! Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(53)SG4, RELEASE SOFTWARE (fc2) ! ! Image: Software: cat4500-IPBASEK9-M, 12.2(53)SG4, RELEASE SOFTWARE (fc2) ! Image: Compiled: Fri 25-Feb-11 14:30 by prod_rel_team ! Image: bootflash:cat4500-ipbasek9-mz.122-53.SG4.bin ! Chassis type: WS-C4948-10GE ! Memory: main 262144K ! Processor ID: FOX1447G9JD ! CPU: MPC8540, MPC8540 CPU at 667Mhz, Fixed Module ! Memory: nvram 511K ! ! VTP: VTP Version capable : 1 to 3 ! VTP: VTP version running : 1 ! VTP: VTP Domain Name : ! VTP: VTP Pruning Mode : Disabled ! VTP: VTP Traps Generation : Disabled ! VTP: Device ID : 503d.e555.a100 ! VTP: Feature VLAN: ! VTP: -------------- ! VTP: VTP Operating Mode : Off ! VTP: Maximum VLANs supported locally : 1005 ! VTP: Number of existing VLANs : 55 ! VTP: Configuration Revision : 0 ! VTP: MD5 digest : 0x3E 0x9A 0xFB 0x23 0xF4 0xD1 0x1A 0xA5 ! VTP: 0x2A 0xD6 0xF3 0xB5 0xFA 0x4B 0x82 0x7C ! ! NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4948-10GE 1 slot switch " ! PID: , VID: , SN: FOX1447G9JD ! ! NAME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 10GE (X2) Supervisor with 48 10/100/1000BaseT ports and 2 10GE X" ! PID: WS-C4948-10GE , VID: V11 , SN: FOX1447G9JD ! ! NAME: "TenGigabitEthernet1/49", DESCR: "10Gbase-SR" ! PID: X2-10GB-SR , VID: V03 , SN: RPDXXS65 ! ! NAME: "TenGigabitEthernet1/50", DESCR: "10Gbase-SR" ! PID: X2-10GB-SR , VID: V04 , SN: G2002167341 ! ! NAME: "Power Supply 1", DESCR: "Power Supply ( AC 300W )" ! PID: PWR-C49-300AC , VID: , SN: QCS1449B03W ! ! NAME: "Power Supply 2", DESCR: "Power Supply ( AC 300W )" ! PID: PWR-C49-300AC , VID: , SN: QCS1448B0F4 ! ! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption service compress-config ! hostname ASW-DRN-R2.7.5-1 ! boot-start-marker boot system bootflash:cat4500-ipbasek9-mz.122-53.SG4.bin boot-end-marker ! enable password cisco ! username admin privilege 15 password 0 cisco no aaa new-model ip subnet-zero no ip routing ! ! ip vrf mgmtVrf ! vtp mode off ! ! ! errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause gbic-invalid errdisable recovery cause psecure-violation errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast-flood errdisable recovery cause vmps errdisable recovery interval 30 power redundancy-mode redundant ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name SW-MANAGEMENT ! vlan 15 name SERVERIUS-L2 ! vlan 20 name LITESERVER ! vlan 21 name IPMI-APC-1 ! vlan 22 name VLAN22 ! vlan 101 name VPS-VL1 ! vlan 102-132 ! vlan 250 name DEDI-VL1 ! vlan 251 name DEDI-VL2 ! vlan 252 name INFRABLOCKS-VL1 ! vlan 501 name VLAN501 ! vlan 502 name LC538-VL1 ! vlan 503 name VLAN503 ! vlan 504 name LC351-VL2 ! vlan 505 name LC612-VL1 ! vlan 507 name LC3212-VL1 ! vlan 508 name IC6258-VL1 ! vlan 509 name IC6260-VL1 ! vlan 511,518 ! vlan 3002 name LC1219-VL1 ! vlan 3003 name LC612-VL2-internal ! vlan 3004-3008 ! ! ! interface Port-channel1 description S1339-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel2 description S1340-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel4 description S1341-LACP switchport switchport access vlan 518 switchport trunk encapsulation dot1q switchport trunk allowed vlan 15,20,22 switchport mode access ! interface Port-channel5 description S1342-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel6 description S1343-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel7 description S1344-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel10 description S1345-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel12 description S1346-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel13 description S1347-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel15 description S1177-LACP switchport switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface Port-channel16 description QFX switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel17 description S1348-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel18 description S1349-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel19 description S1350-LACP switchport switchport access vlan 518 switchport mode access ! interface Port-channel37 description microcloud-1-S1050-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel39 description microcloud-1-S1048-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel40 description microcloud-1-S1047-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel43 description LC1674-S0018-LACP switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 511,3008 switchport mode trunk ! interface Port-channel63 description S1111-LACP switchport switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface FastEthernet1 ip vrf forwarding mgmtVrf no ip address no ip route-cache speed auto duplex auto ! interface GigabitEthernet1/1 description S1339-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 1 mode active ! interface GigabitEthernet1/2 description S1340-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 2 mode active ! interface GigabitEthernet1/3 description S1003 switchport access vlan 504 spanning-tree portfast ! interface GigabitEthernet1/4 description S1341-1 switchport access vlan 518 switchport trunk encapsulation dot1q switchport trunk allowed vlan 15,20,22 switchport mode access channel-protocol lacp channel-group 4 mode active ! interface GigabitEthernet1/5 description S1342-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 5 mode active ! interface GigabitEthernet1/6 description S1343-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 6 mode active ! interface GigabitEthernet1/7 description S1344-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 7 mode active ! interface GigabitEthernet1/8 description S1008 switchport access vlan 250 spanning-tree portfast ! interface GigabitEthernet1/9 description S1111-1 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface GigabitEthernet1/10 description S1345-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 10 mode active ! interface GigabitEthernet1/11 description S1011 switchport access vlan 251 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/12 description S1346-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 12 mode active ! interface GigabitEthernet1/13 description S1347-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 13 mode active ! interface GigabitEthernet1/14 description S1115 switchport access vlan 251 ! interface GigabitEthernet1/15 description S1177-1 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk channel-protocol lacp channel-group 15 mode active ! interface GigabitEthernet1/16 description S1177-2 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk channel-protocol lacp channel-group 15 mode active ! interface GigabitEthernet1/17 description S1348-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 17 mode active ! interface GigabitEthernet1/18 description S1349-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 18 mode active ! interface GigabitEthernet1/19 description S1350-1 switchport access vlan 518 switchport mode access channel-protocol lacp channel-group 19 mode active ! interface GigabitEthernet1/20 description S1112-1 switchport access vlan 518 switchport mode access ! interface GigabitEthernet1/21 description S1106 switchport trunk encapsulation dot1q switchport trunk allowed vlan 505,3003 switchport mode trunk spanning-tree portfast ! interface GigabitEthernet1/22 description S1025 switchport access vlan 508 spanning-tree portfast ! interface GigabitEthernet1/23 description S1054 switchport access vlan 252 spanning-tree portfast ! interface GigabitEthernet1/24 description S1109 switchport access vlan 250 spanning-tree portfast ! interface GigabitEthernet1/25 ! interface GigabitEthernet1/26 spanning-tree portfast ! interface GigabitEthernet1/27 description UPLINK-3548 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20-22 switchport mode trunk ! interface GigabitEthernet1/28 description S1107 switchport trunk encapsulation dot1q switchport trunk allowed vlan 505,3003 switchport mode trunk spanning-tree portfast ! interface GigabitEthernet1/29 description S1059 switchport access vlan 250 ! interface GigabitEthernet1/30 switchport mode access channel-protocol lacp ! interface GigabitEthernet1/31 switchport mode access channel-protocol lacp ! interface GigabitEthernet1/32 description S1020 switchport access vlan 250 ip access-group NLDRNKVMSSDC7 out spanning-tree portfast ! interface GigabitEthernet1/33 description S1195 switchport access vlan 250 ! interface GigabitEthernet1/34 description microcloud-1-S1053 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/35 description microcloud-1-S1052 switchport access vlan 251 spanning-tree portfast ! interface GigabitEthernet1/36 description microcloud-1-S1051 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/37 description microcloud-1-S1050 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 37 mode active ! interface GigabitEthernet1/38 description microcloud-1-S1049 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/39 description microcloud-1-S1048 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 39 mode active ! interface GigabitEthernet1/40 description microcloud-1-S1047 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 40 mode active ! interface GigabitEthernet1/41 description microcloud-1-S1046 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface GigabitEthernet1/42 ip access-group NLDRNKVMSSDC6 out spanning-tree portfast ! interface GigabitEthernet1/43 description LC1674-S0018-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 511,3008 switchport mode trunk channel-protocol lacp channel-group 43 mode active ! interface GigabitEthernet1/44 ip access-group NLDRNKVMSSDC5 out spanning-tree portfast ! interface GigabitEthernet1/45 spanning-tree portfast ! interface GigabitEthernet1/46 ! interface GigabitEthernet1/47 description LC1674-S0018-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 511,3008 switchport mode trunk channel-protocol lacp channel-group 43 mode active ! interface GigabitEthernet1/48 description S1111-2 switchport access vlan 507 switchport trunk encapsulation dot1q switchport trunk allowed vlan 507,3004-3007 switchport mode trunk ! interface TenGigabitEthernet1/49 description QFX1 switchport trunk encapsulation dot1q switchport mode trunk channel-protocol lacp channel-group 16 mode active ! interface TenGigabitEthernet1/50 description QFX2 switchport trunk encapsulation dot1q switchport mode trunk channel-protocol lacp channel-group 16 mode active ! interface Vlan1 ip address dhcp no ip route-cache shutdown ! interface Vlan10 description SW-MANAGEMENT ip address 10.10.1.54 255.255.255.0 no ip route-cache ! ip default-gateway 10.10.1.1 no ip http server no ip http secure-server ! ip access-list extended DDOS-FILTER deny udp any host 88.214.28.7 permit ip any any ip access-list extended DNS-BLOCK permit tcp any eq 22 host 5.2.65.25 permit tcp host 5.2.65.25 any eq 22 deny ip any any ip access-list extended JARNO deny udp any eq 58892 host 5.2.65.4 deny udp host 5.2.65.3 eq 58892 any deny udp any eq 58892 host 5.2.65.5 deny udp host 5.2.65.5 eq 58892 any deny udp any eq 58892 host 5.2.65.6 deny udp host 5.2.65.6 eq 58892 any deny udp any eq 58892 host 5.2.65.7 deny udp host 5.2.65.7 eq 58892 any permit ip any any ip access-list extended NLDRNKVMSSDC2 deny udp any host 5.2.64.11 eq 80 deny udp any eq domain host 5.2.64.11 eq 443 deny tcp any eq smtp host 5.2.67.213 deny tcp host 5.2.67.213 eq smtp any permit ip any any ip access-list extended NLDRNKVMSSDC4 deny tcp any eq smtp host 5.2.73.248 deny tcp host 5.2.73.248 eq smtp any deny tcp any eq smtp host 5.2.73.252 deny tcp any eq smtp host 5.2.73.253 permit ip any any ip access-list extended NLDRNKVMSSDC5 permit ip any any ip access-list extended NLDRNKVMSSDC6 deny tcp any eq smtp host 5.2.64.90 deny tcp host 5.2.64.90 eq smtp any deny tcp any eq smtp host 5.2.72.162 deny tcp any eq smtp host 5.2.67.15 deny tcp any eq smtp host 5.2.67.148 deny tcp any eq smtp host 5.2.77.68 permit ip any any ip access-list extended NLDRNKVMSSDC7 deny tcp any eq smtp host 5.2.73.249 deny tcp host 5.2.73.249 eq smtp any permit ip any any ip access-list extended ONE2XS-OUT permit udp host 89.188.29.4 eq domain any permit udp host 46.249.35.104 eq domain any deny udp any eq ntp host 5.2.65.132 deny udp any eq ntp host 5.2.65.140 deny udp any eq ntp host 5.2.65.141 deny udp any eq ntp host 5.2.65.142 deny udp any eq ntp host 5.2.65.143 deny udp any eq ntp host 5.2.65.144 deny udp any eq ntp host 5.2.65.145 deny udp any eq ntp host 5.2.65.146 deny udp any eq 1900 host 5.2.65.132 deny udp any eq 1434 host 5.2.65.132 deny udp any eq domain host 5.2.65.132 deny udp any eq domain host 5.2.65.140 deny udp any eq domain host 5.2.65.141 deny udp any eq domain host 5.2.65.142 deny udp any eq domain host 5.2.65.143 deny udp any eq domain host 5.2.65.144 deny udp any eq domain host 5.2.65.145 deny udp any eq domain host 5.2.65.146 deny udp any eq 0 host 5.2.65.132 deny udp any eq 0 host 5.2.65.146 permit ip any any ip access-list extended S1009-MAIKEL permit ip host 89.220.212.23 host 46.249.35.74 permit ip host 82.94.20.55 host 46.249.35.74 permit ip host 84.28.120.174 host 46.249.35.74 deny ip any host 46.249.35.74 permit ip any any ip access-list extended SMTPBLOCK deny tcp any eq smtp any deny tcp any any eq smtp permit ip any any ip access-list extended VPN-IPMI permit ip host 87.238.175.213 any permit ip host 89.220.212.23 any deny ip any host 5.2.65.40 permit ip any any ! logging history size 500 access-list 10 permit 84.24.245.221 access-list 10 permit 185.31.172.233 access-list 10 permit 80.114.121.176 access-list 10 permit 185.31.172.228 access-list 10 permit 176.117.62.1 access-list 10 permit 185.31.172.247 access-list 10 permit 185.31.172.244 access-list 10 permit 89.188.29.0 0.0.0.127 access-list 10 remark telnet and ssh access-list 10 permit 87.238.173.128 0.0.0.127 access-list 10 permit 0.0.0.1 255.255.255.254 ! snmp-server community publicaccess RO snmp-server location Serverius-2.7.5 Dronten snmp-server contact support@liteserver.nl ! control-plane ! ! line con 0 password cisco stopbits 1 line vty 0 4 access-class 10 in password cisco login local transport input telnet ssh ! end