! Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(53)SG4, RELEASE SOFTWARE (fc2) ! ! Image: Software: cat4500-IPBASEK9-M, 12.2(53)SG4, RELEASE SOFTWARE (fc2) ! Image: Compiled: Fri 25-Feb-11 14:30 by prod_rel_team ! Image: bootflash:cat4500-ipbasek9-mz.122-53.SG4.bin ! Chassis type: WS-C4948-10GE ! Memory: main 262144K ! Processor ID: FOX1447G9JD ! CPU: MPC8540, MPC8540 CPU at 667Mhz, Fixed Module ! Memory: nvram 511K ! ! VTP: VTP Version capable : 1 to 3 ! VTP: VTP version running : 1 ! VTP: VTP Domain Name : ! VTP: VTP Pruning Mode : Disabled ! VTP: VTP Traps Generation : Disabled ! VTP: Device ID : 503d.e555.a100 ! VTP: Feature VLAN: ! VTP: -------------- ! VTP: VTP Operating Mode : Off ! VTP: Maximum VLANs supported locally : 1005 ! VTP: Number of existing VLANs : 54 ! VTP: Configuration Revision : 0 ! VTP: MD5 digest : 0x1B 0x68 0x3D 0xF4 0xD4 0x44 0x8C 0x34 ! VTP: 0xE2 0xCB 0x6A 0x73 0x48 0x67 0xC4 0x3B ! ! NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4948-10GE 1 slot switch " ! PID: , VID: , SN: FOX1447G9JD ! ! NAME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 10GE (X2) Supervisor with 48 10/100/1000BaseT ports and 2 10GE X" ! PID: WS-C4948-10GE , VID: V11 , SN: FOX1447G9JD ! ! NAME: "TenGigabitEthernet1/49", DESCR: "10Gbase-SR" ! PID: X2-10GB-SR , VID: V03 , SN: RPDXXS65 ! ! NAME: "TenGigabitEthernet1/50", DESCR: "10Gbase-SR" ! PID: X2-10GB-SR , VID: V04 , SN: G2002167341 ! ! NAME: "Power Supply 1", DESCR: "Power Supply ( AC 300W )" ! PID: PWR-C49-300AC , VID: , SN: QCS1449B03W ! ! NAME: "Power Supply 2", DESCR: "Power Supply ( AC 300W )" ! PID: PWR-C49-300AC , VID: , SN: QCS1448B0F4 ! ! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption service compress-config ! hostname ASW-DRN-R2.7.5-1 ! boot-start-marker boot system bootflash:cat4500-ipbasek9-mz.122-53.SG4.bin boot-end-marker ! enable password cisco ! username admin privilege 15 password 0 cisco no aaa new-model ip subnet-zero no ip routing ! ! ip vrf mgmtVrf ! vtp mode off ! ! ! errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause gbic-invalid errdisable recovery cause psecure-violation errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast-flood errdisable recovery cause vmps errdisable recovery interval 30 power redundancy-mode redundant ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name SW-MANAGEMENT ! vlan 15 name SERVERIUS-L2 ! vlan 20 name LITESERVER ! vlan 21 name IPMI-APC-1 ! vlan 22 name VLAN22 ! vlan 101 name VPS-VL1 ! vlan 102-132 ! vlan 250 name DEDI-VL1 ! vlan 251 name DEDI-VL2 ! vlan 252 name INFRABLOCKS-VL1 ! vlan 501 name VLAN501 ! vlan 502 name LC538-VL1 ! vlan 503 name VLAN503 ! vlan 504 name LC351-VL2 ! vlan 505 name LC612-VL1 ! vlan 507 name LC3212-VL1 ! vlan 508 name IC6258-VL1 ! vlan 509 name IC6260-VL1 ! vlan 511 ! vlan 3002 name LC1219-VL1 ! vlan 3003 name LC612-VL2-internal ! vlan 3004-3008 ! ! ! interface Port-channel15 description S1177-LACP switchport switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface Port-channel16 description QFX switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel39 description microcloud-1-S1048-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel40 description microcloud-1-S1047-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel43 description LC1674-S0018-LACP switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 511,3008 switchport mode trunk ! interface Port-channel63 description S1111-LACP switchport switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface FastEthernet1 ip vrf forwarding mgmtVrf no ip address no ip route-cache speed auto duplex auto ! interface GigabitEthernet1/1 spanning-tree portfast ! interface GigabitEthernet1/2 spanning-tree portfast ! interface GigabitEthernet1/3 description S1003 switchport access vlan 504 spanning-tree portfast ! interface GigabitEthernet1/4 switchport trunk encapsulation dot1q switchport trunk allowed vlan 15,20,22 switchport mode access ! interface GigabitEthernet1/5 spanning-tree portfast ! interface GigabitEthernet1/6 switchport access vlan 21 spanning-tree portfast ! interface GigabitEthernet1/7 spanning-tree portfast ! interface GigabitEthernet1/8 description S1008 switchport access vlan 250 spanning-tree portfast ! interface GigabitEthernet1/9 description S1111-1 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface GigabitEthernet1/10 switchport access vlan 22 spanning-tree portfast ! interface GigabitEthernet1/11 description S1011 switchport access vlan 21 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/12 spanning-tree portfast ! interface GigabitEthernet1/13 spanning-tree portfast ! interface GigabitEthernet1/14 description S1115 switchport access vlan 251 ! interface GigabitEthernet1/15 description S1177-1 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk channel-protocol lacp channel-group 15 mode active ! interface GigabitEthernet1/16 description S1177-2 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk channel-protocol lacp channel-group 15 mode active ! interface GigabitEthernet1/17 description S1112 switchport access vlan 508 ! interface GigabitEthernet1/18 spanning-tree portfast ! interface GigabitEthernet1/19 spanning-tree portfast ! interface GigabitEthernet1/20 switchport mode access ! interface GigabitEthernet1/21 description S1106 switchport trunk encapsulation dot1q switchport trunk allowed vlan 505,3003 switchport mode trunk spanning-tree portfast ! interface GigabitEthernet1/22 description S1025 switchport access vlan 508 spanning-tree portfast ! interface GigabitEthernet1/23 description S1054 switchport access vlan 252 spanning-tree portfast ! interface GigabitEthernet1/24 description S1109 switchport access vlan 250 spanning-tree portfast ! interface GigabitEthernet1/25 ! interface GigabitEthernet1/26 spanning-tree portfast ! interface GigabitEthernet1/27 description UPLINK-3548 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20-22 switchport mode trunk ! interface GigabitEthernet1/28 description S1107 switchport trunk encapsulation dot1q switchport trunk allowed vlan 505,3003 switchport mode trunk spanning-tree portfast ! interface GigabitEthernet1/29 description S1059 switchport access vlan 250 ! interface GigabitEthernet1/30 switchport mode access channel-protocol lacp ! interface GigabitEthernet1/31 switchport mode access channel-protocol lacp ! interface GigabitEthernet1/32 description S1020 switchport access vlan 250 ip access-group NLDRNKVMSSDC7 out spanning-tree portfast ! interface GigabitEthernet1/33 description S1195 switchport access vlan 250 ! interface GigabitEthernet1/34 description microcloud-1-S1053 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/35 description microcloud-1-S1052 switchport access vlan 251 spanning-tree portfast ! interface GigabitEthernet1/36 description microcloud-1-S1051 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/37 description microcloud-1-S1050 switchport access vlan 21 switchport mode access ! interface GigabitEthernet1/38 description microcloud-1-S1049 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/39 description microcloud-1-S1048 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 39 mode active ! interface GigabitEthernet1/40 description microcloud-1-S1047 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 40 mode active ! interface GigabitEthernet1/41 description microcloud-1-S1046 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/42 ip access-group NLDRNKVMSSDC6 out spanning-tree portfast ! interface GigabitEthernet1/43 description LC1674-S0018-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 511,3008 switchport mode trunk channel-protocol lacp channel-group 43 mode active ! interface GigabitEthernet1/44 ip access-group NLDRNKVMSSDC5 out spanning-tree portfast ! interface GigabitEthernet1/45 spanning-tree portfast ! interface GigabitEthernet1/46 ! interface GigabitEthernet1/47 description LC1674-S0018-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 511,3008 switchport mode trunk channel-protocol lacp channel-group 43 mode active ! interface GigabitEthernet1/48 description S1111-2 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface TenGigabitEthernet1/49 description QFX1 switchport trunk encapsulation dot1q switchport mode trunk channel-protocol lacp channel-group 16 mode active ! interface TenGigabitEthernet1/50 description QFX2 switchport trunk encapsulation dot1q switchport mode trunk channel-protocol lacp channel-group 16 mode active ! interface Vlan1 ip address dhcp no ip route-cache shutdown ! interface Vlan10 description SW-MANAGEMENT ip address 10.10.1.54 255.255.255.0 no ip route-cache ! ip default-gateway 10.10.1.1 no ip http server no ip http secure-server ! ip access-list extended DDOS-FILTER deny udp any host 88.214.28.7 permit ip any any ip access-list extended DNS-BLOCK permit tcp any eq 22 host 5.2.65.25 permit tcp host 5.2.65.25 any eq 22 deny ip any any ip access-list extended JARNO deny udp any eq 58892 host 5.2.65.4 deny udp host 5.2.65.3 eq 58892 any deny udp any eq 58892 host 5.2.65.5 deny udp host 5.2.65.5 eq 58892 any deny udp any eq 58892 host 5.2.65.6 deny udp host 5.2.65.6 eq 58892 any deny udp any eq 58892 host 5.2.65.7 deny udp host 5.2.65.7 eq 58892 any permit ip any any ip access-list extended NLDRNKVMSSDC2 deny udp any host 5.2.64.11 eq 80 deny udp any eq domain host 5.2.64.11 eq 443 deny tcp any eq smtp host 5.2.67.213 deny tcp host 5.2.67.213 eq smtp any permit ip any any ip access-list extended NLDRNKVMSSDC4 deny tcp any eq smtp host 5.2.73.248 deny tcp host 5.2.73.248 eq smtp any deny tcp any eq smtp host 5.2.73.252 deny tcp any eq smtp host 5.2.73.253 permit ip any any ip access-list extended NLDRNKVMSSDC5 permit ip any any ip access-list extended NLDRNKVMSSDC6 deny tcp any eq smtp host 5.2.64.90 deny tcp host 5.2.64.90 eq smtp any deny tcp any eq smtp host 5.2.72.162 deny tcp any eq smtp host 5.2.67.15 deny tcp any eq smtp host 5.2.67.148 deny tcp any eq smtp host 5.2.77.68 permit ip any any ip access-list extended NLDRNKVMSSDC7 deny tcp any eq smtp host 5.2.73.249 deny tcp host 5.2.73.249 eq smtp any permit ip any any ip access-list extended ONE2XS-OUT permit udp host 89.188.29.4 eq domain any permit udp host 46.249.35.104 eq domain any deny udp any eq ntp host 5.2.65.132 deny udp any eq ntp host 5.2.65.140 deny udp any eq ntp host 5.2.65.141 deny udp any eq ntp host 5.2.65.142 deny udp any eq ntp host 5.2.65.143 deny udp any eq ntp host 5.2.65.144 deny udp any eq ntp host 5.2.65.145 deny udp any eq ntp host 5.2.65.146 deny udp any eq 1900 host 5.2.65.132 deny udp any eq 1434 host 5.2.65.132 deny udp any eq domain host 5.2.65.132 deny udp any eq domain host 5.2.65.140 deny udp any eq domain host 5.2.65.141 deny udp any eq domain host 5.2.65.142 deny udp any eq domain host 5.2.65.143 deny udp any eq domain host 5.2.65.144 deny udp any eq domain host 5.2.65.145 deny udp any eq domain host 5.2.65.146 deny udp any eq 0 host 5.2.65.132 deny udp any eq 0 host 5.2.65.146 permit ip any any ip access-list extended S1009-MAIKEL permit ip host 89.220.212.23 host 46.249.35.74 permit ip host 82.94.20.55 host 46.249.35.74 permit ip host 84.28.120.174 host 46.249.35.74 deny ip any host 46.249.35.74 permit ip any any ip access-list extended SMTPBLOCK deny tcp any eq smtp any deny tcp any any eq smtp permit ip any any ip access-list extended VPN-IPMI permit ip host 87.238.175.213 any permit ip host 89.220.212.23 any deny ip any host 5.2.65.40 permit ip any any ! logging history size 500 access-list 10 permit 84.24.245.221 access-list 10 permit 185.31.172.233 access-list 10 permit 80.114.121.176 access-list 10 permit 185.31.172.228 access-list 10 permit 176.117.62.1 access-list 10 permit 185.31.172.247 access-list 10 permit 185.31.172.244 access-list 10 permit 89.188.29.0 0.0.0.127 access-list 10 remark telnet and ssh access-list 10 permit 87.238.173.128 0.0.0.127 access-list 10 permit 0.0.0.1 255.255.255.254 ! snmp-server community publicaccess RO snmp-server location Serverius-2.7.5 Dronten snmp-server contact support@liteserver.nl ! control-plane ! ! line con 0 password cisco stopbits 1 line vty 0 4 access-class 10 in password cisco login local transport input telnet ssh ! end