http://mars.merhot.dk/w/api.php?action=feedcontributions&feedformat=atom&user=Zhadu
Teknologisk videncenter - User contributions [en]
2026-04-09T12:02:02Z
User contributions
MediaWiki 1.29.0
http://mars.merhot.dk/w/index.php?title=PengeBanken&diff=9005
PengeBanken
2009-09-14T08:53:21Z
<p>Zhadu: </p>
<hr />
<div>PengeBanken<br />
Konfig filer<br />
<br />
==AAA01SWCO==<br />
<br />
<pre><br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AAA01SWCO<br />
!<br />
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/<br />
!<br />
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos min-reserve 5 170<br />
mls qos min-reserve 6 85<br />
mls qos min-reserve 7 51<br />
mls qos min-reserve 8 34<br />
mls qos<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,8-11 priority 24576<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
! <br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
description AAFS01<br />
switchport access vlan 8<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
description Til_AHA01RT<br />
no switchport<br />
ip address 172.18.255.5 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description Til_AAA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_AAA01SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_TDC MPLS<br />
no switchport<br />
ip address 172.18.255.1 255.255.255.252<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
switchport mode dynamic desirable<br />
!<br />
interface GigabitEthernet0/2<br />
switchport mode dynamic desirable<br />
!<br />
interface Vlan1<br />
ip address dhcp<br />
shutdown<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.2.2 255.255.255.0<br />
standby 2 ip 192.168.2.1<br />
standby 2 timers msec 200 msec 800<br />
standby 2 priority 110<br />
standby 2 preempt delay minimum 300<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.18.8.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 8 ip 172.18.8.1<br />
standby 8 timers msec 200 msec 800<br />
standby 8 priority 110<br />
standby 8 preempt delay minimum 300<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.18.9.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 9 ip 172.18.9.1<br />
standby 9 timers msec 200 msec 800<br />
standby 9 priority 110<br />
standby 9 preempt delay minimum 300<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.18.10.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 10 ip 172.18.10.1<br />
standby 10 timers msec 200 msec 800<br />
standby 10 priority 110<br />
standby 10 preempt delay minimum 300<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.18.11.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 11 ip 172.18.11.1<br />
standby 11 timers msec 200 msec 800<br />
standby 11 priority 110<br />
standby 11 preempt delay minimum 300<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.18.0.0 0.0.255.255 area 0<br />
default-information originate<br />
!<br />
router bgp 65003<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute connected<br />
neighbor 172.18.255.2 remote-as 65000<br />
neighbor 172.18.255.2 description TDC_MPLS<br />
neighbor 172.18.255.2 soft-reconfiguration inbound<br />
neighbor 172.18.255.2 route-map 65003-RMAP-IN in<br />
neighbor 172.18.255.2 route-map 65003-RMAP-OUT out<br />
no auto-summary<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
ip radius source-interface Vlan2 <br />
!<br />
!<br />
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32<br />
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32<br />
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
route-map 65003-RMAP-IN permit 10<br />
match ip address prefix-list 65003-PRE-IN<br />
!<br />
route-map 65003-RMAP-OUT permit 10<br />
match ip address prefix-list 65003-PRE-OUT<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179326<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AAA01RT==<br />
<pre><br />
version 12.4<br />
service config<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AAA01RT<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.<br />
!<br />
!<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
!<br />
!<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
!<br />
! <br />
!<br />
crypto isakmp policy 10<br />
encr aes 256<br />
authentication pre-share<br />
group 5<br />
lifetime 1000<br />
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1<br />
!<br />
!<br />
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac <br />
!<br />
crypto map PB_crypto_Map 10 ipsec-isakmp <br />
set peer 10.1.1.1<br />
set transform-set PB-TransformSet <br />
match address Tunnel1_til_Aarhus<br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface Tunnel1<br />
description Til_Aarhus<br />
ip address 172.16.254.6 255.255.255.252<br />
ip mtu 1420<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.1<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/0<br />
description Internet<br />
ip address 10.1.1.3 255.255.255.0<br />
duplex auto<br />
speed auto<br />
crypto map PB_crypto_Map<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA01SWCO<br />
ip address 172.18.255.6 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface Serial0/2/0<br />
no ip address<br />
shutdown<br />
no fair-queue<br />
clock rate 125000<br />
!<br />
interface Serial0/2/1<br />
no ip address<br />
shutdown<br />
clock rate 125000<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65003 metric 255 subnets<br />
network 172.18.255.6 0.0.0.0 area 0<br />
default-information originate metric 255<br />
!<br />
router bgp 65003<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute static<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.254.5 remote-as 65001<br />
neighbor 172.16.254.5 description AHA01FW<br />
neighbor 172.16.254.5 route-map 65003-RMAP-IN in<br />
neighbor 172.16.254.5 route-map 65003-RMAP-OUT out<br />
default-information originate<br />
no auto-summary<br />
!<br />
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0<br />
!<br />
!<br />
ip http server<br />
no ip http secure-server<br />
!<br />
ip access-list extended Tunnel1_til_Aarhus<br />
permit gre host 10.1.1.3 host 10.1.1.1<br />
!<br />
!<br />
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32<br />
!<br />
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32<br />
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32<br />
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
ip radius source-interface FastEthernet0/1 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
!<br />
!<br />
!<br />
route-map 65003-RMAP-IN permit 10<br />
match ip address prefix-list 65003-PRE-IN<br />
!<br />
route-map 65003-RMAP-OUT permit 10<br />
match ip address prefix-list 65003-PLIST-OUT<br />
set as-path prepend 65003 65003 65003 65003 65003 65003 65003<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
length 0<br />
!<br />
scheduler allocate 20000 1000<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AHA01FW==<br />
<pre><br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA01FW<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authentication ppp default if-needed group radius none<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
no ip domain lookup<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
vpdn enable<br />
!<br />
vpdn-group VPN<br />
! Default PPTP VPDN group<br />
accept-dialin<br />
protocol pptp<br />
virtual-template 1<br />
!<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1<br />
!<br />
!<br />
class-map type inspect match-any OUTSIDE-DMZ-CMAP<br />
match protocol http<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
class-map type inspect match-any INSIDE-OUTSIDE-CMAP<br />
match protocol tcp<br />
match protocol udp<br />
match protocol icmp<br />
class-map type inspect match-any OUTSIDE-INSIDE-CMAP<br />
match protocol tcp<br />
match protocol udp<br />
!<br />
!<br />
policy-map type inspect OUTSIDE-DMZ-PMAP<br />
class type inspect OUTSIDE-DMZ-CMAP<br />
inspect<br />
class class-default<br />
drop log<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
policy-map type inspect INSIDE-OUTSIDE-PMAP<br />
class type inspect INSIDE-OUTSIDE-CMAP<br />
inspect<br />
class class-default<br />
drop log<br />
policy-map type inspect OUTSIDE-INSIDE-PMAP<br />
class type inspect OUTSIDE-INSIDE-CMAP<br />
drop log<br />
class class-default<br />
!<br />
zone security INSIDE<br />
zone security OUTSIDE<br />
zone security DMZ<br />
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE<br />
service-policy type inspect INSIDE-OUTSIDE-PMAP<br />
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE<br />
service-policy type inspect OUTSIDE-INSIDE-PMAP<br />
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ<br />
service-policy type inspect OUTSIDE-DMZ-PMAP<br />
! <br />
!<br />
crypto isakmp policy 10<br />
encr aes 256<br />
authentication pre-share<br />
group 5<br />
lifetime 1000<br />
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2<br />
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3<br />
!<br />
!<br />
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac <br />
!<br />
crypto map PB_crypto_Map 10 ipsec-isakmp <br />
set peer 10.1.1.2<br />
set transform-set PB-TransformSet <br />
match address Tunnel1_til_Viborg<br />
crypto map PB_crypto_Map 20 ipsec-isakmp <br />
set peer 10.1.1.3<br />
set transform-set PB-TransformSet <br />
match address Tunnel2_til_Aalborg<br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface Tunnel1<br />
description Tunnel1_til_Viborg<br />
ip address 172.16.254.1 255.255.255.252<br />
ip mtu 1420<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.2<br />
service-policy output PbPolicy<br />
!<br />
interface Tunnel2<br />
description Tunnel2_til_Aalborg<br />
ip address 172.16.254.5 255.255.255.252<br />
ip mtu 1420<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.3<br />
service-policy output PbPolicy<br />
!<br />
interface Loopback0<br />
ip address 192.168.255.10 255.255.255.0<br />
zone-member security DMZ<br />
!<br />
interface FastEthernet0/0<br />
description internet<br />
ip address 10.1.1.1 255.255.255.0<br />
ip nat outside<br />
ip virtual-reassembly<br />
zone-member security OUTSIDE<br />
duplex auto<br />
speed auto<br />
crypto map PB_crypto_Map<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA01SWCO<br />
ip address 172.16.255.10 255.255.255.252<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
ip route-cache flow<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/0<br />
description Til_AHA02SWCO<br />
switchport access vlan 990<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/1<br />
description Til_AHA01RT<br />
switchport access vlan 991<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/2<br />
!<br />
interface FastEthernet0/1/3<br />
!<br />
interface Virtual-Template1 <br />
ip address 172.16.253.1 255.255.255.0<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
peer default ip address pool VPN-Pool<br />
ppp encrypt mppe auto<br />
ppp authentication ms-chap ms-chap-v2<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan990<br />
ip address 172.16.255.22 255.255.255.252<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
interface Vlan991<br />
ip address 172.16.255.14 255.255.255.252<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
passive-interface Tunnel1<br />
passive-interface Tunnel2<br />
network 172.16.255.10 0.0.0.0 area 0<br />
network 172.16.255.14 0.0.0.0 area 0<br />
network 172.16.255.22 0.0.0.0 area 0<br />
default-information originate<br />
!<br />
router bgp 65001<br />
bgp log-neighbor-changes<br />
neighbor 172.16.254.2 remote-as 65002<br />
neighbor 172.16.254.6 remote-as 65003<br />
!<br />
address-family ipv4<br />
redistribute static<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.254.2 activate<br />
neighbor 172.16.254.6 activate<br />
default-information originate<br />
no auto-summary<br />
no synchronization<br />
exit-address-family<br />
!<br />
ip local pool VPN-Pool 172.16.253.10 172.16.253.200<br />
ip route 0.0.0.0 0.0.0.0 10.1.1.254<br />
!<br />
ip flow-export source FastEthernet0/1<br />
ip flow-export version 5<br />
ip flow-export destination 172.16.241.17 9000<br />
!<br />
ip http server<br />
no ip http secure-server<br />
ip nat inside source list 10 interface FastEthernet0/0 overload<br />
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80<br />
!<br />
ip access-list extended Tunnel1_til_Viborg<br />
permit gre host 10.1.1.1 host 10.1.1.2<br />
ip access-list extended Tunnel2_til_Aalborg<br />
permit gre host 10.1.1.1 host 10.1.1.3<br />
!<br />
ip radius source-interface FastEthernet0/1 <br />
access-list 10 permit 172.16.241.15<br />
access-list 10 permit 172.16.0.0 0.15.255.255<br />
snmp-server community PengeBanken RO<br />
snmp-server host 172.16.241.17 version 2c PengeBanken <br />
!<br />
!<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
!<br />
scheduler allocate 20000 1000<br />
ntp clock-period 17178263<br />
ntp server 217.198.208.66<br />
end<br />
</pre><br />
<br />
==AHA01RT==<br />
<pre><br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA01RT<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu.<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0.<br />
!<br />
!<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
!<br />
!<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
!<br />
! <br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/0<br />
description TDC_MPLS<br />
ip address 172.16.255.1 255.255.255.252<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA02SWCO<br />
ip address 172.16.255.5 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
auto qos voip trust <br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1.101<br />
!<br />
interface FastEthernet0/1/0<br />
description Til_AHA01SWCO<br />
switchport access vlan 990<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/1<br />
description Til_AHA01FW<br />
switchport access vlan 991<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/2<br />
!<br />
interface FastEthernet0/1/3<br />
!<br />
interface Serial0/2/0<br />
no ip address<br />
shutdown<br />
clock rate 2000000<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan990<br />
ip address 172.16.255.18 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
interface Vlan991<br />
ip address 172.16.255.13 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65001 subnets<br />
network 172.16.255.1 0.0.0.0 area 0<br />
network 172.16.255.5 0.0.0.0 area 0<br />
network 172.16.255.13 0.0.0.0 area 0<br />
network 172.16.255.18 0.0.0.0 area 0<br />
!<br />
router bgp 65001<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute connected<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.255.2 remote-as 65000<br />
neighbor 172.16.255.2 description TDC_MPLS<br />
neighbor 172.16.255.2 next-hop-self<br />
neighbor 172.16.255.2 soft-reconfiguration inbound<br />
neighbor 172.16.255.2 route-map 65000-RMAP-OUT out<br />
default-information originate<br />
no auto-summary<br />
!<br />
!<br />
!<br />
ip http server<br />
no ip http secure-server<br />
!<br />
!<br />
ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32<br />
ip radius source-interface FastEthernet0/1 <br />
snmp-server community PengeBanken RO<br />
!<br />
!<br />
!<br />
route-map 65000-RMAP-OUT permit 10<br />
match ip address prefix-list 65000-PLIST-OUT<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
password cisco<br />
!<br />
scheduler allocate 20000 1000<br />
ntp clock-period 17179809<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
==AHA01RTVG==<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA01SWSL<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/2<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/3<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/5<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/6<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/7<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/8<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/9<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/10<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/11<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/12<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/13<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/14<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/15<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/16<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/17<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/18<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/19<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/20<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/21<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/23<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/24<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.5 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179984<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
==AHA01SWCO==<br />
<pre><br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA01SWCO<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$vBG2$emquo5iIZpvTzxCkqzzWv0<br />
!<br />
username admin privilege 15 secret 5 $1$S9Eb$TFTuP.RZAaTb9mJrha.7m0<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
system mtu routing 1500<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos srr-queue input bandwidth 90 10<br />
mls qos srr-queue input threshold 1 8 16<br />
mls qos srr-queue input threshold 2 34 66<br />
mls qos srr-queue input buffers 67 33 <br />
mls qos srr-queue input cos-map queue 1 threshold 2 1<br />
mls qos srr-queue input cos-map queue 1 threshold 3 0<br />
mls qos srr-queue input cos-map queue 2 threshold 1 2<br />
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7<br />
mls qos srr-queue input cos-map queue 2 threshold 3 3 5<br />
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 32<br />
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output cos-map queue 1 threshold 3 5<br />
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7<br />
mls qos srr-queue output cos-map queue 3 threshold 3 2 4<br />
mls qos srr-queue output cos-map queue 4 threshold 2 1<br />
mls qos srr-queue output cos-map queue 4 threshold 3 0<br />
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39<br />
mls qos srr-queue output dscp-map queue 4 threshold 1 8<br />
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos queue-set output 1 threshold 1 138 138 92 138<br />
mls qos queue-set output 1 threshold 2 138 138 92 400<br />
mls qos queue-set output 1 threshold 3 36 77 100 318<br />
mls qos queue-set output 1 threshold 4 20 50 67 400<br />
mls qos queue-set output 2 threshold 1 149 149 100 149<br />
mls qos queue-set output 2 threshold 2 118 118 100 235<br />
mls qos queue-set output 2 threshold 3 41 68 100 272<br />
mls qos queue-set output 2 threshold 4 42 72 100 242<br />
mls qos queue-set output 1 buffers 10 10 26 54<br />
mls qos queue-set output 2 buffers 16 6 17 61<br />
mls qos<br />
!<br />
crypto pki trustpoint TP-self-signed-201700352<br />
enrollment selfsigned<br />
subject-name cn=IOS-Self-Signed-Certificate-201700352<br />
revocation-check none<br />
rsakeypair TP-self-signed-201700352<br />
!<br />
!<br />
crypto pki certificate chain TP-self-signed-201700352<br />
certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree etherchannel guard misconfig<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,7-11 priority 24576<br />
spanning-tree vlan 240-242 priority 28672<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
no switchport<br />
ip address 172.16.255.17 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
description Til_AHA01SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
description Til_AHA02SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/22<br />
description Til_AHA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_AHA02SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_AHA01FW<br />
no switchport<br />
ip address 172.16.255.9 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
!<br />
interface GigabitEthernet0/2<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.0.2 255.255.255.0<br />
standby 2 ip 192.168.0.1<br />
standby 2 timers msec 200 msec 800<br />
standby 2 priority 110<br />
standby 2 preempt delay minimum 300<br />
!<br />
interface Vlan7<br />
description IT-administration<br />
ip address 172.16.0.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 7 ip 172.16.0.1<br />
standby 7 timers msec 200 msec 800<br />
standby 7 priority 110<br />
standby 7 preempt delay minimum 300<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.16.8.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 8 ip 172.16.8.1<br />
standby 8 timers msec 200 msec 800<br />
standby 8 priority 110<br />
standby 8 preempt delay minimum 300<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.16.9.2 255.255.255.0<br />
ip access-group Administration in<br />
ip helper-address 172.16.241.11<br />
standby 9 ip 172.16.9.1<br />
standby 9 timers msec 200 msec 800<br />
standby 9 priority 110<br />
standby 9 preempt delay minimum 300<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.16.10.2 255.255.255.0<br />
ip access-group Bank in<br />
ip helper-address 172.16.241.11<br />
standby 10 ip 172.16.10.1<br />
standby 10 timers msec 200 msec 800<br />
standby 10 priority 110<br />
standby 10 preempt delay minimum 300<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.16.11.2 255.255.255.0<br />
ip access-group Telefoni in<br />
ip helper-address 172.16.241.11<br />
standby 11 ip 172.16.11.1<br />
standby 11 timers msec 200 msec 800<br />
standby 11 priority 110<br />
standby 11 preempt delay minimum 300<br />
!<br />
interface Vlan240<br />
description Servere<br />
ip address 172.16.240.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 240 ip 172.16.240.1<br />
standby 240 timers msec 200 msec 800<br />
!<br />
interface Vlan241<br />
description Servere<br />
ip address 172.16.241.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 241 ip 172.16.241.1<br />
standby 241 timers msec 200 msec 800<br />
!<br />
interface Vlan242<br />
description CallManager<br />
ip address 172.16.242.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 242 ip 172.16.242.1<br />
standby 242 timers msec 200 msec 800<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.16.0.0 0.0.255.255 area 0<br />
network 192.168.0.0 0.0.0.255 area 0<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
!<br />
ip access-list extended Administration<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Bank<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Telefoni<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
!<br />
ip radius source-interface Vlan2 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp clock-period 36029105<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AHA02SWCO==<br />
<pre><br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA02SWCO<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$GxFl$DbYT2MdQ4yNpD7UJ9Iv1S1<br />
!<br />
username admin privilege 15 secret 5 $1$m/MH$fgaAuE./eyP8ThL58GW/N0<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
system mtu routing 1500<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos srr-queue input bandwidth 90 10<br />
mls qos srr-queue input threshold 1 8 16<br />
mls qos srr-queue input threshold 2 34 66<br />
mls qos srr-queue input buffers 67 33 <br />
mls qos srr-queue input cos-map queue 1 threshold 2 1<br />
mls qos srr-queue input cos-map queue 1 threshold 3 0<br />
mls qos srr-queue input cos-map queue 2 threshold 1 2<br />
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7<br />
mls qos srr-queue input cos-map queue 2 threshold 3 3 5<br />
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 32<br />
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output cos-map queue 1 threshold 3 5<br />
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7<br />
mls qos srr-queue output cos-map queue 3 threshold 3 2 4<br />
mls qos srr-queue output cos-map queue 4 threshold 2 1<br />
mls qos srr-queue output cos-map queue 4 threshold 3 0<br />
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39<br />
mls qos srr-queue output dscp-map queue 4 threshold 1 8<br />
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos queue-set output 1 threshold 1 138 138 92 138<br />
mls qos queue-set output 1 threshold 2 138 138 92 400<br />
mls qos queue-set output 1 threshold 3 36 77 100 318<br />
mls qos queue-set output 1 threshold 4 20 50 67 400<br />
mls qos queue-set output 2 threshold 1 149 149 100 149<br />
mls qos queue-set output 2 threshold 2 118 118 100 235<br />
mls qos queue-set output 2 threshold 3 41 68 100 272<br />
mls qos queue-set output 2 threshold 4 42 72 100 242<br />
mls qos queue-set output 1 buffers 10 10 26 54<br />
mls qos queue-set output 2 buffers 16 6 17 61<br />
mls qos<br />
!<br />
crypto pki trustpoint TP-self-signed-3566145536<br />
enrollment selfsigned<br />
subject-name cn=IOS-Self-Signed-Certificate-3566145536<br />
revocation-check none<br />
rsakeypair TP-self-signed-3566145536<br />
!<br />
!<br />
crypto pki certificate chain TP-self-signed-3566145536<br />
certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree etherchannel guard misconfig<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,7-11 priority 28672<br />
spanning-tree vlan 240-242 priority 24576<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA01RTVG<br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
description Til_AHA01FW<br />
no switchport<br />
ip address 172.16.255.21 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
description Til_AHA01SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
description Til_AHA02SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/22<br />
description Til_AHA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_AHA01SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_AHA01RT<br />
no switchport<br />
ip address 172.16.255.6 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
!<br />
interface GigabitEthernet0/2<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.0.3 255.255.255.0<br />
standby 2 ip 192.168.0.1<br />
standby 2 timers msec 200 msec 800<br />
!<br />
interface Vlan7<br />
description IT-administration<br />
ip address 172.16.0.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 7 ip 172.16.0.1<br />
standby 7 timers msec 200 msec 800<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.16.8.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 8 ip 172.16.8.1<br />
standby 8 timers msec 200 msec 800<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.16.9.3 255.255.255.0<br />
ip access-group Administration in<br />
ip helper-address 172.16.241.11<br />
standby 9 ip 172.16.9.1<br />
standby 9 timers msec 200 msec 800<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.16.10.3 255.255.255.0<br />
ip access-group Bank in<br />
ip helper-address 172.16.241.11<br />
standby 10 ip 172.16.10.1<br />
standby 10 timers msec 200 msec 800<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.16.11.3 255.255.255.0<br />
ip access-group Telefoni in<br />
ip helper-address 172.16.241.11<br />
standby 11 ip 172.16.11.1<br />
standby 11 timers msec 200 msec 800<br />
!<br />
interface Vlan240<br />
description Servere<br />
ip address 172.16.240.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 240 ip 172.16.240.1<br />
standby 240 timers msec 200 msec 800<br />
standby 240 priority 110<br />
standby 240 preempt delay minimum 300<br />
!<br />
interface Vlan241<br />
description Servere<br />
ip address 172.16.241.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 241 ip 172.16.241.1<br />
standby 241 timers msec 200 msec 800<br />
standby 241 priority 110<br />
standby 241 preempt delay minimum 300<br />
!<br />
interface Vlan242<br />
description CallManager<br />
ip address 172.16.242.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 242 ip 172.16.242.1<br />
standby 242 timers msec 200 msec 800<br />
standby 242 priority 110<br />
standby 242 preempt delay minimum 300<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.16.0.0 0.0.255.255 area 0<br />
network 192.168.0.0 0.0.0.255 area 0<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
!<br />
ip access-list extended Administration<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Bank<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Telefoni<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
!<br />
ip radius source-interface Vlan2 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp clock-period 36029150<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
==VIA01RT==<br />
<pre><br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname VIA01RT<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$jcK0$h6.iMf2Chj5ZSmadD8YJb1<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$zK2S$Cg6yVpoyI0jjfuRuy6XBb1<br />
!<br />
!<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
!<br />
!<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
!<br />
! <br />
!<br />
crypto isakmp policy 10<br />
encr aes 256<br />
authentication pre-share<br />
group 5<br />
lifetime 1000<br />
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.1<br />
!<br />
!<br />
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac <br />
!<br />
crypto map PB_crypto_Map 10 ipsec-isakmp <br />
set peer 10.1.1.1<br />
set transform-set PB-TransformSet <br />
match address Tunnel1_til_Aarhus<br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface Tunnel1<br />
ip address 172.16.254.2 255.255.255.252<br />
ip mtu 1420<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.1<br />
!<br />
interface FastEthernet0/0<br />
description Internet<br />
ip address 10.1.1.2 255.255.255.0<br />
duplex auto<br />
speed auto<br />
crypto map PB_crypto_Map<br />
!<br />
interface FastEthernet0/1<br />
description Til_VIA02SWCO<br />
ip address 172.17.255.6 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface Serial0/1/0<br />
no ip address<br />
shutdown<br />
no fair-queue<br />
clock rate 125000<br />
!<br />
interface Serial0/1/1<br />
no ip address<br />
shutdown<br />
clock rate 125000<br />
!<br />
interface Serial0/2/0<br />
no ip address<br />
shutdown<br />
clock rate 2000000<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65002 metric 255 subnets<br />
network 172.17.255.6 0.0.0.0 area 0<br />
default-information originate metric 255<br />
!<br />
router bgp 65002<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute static<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.254.1 remote-as 65001<br />
neighbor 172.16.254.1 description AHA01FW<br />
neighbor 172.16.254.1 route-map 65002-RMAP-IN in<br />
neighbor 172.16.254.1 route-map 65002-RMAP-OUT out<br />
default-information originate<br />
no auto-summary<br />
!<br />
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0<br />
!<br />
!<br />
ip http server<br />
no ip http secure-server<br />
!<br />
ip access-list extended Tunnel1_til_Aarhus<br />
permit gre host 10.1.1.2 host 10.1.1.1<br />
!<br />
!<br />
ip prefix-list 65002-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32<br />
!<br />
ip prefix-list 65002-PRE-IN seq 5 deny 172.17.0.0/16 le 32<br />
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32<br />
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
ip radius source-interface FastEthernet0/1 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
!<br />
!<br />
!<br />
route-map 65002-RMAP-IN permit 10<br />
match ip address prefix-list 65002-PRE-IN<br />
!<br />
route-map 65002-RMAP-OUT permit 10<br />
match ip address prefix-list 65002-PLIST-OUT<br />
set as-path prepend 65002 65002 65002 65002 65002 65002 65002<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
!<br />
scheduler allocate 20000 1000<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AHA01SWOP==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA01SWOP<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
errdisable recovery cause psecure-violation<br />
errdisable recovery interval 600<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust dscp<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/2<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/3<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/4<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/5<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/6<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/7<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/8<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/9<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/10<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/11<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/12<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/13<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/14<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/15<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/16<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/17<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/18<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/19<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/20<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/21<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/22<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/23<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/24<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
speed 10<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
speed 10<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.4 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179832<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==AHA01SWSL==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA01SWSL<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/2<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/3<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/5<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/6<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/7<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/8<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/9<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/10<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/11<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/12<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/13<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/14<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/15<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/16<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/17<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/18<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/19<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/20<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/21<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/23<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/24<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.5 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179994<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==AHA02SWSL==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA02SWSL<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/2<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/3<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/5<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/6<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/7<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/8<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/9<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/10<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/11<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/12<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/13<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/14<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/15<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/16<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/17<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/18<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/19<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/20<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/21<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/23<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/24<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.6 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17180096<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==VIA01SWOP==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname VIA01SWOP<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
errdisable recovery cause psecure-violation<br />
errdisable recovery interval 600<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
vtp domain BEO-LY<br />
vtp mode transparent<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
vlan 2,8-9 <br />
!<br />
vlan 10<br />
name LYOLAN<br />
!<br />
vlan 11 <br />
!<br />
interface FastEthernet0/1<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/2<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/3<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/4<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/5<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/6<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/7<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/8<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/9<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/10<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/11<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/12<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/13<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/14<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/15<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/16<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/17<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/18<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/19<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/20<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/21<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/22<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/23<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/24<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to VIA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to VI02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.1.4 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.1.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
transport input ssh<br />
!<br />
ntp clock-period 17179912<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==AAA01SWOP==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AAA01SWOP<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
errdisable recovery cause psecure-violation<br />
errdisable recovery interval 600<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/2<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/3<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/4<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/5<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/6<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/7<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/8<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/9<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/10<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/11<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/12<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/13<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/14<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/15<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/16<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/17<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/18<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/19<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/20<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/21<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/22<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/23<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/24<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AAA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
auto qos voip trust<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AAA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
auto qos voip trust<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.2.4 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.2.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17180064<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
==VIA02SWCO==<br />
<pre><br />
<br />
!<br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname VIA02SWCO<br />
!<br />
enable secret 5 $1$e4ZP$h.AoOqEe1T8g2tm1rGjtj/<br />
!<br />
username admin privilege 15 secret 5 $1$zzrV$FHjI7ZjZ6S9ZWJ8IFxfPQ1<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos min-reserve 5 170<br />
mls qos min-reserve 6 85<br />
mls qos min-reserve 7 51<br />
mls qos min-reserve 8 34<br />
mls qos<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,8-11 priority 28672<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
! <br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
description VIFS01<br />
switchport access vlan 8<br />
switchport mode access<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/22<br />
description Til_VIA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_VIA01SWCO1<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_VIA01RT<br />
no switchport<br />
ip address 172.17.255.5 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
switchport mode dynamic desirable<br />
!<br />
interface GigabitEthernet0/2<br />
switchport mode dynamic desirable<br />
!<br />
interface Vlan1<br />
ip address dhcp<br />
shutdown<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.1.3 255.255.255.0<br />
standby 2 ip 192.168.1.1<br />
standby 2 timers msec 200 msec 800<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.17.8.3 255.255.255.0<br />
standby 8 ip 172.17.8.1<br />
standby 8 timers msec 200 msec 800<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.17.9.3 255.255.255.0<br />
standby 9 ip 172.17.9.1<br />
standby 9 timers msec 200 msec 800<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.17.10.3 255.255.255.0<br />
standby 10 ip 172.17.10.1<br />
standby 10 timers msec 200 msec 800<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.17.11.3 255.255.255.0<br />
standby 11 ip 172.17.11.1<br />
standby 11 timers msec 200 msec 800<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.17.0.0 0.0.255.255 area 0<br />
network 192.168.1.0 0.0.0.255 area 0<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
!<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
==VIA01SWCO==<br />
<pre><br />
<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname VIA01SWCO<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$CjQy$2ViWy5DbihxoJ1X.HcDyh1<br />
!<br />
username admin privilege 15 secret 5 $1$U0Sf$m2vxqz9Xpz/ZIGE21E7HY.<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2 priority 24576<br />
spanning-tree vlan 8 priority 24576<br />
spanning-tree vlan 9 priority 24576<br />
spanning-tree vlan 10 priority 24576<br />
spanning-tree vlan 11 priority 24576<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/22<br />
description Til_VIA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_VIA02SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
no ip address<br />
mls qos trust dscp<br />
!<br />
interface FastEthernet0/24<br />
description Til_TDC MPLS<br />
no switchport<br />
ip address 172.17.255.1 255.255.255.252<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
no ip address<br />
!<br />
interface GigabitEthernet0/2<br />
no ip address<br />
!<br />
interface Vlan1<br />
no ip address<br />
shutdown<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.1.2 255.255.255.0<br />
no ip redirects<br />
standby 2 ip 192.168.1.1<br />
standby 2 timers msec 200 msec 800<br />
standby 2 priority 110<br />
standby 2 preempt delay minimum 300<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.17.8.2 255.255.255.0<br />
ip helper-address 172.17.8.11<br />
ip helper-address 172.16.241.11<br />
no ip redirects<br />
standby 8 ip 172.17.8.1<br />
standby 8 timers msec 200 msec 800<br />
standby 8 priority 110<br />
standby 8 preempt delay minimum 300<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.17.9.2 255.255.255.0<br />
ip access-group Administration in<br />
ip helper-address 172.17.8.11<br />
ip helper-address 172.16.241.11<br />
no ip redirects<br />
standby 9 ip 172.17.9.1<br />
standby 9 timers msec 200 msec 800<br />
standby 9 priority 110<br />
standby 9 preempt delay minimum 300<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.17.10.2 255.255.255.0<br />
ip access-group Bank in<br />
ip helper-address 172.17.8.11<br />
ip helper-address 172.16.241.11<br />
no ip redirects<br />
standby 10 ip 172.17.10.1<br />
standby 10 timers msec 200 msec 800<br />
standby 10 priority 110<br />
standby 10 preempt delay minimum 300<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.17.11.2 255.255.255.0<br />
ip access-group Telefoni in<br />
ip helper-address 172.17.8.11<br />
ip helper-address 172.16.241.11<br />
no ip redirects<br />
standby 11 ip 172.17.11.1<br />
standby 11 timers msec 200 msec 800<br />
standby 11 priority 110<br />
standby 11 preempt delay minimum 300<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65002 subnets<br />
network 172.17.0.0 0.0.255.255 area 0<br />
network 192.168.1.0 0.0.0.255 area 0<br />
default-information originate<br />
!<br />
router bgp 65002<br />
bgp log-neighbor-changes<br />
redistribute connected<br />
neighbor 172.17.255.2 remote-as 65000<br />
neighbor 172.17.255.2 description TDC_MPLS<br />
neighbor 172.17.255.2 soft-reconfiguration inbound<br />
neighbor 172.17.255.2 route-map 65002-RMAP-IN in<br />
neighbor 172.17.255.2 route-map 65002-RMAP-OUT out<br />
!<br />
ip classless<br />
ip http server<br />
!<br />
ip access-list extended Administration<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Bank<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Telefoni<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip radius source-interface Vlan2<br />
!<br />
!<br />
ip prefix-list 65002-PRE-IN seq 10 deny 172.17.0.0/16 le 32<br />
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32<br />
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
!<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
access-list 101 permit ip any 172.16.240.0 0.0.7.255<br />
access-list 101 deny ip any 172.0.2.0 0.255.248.255<br />
access-list 101 deny ip any 172.0.3.0 0.255.248.255<br />
access-list 101 deny ip any 172.0.4.0 0.255.248.255<br />
access-list 101 deny ip any 172.0.5.0 0.255.248.255<br />
access-list 101 deny ip any 172.0.6.0 0.255.248.255<br />
access-list 101 deny ip any 172.0.7.0 0.255.248.255<br />
access-list 101 permit ip any any<br />
route-map 65002-RMAP-IN permit 10<br />
match ip address prefix-list 65002-PRE-IN<br />
!<br />
route-map 65002-RMAP-OUT permit 10<br />
match ip address prefix-list 65002-PRE-OUT<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
end<br />
</pre></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=PengeBanken&diff=9001
PengeBanken
2009-09-14T08:25:31Z
<p>Zhadu: </p>
<hr />
<div>PengeBanken<br />
Konfig filer<br />
<br />
==AAA01SWCO==<br />
<br />
<pre><br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AAA01SWCO<br />
!<br />
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/<br />
!<br />
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos min-reserve 5 170<br />
mls qos min-reserve 6 85<br />
mls qos min-reserve 7 51<br />
mls qos min-reserve 8 34<br />
mls qos<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,8-11 priority 24576<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
! <br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
description AAFS01<br />
switchport access vlan 8<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
description Til_AHA01RT<br />
no switchport<br />
ip address 172.18.255.5 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description Til_AAA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_AAA01SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,8-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_TDC MPLS<br />
no switchport<br />
ip address 172.18.255.1 255.255.255.252<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
switchport mode dynamic desirable<br />
!<br />
interface GigabitEthernet0/2<br />
switchport mode dynamic desirable<br />
!<br />
interface Vlan1<br />
ip address dhcp<br />
shutdown<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.2.2 255.255.255.0<br />
standby 2 ip 192.168.2.1<br />
standby 2 timers msec 200 msec 800<br />
standby 2 priority 110<br />
standby 2 preempt delay minimum 300<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.18.8.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 8 ip 172.18.8.1<br />
standby 8 timers msec 200 msec 800<br />
standby 8 priority 110<br />
standby 8 preempt delay minimum 300<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.18.9.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 9 ip 172.18.9.1<br />
standby 9 timers msec 200 msec 800<br />
standby 9 priority 110<br />
standby 9 preempt delay minimum 300<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.18.10.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 10 ip 172.18.10.1<br />
standby 10 timers msec 200 msec 800<br />
standby 10 priority 110<br />
standby 10 preempt delay minimum 300<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.18.11.2 255.255.255.0<br />
ip helper-address 172.18.8.11<br />
ip helper-address 172.16.241.11<br />
standby 11 ip 172.18.11.1<br />
standby 11 timers msec 200 msec 800<br />
standby 11 priority 110<br />
standby 11 preempt delay minimum 300<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.18.0.0 0.0.255.255 area 0<br />
default-information originate<br />
!<br />
router bgp 65003<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute connected<br />
neighbor 172.18.255.2 remote-as 65000<br />
neighbor 172.18.255.2 description TDC_MPLS<br />
neighbor 172.18.255.2 soft-reconfiguration inbound<br />
neighbor 172.18.255.2 route-map 65003-RMAP-IN in<br />
neighbor 172.18.255.2 route-map 65003-RMAP-OUT out<br />
no auto-summary<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
ip radius source-interface Vlan2 <br />
!<br />
!<br />
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32<br />
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32<br />
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
route-map 65003-RMAP-IN permit 10<br />
match ip address prefix-list 65003-PRE-IN<br />
!<br />
route-map 65003-RMAP-OUT permit 10<br />
match ip address prefix-list 65003-PRE-OUT<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179326<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AAA01RT==<br />
<pre><br />
version 12.4<br />
service config<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AAA01RT<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.<br />
!<br />
!<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
!<br />
!<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
!<br />
! <br />
!<br />
crypto isakmp policy 10<br />
encr aes 256<br />
authentication pre-share<br />
group 5<br />
lifetime 1000<br />
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1<br />
!<br />
!<br />
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac <br />
!<br />
crypto map PB_crypto_Map 10 ipsec-isakmp <br />
set peer 10.1.1.1<br />
set transform-set PB-TransformSet <br />
match address Tunnel1_til_Aarhus<br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface Tunnel1<br />
description Til_Aarhus<br />
ip address 172.16.254.6 255.255.255.252<br />
ip mtu 1420<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.1<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/0<br />
description Internet<br />
ip address 10.1.1.3 255.255.255.0<br />
duplex auto<br />
speed auto<br />
crypto map PB_crypto_Map<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA01SWCO<br />
ip address 172.18.255.6 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface Serial0/2/0<br />
no ip address<br />
shutdown<br />
no fair-queue<br />
clock rate 125000<br />
!<br />
interface Serial0/2/1<br />
no ip address<br />
shutdown<br />
clock rate 125000<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65003 metric 255 subnets<br />
network 172.18.255.6 0.0.0.0 area 0<br />
default-information originate metric 255<br />
!<br />
router bgp 65003<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute static<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.254.5 remote-as 65001<br />
neighbor 172.16.254.5 description AHA01FW<br />
neighbor 172.16.254.5 route-map 65003-RMAP-IN in<br />
neighbor 172.16.254.5 route-map 65003-RMAP-OUT out<br />
default-information originate<br />
no auto-summary<br />
!<br />
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0<br />
!<br />
!<br />
ip http server<br />
no ip http secure-server<br />
!<br />
ip access-list extended Tunnel1_til_Aarhus<br />
permit gre host 10.1.1.3 host 10.1.1.1<br />
!<br />
!<br />
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32<br />
!<br />
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32<br />
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32<br />
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
ip radius source-interface FastEthernet0/1 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
!<br />
!<br />
!<br />
route-map 65003-RMAP-IN permit 10<br />
match ip address prefix-list 65003-PRE-IN<br />
!<br />
route-map 65003-RMAP-OUT permit 10<br />
match ip address prefix-list 65003-PLIST-OUT<br />
set as-path prepend 65003 65003 65003 65003 65003 65003 65003<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
length 0<br />
!<br />
scheduler allocate 20000 1000<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AHA01FW==<br />
<pre><br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA01FW<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authentication ppp default if-needed group radius none<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
no ip domain lookup<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
vpdn enable<br />
!<br />
vpdn-group VPN<br />
! Default PPTP VPDN group<br />
accept-dialin<br />
protocol pptp<br />
virtual-template 1<br />
!<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1<br />
!<br />
!<br />
class-map type inspect match-any OUTSIDE-DMZ-CMAP<br />
match protocol http<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
class-map type inspect match-any INSIDE-OUTSIDE-CMAP<br />
match protocol tcp<br />
match protocol udp<br />
match protocol icmp<br />
class-map type inspect match-any OUTSIDE-INSIDE-CMAP<br />
match protocol tcp<br />
match protocol udp<br />
!<br />
!<br />
policy-map type inspect OUTSIDE-DMZ-PMAP<br />
class type inspect OUTSIDE-DMZ-CMAP<br />
inspect<br />
class class-default<br />
drop log<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
policy-map type inspect INSIDE-OUTSIDE-PMAP<br />
class type inspect INSIDE-OUTSIDE-CMAP<br />
inspect<br />
class class-default<br />
drop log<br />
policy-map type inspect OUTSIDE-INSIDE-PMAP<br />
class type inspect OUTSIDE-INSIDE-CMAP<br />
drop log<br />
class class-default<br />
!<br />
zone security INSIDE<br />
zone security OUTSIDE<br />
zone security DMZ<br />
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE<br />
service-policy type inspect INSIDE-OUTSIDE-PMAP<br />
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE<br />
service-policy type inspect OUTSIDE-INSIDE-PMAP<br />
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ<br />
service-policy type inspect OUTSIDE-DMZ-PMAP<br />
! <br />
!<br />
crypto isakmp policy 10<br />
encr aes 256<br />
authentication pre-share<br />
group 5<br />
lifetime 1000<br />
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2<br />
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3<br />
!<br />
!<br />
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac <br />
!<br />
crypto map PB_crypto_Map 10 ipsec-isakmp <br />
set peer 10.1.1.2<br />
set transform-set PB-TransformSet <br />
match address Tunnel1_til_Viborg<br />
crypto map PB_crypto_Map 20 ipsec-isakmp <br />
set peer 10.1.1.3<br />
set transform-set PB-TransformSet <br />
match address Tunnel2_til_Aalborg<br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface Tunnel1<br />
description Tunnel1_til_Viborg<br />
ip address 172.16.254.1 255.255.255.252<br />
ip mtu 1420<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.2<br />
service-policy output PbPolicy<br />
!<br />
interface Tunnel2<br />
description Tunnel2_til_Aalborg<br />
ip address 172.16.254.5 255.255.255.252<br />
ip mtu 1420<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.3<br />
service-policy output PbPolicy<br />
!<br />
interface Loopback0<br />
ip address 192.168.255.10 255.255.255.0<br />
zone-member security DMZ<br />
!<br />
interface FastEthernet0/0<br />
description internet<br />
ip address 10.1.1.1 255.255.255.0<br />
ip nat outside<br />
ip virtual-reassembly<br />
zone-member security OUTSIDE<br />
duplex auto<br />
speed auto<br />
crypto map PB_crypto_Map<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA01SWCO<br />
ip address 172.16.255.10 255.255.255.252<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
ip route-cache flow<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/0<br />
description Til_AHA02SWCO<br />
switchport access vlan 990<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/1<br />
description Til_AHA01RT<br />
switchport access vlan 991<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/2<br />
!<br />
interface FastEthernet0/1/3<br />
!<br />
interface Virtual-Template1 <br />
ip address 172.16.253.1 255.255.255.0<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
peer default ip address pool VPN-Pool<br />
ppp encrypt mppe auto<br />
ppp authentication ms-chap ms-chap-v2<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan990<br />
ip address 172.16.255.22 255.255.255.252<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
interface Vlan991<br />
ip address 172.16.255.14 255.255.255.252<br />
ip nat inside<br />
ip virtual-reassembly<br />
zone-member security INSIDE<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
passive-interface Tunnel1<br />
passive-interface Tunnel2<br />
network 172.16.255.10 0.0.0.0 area 0<br />
network 172.16.255.14 0.0.0.0 area 0<br />
network 172.16.255.22 0.0.0.0 area 0<br />
default-information originate<br />
!<br />
router bgp 65001<br />
bgp log-neighbor-changes<br />
neighbor 172.16.254.2 remote-as 65002<br />
neighbor 172.16.254.6 remote-as 65003<br />
!<br />
address-family ipv4<br />
redistribute static<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.254.2 activate<br />
neighbor 172.16.254.6 activate<br />
default-information originate<br />
no auto-summary<br />
no synchronization<br />
exit-address-family<br />
!<br />
ip local pool VPN-Pool 172.16.253.10 172.16.253.200<br />
ip route 0.0.0.0 0.0.0.0 10.1.1.254<br />
!<br />
ip flow-export source FastEthernet0/1<br />
ip flow-export version 5<br />
ip flow-export destination 172.16.241.17 9000<br />
!<br />
ip http server<br />
no ip http secure-server<br />
ip nat inside source list 10 interface FastEthernet0/0 overload<br />
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80<br />
!<br />
ip access-list extended Tunnel1_til_Viborg<br />
permit gre host 10.1.1.1 host 10.1.1.2<br />
ip access-list extended Tunnel2_til_Aalborg<br />
permit gre host 10.1.1.1 host 10.1.1.3<br />
!<br />
ip radius source-interface FastEthernet0/1 <br />
access-list 10 permit 172.16.241.15<br />
access-list 10 permit 172.16.0.0 0.15.255.255<br />
snmp-server community PengeBanken RO<br />
snmp-server host 172.16.241.17 version 2c PengeBanken <br />
!<br />
!<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
!<br />
scheduler allocate 20000 1000<br />
ntp clock-period 17178263<br />
ntp server 217.198.208.66<br />
end<br />
</pre><br />
<br />
==AHA01RT==<br />
<pre><br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA01RT<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu.<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0.<br />
!<br />
!<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
!<br />
!<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
!<br />
! <br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/0<br />
description TDC_MPLS<br />
ip address 172.16.255.1 255.255.255.252<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA02SWCO<br />
ip address 172.16.255.5 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
auto qos voip trust <br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1.101<br />
!<br />
interface FastEthernet0/1/0<br />
description Til_AHA01SWCO<br />
switchport access vlan 990<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/1<br />
description Til_AHA01FW<br />
switchport access vlan 991<br />
service-policy output PbPolicy<br />
!<br />
interface FastEthernet0/1/2<br />
!<br />
interface FastEthernet0/1/3<br />
!<br />
interface Serial0/2/0<br />
no ip address<br />
shutdown<br />
clock rate 2000000<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan990<br />
ip address 172.16.255.18 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
interface Vlan991<br />
ip address 172.16.255.13 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65001 subnets<br />
network 172.16.255.1 0.0.0.0 area 0<br />
network 172.16.255.5 0.0.0.0 area 0<br />
network 172.16.255.13 0.0.0.0 area 0<br />
network 172.16.255.18 0.0.0.0 area 0<br />
!<br />
router bgp 65001<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute connected<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.255.2 remote-as 65000<br />
neighbor 172.16.255.2 description TDC_MPLS<br />
neighbor 172.16.255.2 next-hop-self<br />
neighbor 172.16.255.2 soft-reconfiguration inbound<br />
neighbor 172.16.255.2 route-map 65000-RMAP-OUT out<br />
default-information originate<br />
no auto-summary<br />
!<br />
!<br />
!<br />
ip http server<br />
no ip http secure-server<br />
!<br />
!<br />
ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32<br />
ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32<br />
ip radius source-interface FastEthernet0/1 <br />
snmp-server community PengeBanken RO<br />
!<br />
!<br />
!<br />
route-map 65000-RMAP-OUT permit 10<br />
match ip address prefix-list 65000-PLIST-OUT<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
password cisco<br />
!<br />
scheduler allocate 20000 1000<br />
ntp clock-period 17179809<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
==AHA01SWCO==<br />
<pre><br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA01SWCO<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$vBG2$emquo5iIZpvTzxCkqzzWv0<br />
!<br />
username admin privilege 15 secret 5 $1$S9Eb$TFTuP.RZAaTb9mJrha.7m0<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
system mtu routing 1500<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos srr-queue input bandwidth 90 10<br />
mls qos srr-queue input threshold 1 8 16<br />
mls qos srr-queue input threshold 2 34 66<br />
mls qos srr-queue input buffers 67 33 <br />
mls qos srr-queue input cos-map queue 1 threshold 2 1<br />
mls qos srr-queue input cos-map queue 1 threshold 3 0<br />
mls qos srr-queue input cos-map queue 2 threshold 1 2<br />
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7<br />
mls qos srr-queue input cos-map queue 2 threshold 3 3 5<br />
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 32<br />
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output cos-map queue 1 threshold 3 5<br />
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7<br />
mls qos srr-queue output cos-map queue 3 threshold 3 2 4<br />
mls qos srr-queue output cos-map queue 4 threshold 2 1<br />
mls qos srr-queue output cos-map queue 4 threshold 3 0<br />
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39<br />
mls qos srr-queue output dscp-map queue 4 threshold 1 8<br />
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos queue-set output 1 threshold 1 138 138 92 138<br />
mls qos queue-set output 1 threshold 2 138 138 92 400<br />
mls qos queue-set output 1 threshold 3 36 77 100 318<br />
mls qos queue-set output 1 threshold 4 20 50 67 400<br />
mls qos queue-set output 2 threshold 1 149 149 100 149<br />
mls qos queue-set output 2 threshold 2 118 118 100 235<br />
mls qos queue-set output 2 threshold 3 41 68 100 272<br />
mls qos queue-set output 2 threshold 4 42 72 100 242<br />
mls qos queue-set output 1 buffers 10 10 26 54<br />
mls qos queue-set output 2 buffers 16 6 17 61<br />
mls qos<br />
!<br />
crypto pki trustpoint TP-self-signed-201700352<br />
enrollment selfsigned<br />
subject-name cn=IOS-Self-Signed-Certificate-201700352<br />
revocation-check none<br />
rsakeypair TP-self-signed-201700352<br />
!<br />
!<br />
crypto pki certificate chain TP-self-signed-201700352<br />
certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree etherchannel guard misconfig<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,7-11 priority 24576<br />
spanning-tree vlan 240-242 priority 28672<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
no switchport<br />
ip address 172.16.255.17 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
description Til_AHA01SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
description Til_AHA02SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/22<br />
description Til_AHA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_AHA02SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_AHA01FW<br />
no switchport<br />
ip address 172.16.255.9 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
!<br />
interface GigabitEthernet0/2<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.0.2 255.255.255.0<br />
standby 2 ip 192.168.0.1<br />
standby 2 timers msec 200 msec 800<br />
standby 2 priority 110<br />
standby 2 preempt delay minimum 300<br />
!<br />
interface Vlan7<br />
description IT-administration<br />
ip address 172.16.0.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 7 ip 172.16.0.1<br />
standby 7 timers msec 200 msec 800<br />
standby 7 priority 110<br />
standby 7 preempt delay minimum 300<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.16.8.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 8 ip 172.16.8.1<br />
standby 8 timers msec 200 msec 800<br />
standby 8 priority 110<br />
standby 8 preempt delay minimum 300<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.16.9.2 255.255.255.0<br />
ip access-group Administration in<br />
ip helper-address 172.16.241.11<br />
standby 9 ip 172.16.9.1<br />
standby 9 timers msec 200 msec 800<br />
standby 9 priority 110<br />
standby 9 preempt delay minimum 300<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.16.10.2 255.255.255.0<br />
ip access-group Bank in<br />
ip helper-address 172.16.241.11<br />
standby 10 ip 172.16.10.1<br />
standby 10 timers msec 200 msec 800<br />
standby 10 priority 110<br />
standby 10 preempt delay minimum 300<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.16.11.2 255.255.255.0<br />
ip access-group Telefoni in<br />
ip helper-address 172.16.241.11<br />
standby 11 ip 172.16.11.1<br />
standby 11 timers msec 200 msec 800<br />
standby 11 priority 110<br />
standby 11 preempt delay minimum 300<br />
!<br />
interface Vlan240<br />
description Servere<br />
ip address 172.16.240.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 240 ip 172.16.240.1<br />
standby 240 timers msec 200 msec 800<br />
!<br />
interface Vlan241<br />
description Servere<br />
ip address 172.16.241.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 241 ip 172.16.241.1<br />
standby 241 timers msec 200 msec 800<br />
!<br />
interface Vlan242<br />
description CallManager<br />
ip address 172.16.242.2 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 242 ip 172.16.242.1<br />
standby 242 timers msec 200 msec 800<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.16.0.0 0.0.255.255 area 0<br />
network 192.168.0.0 0.0.0.255 area 0<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
!<br />
ip access-list extended Administration<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Bank<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Telefoni<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
!<br />
ip radius source-interface Vlan2 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp clock-period 36029105<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AHA02SWCO==<br />
<pre><br />
version 12.2<br />
no service pad<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname AHA02SWCO<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$GxFl$DbYT2MdQ4yNpD7UJ9Iv1S1<br />
!<br />
username admin privilege 15 secret 5 $1$m/MH$fgaAuE./eyP8ThL58GW/N0<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
!<br />
!<br />
aaa session-id common<br />
system mtu routing 1500<br />
ip subnet-zero<br />
ip routing<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
!<br />
!<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
mls qos srr-queue input bandwidth 90 10<br />
mls qos srr-queue input threshold 1 8 16<br />
mls qos srr-queue input threshold 2 34 66<br />
mls qos srr-queue input buffers 67 33 <br />
mls qos srr-queue input cos-map queue 1 threshold 2 1<br />
mls qos srr-queue input cos-map queue 1 threshold 3 0<br />
mls qos srr-queue input cos-map queue 2 threshold 1 2<br />
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7<br />
mls qos srr-queue input cos-map queue 2 threshold 3 3 5<br />
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos srr-queue input dscp-map queue 1 threshold 3 32<br />
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56<br />
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output cos-map queue 1 threshold 3 5<br />
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7<br />
mls qos srr-queue output cos-map queue 3 threshold 3 2 4<br />
mls qos srr-queue output cos-map queue 4 threshold 2 1<br />
mls qos srr-queue output cos-map queue 4 threshold 3 0<br />
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55<br />
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23<br />
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39<br />
mls qos srr-queue output dscp-map queue 4 threshold 1 8<br />
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15<br />
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7<br />
mls qos queue-set output 1 threshold 1 138 138 92 138<br />
mls qos queue-set output 1 threshold 2 138 138 92 400<br />
mls qos queue-set output 1 threshold 3 36 77 100 318<br />
mls qos queue-set output 1 threshold 4 20 50 67 400<br />
mls qos queue-set output 2 threshold 1 149 149 100 149<br />
mls qos queue-set output 2 threshold 2 118 118 100 235<br />
mls qos queue-set output 2 threshold 3 41 68 100 272<br />
mls qos queue-set output 2 threshold 4 42 72 100 242<br />
mls qos queue-set output 1 buffers 10 10 26 54<br />
mls qos queue-set output 2 buffers 16 6 17 61<br />
mls qos<br />
!<br />
crypto pki trustpoint TP-self-signed-3566145536<br />
enrollment selfsigned<br />
subject-name cn=IOS-Self-Signed-Certificate-3566145536<br />
revocation-check none<br />
rsakeypair TP-self-signed-3566145536<br />
!<br />
!<br />
crypto pki certificate chain TP-self-signed-3566145536<br />
certificate self-signed 01 nvram:IOS-Self-Sig#3636.cer<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
spanning-tree mode rapid-pvst<br />
spanning-tree etherchannel guard misconfig<br />
spanning-tree extend system-id<br />
spanning-tree vlan 2,7-11 priority 28672<br />
spanning-tree vlan 240-242 priority 24576<br />
!<br />
vlan internal allocation policy ascending<br />
!<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description Til_AHA01RTVG<br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/2<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/3<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/4<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/5<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/6<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/7<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/8<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/9<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/10<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/11<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/12<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/13<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/14<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/15<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/16<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/17<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/18<br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/19<br />
description Til_AHA01FW<br />
no switchport<br />
ip address 172.16.255.21 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/20<br />
description Til_AHA01SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/21<br />
description Til_AHA02SWSL<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/22<br />
description Til_AHA01SWOP<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11<br />
switchport mode trunk<br />
mls qos trust cos<br />
spanning-tree guard root<br />
!<br />
interface FastEthernet0/23<br />
description Til_AHA01SWCO<br />
switchport trunk encapsulation dot1q<br />
switchport trunk allowed vlan 2,7-11,240-242<br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface FastEthernet0/24<br />
description Til_AHA01RT<br />
no switchport<br />
ip address 172.16.255.6 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/1<br />
!<br />
interface GigabitEthernet0/2<br />
!<br />
interface Vlan1<br />
no ip address<br />
!<br />
interface Vlan2<br />
description Management<br />
ip address 192.168.0.3 255.255.255.0<br />
standby 2 ip 192.168.0.1<br />
standby 2 timers msec 200 msec 800<br />
!<br />
interface Vlan7<br />
description IT-administration<br />
ip address 172.16.0.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 7 ip 172.16.0.1<br />
standby 7 timers msec 200 msec 800<br />
!<br />
interface Vlan8<br />
description Common_Services<br />
ip address 172.16.8.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 8 ip 172.16.8.1<br />
standby 8 timers msec 200 msec 800<br />
!<br />
interface Vlan9<br />
description Administration<br />
ip address 172.16.9.3 255.255.255.0<br />
ip access-group Administration in<br />
ip helper-address 172.16.241.11<br />
standby 9 ip 172.16.9.1<br />
standby 9 timers msec 200 msec 800<br />
!<br />
interface Vlan10<br />
description BankRaadgiver<br />
ip address 172.16.10.3 255.255.255.0<br />
ip access-group Bank in<br />
ip helper-address 172.16.241.11<br />
standby 10 ip 172.16.10.1<br />
standby 10 timers msec 200 msec 800<br />
!<br />
interface Vlan11<br />
description IP-Telefoni<br />
ip address 172.16.11.3 255.255.255.0<br />
ip access-group Telefoni in<br />
ip helper-address 172.16.241.11<br />
standby 11 ip 172.16.11.1<br />
standby 11 timers msec 200 msec 800<br />
!<br />
interface Vlan240<br />
description Servere<br />
ip address 172.16.240.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 240 ip 172.16.240.1<br />
standby 240 timers msec 200 msec 800<br />
standby 240 priority 110<br />
standby 240 preempt delay minimum 300<br />
!<br />
interface Vlan241<br />
description Servere<br />
ip address 172.16.241.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 241 ip 172.16.241.1<br />
standby 241 timers msec 200 msec 800<br />
standby 241 priority 110<br />
standby 241 preempt delay minimum 300<br />
!<br />
interface Vlan242<br />
description CallManager<br />
ip address 172.16.242.3 255.255.255.0<br />
ip helper-address 172.16.241.11<br />
standby 242 ip 172.16.242.1<br />
standby 242 timers msec 200 msec 800<br />
standby 242 priority 110<br />
standby 242 preempt delay minimum 300<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
network 172.16.0.0 0.0.255.255 area 0<br />
network 192.168.0.0 0.0.0.255 area 0<br />
!<br />
ip classless<br />
ip http server<br />
ip http secure-server<br />
!<br />
!<br />
ip access-list extended Administration<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Bank<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.3.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
ip access-list extended Telefoni<br />
permit ip any 172.16.240.0 0.0.7.255<br />
deny ip any 172.0.1.0 0.255.248.255<br />
deny ip any 172.0.2.0 0.255.248.255<br />
deny ip any 172.0.4.0 0.255.248.255<br />
deny ip any 172.0.5.0 0.255.248.255<br />
deny ip any 172.0.6.0 0.255.248.255<br />
deny ip any 172.0.7.0 0.255.248.255<br />
permit ip any any<br />
!<br />
ip radius source-interface Vlan2 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
!<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
ntp clock-period 36029150<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
==VIA01RT==<br />
<pre><br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname VIA01RT<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
enable secret 5 $1$jcK0$h6.iMf2Chj5ZSmadD8YJb1<br />
!<br />
aaa new-model<br />
!<br />
!<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local <br />
!<br />
aaa session-id common<br />
!<br />
resource policy<br />
!<br />
ip cef<br />
!<br />
!<br />
!<br />
!<br />
ip domain name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh version 2<br />
!<br />
!<br />
!<br />
voice-card 0<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
username admin privilege 15 secret 5 $1$zK2S$Cg6yVpoyI0jjfuRuy6XBb1<br />
!<br />
!<br />
class-map match-any MissionCritical-Trust<br />
match ip dscp af31 <br />
class-map match-any VoIP-RTP-Trust<br />
match ip dscp ef <br />
class-map match-any VoIP-Control-Trust<br />
match ip dscp cs3 <br />
class-map match-any Management-Trust<br />
match ip dscp cs2 <br />
!<br />
!<br />
policy-map PbPolicy<br />
class VoIP-RTP-Trust<br />
priority percent 25<br />
class VoIP-Control-Trust<br />
bandwidth percent 5<br />
class MissionCritical-Trust<br />
bandwidth percent 40<br />
class Management-Trust<br />
bandwidth percent 5<br />
class class-default<br />
fair-queue<br />
!<br />
! <br />
!<br />
crypto isakmp policy 10<br />
encr aes 256<br />
authentication pre-share<br />
group 5<br />
lifetime 1000<br />
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.1<br />
!<br />
!<br />
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac <br />
!<br />
crypto map PB_crypto_Map 10 ipsec-isakmp <br />
set peer 10.1.1.1<br />
set transform-set PB-TransformSet <br />
match address Tunnel1_til_Aarhus<br />
!<br />
!<br />
!<br />
!<br />
!<br />
interface Tunnel1<br />
ip address 172.16.254.2 255.255.255.252<br />
ip mtu 1420<br />
tunnel source FastEthernet0/0<br />
tunnel destination 10.1.1.1<br />
!<br />
interface FastEthernet0/0<br />
description Internet<br />
ip address 10.1.1.2 255.255.255.0<br />
duplex auto<br />
speed auto<br />
crypto map PB_crypto_Map<br />
!<br />
interface FastEthernet0/1<br />
description Til_VIA02SWCO<br />
ip address 172.17.255.6 255.255.255.252<br />
ip ospf network point-to-point<br />
ip ospf dead-interval minimal hello-multiplier 3<br />
duplex auto<br />
speed auto<br />
service-policy output PbPolicy<br />
!<br />
interface Serial0/1/0<br />
no ip address<br />
shutdown<br />
no fair-queue<br />
clock rate 125000<br />
!<br />
interface Serial0/1/1<br />
no ip address<br />
shutdown<br />
clock rate 125000<br />
!<br />
interface Serial0/2/0<br />
no ip address<br />
shutdown<br />
clock rate 2000000<br />
!<br />
router ospf 1<br />
log-adjacency-changes<br />
redistribute bgp 65002 metric 255 subnets<br />
network 172.17.255.6 0.0.0.0 area 0<br />
default-information originate metric 255<br />
!<br />
router bgp 65002<br />
no synchronization<br />
bgp log-neighbor-changes<br />
redistribute static<br />
redistribute ospf 1 match internal external 1 external 2<br />
neighbor 172.16.254.1 remote-as 65001<br />
neighbor 172.16.254.1 description AHA01FW<br />
neighbor 172.16.254.1 route-map 65002-RMAP-IN in<br />
neighbor 172.16.254.1 route-map 65002-RMAP-OUT out<br />
default-information originate<br />
no auto-summary<br />
!<br />
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0<br />
!<br />
!<br />
ip http server<br />
no ip http secure-server<br />
!<br />
ip access-list extended Tunnel1_til_Aarhus<br />
permit gre host 10.1.1.2 host 10.1.1.1<br />
!<br />
!<br />
ip prefix-list 65002-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32<br />
!<br />
ip prefix-list 65002-PRE-IN seq 5 deny 172.17.0.0/16 le 32<br />
ip prefix-list 65002-PRE-IN seq 15 deny 192.168.1.0/24 le 32<br />
ip prefix-list 65002-PRE-IN seq 30 permit 0.0.0.0/0 le 32<br />
ip radius source-interface FastEthernet0/1 <br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.7.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
!<br />
!<br />
!<br />
route-map 65002-RMAP-IN permit 10<br />
match ip address prefix-list 65002-PRE-IN<br />
!<br />
route-map 65002-RMAP-OUT permit 10<br />
match ip address prefix-list 65002-PLIST-OUT<br />
set as-path prepend 65002 65002 65002 65002 65002 65002 65002<br />
!<br />
!<br />
!<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
!<br />
control-plane<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
line aux 0<br />
line vty 0 4<br />
!<br />
scheduler allocate 20000 1000<br />
ntp server 172.16.255.10<br />
end<br />
</pre><br />
<br />
==AHA01SWOP==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA01SWOP<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
errdisable recovery cause psecure-violation<br />
errdisable recovery interval 600<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust dscp<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/2<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/3<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/4<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/5<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/6<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/7<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/8<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/9<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/10<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/11<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/12<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/13<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/14<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/15<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/16<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/17<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/18<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/19<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/20<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/21<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/22<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/23<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/24<br />
description < Office-Phone ><br />
switchport access vlan 7<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust cos<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
speed 10<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
speed 10<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.4 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179832<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==AHA01SWSL==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA01SWSL<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/2<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/3<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/5<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/6<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/7<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/8<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/9<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/10<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/11<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/12<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/13<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/14<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/15<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/16<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/17<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/18<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/19<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/20<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/21<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/23<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/24<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.5 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17179994<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==AHA02SWSL==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AHA02SWSL<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/2<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/3<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/4<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/5<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/6<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/7<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/8<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/9<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/10<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/11<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/12<br />
description < Server ><br />
switchport access vlan 241<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/13<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/14<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/15<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/16<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/17<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/18<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/19<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/20<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/21<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/22<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/23<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface FastEthernet0/24<br />
description < Server ><br />
switchport access vlan 242<br />
switchport mode access<br />
mls qos trust cos<br />
spanning-tree portfast<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AHA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AHA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.0.6 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.0.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17180096<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==VIA01SWOP==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname VIA01SWOP<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
errdisable recovery cause psecure-violation<br />
errdisable recovery interval 600<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
vtp domain BEO-LY<br />
vtp mode transparent<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
vlan 2,8-9 <br />
!<br />
vlan 10<br />
name LYOLAN<br />
!<br />
vlan 11 <br />
!<br />
interface FastEthernet0/1<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/2<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/3<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/4<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/5<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/6<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/7<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/8<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/9<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/10<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/11<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/12<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/13<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/14<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/15<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/16<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/17<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/18<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/19<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/20<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/21<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/22<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/23<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/24<br />
description < Office-Phone ><br />
switchport access vlan 8<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
service-policy input PbPolicy<br />
mls qos trust cos<br />
macro description cisco-phone | cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to VIA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to VI02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.1.4 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.1.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
transport input ssh<br />
!<br />
ntp clock-period 17179912<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre><br />
<br />
==AAA01SWOP==<br />
<br />
<pre><br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname AAA01SWOP<br />
!<br />
aaa new-model<br />
aaa authentication login default group radius local<br />
aaa authorization exec default group radius local<br />
enable secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
!<br />
username admin privilege 15 secret 5 $1$vAZW$oZgHRDs499pci.UOKjz7t.<br />
wrr-queue bandwidth 10 20 70 1<br />
wrr-queue cos-map 1 0 1<br />
wrr-queue cos-map 2 2 4<br />
wrr-queue cos-map 3 3 6 7<br />
wrr-queue cos-map 4 5<br />
errdisable recovery cause psecure-violation<br />
errdisable recovery interval 600<br />
!<br />
class-map match-all ManagementSNMP<br />
match access-group name MatchSNMP<br />
class-map match-all ManagementNF<br />
match access-group name MatchNF<br />
class-map match-all MissionCritical<br />
match access-group name MatchBANK<br />
class-map match-all ManagementRDP<br />
match access-group name MatchRDP<br />
class-map match-all ManagementSSH<br />
match access-group name MatchSSH<br />
!<br />
!<br />
policy-map PbPolicy<br />
class MissionCritical<br />
set ip dscp 26<br />
class ManagementRDP<br />
set ip dscp 16<br />
class ManagementSNMP<br />
set ip dscp 16<br />
class ManagementNF<br />
set ip dscp 16<br />
class ManagementSSH<br />
set ip dscp 16<br />
!<br />
mls qos map cos-dscp 0 8 16 24 32 46 48 56<br />
ip subnet-zero<br />
!<br />
ip domain-name pengebanken.dk<br />
ip name-server 172.16.241.11<br />
ip ssh time-out 120<br />
ip ssh authentication-retries 3<br />
ip ssh version 2<br />
!<br />
no file verify auto<br />
!<br />
spanning-tree mode rapid-pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/2<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/3<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/4<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/5<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/6<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/7<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/8<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/9<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/10<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/11<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/12<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/13<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/14<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/15<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/16<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/17<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/18<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/19<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/20<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/21<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/22<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/23<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface FastEthernet0/24<br />
description < Office-Phone ><br />
switchport access vlan 9<br />
switchport mode access<br />
switchport voice vlan 11<br />
switchport port-security<br />
switchport port-security maximum 2<br />
switchport port-security aging time 2<br />
switchport port-security aging type inactivity<br />
mls qos trust device cisco-phone<br />
mls qos trust cos<br />
auto qos voip cisco-phone<br />
macro description cisco-phone<br />
spanning-tree portfast<br />
spanning-tree bpduguard enable<br />
!<br />
interface GigabitEthernet0/1<br />
description <Uplink to AAA01SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
auto qos voip trust<br />
!<br />
interface GigabitEthernet0/2<br />
description <Uplink to AAA02SWCO ><br />
switchport mode trunk<br />
mls qos trust cos<br />
auto qos voip trust<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
interface Vlan2<br />
ip address 192.168.2.4 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.2.1<br />
ip http server<br />
!<br />
ip access-list extended MatchBANK<br />
permit tcp any any eq 8439<br />
ip access-list extended MatchNF<br />
permit udp any any eq 9000<br />
ip access-list extended MatchRDP<br />
permit tcp any any eq 3389<br />
ip access-list extended MatchSNMP<br />
permit udp any any eq 167<br />
ip access-list extended MatchSSH<br />
permit tcp any any eq 22<br />
ip radius source-interface Vlan2<br />
access-list 1 permit 172.16.241.17<br />
access-list 1 permit 172.16.0.0 0.0.0.255<br />
snmp-server community PengeBanken RO 1<br />
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken<br />
radius-server retransmit 3<br />
!<br />
line con 0<br />
line vty 0 4<br />
access-class 1 in<br />
length 0<br />
transport input ssh<br />
line vty 5 15<br />
!<br />
ntp clock-period 17180064<br />
ntp server 172.16.255.10<br />
!<br />
end<br />
</pre></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8126
Opgave CCDP - IP Plan og Core
2009-08-13T19:37:30Z
<p>Zhadu: /* IP og VLAN Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
<br/><br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
Core har fået følgende net: 10.0.0.0/24<br/><br />
Hvert switchblock har følgende net: 10.OSPF-AREA.VLAN.0/24 - f.eks VLAN 1, på switchblock med ospf area 1, har 10.1.1.0/24 nettet.<br/><br />
Der bliver også uddelt et switchblock range samt et ospf area til hver af filialerne.<br />
<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8125
Opgave CCDP - IP Plan og Core
2009-08-13T19:30:55Z
<p>Zhadu: /* IP og VLAN Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
<br/><br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
<br />
Core har fået følgende net: 10.0.0.0/24<br/><br />
Hvert switchblock har følgende net: 10.OSPF-AREA.VLAN.0/24 - f.eks VLAN 1, på switchblock med ospf area 1, har 10.1.1.0/24 nettet.<br/><br />
Der bliver også uddelt et switchblock range samt et ospf area til hver af filialerne.<br />
<br/><br />
<br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8124
Opgave CCDP - IP Plan og Core
2009-08-13T19:29:39Z
<p>Zhadu: /* IP og VLAN Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
<br/><br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
Core har fået følgende net: 10.0.0.0/24<br/><br />
Hvert switchblock har følgende net: 10.OSPF-AREA.VLAN.0/24 - f.eks VLAN 1, på switchblock med ospf area 1, har 10.1.1.0/24 nettet.<br/><br />
Der bliver også uddelt et switchblock range samt et ospf area til hver af filialerne.<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8123
Opgave CCDP - IP Plan og Core
2009-08-13T19:23:40Z
<p>Zhadu: /* IP og VLAN Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
<br/><br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
Core har fået følgende net: 10.0.0.0/24<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=File:OSPF.jpg&diff=8122
File:OSPF.jpg
2009-08-13T19:19:01Z
<p>Zhadu: uploaded a new version of "Image:OSPF.jpg"</p>
<hr />
<div></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8121
Opgave CCDP - IP Plan og Core
2009-08-13T19:07:57Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
<br/><br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8120
Opgave CCDP - IP Plan og Core
2009-08-13T19:07:30Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br/><br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8119
Opgave CCDP - IP Plan og Core
2009-08-13T18:54:11Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
*Switchblock beregninger<br />
Vi går ud fra, at der er 3500 aktive bruger på netværket.<br />
Med hver switchblock, er hardware mæssigt mulighed for 23 Access switche, og med 22 frie porte per switch, giver det en fysisk mulighed for 506 brugere per switchblock.<br/><br />
Ved at devidere 3500 med 506, er det minimum brug for 7 switchblocke. Vi har så valgt at bruge 10 switchblocke, for at kunne dække et stort nok område, samt ikke makse switchblockende helt ud.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8118
Opgave CCDP - IP Plan og Core
2009-08-13T17:03:34Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske årsager.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8117
Opgave CCDP - IP Plan og Core
2009-08-13T17:00:07Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske grunde.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader summerization af routes mellem switchene.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8116
Opgave CCDP - IP Plan og Core
2009-08-13T16:43:27Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske grunde.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br/><br />
Distributions switchene er forbundet med et enkelt link, hvilket tillader lokal summerization af routes.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8115
Opgave CCDP - IP Plan og Core
2009-08-13T16:13:36Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
*Core design<br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br />
<br />
<br/><br />
*Switchblock design<br />
<br />
Vores switchblocke er bygget op af de to lag, Access og Destribution. I vores Access lag har vi valgt L2 switche, udelukkende på grund af økonomiske grunde.<br/><br />
På Access laget opsættes der 802.1x som godkender op imod en NAC server, hvilket der bliver skrevet mere om i "IP og VLAN Plan"<br/><br />
Fra hver Access switch er der en redundant forbindelse til Distributions laget, som består af to L3 switche.<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8114
Opgave CCDP - IP Plan og Core
2009-08-13T15:48:20Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
Core design:<br/><br />
Core'en er bygget op af fire L3 switche, som er delt op over to lokationer. I hver lokation er switchene forbundet via etherchannels.<br/><br />
Grunden for de to lokationer, er for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8113
Opgave CCDP - IP Plan og Core
2009-08-13T15:41:26Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br/><br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
Core design:<br/><br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8112
Opgave CCDP - IP Plan og Core
2009-08-13T15:41:08Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
Core design:<br/><br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan nå netværket rundt, selvom en etherchannel inde i core'en gik ned.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8111
Opgave CCDP - IP Plan og Core
2009-08-13T15:39:14Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
Udstyr brugt i design:<br/><br />
Cisco 2950 L2 switche.<br/><br />
Cisco 3560 L3 switche.<br />
<br />
<br />
Core design:<br/><br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at core'ens <br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8110
Opgave CCDP - IP Plan og Core
2009-08-13T15:37:00Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Udstyr brugt i design:<br />
Cisco 2950 L2 switche.<br />
Cisco 3560 L3 switche.<br />
<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
<br />
Core design:<br/><br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br/><br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at core'ens <br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8109
Opgave CCDP - IP Plan og Core
2009-08-13T13:02:48Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Udstyr brugt i design:<br />
Cisco 2950 L2 switche.<br />
Cisco 3560 L3 switche.<br />
<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br/><br />
<br />
Core design:<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at core'ens <br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8107
Opgave CCDP - IP Plan og Core
2009-08-13T12:55:00Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Udstyr brugt i design:<br />
Cisco 2950 L2 switche.<br />
Cisco 3560 L3 switche.<br />
<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br />
<br/><br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8106
Opgave CCDP - IP Plan og Core
2009-08-13T12:54:36Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Udstyr brugt i design:<br />
Cisco 2950 L2 switche.<br />
Cisco 3560 L3 switche.<br />
<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb reserve links, i tilfælde af nedbrud.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet. Det har også været diskuteret at spanne, men det er ikke best practice, og VRF'er gir nogle problemer, og kræver mere administration.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8103
Opgave CCDP - IP Plan og Core
2009-08-13T12:51:54Z
<p>Zhadu: /* IP og VLAN Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Udstyr brugt i design:<br />
Cisco 2950 L2 switche.<br />
Cisco 3560 L3 switche.<br />
<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP og VLAN Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br/><br />
I netværket har vi valgt at køre ren IP/L3 fra distribution og opefter. Linket mellem distribusions switchene kører også Lag3. Dvs. vi spanner ikke VLANS ud over vores netværk. For at kunne holde nettene adskilt laver vi access lister med de Wildcards der står defineret i billedet.<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8100
Opgave CCDP - IP Plan og Core
2009-08-13T12:47:31Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
Udstyr brugt i design:<br />
Cisco 2950 L2 switche.<br />
Cisco 3560 L3 switche.<br />
<br />
Vi foreslår dog at man køber to styks Cisco 6500 series switche til Core'en.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=IP Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8097
Opgave CCDP - IP Plan og Core
2009-08-13T12:45:25Z
<p>Zhadu: </p>
<hr />
<div>[[Opgave CCDP]]<br />
<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
=IP Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8092
Opgave CCDP - IP Plan og Core
2009-08-13T11:58:38Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
=IP Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
Vores switchblock design bygger på Cisco's best practice, i det<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8091
Opgave CCDP - IP Plan og Core
2009-08-13T11:57:29Z
<p>Zhadu: /* IP Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
=IP Plan=<br />
[[image:IP PLAN.jpg|500px|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8089
Opgave CCDP - IP Plan og Core
2009-08-13T11:57:12Z
<p>Zhadu: /* IP Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
=IP Plan=<br />
[[image:IP PLAN.jpg|center|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8088
Opgave CCDP - IP Plan og Core
2009-08-13T11:56:56Z
<p>Zhadu: /* IP Plan */</p>
<hr />
<div>[[Opgave CCDP]]<br />
=IP Plan=<br />
[[image:IP PLAN.jpg|right|thumb|Accessliste opdeling|]]<br />
* IP net = 10.0.0.0/8<br />
* Core/Access = 10.0.0.0/9<br />
* Datacenter = 10.128.0.0/10<br />
* Edge = 10.192.0.0/10<br />
<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8083
Opgave CCDP - IP Plan og Core
2009-08-13T11:49:47Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br/><br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=File:OSPF.jpg&diff=8081
File:OSPF.jpg
2009-08-13T11:47:15Z
<p>Zhadu: uploaded a new version of "Image:OSPF.jpg"</p>
<hr />
<div></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8076
Opgave CCDP - IP Plan og Core
2009-08-13T11:41:40Z
<p>Zhadu: /* Core og Switchblock */</p>
<hr />
<div>[[Opgave CCDP]]<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
De to core lokationer er forbundet med to 1Gb links, som kun bruges som reserve links.<br />
De to reserve links, sikre at data stadigvæk kan sendes rundt, selvom at flere links mellem Core og Switchbloke blev destrueret.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8069
Opgave CCDP - IP Plan og Core
2009-08-13T11:15:04Z
<p>Zhadu: </p>
<hr />
<div>[[Opgave CCDP]]<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
Vi har prøvet så vidt muligt at inkorporere kundens eksisterende udstyr i vores design.<br />
<br />
Core design:<br />
<br />
Vores core design bygger meget på Scalability, Reliability og Security.<br />
<br />
Core'en er delt op over to lokationer, for at minimere sansynligheden for nedbrud ved f. eks brand.<br />
<br />
<br />
<br />
<br/><br />
Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8066
Opgave CCDP - IP Plan og Core
2009-08-13T11:04:50Z
<p>Zhadu: </p>
<hr />
<div>[[Opgave CCDP]]<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
*Core design<br />
<br />
*Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|center|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8065
Opgave CCDP - IP Plan og Core
2009-08-13T11:04:33Z
<p>Zhadu: </p>
<hr />
<div>[[Opgave CCDP]]<br />
=Core og Switchblock=<br />
[[Image:CORE&DIST.jpg|600px|center|thumb|Core design with attached Switchblock]]<br />
*Core design<br />
<br />
*Switchblock design<br />
<br />
=OSPF area opdeling=<br />
[[Image:OSPF.jpg|300px|right|thumb|Indeling af OSPF Areas]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=File:IP_PLAN.jpg&diff=8064
File:IP PLAN.jpg
2009-08-13T10:57:12Z
<p>Zhadu: </p>
<hr />
<div></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=File:OSPF.jpg&diff=8063
File:OSPF.jpg
2009-08-13T10:56:59Z
<p>Zhadu: </p>
<hr />
<div></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8061
Opgave CCDP - IP Plan og Core
2009-08-13T10:53:42Z
<p>Zhadu: </p>
<hr />
<div>[[Opgave CCDP]]<br />
[[Image:CORE&DIST.jpg|600px|right|thumb|Core design with attached Switchblock]]<br />
*Core design<br />
<br />
*Switchblock design</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8060
Opgave CCDP - IP Plan og Core
2009-08-13T10:51:21Z
<p>Zhadu: </p>
<hr />
<div>[[Opgave CCDP]]<br />
[[Image:CORE&DIST.jpg|600px|right|thumb|Core design with attached Switchblock]]</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=File:CORE%26DIST.jpg&diff=8058
File:CORE&DIST.jpg
2009-08-13T10:46:15Z
<p>Zhadu: </p>
<hr />
<div></div>
Zhadu
http://mars.merhot.dk/w/index.php?title=Opgave_CCDP_-_IP_Plan_og_Core&diff=8037
Opgave CCDP - IP Plan og Core
2009-08-13T09:02:14Z
<p>Zhadu: New page: Ehm. It just works :D</p>
<hr />
<div>Ehm.<br />
<br />
It just works :D</div>
Zhadu
http://mars.merhot.dk/w/index.php?title=File:Eem_white_paper.pdf&diff=3370
File:Eem white paper.pdf
2009-04-07T11:18:17Z
<p>Zhadu: </p>
<hr />
<div></div>
Zhadu