126.0.0

access-list 1 permit 10.127.0.0

access-list 1 permit 10.125.0.0

!

route-map EIGRP_STUB_ROUTES permit 10

 match ip address 1

!

!

!

control-plane

 service-policy input system-cpp-policy

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

alias exec dsno show ip dhcp snooping bind

!

line con 0

 exec-timeout 0 0

 password 7 104D000A0618

 stopbits 1

line vty 0 4

 exec-timeout 0 0

 password 7 0822455D0A16

 login

line vty 5 15

 exec-timeout 0 0

 login

!

!

monitor session 10 source interface Gi4/4

monitor session 10 source interface Gi5/3

monitor session 10 filter packet-type good rx

monitor session 10 destination interface Gi6/3

ntp clock-period 17181779

ntp server 172.26.160.10

end

WAN Aggregation

Cr24-3750ME-DO

!

! Last configuration change at 22:59:31 EDT Wed Sep 2 2009

! NVRAM config last updated at 22:59:37 EDT Wed Sep 2 2009

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr24-3750ME-DO

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$.2Ap$J0k3w04nQHip4UNN28KxX0

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

ip subnet-zero

ip routing

!

!

no ip domain-lookup

ip multicast-routing distributed

vtp domain District-Office

vtp mode transparent

!

no mpls traffic-eng auto-bw timers frequency 0

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 02050D480809

!

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR

 enrollment selfsigned

 serial-number

 revocation-check none

 rsakeypair HTTPS_SS_CERT_KEYPAIR

!

!

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR

 certificate self-signed 01 nvram:8F1F4D80host#2E2E.cer

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause storm-control

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

vlan internal allocation policy ascending

!

vlan 501

 name School-Site1

!

vlan 502

 name School-Site2

!

vlan 503

 name School-Site3

!

vlan 504

 name School-Site4

!

vlan 505

 name School-Site5

!

vlan 506

 name School-Site6

!

vlan 507

 name School-Site7

!

vlan 508

 name School-Site8

!

vlan 509

 name School-Site9

!

vlan 510

 name School-Site10

!

vlan 511

 name School-Site11

!

vlan 512

 name School-Site12

!

vlan 513

 name School-Site13

!

vlan 514

 name School-Site14

!

vlan 515

 name School-Site15

!

vlan 516

 name School-Site16

!

vlan 517

 name School-Site17

!

vlan 518

 name School-Site18

!

vlan 519

 name School-Site19

!

vlan 520

 name School-Site20

!

vlan 521

 name School-Site21

!

vlan 522

 name School-Site22

!

vlan 523

 name School-Site23

!

vlan 524

 name School-Site24

!

vlan 525

 name School-Site25

!

vlan 526

 name School-Site26

!

vlan 527

 name School-Site27

!

vlan 528

 name School-Site28

!

vlan 529

 name School-Site29

!

vlan 530

 name School-Site30

!

vlan 531

 name School-Site31

!

vlan 532

 name School-Site32

!

vlan 533

 name School-Site33

!

vlan 534

 name School-Site34

!

vlan 535

 name School-Site35

!

vlan 536

 name School-Site36

!

vlan 537

 name School-Site37

!

vlan 538

 name School-Site38

!

vlan 539

 name School-Site39

!

vlan 540

 name School-Site40

!

vlan 541

 name School-Site41

!

vlan 542

 name School-Site42

!

vlan 543

 name School-Site43

!

vlan 544

 name School-Site44

!

vlan 545

 name School-Site45

!

vlan 546

 name School-Site46

!

vlan 547

 name School-Site47

!

vlan 548

 name School-Site48

!

vlan 549

 name School-Site49

!

vlan 550

 name School-Site50

!

vlan 601

 name School-Site51

!

vlan 602

 name School-Site52

!

vlan 603

 name School-Site53

!

vlan 604

 name School-Site54

!

vlan 605

 name School-Site55

!

vlan 606

 name School-Site56

!

vlan 607

 name School-Site57

!

vlan 608

 name School-Site58

!

vlan 609

 name School-Site59

!

vlan 610

 name School-Site60

!

vlan 611

 name School-Site61

!

vlan 612

 name School-Site62

!

vlan 613

 name School-Site63

!

vlan 614

 name School-Site64

!

vlan 615

 name School-Site65

!

vlan 616

 name School-Site66

!

vlan 617

 name School-Site67

!

vlan 618

 name School-Site68

!

vlan 619

 name School-Site69

!

vlan 620

 name School-Site70

!

vlan 621

 name School-Site71

!

vlan 622

 name School-Site72

!

vlan 623

 name School-Site73

!

vlan 624

 name School-Site74

!

vlan 625

 name School-Site75

!

vlan 626

 name School-Site76

!

vlan 627

 name School-Site77

!

vlan 628

 name School-Site78

!

vlan 629

 name School-Site79

!

vlan 630

 name School-Site80

!

vlan 631

 name School-Site81

!

vlan 632

 name School-Site82

!

vlan 633

 name School-Site83

!

vlan 634

 name School-Site84

!

vlan 635

 name School-Site85

!

vlan 636

 name School-Site86

!

vlan 637

 name School-Site87

!

vlan 638

 name School-Site88

!

vlan 639

 name School-Site89

!

vlan 640

 name School-Site90

!

vlan 641

 name School-Site91

!

vlan 642

 name School-Site92

!

vlan 643

 name School-Site93

!

vlan 644

 name School-Site94

!

vlan 645

 name School-Site95

!

vlan 646

 name School-Site96

!

vlan 647

 name School-Site97

!

vlan 648

 name School-Site98

!

vlan 649

 name School-Site99

!

vlan 650

 name School-Site100

!

vlan 801

 name MetroE_G1/1/1_Hopping_VLAN

!

vlan 802

 name MetroE_G1/1/2_Hopping_VLAN

!

!

class-map match-all GOLD

 match ip dscp cs6 

 match ip dscp cs7 

 match ip dscp cs3 

 match ip dscp cs2 

class-map match-all SILVER

 match ip dscp af21 

 match ip dscp af22 

 match ip dscp af23 

 match ip dscp af11 

 match ip dscp af12 

 match ip dscp af13 

 match ip dscp af31 

 match ip dscp af32 

 match ip dscp af33 

 match ip dscp af41 

 match ip dscp af42 

 match ip dscp af43 

class-map match-all School_Site11

  description 3750-SS11

 match vlan  511

class-map match-all School_Site22

  description 3750-SS22

 match vlan  522

class-map match-all School_Site33

  description 3750-SS33

 match vlan  533

class-map match-all School_Site44

  description 3750-SS44

 match vlan  544

class-map match-all School_Site55

  description 3750-SS55

 match vlan  606

class-map match-all School_Site66

  description 3750-SS66

 match vlan  617

class-map match-all School_Site77

  description 3750-SS77

 match vlan  628

class-map match-all School_Site88

  description 3750-SS88

 match vlan  639

class-map match-all School_Site99

  description 3750-SS99

 match vlan  650

class-map match-all School_Site10

  description 3750-SS10

 match vlan  510

class-map match-all School_Site23

  description 3750-SS23

 match vlan  523

class-map match-all School_Site32

  description 3750-SS32

 match vlan  532

class-map match-all School_Site45

  description 3750-SS45

 match vlan  545

class-map match-all School_Site54

  description 3750-SS54

 match vlan  605

class-map match-all School_Site67

  description 3750-SS67

 match vlan  618

class-map match-all School_Site76

  description 3750-SS76

 match vlan  627

class-map match-all School_Site89

  description 3750-SS89

 match vlan  640

class-map match-all School_Site98

  description 3750-SS98

 match vlan  649

class-map match-all School_Site13

  description 3750-SS13

 match vlan  513

class-map match-all School_Site20

  description 3750-SS20

 match vlan  520

class-map match-all School_Site31

  description 3750-SS31

 match vlan  531

class-map match-all School_Site46

  description 3750-SS46

 match vlan  546

class-map match-all School_Site57

  description 3750-SS57

 match vlan  608

class-map match-all School_Site64

  description 3750-SS64

 match vlan  615

class-map match-all School_Site75

  description 3750-SS75

 match vlan  626

class-map match-all School_Site12

  description 3750-SS12

 match vlan  512

class-map match-all School_Site21

  description 3750-SS21

 match vlan  521

class-map match-all School_Site30

  description 3750-SS30

 match vlan  530

class-map match-all School_Site47

  description 3750-SS47

 match vlan  547

class-map match-all School_Site56

  description 3750-SS56

 match vlan  607

class-map match-all School_Site65

  description 3750-SS65

 match vlan  616

class-map match-all School_Site74

  description 3750-SS74

 match vlan  625

class-map match-all School_Site15

  description 3750-SS15

 match vlan  515

class-map match-all School_Site26

  description 3750-SS26

 match vlan  526

class-map match-all School_Site37

  description 3750-SS37

 match vlan  537

class-map match-all School_Site40

  description 3750-SS40

 match vlan  540

class-map match-all School_Site51

  description 3750-SS51

 match vlan  602

class-map match-all School_Site62

  description 3750-SS62

 match vlan  613

class-map match-all School_Site73

  description 3750-SS73

 match vlan  624

class-map match-all School_Site14

  description 3750-SS14

 match vlan  514

class-map match-all School_Site27

  description 3750-SS27

 match vlan  527

class-map match-all School_Site36

  description 3750-SS36

 match vlan  536

class-map match-all School_Site41

  description 3750-SS41

 match vlan  541

class-map match-all School_Site50

  description 3750-SS50

 match vlan  550

class-map match-all School_Site63

  description 3750-SS63

 match vlan  614

class-map match-all School_Site72

  description 3750-SS72

 match vlan  623

class-map match-all School_Site17

  description 3750-SS17

 match vlan  517

class-map match-all School_Site24

  description 3750-SS24

 match vlan  524

class-map match-all School_Site35

  description 3750-SS35

 match vlan  535

class-map match-all School_Site42

  description 3750-SS42

 match vlan  542

class-map match-all School_Site53

  description 3750-SS53

 match vlan  604

class-map match-all School_Site60

  description 3750-SS60

 match vlan  611

class-map match-all School_Site71

  description 3750-SS71

 match vlan  622

class-map match-all School_Site16

  description 3750-SS16

 match vlan  516

class-map match-all School_Site25

  description 3750-SS25

 match vlan  525

class-map match-all School_Site34

  description 3750-SS34

 match vlan  534

class-map match-all School_Site43

  description 3750-SS43

 match vlan  543

class-map match-all School_Site52

  description 3750-SS52

 match vlan  603

class-map match-all School_Site61

  description 3750-SS61

 match vlan  612

class-map match-all School_Site70

  description 3750-SS70

 match vlan  621

class-map match-all School_Site19

  description 3750-SS19

 match vlan  519

class-map match-all School_Site80

  description 3750-SS80

 match vlan  631

class-map match-all School_Site91

  description 3750-SS91

 match vlan  642

class-map match-all School_Site18

  description 3750-SS18

 match vlan  518

class-map match-all School_Site81

  description 3750-SS81

 match vlan  632

class-map match-all School_Site90

  description 3750-SS90

 match vlan  641

class-map match-all School_Site28

  description 3750-SS28

 match vlan  528

class-map match-all School_Site39

  description 3750-SS39

 match vlan  539

class-map match-all School_Site82

  description 3750-SS82

 match vlan  633

class-map match-all School_Site93

  description 3750-SS93

 match vlan  644

class-map match-all School_Site29

  description 3750-SS29

 match vlan  529

class-map match-all School_Site38

  description 3750-SS38

 match vlan  538

class-map match-all School_Site83

  description 3750-SS83

 match vlan  634

class-map match-all School_Site92

  description 3750-SS92

 match vlan  643

class-map match-all School_Site48

  description 3750-SS48

 match vlan  548

class-map match-all School_Site59

  description 3750-SS59

 match vlan  610

class-map match-all School_Site84

  description 3750-SS84

 match vlan  635

class-map match-all School_Site95

  description 3750-SS95

 match vlan  646

class-map match-all School_Site49

  description 3750-SS49

 match vlan  549

class-map match-all School_Site58

  description 3750-SS58

 match vlan  609

class-map match-all School_Site85

  description 3750-SS85

 match vlan  636

class-map match-all School_Site94

  description 3750-SS94

 match vlan  645

class-map match-all School_Site68

  description 3750-SS68

 match vlan  619

class-map match-all School_Site79

  description 3750-SS79

 match vlan  630

class-map match-all School_Site86

  description 3750-SS86

 match vlan  637

class-map match-all School_Site97

  description 3750-SS97

 match vlan  648

class-map match-all School_Site69

  description 3750-SS69

 match vlan  620

class-map match-all School_Site78

  description 3750-SS78

 match vlan  629

class-map match-all School_Site87

  description 3750-SS87

 match vlan  638

class-map match-all School_Site96

  description 3750-SS96

 match vlan  647

class-map match-all REAL_TIME

 match ip dscp ef 

 match ip dscp cs5 

 match ip dscp cs4 

class-map match-all School_Site1

  description cr2-4507-SS1

 match vlan  501

class-map match-all School_Site100

  description cr36-3750s-SS100

 match vlan  650

class-map match-all School_Site2

  description 3750-SS2

 match vlan  502

class-map match-all School_Site3

  description 3750-SS3

 match vlan  503

class-map match-all School_Site4

  description 3750-SS4

 match vlan  504

class-map match-all School_Site5

  description 3750-SS5

 match vlan  505

class-map match-all School_Site6

  description 3750-SS6

 match vlan  506

class-map match-all School_Site7

  description 3750-SS7

 match vlan  507

class-map match-all School_Site8

  description 3750-SS8

 match vlan  508

class-map match-all School_Site9

  description 3750-SS9

 match vlan  509

!

!

policy-map School-Child-Policy-Map

 class REAL_TIME

    priority

   police cir percent 30 conform-action set-cos-transmit 5 exceed-action drop 
violate-action drop

  set cos 5

 class GOLD

    bandwidth percent 5

  set cos 3

 class SILVER

    bandwidth percent 30

  set cos 2

 class class-default

    bandwidth percent 35

  set cos 0

policy-map School-51to100-Parent-Policy-Map

 class School_Site100

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site51

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site52

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site53

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site54

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site55

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site56

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site57

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site58

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site59

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site60

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site61

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site62

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site63

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site64

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site65

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site66

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site67

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site68

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site69

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site70

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site71

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site72

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site73

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site74

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site75

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site76

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site77

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site78

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site79

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site80

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site81

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site82

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site83

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site84

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site85

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site86

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site87

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site88

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site89

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site90

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site91

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site92

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site93

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site94

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site95

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site96

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site97

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site98

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site99

    shape average 10000000

  service-policy School-Child-Policy-Map

policy-map School-1to50-Parent-Policy-Map

 class School_Site1

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site2

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site3

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site4

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site5

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site6

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site7

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site8

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site9

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site10

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site11

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site12

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site13

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site14

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site15

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site16

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site17

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site18

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site19

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site20

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site21

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site22

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site23

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site24

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site25

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site26

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site27

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site28

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site29

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site30

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site31

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site32

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site33

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site34

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site35

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site36

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site37

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site38

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site39

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site40

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site41

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site42

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site43

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site44

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site45

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site46

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site47

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site48

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site49

    shape average 20000000

  service-policy School-Child-Policy-Map

 class School_Site50

    shape average 10000000

  service-policy School-Child-Policy-Map

!

!

!

!

interface Loopback0

 ip address 10.126.100.1 255.255.255.255

!

interface Port-channel1

 description Connected to cr24-4507-DO

 no switchport

 dampening

 ip address 10.125.32.5 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.127.0.0 255.255.0.0 5

 ip summary-address eigrp 100 10.126.0.0 255.255.0.0 5

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface FastEthernet1/0/1

!

interface FastEthernet1/0/2

!

interface FastEthernet1/0/3

!

interface FastEthernet1/0/4

!

interface FastEthernet1/0/5

!

interface FastEthernet1/0/6

!

interface FastEthernet1/0/7

!

interface FastEthernet1/0/8

!

interface FastEthernet1/0/9

!

interface FastEthernet1/0/10

!

interface FastEthernet1/0/11

!

interface FastEthernet1/0/12

!

interface FastEthernet1/0/13

!

interface FastEthernet1/0/14

!

interface FastEthernet1/0/15

!

interface FastEthernet1/0/16

!

interface FastEthernet1/0/17

!

interface FastEthernet1/0/18

!

interface FastEthernet1/0/19

!

interface FastEthernet1/0/20

!

interface FastEthernet1/0/21

!

interface FastEthernet1/0/22

!

interface FastEthernet1/0/23

!

interface FastEthernet1/0/24

 description Connected to FlashNet

 no switchport

 ip address 172.26.160.184 255.255.254.0

 no ip redirects

 no ip proxy-arp

 load-interval 30

!

interface GigabitEthernet1/0/1

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

!

interface GigabitEthernet1/0/2

 description Connected to cr24-4507-DO

 no switchport

 no ip address

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

!

interface GigabitEthernet1/1/1

 description Connected to SP-MPLS-Core-cr24-6500-1

 switchport trunk native vlan 801

 switchport trunk allowed vlan 501-550

 switchport mode trunk

 logging event trunk-status

 load-interval 30

 carrier-delay msec 0

 priority-queue out 

 mls qos trust dscp

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree guard root

 service-policy output School-1to50-Parent-Policy-Map

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/1/2

 description Connected to SP-MPLS-Core-cr24-6500-1

 switchport trunk native vlan 802

 switchport trunk allowed vlan 601-650

 switchport mode trunk

 logging event trunk-status

 load-interval 30

 carrier-delay msec 0

 priority-queue out 

 mls qos trust dscp

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree guard root

 service-policy output School-51to100-Parent-Policy-Map

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan501

 description Connected to cr35-4507-SS1

 dampening

 ip address 10.126.0.0 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan502

 dampening

 ip address 10.126.0.2 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan503

 dampening

 ip address 10.126.0.4 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan504

 dampening

 ip address 10.126.0.6 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan505

 dampening

 ip address 10.126.0.8 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan506

 dampening

 ip address 10.126.0.10 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan507

 dampening

 ip address 10.126.0.12 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan508

 dampening

 ip address 10.126.0.14 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan509

 dampening

 ip address 10.126.0.16 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan510

 dampening

 ip address 10.126.0.18 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan511

 dampening

 ip address 10.126.0.20 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan512

 dampening

 ip address 10.126.0.22 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan513

 dampening

 ip address 10.126.0.24 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan514

 dampening

 ip address 10.126.0.26 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan515

 dampening

 ip address 10.126.0.28 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan516

 dampening

 ip address 10.126.0.30 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan517

 dampening

 ip address 10.126.0.32 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan518

 dampening

 ip address 10.126.0.34 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan519

 dampening

 ip address 10.126.0.36 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan520

 dampening

 ip address 10.126.0.38 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan521

 dampening

 ip address 10.126.0.40 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan522

 dampening

 ip address 10.126.0.42 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan523

 dampening

 ip address 10.126.0.44 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan524

 dampening

 ip address 10.126.0.46 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan525

 dampening

 ip address 10.126.0.48 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan526

 dampening

 ip address 10.126.0.50 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan527

 dampening

 ip address 10.126.0.52 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan528

 dampening

 ip address 10.126.0.54 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan529

 dampening

 ip address 10.126.0.56 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan530

 dampening

 ip address 10.126.0.58 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan531

 dampening

 ip address 10.126.0.60 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan532

 dampening

 ip address 10.126.0.62 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan533

 dampening

 ip address 10.126.0.64 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan534

 dampening

 ip address 10.126.0.66 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan535

 dampening

 ip address 10.126.0.68 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan536

 dampening

 ip address 10.126.0.70 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan537

 dampening

 ip address 10.126.0.72 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan538

 dampening

 ip address 10.126.0.74 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan539

 dampening

 ip address 10.126.0.76 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan540

 dampening

 ip address 10.126.0.78 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan541

 dampening

 ip address 10.126.0.80 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan542

 dampening

 ip address 10.126.0.82 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan543

 dampening

 ip address 10.126.0.84 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan544

 dampening

 ip address 10.126.0.86 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan545

 dampening

 ip address 10.126.0.88 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan546

 dampening

 ip address 10.126.0.90 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan547

 dampening

 ip address 10.126.0.92 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan548

 dampening

 ip address 10.126.0.94 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan549

 dampening

 ip address 10.126.0.96 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan550

 dampening

 ip address 10.126.0.98 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan601

 description Connected to cr36-3750-SS2

 dampening

 ip address 10.126.1.0 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan602

 dampening

 ip address 10.126.1.2 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan603

 dampening

 ip address 10.126.1.4 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan604

 dampening

 ip address 10.126.1.6 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan605

 dampening

 ip address 10.126.1.8 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan606

 dampening

 ip address 10.126.1.10 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan607

 dampening

 ip address 10.126.1.12 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan608

 dampening

 ip address 10.126.1.14 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan609

 dampening

 ip address 10.126.1.16 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan610

 dampening

 ip address 10.126.1.18 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan611

 dampening

 ip address 10.126.1.20 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan612

 dampening

 ip address 10.126.1.22 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan613

 dampening

 ip address 10.126.1.24 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan614

 dampening

 ip address 10.126.1.26 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan615

 dampening

 ip address 10.126.1.28 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan616

 dampening

 ip address 10.126.1.30 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan617

 dampening

 ip address 10.126.1.32 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan618

 dampening

 ip address 10.126.1.34 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan619

 dampening

 ip address 10.126.1.36 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan620

 dampening

 ip address 10.126.1.38 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan621

 dampening

 ip address 10.126.1.40 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan622

 dampening

 ip address 10.126.1.42 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan623

 dampening

 ip address 10.126.1.44 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan624

 dampening

 ip address 10.126.1.46 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan625

 dampening

 ip address 10.126.1.48 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan626

 dampening

 ip address 10.126.1.50 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan627

 dampening

 ip address 10.126.1.52 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan628

 dampening

 ip address 10.126.1.54 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan629

 dampening

 ip address 10.126.1.56 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan630

 dampening

 ip address 10.126.1.58 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan631

 dampening

 ip address 10.126.1.60 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan632

 dampening

 ip address 10.126.1.62 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan633

 dampening

 ip address 10.126.1.64 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan634

 dampening

 ip address 10.126.1.66 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan635

 dampening

 ip address 10.126.1.68 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan636

 dampening

 ip address 10.126.1.70 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan637

 dampening

 ip address 10.126.1.72 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan638

 dampening

 ip address 10.126.1.74 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan639

 dampening

 ip address 10.126.1.76 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan640

 dampening

 ip address 10.126.1.78 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan641

 dampening

 ip address 10.126.1.80 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan642

 dampening

 ip address 10.126.1.82 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan643

 dampening

 ip address 10.126.1.84 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan644

 dampening

 ip address 10.126.1.86 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan645

 dampening

 ip address 10.126.1.88 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan646

 dampening

 ip address 10.126.1.90 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan647

 dampening

 ip address 10.126.1.92 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan648

 dampening

 ip address 10.126.1.94 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan649

 dampening

 ip address 10.126.1.96 255.255.255.254

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan650

 dampening

 ip address 10.126.1.98 255.255.255.254

 ip hold-time eigrp 100 20

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.124.0.0 255.252.0.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

!

router eigrp 100

 passive-interface default

 no passive-interface Vlan501

 no passive-interface Vlan502

 no passive-interface Vlan503

 no passive-interface Vlan504

 no passive-interface Vlan505

 no passive-interface Vlan506

 no passive-interface Vlan507

 no passive-interface Vlan508

 no passive-interface Vlan509

 no passive-interface Vlan510

 no passive-interface Vlan511

 no passive-interface Vlan512

 no passive-interface Vlan513

 no passive-interface Vlan514

 no passive-interface Vlan515

 no passive-interface Vlan516

 no passive-interface Vlan517

 no passive-interface Vlan518

 no passive-interface Vlan519

 no passive-interface Vlan520

 no passive-interface Vlan521

 no passive-interface Vlan522

 no passive-interface Vlan523

 no passive-interface Vlan524

 no passive-interface Vlan525

 no passive-interface Vlan526

 no passive-interface Vlan527

 no passive-interface Vlan528

 no passive-interface Vlan529

 no passive-interface Vlan530

 no passive-interface Vlan531

 no passive-interface Vlan532

 no passive-interface Vlan533

 no passive-interface Vlan534

 no passive-interface Vlan535

 no passive-interface Vlan536

 no passive-interface Vlan537

 no passive-interface Vlan538

 no passive-interface Vlan539

 no passive-interface Vlan540

 no passive-interface Vlan541

 no passive-interface Vlan542

 no passive-interface Vlan543

 no passive-interface Vlan544

 no passive-interface Vlan545

 no passive-interface Vlan546

 no passive-interface Vlan547

 no passive-interface Vlan548

 no passive-interface Vlan549

 no passive-interface Vlan550

 no passive-interface Vlan601

 no passive-interface Vlan602

 no passive-interface Vlan603

 no passive-interface Vlan604

 no passive-interface Vlan605

 no passive-interface Vlan606

 no passive-interface Vlan607

 no passive-interface Vlan608

 no passive-interface Vlan609

 no passive-interface Vlan610

 no passive-interface Vlan611

 no passive-interface Vlan612

 no passive-interface Vlan613

 no passive-interface Vlan614

 no passive-interface Vlan615

 no passive-interface Vlan616

 no passive-interface Vlan617

 no passive-interface Vlan618

 no passive-interface Vlan619

 no passive-interface Vlan620

 no passive-interface Vlan621

 no passive-interface Vlan622

 no passive-interface Vlan623

 no passive-interface Vlan624

 no passive-interface Vlan625

 no passive-interface Vlan626

 no passive-interface Vlan627

 no passive-interface Vlan628

 no passive-interface Vlan629

 no passive-interface Vlan630

 no passive-interface Vlan631

 no passive-interface Vlan632

 no passive-interface Vlan633

 no passive-interface Vlan634

 no passive-interface Vlan635

 no passive-interface Vlan636

 no passive-interface Vlan637

 no passive-interface Vlan638

 no passive-interface Vlan639

 no passive-interface Vlan640

 no passive-interface Vlan641

 no passive-interface Vlan642

 no passive-interface Vlan643

 no passive-interface Vlan644

 no passive-interface Vlan645

 no passive-interface Vlan646

 no passive-interface Vlan647

 no passive-interface Vlan648

 no passive-interface Vlan649

 no passive-interface Vlan650

 no passive-interface Port-channel1

 no auto-summary

 eigrp router-id 10.126.100.1

 network 10.125.0.0 0.0.255.255

 network 10.126.0.0 0.0.255.255

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

!

no ip http server

no ip http secure-server

!

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

ip access-list standard Deny_PIM_DM_Fallback

 deny   224.0.1.39

 deny   224.0.1.40

 permit any

!

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

alias exec dsno show ip dhcp snooping bind

!

line con 0

 exec-timeout 0 0

 password 7 00071A150754

line vty 0 4

 exec-timeout 0 0

 password 7 02050D480809

 login

line vty 5 15

 exec-timeout 0 0

 no login

!

ntp clock-period 36028666

ntp server 172.26.160.10

end

Cr26-asa5520-DO

cr26-asa5520-do# wr t

: Saved

:

ASA Version 8.2(1) 

!

hostname cr26-asa5520-do

domain-name cisco.com

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

dns-guard

!

interface GigabitEthernet0/0

 description Connected to cr24-4507-DO

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet0/1

 description backup to cr24-4507-DO

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet0/2

 description Connected to Internet - cr26-6500-1

 nameif outside

 security-level 0

 ip address 198.133.219.5 255.255.255.0 

 ospf message-digest-key 1 md5 <removed>

 ospf authentication message-digest

!

interface GigabitEthernet0/3

 description School DMZ

 nameif dmz

 security-level 50

 ip address 10.25.34.1 255.255.255.0 

!

interface Management0/0

 nameif management

 security-level 100

 ip address 172.26.160.225 255.255.252.0 

 management-only

!

interface Redundant1

 description Connected to cr24-4507-DO

 member-interface GigabitEthernet0/0

 member-interface GigabitEthernet0/1

 nameif inside

 security-level 100

 allow-ssc-mgmt

 ip address 10.125.33.10 255.255.255.0 

 authentication key eigrp 100 <removed> key-id 1

 authentication mode eigrp 100 md5

!

boot system disk0:/asa821-k8.bin

ftp mode passive

dns server-group DefaultDNS

 domain-name cisco.com

access-list wsa-farm extended permit ip host 10.125.33.8 any 

access-list proxylist extended deny ip host 10.125.33.8 any 

access-list proxylist extended permit tcp 10.0.0.0 255.0.0.0 any eq www 

access-list proxylist extended permit tcp 10.0.0.0 255.0.0.0 any eq https 

access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 any eq www 

access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 any eq https 

access-list Outbound extended permit icmp 10.0.0.0 255.0.0.0 any echo 

access-list Outbound extended permit udp 10.0.0.0 255.0.0.0 host 10.25.34.13 eq domain

access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 host 10.25.34.12 eq smtp

access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 host 10.25.34.12 eq pop3

access-list Outbound extended permit tcp 10.0.0.0 255.0.0.0 host 10.25.34.12 eq imap4

access-list Inbound-Routes standard permit host 0.0.0.0 

access-list DMZ extended permit udp host 10.25.34.13 any eq domain 

access-list DMZ extended permit tcp host 10.25.34.13 any eq domain 

access-list DMZ extended permit tcp host 10.25.34.12 any eq smtp 

access-list DMZ extended permit tcp host 10.25.34.11 any eq www 

access-list DMZ extended permit tcp host 10.25.34.11 any eq https 

access-list Inbound extended permit udp any host 198.133.219.13 eq domain 

access-list Inbound extended permit tcp any host 198.133.219.13 eq domain 

access-list Inbound extended permit tcp any host 198.133.219.11 eq smtp 

access-list Inbound extended permit tcp any host 198.133.219.10 eq www 

access-list Inbound extended permit tcp any host 198.133.219.10 eq https 

pager lines 24

logging enable

logging console critical

logging buffered debugging

logging asdm informational

mtu outside 1500

mtu management 1500

mtu inside 1500

mtu dmz 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-507.bin

no asdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 10 10.0.0.0 255.0.0.0

static (inside,outside) 198.133.219.2 10.125.31.2 netmask 255.255.255.255 

static (dmz,outside) 198.133.219.10 10.25.34.10 netmask 255.255.255.255 

static (dmz,outside) 198.133.219.11 10.25.34.11 netmask 255.255.255.255 

static (dmz,outside) 198.133.219.12 10.25.34.12 netmask 255.255.255.255 

static (dmz,outside) 198.133.219.13 10.25.34.13 netmask 255.255.255.255 

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 

access-group Outbound in interface inside

access-group DMZ in interface dmz

access-group Inbound in interface outside

!

route-map Inbound-EIGRP permit 10

 match ip address Inbound-Routes

!

!

router eigrp 100

 no auto-summary

 eigrp stub redistributed

 network 10.125.33.0 255.255.255.0

 passive-interface default

 no passive-interface inside

 redistribute ospf 200 metric 1000000 2000 255 1 1500 route-map Inbound-EIGRP

!

router ospf 200

 network 198.133.219.0 255.255.255.0 area 100

 area 100 authentication message-digest

 log-adj-changes

!

route management 172.26.0.0 255.255.0.0 172.26.160.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server tacacs-servers protocol tacacs+

aaa-server tacacs-servers (management) host <tacacs+ server>

 key <secret key>

aaa authentication ssh console tacacs-servers LOCAL

aaa authentication serial console tacacs-servers LOCAL

aaa authentication enable console tacacs-servers LOCAL

aaa authentication http console tacacs-servers LOCAL

aaa authorization command tacacs-servers LOCAL

aaa accounting ssh console tacacs-servers

aaa accounting serial console tacacs-servers

aaa accounting command tacacs-servers

aaa accounting enable console tacacs-servers

aaa authorization exec authentication-server

http server enable

http 172.26.0.0 255.255.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 172.26.0.0 255.255.0.0 management

ssh timeout 5

ssh version 1

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

wccp 10 redirect-list proxylist group-list wsa-farm password cisco

wccp interface inside 10 redirect in

ntp authentication-key 10 md5 *

ntp authenticate

ntp trusted-key 10

ntp server <NTP Server> source management

webvpn

username admin password e1z89R3cZe9Kt6Ib encrypted privilege 15

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns migrated_dns_map_1 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny  

  inspect sunrpc 

  inspect xdmcp 

  inspect sip  

  inspect netbios 

  inspect tftp 

  inspect icmp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:196fd610af2a2ae145f302e32cc50ab1

: end

[OK]

cr26-asa5520-do#  

PSTN Edge

DO-ISR#term len 0

DO-ISR#sh run

Building configuration...

Current configuration : 7860 bytes

!

! Last configuration change at 21:32:46 UTC Mon Aug 31 2009 by cisco

! NVRAM config last updated at 21:15:27 UTC Mon Aug 31 2009 by cisco

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname DO-ISR

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

network-clock-participate wic 0 

network-clock-participate wic 1 

ip cef

!

!

!

!

ip domain name ese.local

ip name-server 10.33.32.5

!

multilink bundle-name authenticated

!

isdn switch-type primary-4ess

voice-card 0

 no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

voice translation-rule 1

 rule 1 /^1/ /4445671/

!

voice translation-rule 2

 rule 2 /^2/ /2223452/

!

!

voice translation-profile to-s1

 translate called 1

!

voice translation-profile to-s2

 translate called 2

!

!

!

crypto pki trustpoint TP-self-signed-1102421159

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1102421159

 revocation-check none

 rsakeypair TP-self-signed-1102421159

!

!

crypto pki certificate chain TP-self-signed-1102421159

 certificate self-signed 01

  30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 31313032 34323131 3539301E 170D3039 30343033 32333133 

  33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31303234 

  32313135 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  8100B92E A977CB6E 985B7AD1 DAC05B57 8E8C35D7 9E6F16AB 84DE64A5 05B3B815 

  4067A8A8 72B52E2E 16C0CFEC EE0E564B 1068DC76 F67EA152 7421ADC9 17300C81 

  C34282C6 CC622DA1 F4551B71 8E1E0F62 86CB3995 4D265865 74776DE4 C9912ABB 

  C2F527B4 17949311 7C8CA645 19EF813D 3B142D33 3305A1FA B7478C1A 6F29F416 

  F1D10203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603 

  551D1104 14301282 10444F2D 4953522E 6573652E 6C6F6361 6C301F06 03551D23 

  04183016 80140003 33E976A8 DCA4D4EA 6112E18F B0EB88A5 7373301D 0603551D 

  0E041604 14000333 E976A8DC A4D4EA61 12E18FB0 EB88A573 73300D06 092A8648 

  86F70D01 01040500 03818100 8E4406BA 63A6B9A1 19A48B05 DED9791B 797018CF 

  A6F177A1 46263C4D 2E6ACA82 2D26071F CA6BC27B 778D19F4 57604A4A C569BEE2 

  0AE94456 2EE01342 413C3832 B41F39F3 3F4BC20C 1C07F535 659EB32A 857DE248 

  07DC2667 1ADB1090 81CAA2CD 1E423927 838C1106 6131D3DC 4F31DD88 60B6565F 

  631965CB 3E3563E6 A9056FC0

  quit

!

!

username cisco privilege 15 secret 5 $1$jjeA$UcUyfEOgP0shCRkl.LGWI.

!

!

controller T1 0/0/0

 framing esf

 linecode b8zs

 pri-group timeslots 1-24 service mgcp

!

controller T1 0/0/1

 framing esf

 linecode b8zs

!

controller T1 0/1/0

 framing esf

 linecode b8zs

!

controller T1 0/1/1

 framing esf

 linecode b8zs

! 

!

!

!

!

!

interface Port-channel3

 description port-channel to core stack

 ip address 10.40.94.17 255.255.255.0

 hold-queue 150 in

!

interface GigabitEthernet0/0

 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

 no ip address

 duplex auto

 speed auto

 media-type rj45

 no keepalive

 channel-group 3

!

interface GigabitEthernet0/1

 no ip address

 duplex auto

 speed auto

 media-type rj45

 no keepalive

 channel-group 3

!

interface FastEthernet0/2/0

!

interface FastEthernet0/2/1

!

interface FastEthernet0/2/2

!

interface FastEthernet0/2/3

!

interface Serial0/0/0:23

 description to simulated PSTN  

 no ip address

 encapsulation hdlc

 isdn switch-type primary-ni

 isdn incoming-voice voice

 isdn bind-l3 ccm-manager

 no cdp enable

!

interface Integrated-Service-Engine1/0

 no ip address

 shutdown

 no keepalive

!

interface Integrated-Service-Engine2/0

 no ip address

 shutdown

 no keepalive

!

interface Vlan1

 no ip address

!

ip route 0.0.0.0 0.0.0.0 Port-channel3

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

!

!

!

!

control-plane

!

!

!

voice-port 0/0/0:23

!

ccm-manager fallback-mgcp 

ccm-manager mgcp

ccm-manager music-on-hold

ccm-manager config server 10.33.32.22  

ccm-manager config

!

mgcp

mgcp call-agent CUCM7-Pub 2427 service-type mgcp version 0.1

mgcp dtmf-relay voip codec all mode out-of-band

mgcp rtp unreachable timeout 1000 action notify

mgcp modem passthrough voip mode nse

mgcp package-capability rtp-package

no mgcp package-capability res-package

mgcp package-capability sst-package

no mgcp package-capability fxr-package

mgcp package-capability pre-package

no mgcp timer receive-rtcp

mgcp sdp simple

mgcp rtp payload-type g726r16 static

mgcp bind control source-interface Port-channel3

mgcp bind media source-interface Port-channel3

!

mgcp profile default

!

!

!

dial-peer voice 1 pots

 service mgcpapp

 incoming called-number .

 direct-inward-dial

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 81222 pots

 description SRST

 destination-pattern 81222.......

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 81333 pots

 description SRST

 destination-pattern 81333.......

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 81444 pots

 description SRST

 destination-pattern 81444.......

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 81555 pots

 description SRST

 destination-pattern 81555.......

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 8456 pots

 description SRST site 1 local dialing (PSTN-router num-exp adds area code)

 destination-pattern 8456....

 port 0/0/0:23

 forward-digits 7

!

dial-peer voice 1000 pots

 description srst 4 digits to Site 1

 translation-profile outgoing to-s1

 destination-pattern 1...

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 2000 pots

 description srst 4 digits to Site 2

 translation-profile outgoing to-s2

 destination-pattern 2...

 port 0/0/0:23

 forward-digits 10

!

dial-peer voice 8911 pots

 description SRST

 destination-pattern 8911

 port 0/0/0:23

 forward-digits 4

!

dial-peer voice 911 pots

 description SRST

 destination-pattern 911

 port 0/0/0:23

 forward-digits 3

!

!

!

!

call-manager-fallback

 max-conferences 12 gain -6

 transfer-system full-consult

 ip source-address 10.40.63.9 port 2000

 max-ephones 10

 max-dn 20

 dialplan-pattern 1 33345630.. extension-length 4

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device. 

This feature requires the one-time use of the username "cisco" 

with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI. 

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>

no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use. 

For more information about SDM please follow the instructions in the QUICK START 

GUIDE for your router or go to http://www.cisco.com/go/sdm 

-----------------------------------------------------------------------

^C

!

line con 0

 exec-timeout 0 0

 login local

 stopbits 1

line aux 0

 stopbits 1

line 66

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

line 130

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

 access-class 23 in

 privilege level 15

 login local

 transport input telnet ssh

line vty 5 15

 access-class 23 in

 privilege level 15

 login local

 transport input telnet ssh

!

scheduler allocate 20000 1000

ntp authentication-key 2 md5 00361A03135407021B 7

ntp authenticate

ntp trusted-key 2

ntp clock-period 17180344

ntp source Port-channel3

ntp max-associations 150

ntp server 10.33.32.16

!

end

DO-ISR#

School 1

Access

Cr35-2960-SS1

!

! Last configuration change at 13:16:40 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:18:08 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr35-2960-SS1

!

boot-start-marker

boot-end-marker

!

enable password 7 070C285F4D06

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

vtp domain School-Site-1

vtp mode transparent

ip subnet-zero

!

!

ip dhcp snooping vlan 101-110

no ip dhcp snooping information option

ip dhcp snooping

no ip domain-lookup

ip arp inspection vlan 101-110

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR

 enrollment selfsigned

 serial-number

 revocation-check none

 rsakeypair HTTPS_SS_CERT_KEYPAIR

!

!

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR

 certificate self-signed 01 nvram:F9154580host#2E2E.cer

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 101

 name cr2960_Dept1_VLAN

!

vlan 102

 name cr2960_Dept2_VLAN

!

vlan 103

 name cr2960_Dept3_VLAN

!

vlan 104

 name cr2960_Dept4_VLAN

!

vlan 105

 name cr2960_Dept5_VLAN

!

vlan 106

 name cr2960_Dept6_VLAN

!

vlan 107

 name cr2960_Dept7_VLAN

!

vlan 108

 name cr2960_Dept8_VLAN

!

vlan 109

 name cr2960_Dept9_VLAN

!

vlan 110

 name cr2960_Dept10_VLAN

!

vlan 201

 name Guest_VLAN

!

vlan 802

 name Hopping_VLAN

!

ip ftp username nimishguest

ip ftp password 7 04550F011A245F5A

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 1000000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 1000000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 1000000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 1000000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

interface Loopback0

 ip address 10.126.100.3 255.255.255.255

 no ip route-cache

!

interface Port-channel1

 description Connected to cr35-4507-SS1

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,201

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 101

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 102

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface FastEthernet0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 103

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 104

 switchport mode access

 switchport block unicast

 switchport voice vlan 105

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface FastEthernet0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 106

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 107

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 108

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

 description Connected to IXIA - ALM - 2/7

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/11

 description Connected to IXIA - STX - 4/3

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet0/1

 description Connected to cr35-4507-SS1

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,201

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/2

 description Connected to cr35-4507-SS1

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,201

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

 no ip address

 no ip route-cache

 shutdown

!

interface Vlan2

 description Connected to FlashNet - DO NOT ROUTE

 ip address 172.26.160.192 255.255.254.0

 no ip redirects

 no ip proxy-arp

 no ip route-cache

 load-interval 30

!

ip default-gateway 172.26.160.1

no ip http server

no ip http secure-server

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 0822455D0A1649464058

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36029012

ntp server 172.26.160.10

end

Cr35-3560-SS1

!

! Last configuration change at 13:07:51 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:07:54 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr35-3560-SS1

!

boot-start-marker

boot-end-marker

!

enable password 7 094F471A1A0A

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

vtp domain School-Site-1

vtp mode transparent

udld enable

ip subnet-zero

no ip domain-lookup

!

!

ip dhcp snooping vlan 111-120

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 111-120

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 13061E010803

!

crypto pki trustpoint TP-self-signed-4313216

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-4313216

 revocation-check none

 rsakeypair TP-self-signed-4313216

!

!

crypto pki certificate chain TP-self-signed-4313216

 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

no spanning-tree optimize bpdu transmission

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 111

 name cr35_3560_Dept1

!

vlan 112

 name cr35_3560_Dept2

!

vlan 113

 name cr35_3560_Dept3

!

vlan 114

 name cr35_3560_Dept4

!

vlan 115

 name cr35_3560_Dept5

!

vlan 116

 name cr35_3560_Dept6

!

vlan 117

 name cr35_3560_Dept7

!

vlan 118

 name cr35_3560_Dept8

!

vlan 119

 name cr35_3560_Dept9

!

vlan 120

 name cr35_3560_Dept_10

!

vlan 202

 name Guest_VLAN

!

vlan 803

 name Hopping_VLAN

!

ip ftp username nimishguest

ip ftp password 7 1419160C1901393F

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.125.100.4 255.255.255.255

!

interface Port-channel1

 description Connected to cr35-4507-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 111

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 112

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface FastEthernet0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 113

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 113

 switchport mode access

 switchport block unicast

 switchport voice vlan 114

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface FastEthernet0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 115

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 116

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 117

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/8

 no mdix auto

!

interface FastEthernet0/9

 no mdix auto

!

interface FastEthernet0/10

 description Connected to IXIA - ALM - 2/8

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 202

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/11

 description Connected to IXIA - STX - 4/4

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 202

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/12

 no mdix auto

!

interface FastEthernet0/13

 no mdix auto

!

interface FastEthernet0/14

 no mdix auto

!

interface FastEthernet0/15

 no mdix auto

!

interface FastEthernet0/16

 no mdix auto

!

interface FastEthernet0/17

 no mdix auto

!

interface FastEthernet0/18

 no mdix auto

!

interface FastEthernet0/19

 no mdix auto

!

interface FastEthernet0/20

 no mdix auto

!

interface FastEthernet0/21

 no mdix auto

!

interface FastEthernet0/22

 no mdix auto

!

interface FastEthernet0/23

 no mdix auto

!

interface FastEthernet0/24

 no mdix auto

!

interface FastEthernet0/25

 no mdix auto

!

interface FastEthernet0/26

 no mdix auto

!

interface FastEthernet0/27

 no mdix auto

!

interface FastEthernet0/28

 no mdix auto

!

interface FastEthernet0/29

 no mdix auto

!

interface FastEthernet0/30

 no mdix auto

!

interface FastEthernet0/31

 no mdix auto

!

interface FastEthernet0/32

 no mdix auto

!

interface FastEthernet0/33

 no mdix auto

!

interface FastEthernet0/34

 no mdix auto

!

interface FastEthernet0/35

 no mdix auto

!

interface FastEthernet0/36

 no mdix auto

!

interface FastEthernet0/37

 no mdix auto

!

interface FastEthernet0/38

 no mdix auto

!

interface FastEthernet0/39

 no mdix auto

!

interface FastEthernet0/40

 no mdix auto

!

interface FastEthernet0/41

 no mdix auto

!

interface FastEthernet0/42

 no mdix auto

!

interface FastEthernet0/43

 no mdix auto

!

interface FastEthernet0/44

 no mdix auto

!

interface FastEthernet0/45

 no mdix auto

!

interface FastEthernet0/46

 no mdix auto

!

interface FastEthernet0/47

 no mdix auto

!

interface FastEthernet0/48

 description Connected to FlashNet

 no switchport

 ip address 172.26.160.193 255.255.254.0

 no ip redirects

 no ip proxy-arp

 no ip route-cache

 no mdix auto

!

interface GigabitEthernet0/1

 description Connected to cr35-4507-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/2

 description Connected to cr35-4507-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

 no ip address

 no ip route-cache

 shutdown

!

ip classless

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 0822455D0A1649464058

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36029222

ntp server 172.26.160.10

end

Cr35-3750-SS1

!

! Last configuration change at 13:07:51 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:07:53 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr35-3750-SS1

!

boot-start-marker

boot-end-marker

!

logging buffered 16000

no logging console

enable secret 5 $1$vE3p$UNuh7kbqn0zV3HU1uc/cG0

enable password 7 13061E010803

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750g-12s

system mtu routing 1500

vtp domain School-Site-1

vtp mode transparent

ip subnet-zero

no ip domain-lookup

!

!

ip dhcp snooping vlan 121-130,203

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 121-130,203

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint TP-self-signed-721634816

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-721634816

 revocation-check none

 rsakeypair TP-self-signed-721634816

!

!

crypto pki certificate chain TP-self-signed-721634816

 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 121

 name cr36_3750_Dept1

!

vlan 122

 name cr36_3750_Dept2

!

vlan 123

 name cr36_3750_Dept3

!

vlan 124

 name cr36_3750_Dept4

!

vlan 125

 name cr36_3750_Dept5

!

vlan 126

 name cr36_3750_Dept6

!

vlan 127

 name cr36_3750_Dept7

!

vlan 128

 name cr36_3750_Dept8

!

vlan 129

 name cr36_3750_Dept9

!

vlan 130

 name cr36_3750_Dept10

!

vlan 203

 name Guest_VLAN

!

vlan 804

 name Hopping_VLAN

!

ip ftp username nimishguest

ip ftp password 7 151C0F0B112F3830

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.126.100.5 255.255.255.255

!

interface Port-channel1

 description Connected to cr35-4507-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 121

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 122

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 123

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface GigabitEthernet1/0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 124

 switchport mode access

 switchport block unicast

 switchport voice vlan 125

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface GigabitEthernet1/0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 126

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 127

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 128

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/8

 description Connected to FlashNet

 no switchport

 ip address 172.26.160.194 255.255.254.0

 no ip redirects

 no ip proxy-arp

!

interface GigabitEthernet1/0/9

 description Connected to cr35-4507-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/10

 description Connected to IXIA - ALM - 5/1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 204

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/11

 description Connected to IXIA - STX - 6/1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 204

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no mdix auto

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/12

 description Connected to cr35-4507-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol pagp

 channel-group 1 mode desirable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface Vlan1

 ip address dhcp

 shutdown

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 1511021F072567757A60

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36029518

ntp server 172.26.160.10

end

Cr35-3750r-SS1

!

! Last configuration change at 13:07:51 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:07:55 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr35-3750r-SS1

!

boot-start-marker

boot-end-marker

!

enable password 7 0822455D0A16

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750-48p

switch 2 provision ws-c3750g-48ps

stack-mac persistent timer 0

system mtu routing 1500

vtp domain School-Site-1

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip dhcp snooping vlan 11-20

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 11-20

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 104D000A0618

!

crypto pki trustpoint TP-self-signed-1654402816

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1654402816

 revocation-check none

 rsakeypair TP-self-signed-1654402816

!

!

crypto pki certificate chain TP-self-signed-1654402816

 certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 11,13-20 

!

vlan 204

 name Guest_VLAN

!

ip ftp username nimishguest

ip ftp password 7 000A1701115E1812

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.126.100.6 255.255.255.255

!

interface Port-channel1

 description Connected to cr35-4507-SS1

 no switchport

 dampening

 ip address 10.127.7.194 255.255.255.192

 ip pim sparse-mode

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface FastEthernet1/0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 11

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 12

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Trusted-PC-Policy

 ip verify source

!

interface FastEthernet1/0/3

 description CONNECTED TO PHONE

 switchport access vlan 14

 switchport mode access

 switchport block unicast

 switchport voice vlan 13

 switchport port-security maximum 3

 switchport port-security maximum 1 vlan

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet1/0/4

!

interface FastEthernet1/0/5

!

interface FastEthernet1/0/6

!

interface FastEthernet1/0/7

!

interface FastEthernet1/0/8

!

interface FastEthernet1/0/9

!

interface FastEthernet1/0/10

!

interface FastEthernet1/0/11

!

interface FastEthernet1/0/12

!

interface FastEthernet1/0/13

!

interface FastEthernet1/0/14

!

interface FastEthernet1/0/15

!

interface FastEthernet1/0/16

!

interface FastEthernet1/0/17

!

interface FastEthernet1/0/18

!

interface FastEthernet1/0/19

!

interface FastEthernet1/0/20

!

interface FastEthernet1/0/21

!

interface FastEthernet1/0/22

!

interface FastEthernet1/0/23

!

interface FastEthernet1/0/24

!

interface FastEthernet1/0/25

!

interface FastEthernet1/0/26

!

interface FastEthernet1/0/27

!

interface FastEthernet1/0/28

!

interface FastEthernet1/0/29

!

interface FastEthernet1/0/30

!

interface FastEthernet1/0/31

!

interface FastEthernet1/0/32

!

interface FastEthernet1/0/33

!

interface FastEthernet1/0/34

!

interface FastEthernet1/0/35

!

interface FastEthernet1/0/36

!

interface FastEthernet1/0/37

!

interface FastEthernet1/0/38

!

interface FastEthernet1/0/39

!

interface FastEthernet1/0/40

!

interface FastEthernet1/0/41

!

interface FastEthernet1/0/42

!

interface FastEthernet1/0/43

!

interface FastEthernet1/0/44

!

interface FastEthernet1/0/45

!

interface FastEthernet1/0/46

!

interface FastEthernet1/0/47

!

interface FastEthernet1/0/48

 description FlashNet - DO NOT ROUTE

 switchport access vlan 2

 load-interval 30

!

interface GigabitEthernet1/0/1

 description Connected to cr35-4507-SS1

 no switchport

 no ip address

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet2/0/1

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 16

 switchport mode access

 switchport block unicast

 switchport voice vlan 15

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface GigabitEthernet2/0/2

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 17

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet2/0/3

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 18

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet2/0/4

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

 description Connected to IXIA - ALM - 5/2

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 11-20

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet2/0/11

 description Connected to IXIA - STX - 6/2

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 11-20

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree bpduguard enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet2/0/12

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface GigabitEthernet2/0/29

!

interface GigabitEthernet2/0/30

!

interface GigabitEthernet2/0/31

!

interface GigabitEthernet2/0/32

!

interface GigabitEthernet2/0/33

!

interface GigabitEthernet2/0/34

!

interface GigabitEthernet2/0/35

!

interface GigabitEthernet2/0/36

!

interface GigabitEthernet2/0/37

!

interface GigabitEthernet2/0/38

!

interface GigabitEthernet2/0/39

!

interface GigabitEthernet2/0/40

!

interface GigabitEthernet2/0/41

!

interface GigabitEthernet2/0/42

!

interface GigabitEthernet2/0/43

!

interface GigabitEthernet2/0/44

!

interface GigabitEthernet2/0/45

!

interface GigabitEthernet2/0/46

!

interface GigabitEthernet2/0/47

!

interface GigabitEthernet2/0/48

!

interface GigabitEthernet2/0/49

 description Connected to cr35-4507-SS1

 no switchport

 no ip address

 logging event bundle-status

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

!

interface GigabitEthernet2/0/50

!

interface GigabitEthernet2/0/51

!

interface GigabitEthernet2/0/52

!

interface Vlan1

 ip address dhcp

 shutdown

!

interface Vlan2

 description FlashNet - DO NOT ROUTE

 ip address 172.26.160.222 255.255.252.0

 no ip redirects

 no ip proxy-arp

!

interface Vlan11

 ip address 10.127.7.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

!

router eigrp 100

 passive-interface default

 no passive-interface Port-channel1

 no auto-summary

 eigrp router-id 10.126.100.6

 eigrp stub connected

 network 10.126.0.0 0.1.255.255

 nsf

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 121A0C04110440557878

radius-server deadtime 1

!

control-plane

!

alias exec dsno show ip dhcp snooping bind

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028695

ntp server 172.26.160.10

end

Core/Distribution/WAN Edge

Cr35-4507-SS1

!

! Last configuration change at 13:15:17 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:15:32 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

service compress-config

!

hostname cr35-4507-SS1

!

boot-start-marker

boot system flash bootflash:cat4500-entservicesk9-mz.122-50.SG

boot-end-marker

!

enable password 7 110A1016141D

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

qos

qos dbl exceed-action ecn

qos dbl dscp-based 0-31,33-39,41-45,47-63

qos map dscp 0 to tx-queue 2

qos map dscp 16 18 20 22 24 26 28 30 to tx-queue 4

qos map dscp 34 36 38 to tx-queue 4

udld enable

ip subnet-zero

no ip domain-lookup

!

ip vrf mgmtVrf

!

ip multicast-routing 

vtp domain School-Site-1

vtp mode transparent

cluster run

!

!

key chain eigrp-key

 key 1

   key-string 7 045802150C2E

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

power redundancy-mode combined

!

!

!

!

!

macro global description system-cpp | system-cpp

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

spanning-tree vlan 1-4094 priority 24576

!

redundancy

 mode sso

 main-cpu

  auto-sync standard

!

process-max-time 20

vlan internal allocation policy ascending

!

vlan 101

 name cr35_2960_Dept1

!

vlan 102

 name cr35_2960_Dept2

!

vlan 103

 name cr35_2960_Dept3

!

vlan 104

 name cr35_2960_Dept4

!

vlan 105

 name cr35_2960_Dept5

!

vlan 106

 name cr35_2960_Dept6

!

vlan 107

 name cr35_2960_Dept7

!

vlan 108

 name cr35_2960_Dept8

!

vlan 109

 name cr35_2960_Dept9

!

vlan 110

 name cr35_2960_Dept10

!

vlan 111

 name cr35_3560_Dept11

!

vlan 112

 name cr35_3560_Dept12

!

vlan 113

 name cr35_3560_Dept13

!

vlan 114

 name cr35_3560_Dept14

!

vlan 115

 name cr35_3560_Dept15

!

vlan 116

 name cr35_3560_Dept16

!

vlan 117

 name cr35_3560_Dept17

!

vlan 118

 name cr35_3560_Dept18

!

vlan 119

 name cr35_3560_Dept19

!

vlan 120

 name cr35_3560_Dept20

!

vlan 121

 name cr35_3750_Dept21

!

vlan 122

 name cr35_3750_Dept22

!

vlan 123

 name cr35_3750_Dept23

!

vlan 124

 name cr35_3750_Dept24

!

vlan 125

 name cr35_3750_Dept25

!

vlan 126

 name cr35_3750_Dept26

!

vlan 127

 name cr35_3750_Dept27

!

vlan 128

 name cr35_3750_Dept28

!

vlan 129

 name cr35_3750_Dept29

!

vlan 130

 name cr35_3750_Dept30

!

vlan 501

 name cr24_3750ME_DO

!

vlan 801

 name MetroE_Hopping_VLAN

!

vlan 802

 name cr36_2960-Hopping-VL

!

vlan 803

 name cr36_3560-Hopping-VL

!

vlan 804

 name cr36_3750-Hopping-VL

!

ip ftp username nimishguest

ip ftp password 7 000A1701115E1812

!

class-map match-all COPP-CRITICAL-APPLICATIONS

 match access-group name COPP-CRITICAL-APPLICATIONS

class-map match-all system-cpp-cdp

 match access-group name system-cpp-cdp

class-map match-all system-cpp-pim

 match access-group name system-cpp-pim

class-map match-all COPP-FILE-MANAGEMENT

 match access-group name COPP-FILE-MANAGEMENT

class-map match-all system-cpp-pppoe-disc

 match access-group name system-cpp-pppoe-disc

class-map match-all COPP-MONITORING

 match access-group name COPP-MONITORING

class-map match-all system-cpp-bpdu-range

 match access-group name system-cpp-bpdu-range

class-map match-all system-cpp-dhcp-cs

 match access-group name system-cpp-dhcp-cs

class-map match-all system-cpp-dhcp-sc

 match access-group name system-cpp-dhcp-sc

class-map match-all system-cpp-all-systems-on-subnet

 match access-group name system-cpp-all-systems-on-subnet

class-map match-all system-cpp-all-routers-on-subnet

 match access-group name system-cpp-all-routers-on-subnet

class-map match-all system-cpp-ripv2

 match access-group name system-cpp-ripv2

class-map match-all system-cpp-mcast-cfm

 match access-group name system-cpp-mcast-cfm

class-map match-all system-cpp-dot1x

 match access-group name system-cpp-dot1x

class-map match-all system-cpp-ucast-cfm

 match access-group name system-cpp-ucast-cfm

class-map match-all system-cpp-dhcp-ss

 match access-group name system-cpp-dhcp-ss

class-map match-all COPP-INTERACTIVE-MANAGEMENT

 match access-group name COPP-INTERACTIVE-MANAGEMENT

class-map match-all system-cpp-sstp

 match access-group name system-cpp-sstp

class-map match-all system-cpp-ospf

 match access-group name system-cpp-ospf

class-map match-all NON-REALTIME

 match not ip dscp ef 

 match not ip dscp cs5 

 match not ip dscp cs4 

class-map match-all system-cpp-lldp

 match access-group name system-cpp-lldp

class-map match-all system-cpp-igmp

 match access-group name system-cpp-igmp

class-map match-all COPP-UNDESIRABLE

 match access-group name COPP-UNDESIRABLE

class-map match-all system-cpp-ip-mcast-linklocal

 match access-group name system-cpp-ip-mcast-linklocal

class-map match-all COPP-IGP

 match access-group name COPP-IGP

class-map match-all system-cpp-cgmp

 match access-group name system-cpp-cgmp

!

!

policy-map WAN-EGRESS-CHILD

 class NON-REALTIME

    police 13200 kbps 1000 byte conform-action transmit exceed-action drop 

policy-map DBL

 class class-default

    dbl

policy-map WAN-EGRESS-PARENT

 class class-default

    police 20 mbps 1000 byte conform-action transmit exceed-action drop 

    dbl

  service-policy WAN-EGRESS-CHILD

policy-map system-cpp-policy

 class system-cpp-dot1x

 class system-cpp-lldp

 class system-cpp-bpdu-range

 class system-cpp-cdp

 class system-cpp-sstp

 class system-cpp-cgmp

 class system-cpp-mcast-cfm

 class system-cpp-ucast-cfm

 class system-cpp-pppoe-disc

 class system-cpp-ospf

 class system-cpp-igmp

 class system-cpp-pim

 class system-cpp-all-systems-on-subnet

 class system-cpp-all-routers-on-subnet

 class system-cpp-ripv2

 class system-cpp-ip-mcast-linklocal

 class system-cpp-dhcp-cs

 class system-cpp-dhcp-sc

 class system-cpp-dhcp-ss

 class COPP-IGP

    police 300000 bps 3000 byte conform-action transmit exceed-action drop 

 class COPP-INTERACTIVE-MANAGEMENT

    police 500000 bps 5000 byte conform-action transmit exceed-action drop 

 class COPP-FILE-MANAGEMENT

    police 6000000 bps 60000 byte conform-action transmit exceed-action drop 

 class COPP-MONITORING

    police 900000 bps 9000 byte conform-action transmit exceed-action drop 

 class COPP-CRITICAL-APPLICATIONS

    police 900000 bps 9000 byte conform-action transmit exceed-action drop 

 class COPP-UNDESIRABLE

    police 32000 bps 3000 byte conform-action drop exceed-action drop 

 class class-default

    police 500000 bps 5000 byte conform-action transmit exceed-action drop 

!

!

!

interface Loopback0

 ip address 10.126.100.2 255.255.255.255

!

interface Port-channel11

 description Connected to cr35-2960-SS1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

!

interface Port-channel12

 description Connected to cr35-3560-SS1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

!

interface Port-channel13

 description Connected to cr35-3750-SS1

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

!

interface Port-channel14

 description Connected to cr35-3750r-SS1

 dampening

 ip address 10.127.7.193 255.255.255.192

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.127.0.0 255.255.248.0 5

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

!

interface FastEthernet1

 ip vrf forwarding mgmtVrf

 no ip address

 speed auto

 duplex auto

!

interface GigabitEthernet1/1

 description Connected to MetroE-Core-cr25-6500-1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 801

 switchport trunk allowed vlan 501

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 udld port disable

 tx-queue 1

   bandwidth 1 mbps

 tx-queue 2

   bandwidth 7 mbps

 tx-queue 3

   bandwidth 6 mbps

   priority high

 tx-queue 4

   bandwidth 6 mbps

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 spanning-tree guard root

 service-policy output WAN-EGRESS-PARENT

!

interface GigabitEthernet1/2

 description Connected to cr35_2960_SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol pagp

 channel-group 11 mode desirable

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet1/3

 description Connected to cr35_3560_SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol pagp

 channel-group 12 mode desirable

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet1/4

 description Connected to cr35-3750-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol pagp

 channel-group 13 mode desirable

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet1/5

 description Connected to cr35-3750r-SS1

 no switchport

 dampening

 no ip address

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol lacp

 channel-group 14 mode active

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet1/6

 switchport trunk encapsulation dot1q

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet2/1

 switchport trunk encapsulation dot1q

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 spanning-tree guard root

!

interface GigabitEthernet2/2

 description Connected to cr35_2960_SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol pagp

 channel-group 11 mode desirable

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet2/3

 description Connected to cr35_3560_SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol pagp

 channel-group 12 mode desirable

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet2/4

 description Connected to cr35-3750-SS1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol pagp

 channel-group 13 mode desirable

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet2/5

 description Connected to cr35-3750r-SS1

 no switchport

 dampening

 no ip address

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 channel-protocol lacp

 channel-group 14 mode active

 spanning-tree guard root

 service-policy output DBL

!

interface GigabitEthernet2/6

 switchport trunk encapsulation dot1q

 switchport mode trunk

 logging event link-status

 load-interval 30

 carrier-delay msec 0

 shutdown

 qos trust dscp

 tx-queue 1

   bandwidth percent 5

 tx-queue 2

   bandwidth percent 35

 tx-queue 3

   bandwidth percent 30

   priority high

 tx-queue 4

   bandwidth percent 30

 spanning-tree guard root

 service-policy output DBL

!

interface TenGigabitEthernet3/1

!

interface TenGigabitEthernet3/2

!

interface GigabitEthernet3/3

!

interface GigabitEthernet3/4

!

interface GigabitEthernet3/5

!

interface GigabitEthernet3/6

!

interface TenGigabitEthernet4/1

!

interface TenGigabitEthernet4/2

!

interface GigabitEthernet4/3

!

interface GigabitEthernet4/4

!

interface GigabitEthernet4/5

!

interface GigabitEthernet4/6

!

interface GigabitEthernet6/1

 description Connected to FlashNet

 no switchport

 ip address 172.26.160.191 255.255.254.0

 no ip redirects

 no ip proxy-arp

 load-interval 30

!

interface GigabitEthernet6/2

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 101

 switchport mode trunk

!

interface GigabitEthernet6/3

!

interface GigabitEthernet6/4

!

interface GigabitEthernet6/5

!

interface GigabitEthernet6/6

!

interface GigabitEthernet6/7

!

interface GigabitEthernet6/8

!

interface GigabitEthernet6/9

!

interface GigabitEthernet6/10

!

interface GigabitEthernet6/11

!

interface GigabitEthernet6/12

!

interface GigabitEthernet6/13

!

interface GigabitEthernet6/14

!

interface GigabitEthernet6/15

!

interface GigabitEthernet6/16

!

interface GigabitEthernet6/17

!

interface GigabitEthernet6/18

!

interface GigabitEthernet6/19

!

interface GigabitEthernet6/20

!

interface GigabitEthernet6/21

!

interface GigabitEthernet6/22

!

interface GigabitEthernet6/23

!

interface GigabitEthernet6/24

!

interface GigabitEthernet6/25

!

interface GigabitEthernet6/26

!

interface GigabitEthernet6/27

!

interface GigabitEthernet6/28

!

interface GigabitEthernet6/29

!

interface GigabitEthernet6/30

!

interface GigabitEthernet6/31

!

interface GigabitEthernet6/32

!

interface GigabitEthernet6/33

!

interface GigabitEthernet6/34

!

interface GigabitEthernet6/35

!

interface GigabitEthernet6/36

!

interface GigabitEthernet6/37

!

interface GigabitEthernet6/38

!

interface GigabitEthernet6/39

!

interface GigabitEthernet6/40

!

interface GigabitEthernet6/41

!

interface GigabitEthernet6/42

!

interface GigabitEthernet6/43

!

interface GigabitEthernet6/44

!

interface GigabitEthernet6/45

!

interface GigabitEthernet6/46

!

interface GigabitEthernet6/47

!

interface GigabitEthernet6/48

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan101

 description Connected to cr35_2960_Dept_1_VLAN

 dampening

 ip address 10.127.0.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan102

 description Connected to cr35_2960_Dept_2_VLAN

 dampening

 ip address 10.127.0.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan103

 description Connected to cr35_2960_Dept_3_VLAN

 dampening

 ip address 10.127.0.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan104

 description Connected to cr35_2960_Dept_4_VLAN

 dampening

 ip address 10.127.0.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan105

 description Connected to cr35_2960_Dept_5_VLAN

 dampening

 ip address 10.127.1.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan106

 description Connected to cr35_2960_Dept_6_VLAN

 dampening

 ip address 10.127.1.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan107

 description Connected to cr35_2960_Dept_7_VLAN

 dampening

 ip address 10.127.1.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan108

 description Connected to cr35_2960_Dept_8_VLAN

 dampening

 ip address 10.127.1.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan109

 description Connected to cr35_2960_Dept_9_VLAN

 dampening

 ip address 10.127.2.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan110

 description Connected to cr35_2960_Dept_10_VLAN

 dampening

 ip address 10.127.2.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan111

 description Connected to cr35_3560_Dept_1_VLAN

 dampening

 ip address 10.127.2.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan112

 description Connected to cr35_3560_Dept_2_VLAN

 dampening

 ip address 10.127.2.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan113

 description Connected to cr35_3560_Dept_3_VLAN

 dampening

 ip address 10.127.3.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan114

 description Connected to cr35_3560_Dept_4_VLAN

 dampening

 ip address 10.127.3.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan115

 description Connected to cr35_3560_Dept_5_VLAN

 dampening

 ip address 10.127.3.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan116

 description Connected to cr35_3560_Dept_6_VLAN

 dampening

 ip address 10.127.3.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan117

 description Connected to cr35_3560_Dept_7_VLAN

 dampening

 ip address 10.127.4.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan118

 description Connected to cr35_3560_Dept_8_VLAN

 dampening

 ip address 10.127.4.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan119

 description Connected to cr35_3560_Dept_9_VLAN

 dampening

 ip address 10.127.4.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan120

 description Connected to cr35_3560_Dept_10_VLAN

 dampening

 ip address 10.127.4.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan121

 description Connected to cr35_3750_Dept_1_VLAN

 dampening

 ip address 10.127.5.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan122

 description Connected to cr35_3750_Dept_2_VLAN

 dampening

 ip address 10.127.5.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan123

 description Connected to cr35_3750_Dept_3_VLAN

 dampening

 ip address 10.127.5.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan124

 description Connected to cr35_3750_Dept_4_VLAN

 dampening

 ip address 10.127.5.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan125

 description Connected to cr35_3750_Dept_5_VLAN

 dampening

 ip address 10.127.6.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan126

 description Connected to cr35_3750_Dept_6_VLAN

 dampening

 ip address 10.127.6.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan127

 description Connected to cr35_3750_Dept_7_VLAN

 dampening

 ip address 10.127.6.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan128

 description Connected to cr35_3750_Dept_8_VLAN

 dampening

 ip address 10.127.6.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan129

 description Connected to cr35_3750_Dept_9_VLAN

 dampening

 ip address 10.127.7.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan130

 description Connected to cr35_3750_Dept_10_VLAN

 dampening

 ip address 10.127.7.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan501

 description Connected to cr24-3750ME-DO

 dampening

 ip address 10.126.0.1 255.255.255.254

 no ip redirects

 no ip unreachables

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip pim sparse-mode

 ip summary-address eigrp 100 10.127.0.0 255.255.248.0 5

 load-interval 30

!

!

router eigrp 100

 passive-interface default

 no passive-interface Vlan501

 no passive-interface Port-channel14

 distribute-list route-map EIGRP_STUB_ROUTES out Port-channel14

 no auto-summary

 eigrp router-id 10.126.100.2

 network 10.126.0.0 0.1.255.255

 nsf

!

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

!

!

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended COPP-CRITICAL-APPLICATIONS

 remark DHCP

 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps

 permit udp host 10.125.31.2 eq bootps any eq bootps

ip access-list extended COPP-FILE-MANAGEMENT

 remark (initiated) FTP (active and passive)

 permit tcp 172.26.160.0 0.0.3.255 eq ftp host 172.26.160.191 gt 1023 established

 permit tcp 172.26.160.0 0.0.3.255 eq ftp-data host 172.26.160.191 gt 1023

 permit tcp 172.26.160.0 0.0.3.255 gt 1023 host 172.26.160.191 gt 1023 established

 remark (initiated) TFTP

 permit udp 172.26.160.0 0.0.3.255 gt 1023 host 172.26.160.191 gt 1023

ip access-list extended COPP-IGP

 remark IGP (EIGRP)

 permit eigrp any host 224.0.0.10

 permit eigrp any any

ip access-list extended COPP-INTERACTIVE-MANAGEMENT

 remark RADIUS (return traffic)

 permit udp host 10.125.31.4 host 10.126.100.2

 remark SSH

 permit tcp 10.124.0.0 0.3.255.255 host 10.126.100.2 eq 22

 remark SNMP

 permit udp host 172.26.160.100 host 10.126.100.2 eq snmp

 remark NTP

 permit udp host 172.26.160.10 host 172.26.160.191 eq ntp

ip access-list extended COPP-MONITORING

 remark PING-ECHO

 permit icmp any any echo

 remark PING-ECHO-REPLY

 permit icmp any any echo-reply

 remark TRACEROUTE

 permit icmp any any ttl-exceeded

 permit icmp any any port-unreachable

ip access-list extended COPP-UNDESIRABLE

 remark UNDESIRABLE

 permit udp any any eq 1434

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

!

access-list 1 permit 0.0.0.0

access-list 1 permit 10.127.0.0

access-list 1 permit 10.124.0.0

!

route-map EIGRP_STUB_ROUTES permit 10

 match ip address 1

!

!

snmp-server engineID local 800000090300001D45735179

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.31.4 auth-port 1645 acct-port 1646 key 7 104D000A06185E5A5E57

radius-server deadtime 1

!

control-plane

 service-policy input system-cpp-policy

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

 stopbits 1

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 17180908

ntp server 172.26.160.10

end

PSTN Edge

School2-B1L#term len 0

School2-B1L#wri

Building configuration...

[OK]

School2-B1L#sh run

Building configuration...

Current configuration : 9069 bytes

!

! Last configuration change at 16:54:51 UTC Tue Sep 8 2009

! NVRAM config last updated at 16:55:16 UTC Tue Sep 8 2009

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname School2-B1L

!

boot-start-marker

boot system flash:c3825-advipservicesk9-mz.124-15.T1.bin

boot-end-marker

!

card type t1 2 0

logging buffered 4096

!

no aaa new-model

!

monitor session 1 destination interface Fa1/15

no network-clock-participate slot 2 

no network-clock-participate wic 0 

no ip dhcp use vrf connected

ip dhcp excluded-address 10.41.51.0 10.41.51.49

ip dhcp excluded-address 10.41.51.100 10.41.51.255

!

ip dhcp pool SRST

   network 10.41.51.0 255.255.255.0

   option 150 ip 10.33.32.20 

   default-router 10.41.51.1 

!

!

ip cef

!

!

ip domain name ese.local

ip name-server 10.33.32.5

!

multilink bundle-name authenticated

!

isdn switch-type primary-ni

voice-card 0

 no dspfarm

!

voice-card 2

 no dspfarm

!

!

!

key chain eigrp-chain

 key 100

   key-string cisco

!

!

!

!

!

!

!

!

!

!

!

!

!

!

voice translation-rule 1

 rule 1 /^222345/ /8222/

!

voice translation-rule 10

 rule 1 /^84441/ /4445671/

 rule 2 /^83331/ /3334561/

!

!

voice translation-profile S2-SRST-in

 translate called 1

!

voice translation-profile S2-SRST-out

 translate called 10

!

!

!

application

  global

  service alternate default

 !

!

!

crypto pki trustpoint TP-self-signed-3021612211

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-3021612211

 revocation-check none

 rsakeypair TP-self-signed-3021612211

!

!

crypto pki certificate chain TP-self-signed-3021612211

 certificate self-signed 01

  30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 33303231 36313232 3131301E 170D3039 30363131 32323231 

  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30323136 

  31323231 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  8100952E 74B22996 55A51E37 8DA60200 0590F983 0375EFFE 60E9A360 AEAEEC74 

  66F6C188 2ADFFE99 D7A5CAA3 4E55140F 91E6C706 F6107740 8551210F DD0B47CF 

  C0801EEA 80CF9456 66CFAC2D 8B2C2EC0 762D92E7 A0E62EA9 F8D406F3 D3907060 

  0D4E8053 70E8EE96 AD39C98C 04B365C6 4E57BDF3 A2B43190 B02939E0 DF0C0B10 

  A8270203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603 

  551D1104 11300F82 0D62316C 2E657365 2E6C6F63 616C301F 0603551D 23041830 

  168014B2 D0D56B23 AD137366 E12C01FB A052FB71 9CE48630 1D060355 1D0E0416 

  0414B2D0 D56B23AD 137366E1 2C01FBA0 52FB719C E486300D 06092A86 4886F70D 

  01010405 00038181 0029B1C4 FBF3A9EA C044C909 5641CE13 BE7BB985 C705847A 

  7BCB2E46 2C151D24 DBB1296D 0F13B937 EC22F0D0 57C815CE 5FCA28F3 2ADFA571 

  BF450B05 92BD038B 4948882B E455759A BD282100 7681C58B DFA5EB51 48E15611 

  1EC4EB13 3853A6BA 5009AB43 372620A1 71D5B283 4BD1BF8A 822CB1E1 E1AA8CD5 

  42028C49 CE83A384 A5

        quit

! 

!

!

!

username cisco secret 5 $1$lbdn$P7ro8OilCa9puLAhNkMrF0

username Cisc0123 secret 5 $1$ssbG$.ASxHSEZHbNxPhJch8pcx1

username admin secret 5 $1$UFHA$Ij/BzRhF91OsTvvRxeTNF0

archive

 log config

  hidekeys

!

!

controller T1 2/0/0

 framing esf

 linecode b8zs

 pri-group timeslots 1-24 service mgcp

!

controller T1 2/0/1

 framing esf

 linecode b8zs

 pri-group timeslots 1-24 service mgcp

!

!

!

!

!

interface Loopback1

 ip address 10.33.9.23 255.255.255.0

!

interface Port-channel3

 description port-channel to core stack

 ip address 10.40.79.9 255.255.255.252

 hold-queue 150 in

!

interface GigabitEthernet0/0

 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

 no ip address

 duplex auto

 speed auto

 media-type rj45

 no keepalive

 channel-group 3

!

interface GigabitEthernet0/1

 no ip address

 duplex auto

 speed auto

 media-type rj45

 no keepalive

 channel-group 3

!

interface Serial0/0/0

 description serial link from B1R to A1R

 ip address 10.33.4.5 255.255.255.254

 load-interval 30

 carrier-delay msec 0

 clock rate 2016000

!

interface Serial0/0/1

 no ip address

 shutdown

 clock rate 2016000

!

interface Serial0/0/2

 no ip address

 shutdown

 clock rate 2016000

!

interface Serial0/0/3

 no ip address

 shutdown

 clock rate 2016000

!

interface FastEthernet1/0

 switchport trunk native vlan 50

 switchport mode trunk

!

interface FastEthernet1/1

!

interface FastEthernet1/2

!

interface FastEthernet1/3

 switchport access vlan 41

!

interface FastEthernet1/4

!

interface FastEthernet1/5

!

interface FastEthernet1/6

!

interface FastEthernet1/7

!

interface FastEthernet1/8

!

interface FastEthernet1/9

!

interface FastEthernet1/10

!

interface FastEthernet1/11

!

interface FastEthernet1/12

!

interface FastEthernet1/13

!

interface FastEthernet1/14

!

interface FastEthernet1/15

!

interface Serial2/0/0:23

 no ip address

 encapsulation hdlc

 isdn switch-type primary-ni

 isdn incoming-voice voice

 no cdp enable

!

interface Serial2/0/1:23

 no ip address

 encapsulation hdlc

 isdn switch-type primary-ni

 isdn incoming-voice voice

 no cdp enable

!

interface Vlan1

 no ip address

!

interface Vlan50

 ip address 10.41.50.1 255.255.255.0

!

interface Vlan51

 ip address 10.41.51.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 10.33.4.4

ip route 0.0.0.0 0.0.0.0 Port-channel3

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

!

!

!

!

control-plane

!

!

!

voice-port 2/0/0:23

!

voice-port 2/0/1:23

!

ccm-manager fallback-mgcp 

ccm-manager mgcp

ccm-manager music-on-hold

ccm-manager config server 10.33.32.22  

ccm-manager config

!

mgcp

mgcp call-agent CUCM7-Pub 2427 service-type mgcp version 0.1

mgcp dtmf-relay voip codec all mode out-of-band

mgcp rtp unreachable timeout 1000 action notify

mgcp modem passthrough voip mode nse

mgcp package-capability rtp-package

mgcp package-capability sst-package

mgcp package-capability pre-package

no mgcp package-capability res-package

no mgcp package-capability fxr-package

no mgcp timer receive-rtcp

mgcp sdp simple

mgcp rtp payload-type g726r16 static

mgcp bind control source-interface Port-channel3

mgcp bind media source-interface Port-channel3

!

mgcp profile default

!

!

!

dial-peer voice 1 pots

 description srst incoming

 translation-profile incoming S2-SRST-in

 service mgcpapp

 incoming called-number .

 direct-inward-dial

 port 2/0/1:23

 forward-digits 8

!

dial-peer voice 91 pots

 description SRST; Any long distance number

 destination-pattern 91..........

 port 2/0/1:23

 forward-digits 10

!

dial-peer voice 91444 pots

 description SRST; PSTN School2  to School1

 destination-pattern 91444.......

 port 2/0/1:23

 forward-digits 10

!

dial-peer voice 91333 pots

 description SRST; PSTN School2 to District Office

 destination-pattern 91333.......

 port 2/0/1:23

 forward-digits 10

!

dial-peer voice 91222 pots

 description SRST; School2 local dialing with area code

 destination-pattern 91222.......

 port 2/0/1:23

 forward-digits 10

!

dial-peer voice 9345 pots

 description SRST; School2 local dialing (PSTN-router num-exp adds area code)

 destination-pattern 9345....

 port 2/0/1:23

 forward-digits 7

!

dial-peer voice 911 pots

 description SRST; Emergency call without External access code

 destination-pattern 911

 port 2/0/1:23

 forward-digits 3

!

dial-peer voice 84441 pots

 description SRST; translate calls to School1 using internal number format

 translation-profile outgoing S2-SRST-out

 destination-pattern 84441...

 port 2/0/1:23

 forward-digits 10

!

dial-peer voice 83331 pots

 description SRST; translate calls to District office using internal number f

 translation-profile outgoing S2-SRST-out

 destination-pattern 83331...

 port 2/0/1:23

 forward-digits 10

!

dial-peer voice 9911 pots

 description SRST; Emergency call with External access code

 destination-pattern 9911

 port 2/0/1:23

 forward-digits 3

!

!

!

!

call-manager-fallback

 max-conferences 12 gain -6

 transfer-system full-consult

 ip source-address 10.40.79.9 port 2000

 max-ephones 10

 max-dn 20

 dialplan-pattern 1 82221... extension-length 8

!

banner exec ^CC

-----------------------------------------------------------------------

This is Router B1L

-----------------------------------------------------------------------

^C

banner login ^CC

-----------------------------------------------------------------------

This is Router B1L

-----------------------------------------------------------------------

^C

alias exec run sh run | begin 

alias exec int sh ip int brief

!

line con 0

 exec-timeout 0 0

 length 0

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 access-class 23 in

 privilege level 15

 login local

 transport input none

line vty 5 15

 access-class 23 in

 privilege level 15

 login local

 transport input telnet ssh

!

scheduler allocate 20000 1000

ntp authentication-key 2 md5 15200209132527203C 7

ntp authenticate

ntp trusted-key 2

ntp clock-period 17180073

ntp source Port-channel3

ntp max-associations 150

ntp server 10.40.94.17 key 2

!

webvpn cef

!

end

School2-B1L#

School 100

Access

Cr36-2960-SS100

!

! Last configuration change at 13:39:58 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:39:58 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr36-2960-SS100

!

boot-start-marker

boot-end-marker

!

enable password 7 121A0C041104

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

vtp domain School-Site

vtp mode transparent

ip subnet-zero

!

!

ip dhcp snooping vlan 101-110,201

no ip dhcp snooping information option

ip dhcp snooping

no ip domain-lookup

ip arp inspection vlan 101-110

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR

 enrollment selfsigned

 serial-number

 revocation-check none

 rsakeypair HTTPS_SS_CERT_KEYPAIR

!

!

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR

 certificate self-signed 01 nvram:F9406600host#2E2E.cer

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 101-110 

!

vlan 201

 name Guest_VLAN

!

vlan 802

 name Hopping_VLAN

!

ip ftp username nimishguest

ip ftp password 7 04550F011A245F5A

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 1000000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 1000000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 1000000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 1000000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

interface Loopback0

 ip address 10.126.100.107 255.255.255.255

 no ip route-cache

!

interface Port-channel1

 description Connected to cr36-3750-Core-SS2

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 101

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 102

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 ip verify source

!

interface FastEthernet0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 103

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 104

 switchport mode access

 switchport block unicast

 switchport voice vlan 105

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface FastEthernet0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 106

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 107

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 108

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

 description Connected to IXIA - ALM - 5/3

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/11

 description Connected to IXIA - STX - 6/3

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet0/1

 description Connected to cr36-3750-Core-SS2

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 ip dhcp snooping trust

!

interface GigabitEthernet0/2

 description Connected to cr36-3750-Core-SS2

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 ip dhcp snooping trust

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

 no ip address

 no ip route-cache

 shutdown

!

interface Vlan2

 description Connected to FlashNet

 ip address 172.26.160.196 255.255.254.0

 no ip redirects

 no ip proxy-arp

 no ip route-cache

!

no ip http server

no ip http secure-server

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.34.4 auth-port 1645 acct-port 1646 key 7 1511021F072567757A60

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028943

ntp server 172.26.160.10

end

Cr36-3560-SS100

!

! Last configuration change at 13:38:21 EDT Thu Sep 3 2009 by cisco

! NVRAM config last updated at 13:38:44 EDT Thu Sep 3 2009 by cisco

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr36-3560-SS100

!

boot-start-marker

boot-end-marker

!

enable password 7 030752180500

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

vtp domain School-Site

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip dhcp snooping vlan 111-120,202

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 111-120,202

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR

 enrollment selfsigned

 serial-number

 revocation-check none

 rsakeypair HTTPS_SS_CERT_KEYPAIR

!

!

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR

 certificate self-signed 01 nvram:5597A00hostn#2E2E.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 111-120 

!

vlan 202

 name Guest_VLAN

!

vlan 803

 name Hopping_VLAN

!

ip ftp username nimishguest

ip ftp password 7 082F48491C1C1603

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map Phone+PC-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.126.100.108 255.255.255.255

!

interface Port-channel1

 description Connected to cr36-3750-Core-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,202

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet0

 no ip address

 no ip route-cache cef

 no ip route-cache

 no ip mroute-cache

 shutdown

!

interface GigabitEthernet0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 111

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface GigabitEthernet0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 112

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 ip verify source

!

interface GigabitEthernet0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 113

 switchport port-security maximum 2

 switchport port-security maximum 1 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface GigabitEthernet0/4

 description CONNECTED TO PHONE+PC

 switchport access vlan 114

 switchport mode access

 switchport block unicast

 switchport voice vlan 115

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input Phone+PC-Policy

 ip verify source

!

interface GigabitEthernet0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 116

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 117

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 duplex full

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 118

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

 description Connected to IXIA - ALM - 5/4

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/11

 description Connected to IXIA - STX - 6/4

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet0/25

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface GigabitEthernet0/29

!

interface GigabitEthernet0/30

!

interface GigabitEthernet0/31

!

interface GigabitEthernet0/32

!

interface GigabitEthernet0/33

!

interface GigabitEthernet0/34

!

interface GigabitEthernet0/35

!

interface GigabitEthernet0/36

!

interface GigabitEthernet0/37

!

interface GigabitEthernet0/38

!

interface GigabitEthernet0/39

!

interface GigabitEthernet0/40

!

interface GigabitEthernet0/41

!

interface GigabitEthernet0/42

!

interface GigabitEthernet0/43

!

interface GigabitEthernet0/44

!

interface GigabitEthernet0/45

!

interface GigabitEthernet0/46

!

interface GigabitEthernet0/47

!

interface GigabitEthernet0/48

 description Connected to FlashNet

 no switchport

 ip address 172.26.160.197 255.255.255.0

 no ip redirects

 no ip proxy-arp

!

interface GigabitEthernet0/49

 description Connected to cr36-3750-Core-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,202

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 ip dhcp snooping trust

!

interface GigabitEthernet0/50

 description Connected to cr36-3750-Core-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,202

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 ip dhcp snooping trust

!

interface GigabitEthernet0/51

!

interface GigabitEthernet0/52

!

interface TenGigabitEthernet0/1

!

interface TenGigabitEthernet0/2

!

interface Vlan1

 no ip address

 shutdown

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server host 10.125.34.4 auth-port 1645 acct-port 1646 key 7 060506324F4145485744

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028803

ntp server 172.26.160.10

end

Cr36-3750-SS100

!

! Last configuration change at 13:40:57 EDT Thu Sep 3 2009

! NVRAM config last updated at 13:41:35 EDT Thu Sep 3 2009

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

no service dhcp

!

hostname cr36-3750-SS100

!

boot-start-marker

boot-end-marker

!

enable password 7 104D000A0618

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750-24ts

system mtu routing 1500

vtp domain School-Site

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip dhcp snooping vlan 121-130

no ip dhcp snooping information option

ip dhcp snooping

ip multicast-routing distributed

ip arp inspection vlan 121-130

ip arp inspection validate src-mac dst-mac ip allow zeros 

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 121-130 

!

vlan 203

 name Guest_VLAN

!

vlan 804

 name Hopping_VLAN

!

ip ftp username nimishguest

ip ftp password 7 011D02034E0E151B

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map PhonePolicy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.126.100.109 255.255.255.255

!

interface Port-channel1

 description Conneted to cr36-3750-Core-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 ip dhcp snooping trust

!

interface FastEthernet1/0/1

 description CONNECTED TO UNTRUSTED PC

 switchport access vlan 121

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input UnTrusted-PC-Policy

 ip verify source

!

interface FastEthernet1/0/2

 description CONNECTED TO TRUSTED-PC

 switchport access vlan 122

 switchport mode access

 switchport block unicast

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 ip verify source

!

interface FastEthernet1/0/3

 description CONNECTED TO PHONE

 switchport mode access

 switchport block unicast

 switchport voice vlan 123

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security violation restrict

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 service-policy input Phone-Policy

 ip verify source

!

interface FastEthernet1/0/4

 description CONNECTED TO PHONE

 switchport access vlan 124

 switchport mode access

 switchport block unicast

 switchport voice vlan 125

 switchport port-security maximum 3

 switchport port-security maximum 2 vlan access

 switchport port-security maximum 1 vlan voice

 switchport port-security

 switchport port-security aging time 5

 switchport port-security violation restrict

 switchport port-security aging type inactivity

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust device cisco-phone

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

 service-policy input PhonePolicy

 ip verify source

!

interface FastEthernet1/0/5

 description CONNECTED TO IPVS 2500 - CAMERA

 switchport access vlan 126

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet1/0/6

 description CONNECTED TO IPVS 4500 - CAMERA

 switchport access vlan 127

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet1/0/7

 description CONNECTED TO DIGITAL MEDIA PLAYER

 switchport access vlan 128

 switchport mode access

 switchport block unicast

 switchport port-security

 ip arp inspection limit rate 100

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 storm-control broadcast level pps 1k

 storm-control multicast level pps 2k

 storm-control action trap

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface FastEthernet1/0/8

!

interface FastEthernet1/0/9

!

interface FastEthernet1/0/10

 description Connected to IXIA - ALM - 5/5

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet1/0/11

 description Connected to IXIA - STX - 7/1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet1/0/12

!

interface FastEthernet1/0/13

!

interface FastEthernet1/0/14

!

interface FastEthernet1/0/15

!

interface FastEthernet1/0/16

!

interface FastEthernet1/0/17

!

interface FastEthernet1/0/18

!

interface FastEthernet1/0/19

!

interface FastEthernet1/0/20

!

interface FastEthernet1/0/21

!

interface FastEthernet1/0/22

!

interface FastEthernet1/0/23

!

interface FastEthernet1/0/24

 no switchport

 ip address 172.26.160.198 255.255.254.0

 no ip redirects

 no ip proxy-arp

!

interface GigabitEthernet1/0/1

 description Conneted to cr36-3750-Core-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface GigabitEthernet1/0/2

 description Conneted to cr36-3750-Core-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130

 switchport mode trunk

 ip arp inspection trust

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface Vlan1

 no ip address

 shutdown

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36029151

ntp server 172.26.160.10

end

Cr36-3750r-SS100

!

! Last configuration change at 13:44:09 EDT Thu Sep 3 2009

! NVRAM config last updated at 13:45:28 EDT Thu Sep 3 2009

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr36-3750r-SS100

!

boot-start-marker

boot-end-marker

!

enable password 7 00071A150754

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750-24ts

switch 2 provision ws-c3750-24ts

stack-mac persistent timer 0

system mtu routing 1500

vtp domain School-Site

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip multicast-routing distributed

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 14141B180F0B

!

!

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 11 

!

ip ftp username nimishguest

ip ftp password 7 000A1701115E1812

!

class-map match-all BULK-DATA

 match access-group name BULK-DATA

class-map match-all VVLAN-SIGNALING

 match ip dscp cs3 

class-map match-all MULTIMEDIA-CONFERENCING

 match access-group name MULTIMEDIA-CONFERENCING

class-map match-all DEFAULT

 match access-group name DEFAULT

class-map match-all SCAVENGER

 match access-group name SCAVENGER

class-map match-all SIGNALING

 match access-group name SIGNALING

class-map match-all VVLAN-VOIP

 match ip dscp ef 

class-map match-all TRANSACTIONAL-DATA

 match access-group name TRANSACTIONAL-DATA

!

!

policy-map Phone-Policy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

policy-map UnTrusted-PC-Policy

 class class-default

  police 10000000 8000 exceed-action drop

  set dscp default

policy-map Trusted-PC-Policy

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 32000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map PhonePolicy

 class VVLAN-VOIP

  police 128000 8000 exceed-action drop

  set dscp ef

 class VVLAN-SIGNALING

  police 32000 8000 exceed-action drop

  set dscp cs3

 class MULTIMEDIA-CONFERENCING

  set dscp af41

  police 5000000 8000 exceed-action drop

 class SIGNALING

  set dscp cs3

  police 1000000 8000 exceed-action drop

 class TRANSACTIONAL-DATA

  set dscp af21

  police 10000000 8000 exceed-action policed-dscp-transmit

 class BULK-DATA

  set dscp af11

  police 10000000 8000 exceed-action policed-dscp-transmit

 class SCAVENGER

  set dscp cs1

  police 10000000 8000 exceed-action drop

 class DEFAULT

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

 ip address 10.126.100.110 255.255.255.255

!

interface Port-channel1

 description Connected to cr36-3750s-SS100

 no switchport

 dampening

 ip address 10.127.119.194 255.255.255.192

 ip pim sparse-mode

 ip hold-time eigrp 100 20

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface FastEthernet1/0/1

!

interface FastEthernet1/0/2

!

interface FastEthernet1/0/3

!

interface FastEthernet1/0/4

!

interface FastEthernet1/0/5

!

interface FastEthernet1/0/6

!

interface FastEthernet1/0/7

!

interface FastEthernet1/0/8

!

interface FastEthernet1/0/9

!

interface FastEthernet1/0/10

 description Connected to IXIA - ALM - 5/6

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 11

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet1/0/11

 description Connected to IXIA - STX - 7/2

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 11

 switchport mode trunk

 switchport nonegotiate

 ip arp inspection trust

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

 ip dhcp snooping trust

!

interface FastEthernet1/0/12

!

interface FastEthernet1/0/13

!

interface FastEthernet1/0/14

!

interface FastEthernet1/0/15

!

interface FastEthernet1/0/16

!

interface FastEthernet1/0/17

!

interface FastEthernet1/0/18

!

interface FastEthernet1/0/19

!

interface FastEthernet1/0/20

!

interface FastEthernet1/0/21

!

interface FastEthernet1/0/22

!

interface FastEthernet1/0/23

!

interface FastEthernet1/0/24

 description FlashNet - DO NOT ROUTE

 switchport access vlan 2

 switchport mode access

 load-interval 30

 spanning-tree portfast

!

interface GigabitEthernet1/0/1

 description Connected to cr36-3750s-SS100

 no switchport

 dampening

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/2

!

interface FastEthernet2/0/1

!

interface FastEthernet2/0/2

!

interface FastEthernet2/0/3

!

interface FastEthernet2/0/4

!

interface FastEthernet2/0/5

!

interface FastEthernet2/0/6

!

interface FastEthernet2/0/7

!

interface FastEthernet2/0/8

!

interface FastEthernet2/0/9

!

interface FastEthernet2/0/10

!

interface FastEthernet2/0/11

!

interface FastEthernet2/0/12

!

interface FastEthernet2/0/13

!

interface FastEthernet2/0/14

!

interface FastEthernet2/0/15

!

interface FastEthernet2/0/16

!

interface FastEthernet2/0/17

!

interface FastEthernet2/0/18

!

interface FastEthernet2/0/19

!

interface FastEthernet2/0/20

!

interface FastEthernet2/0/21

!

interface FastEthernet2/0/22

!

interface FastEthernet2/0/23

!

interface FastEthernet2/0/24

 description FlashNet - DO NOT ROUTE

 switchport access vlan 2

 switchport mode access

 load-interval 30

 spanning-tree portfast

!

interface GigabitEthernet2/0/1

 description Connected to cr36-3750s-SS100

 no switchport

 dampening

 no ip address

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 1 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet2/0/2

!

interface Vlan1

 ip address dhcp

 shutdown

!

interface Vlan2

 description FlashNet - DO NOT ROUTE

 ip address 172.26.160.221 255.255.254.0

 no ip redirects

 no ip proxy-arp

!

interface Vlan11

 dampening

 ip address 10.127.119.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

!

router eigrp 100

 passive-interface default

 no passive-interface Port-channel1

 no auto-summary

 eigrp router-id 10.126.100.110

 eigrp stub connected

 network 10.127.0.0 0.0.255.255

 nsf

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

 login

line vty 5 15

 exec-timeout 0 0

 no login

!

ntp clock-period 36029246

ntp server 172.26.160.10

end

Core/Distribution/WAN Edge

Cr36-3750s-SS100

!

! Last configuration change at 13:37:04 EDT Thu Sep 3 2009

! NVRAM config last updated at 13:37:12 EDT Thu Sep 3 2009

!

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname cr36-3750s-SS100

!

boot-start-marker

boot-end-marker

!

enable password 7 01100F175804

!

aaa new-model

!

!

aaa authentication login default group radius enable line

aaa authentication dot1x default group radius

!

!

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750e-48pd

switch 2 provision ws-c3750e-48pd

switch 3 provision ws-c3750e-48pd

stack-mac persistent timer 0

system mtu routing 1500

vtp domain School-Site

vtp mode transparent

ip subnet-zero

ip routing

no ip domain-lookup

!

!

ip multicast-routing distributed

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 56

mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46

mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34

mls qos srr-queue output dscp-map queue 2 threshold 1 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 2 80 90 100 100

mls qos queue-set output 1 threshold 4 60 100 100 100

mls qos

!

key chain eigrp-key

 key 1

   key-string 7 05080F1C2243

!

crypto pki trustpoint TP-self-signed-3197398400

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-3197398400

 revocation-check none

 rsakeypair TP-self-signed-3197398400

!

!

crypto pki certificate chain TP-self-signed-3197398400

 certificate self-signed 01 nvram:IOS-Self-Sig#3030.cer

dot1x system-auth-control

dot1x guest-vlan supplicant

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery interval 120

port-channel load-balance src-dst-ip

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

 name FlashNet_VLAN

!

vlan 101

 name cr36_2960_Dept1

!

vlan 102

 name cr36_2960_Dept2

!

vlan 103

 name cr36_2960_Dept3

!

vlan 104

 name cr36_2960_Dept4

!

vlan 105

 name cr36_2960_Dept5

!

vlan 106

 name cr36_2960_Dept6

!

vlan 107

 name cr36_2960_Dept7

!

vlan 108

 name cr36_2960_Dept8

!

vlan 109

 name cr36_2960_Dept9

!

vlan 110

 name cr36_2960_Dept10

!

vlan 111

 name cr36_3560_Dept11

!

vlan 112

 name cr36_3560_Dept12

!

vlan 113

 name cr36_3560_Dept13

!

vlan 114

 name cr36_3560_Dept14

!

vlan 115

 name cr36_3560_Dept15

!

vlan 116

 name cr36_3560_Dept16

!

vlan 117

 name cr36_3560_Dept17

!

vlan 118

 name cr36_3560_Dept18

!

vlan 119

 name cr36_3560_Dept19

!

vlan 120

 name cr36_3560_Dept20

!

vlan 121

 name cr36_3750_Dept21

!

vlan 122

 name cr36_3750_Dept22

!

vlan 123

 name cr36_3750_Dept23

!

vlan 124

 name cr36_3750_Dept24

!

vlan 125

 name cr36_3750_Dept25

!

vlan 126

 name cr36_3750_Dept26

!

vlan 127

 name cr36_3750_Dept27

!

vlan 128

 name cr36_3750_Dept28

!

vlan 129

 name cr36_3750_Dept29

!

vlan 130

 name cr36_3750_Dept30

!

vlan 650

 name cr24_3750ME_DO

!

vlan 801

 name MetroE_Hopping_VLAN

!

vlan 802

 name cr36_2960_Hopping_VLAN

!

vlan 803

 name cr36_3560_Hopping_VLAN

!

vlan 804

 name cr36_3750_Hopping_VLAN

!

vlan 900

 name Mgmt_VLAN

!

ip ftp username nimishguest

ip ftp password 7 000A1701115E1812

!

!

!

interface Loopback0

 ip address 10.126.100.106 255.255.255.255

!

interface Port-channel11

 description Connected to cr36-2960-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Port-channel12

 description Connected to cr36-3560-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Port-channel13

 description Connected to cr36-3750-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Port-channel14

 description Connected to cr36-3750r-SS2

 no switchport

 dampening

 ip address 10.127.119.193 255.255.255.192

 ip pim sparse-mode

 ip hold-time eigrp 100 20

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip summary-address eigrp 100 10.127.112.0 255.255.248.0 5

 load-interval 30

 carrier-delay msec 0

 hold-queue 2000 in

 hold-queue 2000 out

!

interface FastEthernet0

 no ip address

 no ip route-cache cef

 no ip route-cache

 no ip mroute-cache

 shutdown

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

 description Connected to  MetroE-Core-cr24-6500-1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 801

 switchport trunk allowed vlan 650

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface GigabitEthernet1/0/29

!

interface GigabitEthernet1/0/30

!

interface GigabitEthernet1/0/31

!

interface GigabitEthernet1/0/32

!

interface GigabitEthernet1/0/33

!

interface GigabitEthernet1/0/34

!

interface GigabitEthernet1/0/35

!

interface GigabitEthernet1/0/36

!

interface GigabitEthernet1/0/37

!

interface GigabitEthernet1/0/38

!

interface GigabitEthernet1/0/39

!

interface GigabitEthernet1/0/40

!

interface GigabitEthernet1/0/41

!

interface GigabitEthernet1/0/42

!

interface GigabitEthernet1/0/43

!

interface GigabitEthernet1/0/44

!

interface GigabitEthernet1/0/45

!

interface GigabitEthernet1/0/46

!

interface GigabitEthernet1/0/47

!

interface GigabitEthernet1/0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet1/0/49

 description Connected to cr36-2960-SS100

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 11 mode active

 spanning-tree guard root

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/50

 description Connected to cr36-3560-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 12 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/51

 description Connected to cr36-3750-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 13 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet1/0/52

 description Connected to cr36-3750r-SS100

 no switchport

 dampening

 no ip address

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 14 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface TenGigabitEthernet1/0/1

!

interface TenGigabitEthernet1/0/2

!

interface GigabitEthernet2/0/1

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 mls qos trust dscp

!

interface GigabitEthernet2/0/2

 description Connected to  MetroE-Core-cr24-6500-1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 801

 switchport trunk allowed vlan 650

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 srr-queue bandwidth shape 35 15 25 25

 srr-queue bandwidth limit 10

 priority-queue out 

 mls qos trust dscp

 no cdp enable

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

!

interface GigabitEthernet2/0/8

!

interface GigabitEthernet2/0/9

!

interface GigabitEthernet2/0/10

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface GigabitEthernet2/0/29

!

interface GigabitEthernet2/0/30

!

interface GigabitEthernet2/0/31

!

interface GigabitEthernet2/0/32

!

interface GigabitEthernet2/0/33

!

interface GigabitEthernet2/0/34

!

interface GigabitEthernet2/0/35

!

interface GigabitEthernet2/0/36

!

interface GigabitEthernet2/0/37

!

interface GigabitEthernet2/0/38

!

interface GigabitEthernet2/0/39

!

interface GigabitEthernet2/0/40

!

interface GigabitEthernet2/0/41

!

interface GigabitEthernet2/0/42

!

interface GigabitEthernet2/0/43

!

interface GigabitEthernet2/0/44

!

interface GigabitEthernet2/0/45

!

interface GigabitEthernet2/0/46

!

interface GigabitEthernet2/0/47

!

interface GigabitEthernet2/0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet2/0/49

!

interface GigabitEthernet2/0/50

!

interface GigabitEthernet2/0/51

!

interface GigabitEthernet2/0/52

!

interface TenGigabitEthernet2/0/1

!

interface TenGigabitEthernet2/0/2

!

interface GigabitEthernet3/0/1

!

interface GigabitEthernet3/0/2

!

interface GigabitEthernet3/0/3

!

interface GigabitEthernet3/0/4

!

interface GigabitEthernet3/0/5

!

interface GigabitEthernet3/0/6

!

interface GigabitEthernet3/0/7

!

interface GigabitEthernet3/0/8

!

interface GigabitEthernet3/0/9

!

interface GigabitEthernet3/0/10

!

interface GigabitEthernet3/0/11

!

interface GigabitEthernet3/0/12

!

interface GigabitEthernet3/0/13

!

interface GigabitEthernet3/0/14

!

interface GigabitEthernet3/0/15

!

interface GigabitEthernet3/0/16

!

interface GigabitEthernet3/0/17

!

interface GigabitEthernet3/0/18

!

interface GigabitEthernet3/0/19

!

interface GigabitEthernet3/0/20

!

interface GigabitEthernet3/0/21

!

interface GigabitEthernet3/0/22

!

interface GigabitEthernet3/0/23

!

interface GigabitEthernet3/0/24

!

interface GigabitEthernet3/0/25

!

interface GigabitEthernet3/0/26

!

interface GigabitEthernet3/0/27

!

interface GigabitEthernet3/0/28

!

interface GigabitEthernet3/0/29

!

interface GigabitEthernet3/0/30

!

interface GigabitEthernet3/0/31

!

interface GigabitEthernet3/0/32

!

interface GigabitEthernet3/0/33

!

interface GigabitEthernet3/0/34

!

interface GigabitEthernet3/0/35

!

interface GigabitEthernet3/0/36

!

interface GigabitEthernet3/0/37

!

interface GigabitEthernet3/0/38

!

interface GigabitEthernet3/0/39

!

interface GigabitEthernet3/0/40

!

interface GigabitEthernet3/0/41

!

interface GigabitEthernet3/0/42

!

interface GigabitEthernet3/0/43

!

interface GigabitEthernet3/0/44

!

interface GigabitEthernet3/0/45

!

interface GigabitEthernet3/0/46

!

interface GigabitEthernet3/0/47

!

interface GigabitEthernet3/0/48

 description Connected to FlashNet

 switchport access vlan 2

 switchport mode access

 load-interval 30

!

interface GigabitEthernet3/0/49

 description Connected to cr36-2960-SS100

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 802

 switchport trunk allowed vlan 101-110,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 11 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet3/0/50

 description Connected to cr36-3560-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 803

 switchport trunk allowed vlan 111-120,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 12 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet3/0/51

 description Connected to cr36-3750-SS2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 804

 switchport trunk allowed vlan 121-130,900

 switchport mode trunk

 load-interval 30

 carrier-delay msec 0

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 13 mode active

 hold-queue 2000 in

 hold-queue 2000 out

!

interface GigabitEthernet3/0/52

 description Connected to cr36-3750r-SS100

 no switchport

 dampening

 no ip address

 load-interval 30

 srr-queue bandwidth share 1 30 35 5

 priority-queue out 

 udld port

 mls qos trust dscp

 channel-protocol lacp

 channel-group 14 mode active

 spanning-tree portfast trunk

 spanning-tree bpdufilter enable

 hold-queue 2000 in

 hold-queue 2000 out

!

interface TenGigabitEthernet3/0/1

!

interface TenGigabitEthernet3/0/2

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan2

 description Connected to FlashNet

 ip address 172.26.160.195 255.255.254.0

 no ip redirects

 no ip proxy-arp

 load-interval 30

!

interface Vlan101

 description Connected to cr36_2960_Dept_1_VLAN

 dampening

 ip address 10.127.112.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan102

 description Connected to cr36_2960_Dept_2_VLAN

 dampening

 ip address 10.127.112.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan103

 description Connected to cr36_2960_Dept_3_VLAN

 dampening

 ip address 10.127.112.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan104

 description Connected to cr36_2960_Dept_4_VLAN

 dampening

 ip address 10.127.112.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan105

 description Connected to cr36_2960_Dept_5_VLAN

 dampening

 ip address 10.127.113.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan106

 description Connected to cr36_2960_Dept_6_VLAN

 dampening

 ip address 10.127.113.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan107

 description Connected to cr36_2960_Dept_7_VLAN

 dampening

 ip address 10.127.113.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan108

 description Connected to cr36_2960_Dept_8_VLAN

 dampening

 ip address 10.127.113.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan109

 description Connected to cr36_2960_Dept_9_VLAN

 dampening

 ip address 10.127.114.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan110

 description Connected to cr36_2960_Dept_10_VLAN

 dampening

 ip address 10.127.114.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan111

 description Connected to cr36_3560_Dept_1_VLAN

 dampening

 ip address 10.127.114.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan112

 description Connected to cr36_3560_Dept_2_VLAN

 dampening

 ip address 10.127.114.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan113

 description Connected to cr36_3560_Dept_3_VLAN

 dampening

 ip address 10.127.115.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan114

 description Connected to cr36_3560_Dept_4_VLAN

 dampening

 ip address 10.127.115.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan115

 description Connected to cr36_3560_Dept_5_VLAN

 dampening

 ip address 10.127.115.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan116

 description Connected to cr36_3560_Dept_6_VLAN

 dampening

 ip address 10.127.115.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan117

 description Connected to cr36_3560_Dept_7_VLAN

 dampening

 ip address 10.127.116.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan118

 description Connected to cr36_3560_Dept_8_VLAN

 dampening

 ip address 10.127.116.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan119

 description Connected to cr36_3560_Dept_9_VLAN

 dampening

 ip address 10.127.116.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan120

 description Connected to cr36_3560_Dept_10_VLAN

 dampening

 ip address 10.127.116.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan121

 description Connected to cr36_3750_Dept_1_VLAN

 dampening

 ip address 10.127.117.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan122

 description Connected to cr36_3750_Dept_2_VLAN

 dampening

 ip address 10.127.117.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan123

 description Connected to cr36_3750_Dept_3_VLAN

 dampening

 ip address 10.127.117.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan124

 description Connected to cr36_3750_Dept_4_VLAN

 dampening

 ip address 10.127.117.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan125

 description Connected to cr36_3750_Dept_5_VLAN

 dampening

 ip address 10.127.118.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan126

 description Connected to cr36_3750_Dept_6_VLAN

 dampening

 ip address 10.127.118.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan127

 description Connected to cr36_3750_Dept_7_VLAN

 dampening

 ip address 10.127.118.129 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan128

 description Connected to cr36_3750_Dept_8_VLAN

 dampening

 ip address 10.127.118.193 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan129

 description Connected to cr36_3750_Dept_9_VLAN

 dampening

 ip address 10.127.119.1 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan130

 description Connected to cr36_3750_Dept_10_VLAN

 dampening

 ip address 10.127.119.65 255.255.255.192

 ip helper-address 10.125.31.2

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 load-interval 30

!

interface Vlan650

 dampening

 ip address 10.126.1.99 255.255.255.254

 no ip redirects

 no ip unreachables

 ip pim sparse-mode

 ip hold-time eigrp 100 20

 ip authentication mode eigrp 100 md5

 ip authentication key-chain eigrp 100 eigrp-key

 ip summary-address eigrp 100 10.127.112.0 255.255.248.0 5

 load-interval 30

 hold-queue 2000 in

 hold-queue 2000 out

!

interface Vlan900

 no ip address

!

!

router eigrp 100

 passive-interface default

 no passive-interface Vlan650

 no passive-interface GigabitEthernet1/0/52

 no passive-interface GigabitEthernet3/0/52

 no passive-interface Port-channel14

 distribute-list route-map EIGRP_STUB_ROUTES out GigabitEthernet1/0/52

 distribute-list route-map EIGRP_STUB_ROUTES out GigabitEthernet3/0/52

 distribute-list route-map EIGRP_STUB_ROUTES out Port-channel14

 no auto-summary

 eigrp router-id 10.126.100.106

 network 10.126.0.0 0.1.255.255

 network 11.1.0.0 0.0.255.255

 nsf

!

ip classless

ip route 172.26.158.0 255.255.255.0 172.26.160.1

no ip http server

no ip http secure-server

ip pim rp-address 10.125.100.100 Allowed_MCAST_Groups override

ip pim spt-threshold infinity

ip pim accept-register list PERMIT-SOURCES

!

!

ip access-list standard Allowed_MCAST_Groups

 permit 224.0.1.39

 permit 224.0.1.40

 permit 239.192.0.0 0.0.255.255

!

ip access-list extended BULK-DATA

 remark FTP

 permit tcp any any eq ftp

 permit tcp any any eq ftp-data

 remark SSH/SFTP

 permit tcp any any eq 22

 remark SMTP/SECURE SMTP

 permit tcp any any eq smtp

 permit tcp any any eq 465

 remark IMAP/SECURE IMAP

 permit tcp any any eq 143

 permit tcp any any eq 993

 remark POP3/SECURE POP3

 permit tcp any any eq pop3

 permit tcp any any eq 995

 remark CONNECTED PC BACKUP

 permit tcp any eq 1914 any

ip access-list extended DEFAULT

 remark EXPLICIT CLASS-DEFAULT

 permit ip any any

ip access-list extended MULTIMEDIA-CONFERENCING

 remark RTP

 permit udp any any range 16384 32767

ip access-list extended PERMIT-SOURCES

 permit ip 10.125.31.80 0.0.0.15 239.192.0.0 0.0.255.255

ip access-list extended PXE

 permit tcp any any established

 permit udp any any eq bootps

 permit udp any host 10.125.31.11 eq domain

 permit udp any host 10.125.31.12 eq tftp

ip access-list extended SCAVENGER

 remark KAZAA

 permit tcp any any eq 1214

 permit udp any any eq 1214

 remark MICROSOFT DIRECT X GAMING

 permit tcp any any range 2300 2400

 permit udp any any range 2300 2400

 remark APPLE ITUNES MUSIC SHARING

 permit tcp any any eq 3689

 permit udp any any eq 3689

 remark BITTORRENT

 permit tcp any any range 6881 6999

 remark YAHOO GAMES

 permit tcp any any eq 11999

 remark MSN GAMING ZONE

 permit tcp any any range 28800 29100

ip access-list extended SIGNALING

 remark SCCP

 permit tcp any any range 2000 2002

 remark SIP

 permit tcp any any range 5060 5061

 permit udp any any range 5060 5061

ip access-list extended TRANSACTIONAL-DATA

 remark HTTPS

 permit tcp any any eq 443

 remark ORACLE-SQL*NET

 permit tcp any any eq 1521

 permit udp any any eq 1521

 remark ORACLE

 permit tcp any any eq 1526

 permit udp any any eq 1526

 permit tcp any any eq 1575

 permit udp any any eq 1575

 permit tcp any any eq 1630

!

access-list 1 permit 0.0.0.0

access-list 1 permit 10.127.112.0

access-list 1 permit 10.124.0.0

route-map EIGRP_STUB_ROUTES permit 10

 match ip address 1

!

!

snmp-server community public RO

snmp-server community k12 RW

snmp-server trap-source Loopback0

snmp-server host 172.26.158.251 version 2c k12 

radius-server dead-criteria time 15 tries 3

radius-server deadtime 1

!

control-plane

!

alias exec ct config t

alias exec srb sh run | begin

alias exec sri sh run int

alias exec cl clear logg

alias exec rib show ip route

alias exec ec sh etherchannel

alias exec cc clea count

alias exec sac sh access-list

alias exec cpu show proc c s | inc CPU

alias exec sin show ip int brief | ex unassi

!

line con 0

 exec-timeout 0 0

 password 7 121A0C041104

line vty 0 4

 exec-timeout 0 0

 password 7 121A0C041104

line vty 5 15

 exec-timeout 0 0

!

ntp clock-period 36028897

ntp server 172.26.160.10

end

PSTN Edge

School1-B1R#term len 0

School1-B1R#sh run

Building configuration...

Current configuration : 8585 bytes

!

! Last configuration change at 16:52:10 UTC Tue Sep 8 2009

! NVRAM config last updated at 16:52:12 UTC Tue Sep 8 2009

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname School1-B1R

!

boot-start-marker

boot system flash:c3825-advipservicesk9-mz.124-15.T1.bin

boot-end-marker

!

card type t1 2 1

logging buffered 51200 warnings

!

no aaa new-model

no network-clock-participate slot 2 

no network-clock-participate wic 0 

!

!

ip cef

!

!

no ip domain lookup

ip domain name ese.local

ip name-server 10.33.32.5

!

multilink bundle-name authenticated

!

isdn switch-type primary-ni

voice-card 0

 no dspfarm

!

voice-card 2

 no dspfarm

!

!

!

key chain eigrp-chain

 key 100

   key-string cisco

!

!

!

!

!

!

!

!

!

!

!

!

!

!

voice translation-rule 1

 rule 1 /^444567/ /8444/

!

voice translation-rule 10

 rule 1 /^82221/ /2223451/

 rule 2 /^83331/ /3334561/

!

!

voice translation-profile S1-SRST-in

 translate called 1

!

voice translation-profile S1-SRST-out

 translate called 10

!

voice translation-profile S1-SRTS-in

 translate called 1

!

voice translation-profile S1-SRTS-out

 translate called 10

!

!

!

application

  global

  service alternate default

 !

!

!

crypto pki trustpoint TP-self-signed-2533920657

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-2533920657

 revocation-check none

 rsakeypair TP-self-signed-2533920657

!

!

crypto pki certificate chain TP-self-signed-2533920657

 certificate self-signed 01

  30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 32353333 39323036 3537301E 170D3039 30333233 30303332 

  35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35333339 

  32303635 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  8100C4CF 56547BED 94F2C7CB F804CFE3 4EF4E717 D4F45158 0323CDC6 15D57A1C 

  EEF6E208 A638F3CF 68E3ED79 6A5A2599 3535A184 142D2FB8 9F90BFC6 688DA885 

  0F01452F CB77727F 49E88D22 EBE8C8FE 79C603B4 400036EC A7E46F95 67556DB7 

  418CC9C9 855452C1 7A1F43D5 FC517ECE D2A016A2 D22469A7 B04F29D6 2D1F7D6A 

  CD170203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603 

  551D1104 11300F82 0D623172 2E657365 2E6C6F63 616C301F 0603551D 23041830 

  16801462 21F5D80D A391D7D8 81DEBE96 EAC85A83 1D5FC830 1D060355 1D0E0416 

  04146221 F5D80DA3 91D7D881 DEBE96EA C85A831D 5FC8300D 06092A86 4886F70D 

  01010405 00038181 00682E54 6D74F19D BC8642C5 D73A980A 977C2BD7 6FEC7C5D 

  6B78D63E B60E5EA3 00D8B281 EAD97996 71EC669E C2CD1B53 A8FA35FE 69A431E7 

  434C76AB 69C7AD8C 75125C78 D1B59887 BA744878 7CBF83D1 9E947524 DB4F0A2E 

  760C4DF3 8D72E317 FDD224C2 55FC2B1F 737A4F6E 72E5D6A2 BBF56AD5 49587E49 

  2807367C E83C477F A7

        quit

! 

!

!

!

username cisco secret 5 $1$80Id$RaudGd7tcWPCMbRIK0jlQ0

username Cisc0123 secret 5 $1$p0S6$1mALRMHiKoDpH5w3V5CqO1

username admin secret 5 $1$dOZk$BZ75VO488cehdyLDZiRjI1

archive

 log config

  hidekeys

!

!

controller T1 2/0

 framing esf

 linecode b8zs

 pri-group timeslots 1-24 service mgcp

!

controller T1 2/1

 framing esf

 linecode b8zs

!

!

!

!

!

interface Loopback0

 ip address 10.40.63.1 255.255.255.255

!

interface Loopback1

 ip address 10.33.9.22 255.255.255.0

!

interface Port-channel1

 no ip address

 hold-queue 0 in

!

interface Port-channel3

 description port-channel to core stack

 ip address 10.40.63.9 255.255.255.252

 hold-queue 150 in

!

interface GigabitEthernet0/0

 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

 no ip address

 duplex auto

 speed auto

 media-type rj45

 no keepalive

 channel-group 3

!

interface GigabitEthernet0/1

 no ip address

 duplex auto

 speed auto

 media-type rj45

 no keepalive

 channel-group 3

!

interface Serial0/0/0

 description serial link from B1R to A1R

 ip address 10.33.4.3 255.255.255.254

 load-interval 30

 carrier-delay msec 0

 clock rate 2016000

!

interface Serial0/0/1

 no ip address

 shutdown

 clock rate 2016000

!

interface Serial0/0/2

 no ip address

 shutdown

 clock rate 2016000

!

interface Serial0/0/3

 no ip address

 shutdown

 clock rate 2016000

!

interface FastEthernet1/0

!

interface FastEthernet1/1

!

interface FastEthernet1/2

!

interface FastEthernet1/3

!

interface FastEthernet1/4

!

interface FastEthernet1/5

!

interface FastEthernet1/6

!

interface FastEthernet1/7

!

interface FastEthernet1/8

!

interface FastEthernet1/9

!

interface FastEthernet1/10

!

interface FastEthernet1/11

!

interface FastEthernet1/12

!

interface FastEthernet1/13

!

interface FastEthernet1/14

!

interface FastEthernet1/15

!

interface Serial2/0:23

 description to simulated PSTN  

 no ip address

 encapsulation hdlc

 isdn switch-type primary-ni

 isdn incoming-voice voice

 isdn bind-l3 ccm-manager

 no cdp enable

!

interface Vlan1

 no ip address

!

ip route 0.0.0.0 0.0.0.0 Port-channel3

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

!

!

!

!

control-plane

!

!

!

voice-port 2/0:23

!

ccm-manager fallback-mgcp 

ccm-manager mgcp

ccm-manager music-on-hold

ccm-manager config server 10.33.32.22  

ccm-manager config

!

mgcp

mgcp call-agent CUCM7-Pub 2427 service-type mgcp version 0.1

mgcp dtmf-relay voip codec all mode out-of-band

mgcp rtp unreachable timeout 1000 action notify

mgcp modem passthrough voip mode nse

mgcp package-capability rtp-package

mgcp package-capability sst-package

mgcp package-capability pre-package

no mgcp package-capability res-package

no mgcp package-capability fxr-package

no mgcp timer receive-rtcp

mgcp sdp simple

mgcp rtp payload-type g726r16 static

mgcp bind control source-interface Port-channel3

mgcp bind media source-interface Port-channel3

!

mgcp profile default

!

!

!

dial-peer voice 83331 pots

 description SRST; translate calls to District office using internal number f

 translation-profile outgoing S1-SRTS-out

 destination-pattern 83331...

 port 2/0:23

 forward-digits 10

!

dial-peer voice 1 pots

 description srst incoming

 translation-profile incoming S1-SRTS-in

 service mgcpapp

 incoming called-number .

 direct-inward-dial

 port 2/0:23

 forward-digits 8

!

dial-peer voice 91 pots

 description SRST; Any long distance number

 destination-pattern 91..........

 port 2/0:23

 forward-digits 10

!

dial-peer voice 91222 pots

 description SRST; PSTN School1  to School2

 destination-pattern 91222.......

 port 2/0:23

 forward-digits 10

!

dial-peer voice 91333 pots

 description SRST; PSTN School1 to District Office

 destination-pattern 91333.......

 port 2/0:23

 forward-digits 10

!

dial-peer voice 91444 pots

 description SRST; School1 local dialing with area code

 destination-pattern 91444.......

 port 2/0:23

 forward-digits 10

!

dial-peer voice 9567 pots

 description SRST; School1 local dialing (PSTN-router num-exp adds area code)

 destination-pattern 9567....

 port 2/0:23

 forward-digits 7

!

dial-peer voice 911 pots

 description SRST; Emergency call without External access code

 destination-pattern 911

 port 2/0:23

 forward-digits 3

!

dial-peer voice 82221 pots

 description SRST; translate calls to School2 using internal number format

 translation-profile outgoing S1-SRTS-out

 destination-pattern 82221...

 port 2/0:23

 forward-digits 10

!

dial-peer voice 9911 pots

 description SRST; Emergency call with External access code

 destination-pattern 9911

 port 2/0:23

 forward-digits 3

!

!

!

!

call-manager-fallback

 max-conferences 12 gain -6

 transfer-system f

Sep  8 16:52:37.667: %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se2/0:23, TEI 0 changed to 
downull-consult

 ip source-address 10.40.63.9 port 2000

 max-ephones 10

 max-dn 20

!

banner exec ^CC

-----------------------------------------------------------------------

This is Router B1R

-----------------------------------------------------------------------

^C

banner login ^CC

-----------------------------------------------------------------------

This is Router B1R

-----------------------------------------------------------------------

^C

alias exec run sh run | begin 

alias exec int sh ip int brief

!

line con 0

 exec-timeout 0 0

 length 0

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 access-class 23 in

 privilege level 15

 login local

 transport input telnet ssh

line vty 5 15

 access-class 23 in

 privilege level 15

 login local

 transport input telnet ssh

!

scheduler allocate 20000 1000

ntp authentication-key 2 md5 04690203182E404A1D 7

ntp authenticate

ntp trusted-key 2

ntp clock-period 17179727

ntp max-associations 150

ntp server 10.40.94.17 key 2

!

webvpn cef

!

end

School1-B1R#