! Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(53)SG4, RELEASE SOFTWARE (fc2) ! ! Image: Software: cat4500-IPBASEK9-M, 12.2(53)SG4, RELEASE SOFTWARE (fc2) ! Image: Compiled: Fri 25-Feb-11 14:30 by prod_rel_team ! Image: bootflash:cat4500-ipbasek9-mz.122-53.SG4.bin ! Chassis type: WS-C4948-10GE ! Memory: main 262144K ! Processor ID: FOX1352GF7E ! CPU: MPC8540, MPC8540 CPU at 667Mhz, Fixed Module ! Memory: nvram 511K ! ! VTP: VTP Version capable : 1 to 3 ! VTP: VTP version running : 1 ! VTP: VTP Domain Name : ! VTP: VTP Pruning Mode : Disabled ! VTP: VTP Traps Generation : Disabled ! VTP: Device ID : c84c.7506.2780 ! VTP: Feature VLAN: ! VTP: -------------- ! VTP: VTP Operating Mode : Off ! VTP: Maximum VLANs supported locally : 1005 ! VTP: Number of existing VLANs : 46 ! VTP: Configuration Revision : 0 ! VTP: MD5 digest : 0x39 0x0D 0x1B 0xF2 0xF6 0xBC 0x2D 0x18 ! VTP: 0xCB 0x79 0x93 0x4F 0x23 0x81 0xDC 0x8F ! ! NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4948-10GE 1 slot switch " ! PID: , VID: , SN: FOX1352GF7E ! ! NAME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 10GE (X2) Supervisor with 48 10/100/1000BaseT ports and 2 10GE X" ! PID: WS-C4948-10GE , VID: V10 , SN: FOX1352GF7E ! ! NAME: "TenGigabitEthernet1/49", DESCR: "10Gbase-SR" ! PID: X2-10GB-SR , VID: V04 , SN: G2002167354 ! ! NAME: "TenGigabitEthernet1/50", DESCR: "10Gbase-SR" ! PID: X2-10GB-SR , VID: V03 , SN: ONT134301P4 ! ! NAME: "Power Supply 1", DESCR: "Power Supply ( AC 300W )" ! PID: PWR-C49-300AC , VID: , SN: PAC14150L0T ! ! NAME: "Power Supply 2", DESCR: "Power Supply ( AC 300W )" ! PID: PWR-C49-300AC , VID: , SN: QCS1411B16F ! ! ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname ASW-DRN-R3.5.6-1 ! boot-start-marker boot system bootflash:cat4500-ipbasek9-mz.122-53.SG4.bin boot-end-marker ! enable password cisco ! username admin privilege 15 password 0 cisco no aaa new-model ip subnet-zero no ip routing ! ! ip vrf mgmtVrf ! vtp mode off ! ! ! power redundancy-mode redundant ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name SW-MANAGEMENT ! vlan 20 name LITESERVER ! vlan 21 name IPMI-APC-1 ! vlan 22 name VLAN22 ! vlan 101 name VPS-VL1 ! vlan 102-132,250 ! vlan 252 name Infra-Blocks ! vlan 504 name LC351-VL2 ! vlan 506 name LC1674-VL1 ! vlan 510 ! vlan 3000 name LC916-internal ! vlan 3001 name LC1674-internal ! ! ! interface Port-channel2 description CK1674-S0001-LACP switchport switchport access vlan 506 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,510,3001 switchport mode trunk ! interface Port-channel13 description S1090-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel16 description QFX switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel44 description S1097-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 250 switchport mode trunk ! interface Port-channel45 description CK1674-S0004-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,3001 switchport mode trunk ip access-group CK1674-S0004 out ! interface Port-channel46 description S1127-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ip access-group NLDRNKVMHDD4 out ! interface Port-channel47 description S1065-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ip access-group NLDRNKVMHDD3 out ! interface Port-channel48 description S1122-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ip access-group NLDRNKVMHDD2 out ! interface Port-channel49 description S1113-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ip access-group NLDRNKVMHDD1 out ! interface Port-channel50 description S1126-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk ip access-group NLDRNKVMSSD7 out ! interface Port-channel51 description CK1674-S0003-LACP switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,510,3001 switchport mode trunk ip access-group CK1674-S0003 out ! interface Port-channel52 description S1102-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ip access-group NLDRNKVMNVME1 out ! interface Port-channel53 description S1101-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk ip access-group NLDRNKVMSSD6 out ! interface Port-channel58 description S1071-LACP switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk ip access-group NLDRNKVMSSD4 out ! interface Port-channel59 description S1207-LACP switchport switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk ! interface Port-channel60 description S1114-LACP switchport switchport access vlan 504 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk ip access-group NLDRNKVMSSD3 out ! interface Port-channel61 description S1093-LACP switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk ip access-group NLDRNOVZSSD4 out ! interface Port-channel62 description S1098-LACP switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk ip access-group NLDRNOVZSSD5 out ! interface Port-channel63 description KVMSSD-5 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk ip access-group NLDRNKVMSSD5 out ! interface FastEthernet1 ip vrf forwarding mgmtVrf no ip address no ip route-cache speed auto duplex auto ! interface GigabitEthernet1/1 ip access-group NLDRNOVZSSDC1 out ! interface GigabitEthernet1/2 description CK1674-S0001-1 switchport access vlan 506 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,510,3001 switchport mode trunk channel-protocol lacp channel-group 2 mode active ! interface GigabitEthernet1/3 description CK1674-S0004-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,3001 switchport mode trunk channel-protocol lacp channel-group 45 mode active ! interface GigabitEthernet1/4 description CK1674-S0004-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,3001 switchport mode trunk channel-protocol lacp channel-group 45 mode active ! interface GigabitEthernet1/5 ip access-group NLDRNKVMSSD1 out ! interface GigabitEthernet1/6 description S1078-1 switchport access vlan 20 ! interface GigabitEthernet1/7 description S1207-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 59 mode active ! interface GigabitEthernet1/8 description S1207-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 59 mode active ! interface GigabitEthernet1/9 switchport mode access ! interface GigabitEthernet1/10 switchport mode access ! interface GigabitEthernet1/11 switchport mode access ! interface GigabitEthernet1/12 switchport mode access ! interface GigabitEthernet1/13 description S1090-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 13 mode active ! interface GigabitEthernet1/14 description S1090-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 13 mode active ! interface GigabitEthernet1/15 description ASW-3.5.6-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20-22 switchport mode trunk ! interface GigabitEthernet1/16 switchport mode access ! interface GigabitEthernet1/17 description S1071-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 58 mode active ! interface GigabitEthernet1/18 description S1071-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 58 mode active ! interface GigabitEthernet1/19 description S1093-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk channel-protocol lacp channel-group 61 mode active ! interface GigabitEthernet1/20 description S1093-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk channel-protocol lacp channel-group 61 mode active ! interface GigabitEthernet1/21 description S1097-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 250 switchport mode trunk channel-protocol lacp channel-group 44 mode active ! interface GigabitEthernet1/22 description S1097-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 250 switchport mode trunk channel-protocol lacp channel-group 44 mode active ! interface GigabitEthernet1/23 description S1096-1 switchport access vlan 506 spanning-tree portfast ! interface GigabitEthernet1/24 description S1065-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 47 mode active ! interface GigabitEthernet1/25 description S1098-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk channel-protocol lacp channel-group 62 mode active ! interface GigabitEthernet1/26 description S1098-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk channel-protocol lacp channel-group 62 mode active ! interface GigabitEthernet1/27 description KVMSSD-5-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 63 mode active ! interface GigabitEthernet1/28 description KVMSSD-5-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 63 mode active ! interface GigabitEthernet1/29 description S1101-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 53 mode active ! interface GigabitEthernet1/30 description S1101-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 53 mode active ! interface GigabitEthernet1/31 switchport mode access ! interface GigabitEthernet1/32 switchport mode access ! interface GigabitEthernet1/33 description S1102-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 52 mode active ! interface GigabitEthernet1/34 description S1102-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 52 mode active ! interface GigabitEthernet1/35 description CK1674-S0003-1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,510,3001 switchport mode trunk channel-protocol lacp channel-group 51 mode active ! interface GigabitEthernet1/36 description CK1674-S0003-2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 506,510,3001 switchport mode trunk channel-protocol lacp channel-group 51 mode active ! interface GigabitEthernet1/37 description S1114-1 switchport access vlan 504 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 60 mode active ! interface GigabitEthernet1/38 description S1114-2 switchport access vlan 504 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 60 mode active spanning-tree portfast ! interface GigabitEthernet1/39 description S1126-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 50 mode active ! interface GigabitEthernet1/40 description S1126-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 21,101-132,252 switchport mode trunk channel-protocol lacp channel-group 50 mode active ! interface GigabitEthernet1/41 description S1065-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 47 mode active ! interface GigabitEthernet1/42 description S1127-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 46 mode active ! interface GigabitEthernet1/43 description S1127-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 46 mode active ! interface GigabitEthernet1/44 switchport mode access ! interface GigabitEthernet1/45 description S1113-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 49 mode active ! interface GigabitEthernet1/46 description S1113-2 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 49 mode active ! interface GigabitEthernet1/47 description S1122-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 48 mode active ! interface GigabitEthernet1/48 description S1122-1 switchport access vlan 21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,101-132,201-204,250-252,508,509 switchport mode trunk channel-protocol lacp channel-group 48 mode active ! interface TenGigabitEthernet1/49 description QFX2 switchport trunk encapsulation dot1q switchport mode trunk channel-protocol lacp channel-group 16 mode active ! interface TenGigabitEthernet1/50 description QFX1 switchport trunk encapsulation dot1q switchport mode trunk channel-protocol lacp channel-group 16 mode active ! interface Vlan1 ip address 192.168.2.19 255.255.255.0 no ip route-cache ! interface Vlan10 description SW-MANAGEMENT ip address 10.10.1.59 255.255.255.0 no ip route-cache ! ip default-gateway 10.10.1.1 no ip http server no ip http secure-server ! ip access-list extended CK1674-S0003 deny tcp any eq smtp host 185.213.172.159 deny tcp any eq smtp host 185.213.172.16 deny tcp any eq smtp host 185.213.172.160 deny tcp any eq smtp host 185.213.172.161 permit ip any any ip access-list extended CK1674-S0004 permit ip any any ip access-list extended FILTER deny tcp any eq smtp host 5.2.72.109 deny tcp host 5.2.72.109 eq smtp any permit ip any any ip access-list extended FILTER-2 deny ip any host 5.2.65.245 permit ip host 84.24.234.134 host 5.2.65.245 permit ip 87.238.173.0 0.0.0.255 host 5.2.65.245 permit ip 89.188.29.0 0.0.0.255 host 5.2.65.245 permit ip any any ip access-list extended NLDRNKVMHDD1 permit ip any any ip access-list extended NLDRNKVMHDD2 permit ip any any ip access-list extended NLDRNKVMHDD3 permit ip any any ip access-list extended NLDRNKVMHDD4 permit ip any any ip access-list extended NLDRNKVMNVME1 deny tcp any eq smtp host 5.255.96.139 deny tcp any eq smtp host 5.2.77.73 deny tcp any eq smtp host 5.2.78.190 deny tcp any eq smtp host 5.2.79.47 deny tcp any eq smtp host 5.2.79.137 deny tcp any eq smtp host 5.2.78.38 deny tcp any eq smtp host 5.255.96.241 deny tcp any eq smtp host 5.255.96.204 deny tcp any eq smtp host 5.255.96.11 deny tcp any eq smtp host 5.2.77.119 deny tcp any eq smtp host 5.2.79.12 deny tcp any eq smtp host 5.255.96.40 permit ip any any ip access-list extended NLDRNKVMSSD ip access-list extended NLDRNKVMSSD1 permit ip any any ip access-list extended NLDRNKVMSSD2 permit ip any any ip access-list extended NLDRNKVMSSD3 permit ip any any ip access-list extended NLDRNKVMSSD4 permit ip any any ip access-list extended NLDRNKVMSSD5 permit ip any any ip access-list extended NLDRNKVMSSD6 deny tcp any eq smtp host 5.2.77.236 permit ip any any ip access-list extended NLDRNKVMSSD7 deny tcp any eq smtp host 5.2.77.155 deny tcp any eq smtp host 5.255.96.112 permit ip any any ip access-list extended NLDRNOVZSSD1 deny tcp any eq smtp host 5.2.74.116 permit ip any any ip access-list extended NLDRNOVZSSD2 deny tcp any eq smtp host 5.2.72.213 deny tcp any eq smtp host 5.2.79.76 deny tcp any eq smtp host 5.2.78.242 deny tcp any eq smtp host 5.2.76.226 permit ip any any ip access-list extended NLDRNOVZSSD4 deny tcp any eq smtp host 5.2.76.213 permit ip any any ip access-list extended NLDRNOVZSSD5 deny tcp any eq smtp host 5.2.67.225 deny tcp host 5.2.67.225 eq smtp any deny tcp any eq smtp host 5.2.67.226 deny tcp host 5.2.67.226 eq smtp any deny tcp any eq smtp host 5.2.67.247 deny tcp host 5.2.67.247 any eq smtp deny tcp any eq smtp host 5.2.67.231 deny tcp host 5.2.67.231 any eq smtp deny tcp any eq smtp host 5.2.77.123 permit ip any any ip access-list extended NLDRNOVZSSD6 deny tcp any eq smtp host 5.2.78.153 deny tcp any eq smtp host 5.2.78.169 deny tcp any eq smtp host 5.2.73.45 deny tcp any eq smtp host 5.2.79.88 deny tcp any eq smtp host 5.2.79.168 permit ip any any ip access-list extended NLDRNOVZSSDC1 deny tcp any eq smtp host 5.2.64.132 permit ip any any ip access-list extended NLDRNOVZSSDC2 deny tcp any eq smtp host 5.2.73.89 deny tcp host 5.2.73.89 eq smtp any deny tcp any eq smtp host 5.2.73.88 deny tcp host 5.2.73.88 eq smtp any deny tcp any eq smtp host 5.2.73.91 deny tcp host 5.2.73.91 eq smtp any deny tcp any eq smtp host 5.2.73.193 deny tcp host 5.2.73.193 eq smtp any permit ip any any ! logging history size 500 access-list 10 permit 185.31.172.233 access-list 10 permit 80.114.121.176 access-list 10 permit 185.31.172.228 access-list 10 permit 185.31.172.247 access-list 10 permit 185.31.172.244 access-list 10 permit 89.188.29.0 0.0.0.127 access-list 10 remark telnet and ssh access-list 10 permit 87.238.173.128 0.0.0.127 access-list 10 permit 192.168.2.0 0.0.0.255 access-list 10 permit 0.0.0.1 255.255.255.254 ! snmp-server community public RO 10 snmp-server location Serverius-3.5.6 Dronten snmp-server contact support@liteserver.nl snmp ifmib ifindex persist ! control-plane ! ! line con 0 password cisco stopbits 1 line vty 0 4 access-class 10 in password cisco login local transport input telnet ssh ! end