****************************** SWITCH CONFIG ****************************** ! ! No configuration change since last restart ! version 12.2 no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname SW11-3560-01 ! boot-start-marker boot-end-marker ! logging buffered 32000 warnings no logging console ! username chall privilege 15 secret 5 $1$IEv5$nAtQe4Zgy10/QocwxoJlg1 username wjerrell privilege 15 password 7 13250018595C527F username twessel privilege 15 password 7 096C5A1E4855404A username sready privilege 15 password 7 12391605415B5D53 username att privilege 15 password 7 05080F1C2243 ! ! no aaa new-model clock timezone EST -5 clock summer-time EDT recurring system mtu routing 1500 ! track 1 ip sla 1 reachability delay down 20 up 60 authentication mac-move permit ip subnet-zero ip routing no ip domain-lookup ip domain-name securityfederalbank.com ! ! ! mls qos ! crypto pki trustpoint TP-self-signed-1409162368 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1409162368 revocation-check none rsakeypair TP-self-signed-1409162368 ! ! crypto pki certificate chain TP-self-signed-1409162368 certificate self-signed 01 3082025E 308201C7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31343039 31363233 3638301E 170D3933 30333031 30303031 33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34303931 36323336 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BDDD 83AEA523 2827414E 1EBB3BBA 7C92931D 4E784032 80BF0FEF 04986F46 F632366D 6B401D71 7D9EDCA4 A0FFC382 AFC03A98 77B7D340 C361F839 8CF08C4F 1D463D7B DBE12407 A8FAA485 35EF8C9A 7A3098DD 2BC88588 2873DC2A F210408E 012DC61B 331653AD 583E4EA3 4975DAD0 43ECFA63 2D346C8A 6258DD34 4CCD89DC B0710203 010001A3 81853081 82300F06 03551D13 0101FF04 05300301 01FF302F 0603551D 11042830 26822453 5731312D 33353630 2D30312E 73656375 72697479 66656465 72616C62 616E6B2E 636F6D30 1F060355 1D230418 30168014 829374CC EB5CC26B ED132945 C2A78373 E9DEA9F2 301D0603 551D0E04 16041482 9374CCEB 5CC26BED 132945C2 A78373E9 DEA9F230 0D06092A 864886F7 0D010104 05000381 81001098 1FDEB5E0 CECB8CA8 6931EC51 2B89E66D 81AD9D56 646EE412 1A604769 DC983BD5 14BC31BF 34944E66 4BED79B1 9B9C08CD F2A80329 F0B39AE5 3F6150CA D311A32D DAD0F1FE 21C9C008 106E8811 00F5A805 186ED988 DAEF7DCA EE289AD7 65AEE0C3 9AB35498 F6DF3874 DEAA2180 2740FB88 97040402 F20430F4 A8E3B16B 736C quit ! ! ! errdisable recovery cause psecure-violation ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id spanning-tree vlan 1-3,10,172 priority 8192 ! vlan internal allocation policy ascending ! ! ! ! interface Port-channel1 description Uplinks to 2960-1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk ! interface Port-channel2 description Uplinks to 2960-2 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk ! interface GigabitEthernet0/1 description Uplink to 2960-1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk channel-protocol lacp channel-group 1 mode active spanning-tree portfast trunk ! interface GigabitEthernet0/2 description Uplink to 2960-1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk channel-protocol lacp channel-group 1 mode active spanning-tree portfast trunk ! interface GigabitEthernet0/3 description VM02 Network VMNIC0 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk ! interface GigabitEthernet0/4 description VM02 iSCSI VMNIC2 switchport access vlan 4 switchport mode access mls qos trust dscp spanning-tree portfast ! interface GigabitEthernet0/5 description SAN switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk switchport voice vlan 172 spanning-tree portfast ! interface GigabitEthernet0/6 description DMZ Firewall Interface switchport access vlan 3 switchport mode access ! interface GigabitEthernet0/7 description ws11mgr01 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk switchport voice vlan 172 switchport port-security maximum 3 switchport port-security mac-address 0010.4907.6a03 switchport port-security mac-address 001c.c49b.16ec mls qos trust dscp spanning-tree portfast ! interface GigabitEthernet0/8 description Con to RT11-2811-01 WAN switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk speed 100 duplex full spanning-tree portfast ! interface GigabitEthernet0/9 description Uplink to 2960-2 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk channel-protocol lacp channel-group 2 mode active spanning-tree portfast trunk ! interface GigabitEthernet0/10 description Uplink to 2960-2 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk channel-protocol lacp channel-group 2 mode active spanning-tree portfast trunk ! interface GigabitEthernet0/11 description Fedline switchport access vlan 3 switchport mode access ! interface GigabitEthernet0/12 description SAN switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk spanning-tree portfast ! interface GigabitEthernet0/13 description VM01 VMNIC3 iSCSI switchport access vlan 4 switchport mode access mls qos trust dscp spanning-tree portfast ! interface GigabitEthernet0/14 description jConnect outside int switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/15 description iSensor Mgt Port switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk mls qos trust dscp spanning-tree portfast ! interface GigabitEthernet0/16 description Centurion outside int switchport access vlan 2 switchport mode access switchport port-security mac-address sticky spanning-tree portfast ! interface GigabitEthernet0/17 description jConnect inside 0/2 switchport access vlan 10 switchport trunk encapsulation dot1q switchport mode access ! interface GigabitEthernet0/18 description F/W inside int switchport access vlan 10 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/19 description Firewall outside int switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/20 description iSensor outside int switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/21 description VM01 Network VMNIC1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk switchport voice vlan 172 mls qos trust dscp spanning-tree portfast ! interface GigabitEthernet0/22 description VM01 Network VMNIC4 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk mls qos trust dscp ! interface GigabitEthernet0/23 description Con to SG Switch switchport access vlan 172 switchport mode access mls qos trust dscp spanning-tree portfast ! interface GigabitEthernet0/24 description Con to SG T1 switchport access vlan 172 switchport mode access switchport voice vlan 172 spanning-tree portfast ! interface GigabitEthernet0/25 description Con to Switch2 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/26 description Con to Switch3 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/27 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/28 switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 description WCOLA_Switch_Mgmt ip address 10.255.128.1 255.255.255.0 no ip redirects ! interface Vlan3 description DMZ no ip address no ip redirects ! interface Vlan4 description iSCSI/Replication ip address 10.20.130.1 255.255.255.0 ip helper-address 10.20.128.3 no ip redirects ! interface Vlan10 description WCOLA_Data_Network ip address 10.20.128.1 255.255.255.0 ip helper-address 10.20.128.3 ip helper-address 10.20.128.4 no ip redirects ! interface Vlan131 description iSCSI Network ip address 10.20.131.1 255.255.255.0 ! interface Vlan172 description WCOLA_Voice_Network ip address 172.20.128.1 255.255.255.0 ip helper-address 10.20.128.3 ip helper-address 10.20.128.4 no ip redirects ! router bgp 2386 no bgp log-neighbor-changes neighbor 10.20.128.110 remote-as 65213 neighbor 12.96.115.65 remote-as 2386 ! address-family ipv4 neighbor 10.20.128.110 activate neighbor 10.20.128.110 route-map DefaultRoute out neighbor 12.96.115.65 activate no auto-summary no synchronization network 10.15.1.0 mask 255.255.255.0 network 10.20.11.0 mask 255.255.255.0 network 10.20.117.0 mask 255.255.255.0 network 10.20.128.0 mask 255.255.255.0 network 10.20.130.0 mask 255.255.255.0 network 10.23.24.0 mask 255.255.255.0 network 10.49.49.0 mask 255.255.255.0 network 10.49.128.0 mask 255.255.255.0 network 10.100.102.0 mask 255.255.255.0 network 10.255.128.0 mask 255.255.255.0 network 170.209.0.2 mask 255.255.255.255 network 170.209.0.3 mask 255.255.255.255 network 172.20.128.0 mask 255.255.255.0 exit-address-family ! ip classless ip route 10.15.1.0 255.255.255.0 10.20.128.110 track 1 ip route 10.23.24.0 255.255.255.0 10.20.128.110 track 1 ip route 10.49.128.0 255.255.255.0 10.20.128.110 track 1 ip route 10.15.1.0 255.255.255.0 10.20.128.16 10 ip route 10.20.11.0 255.255.255.0 10.20.128.195 ip route 10.23.24.0 255.255.255.0 10.20.128.16 10 ip route 10.49.128.0 255.255.255.0 10.20.128.16 10 ip route 10.100.102.0 255.255.255.0 10.20.128.2 ip route 10.255.0.0 255.255.0.0 10.20.128.110 ip route 12.94.186.84 255.255.255.252 10.20.128.195 ip route 12.96.115.65 255.255.255.255 10.20.128.195 ip route 170.209.0.2 255.255.255.255 10.20.128.12 ip route 170.209.0.2 255.255.255.255 10.20.128.195 ip route 170.209.0.3 255.255.255.255 10.20.128.12 ip route 170.209.0.3 255.255.255.255 10.20.128.195 ip route 172.16.1.0 255.255.255.224 10.20.128.195 ip http server ip http authentication local no ip http secure-server ! ! ! ip prefix-list 10 seq 1 deny 10.20.0.0/16 ip prefix-list 10 seq 2 deny 172.20.0.0/16 ip prefix-list 10 seq 5 permit 0.0.0.0/0 ip sla 1 icmp-echo 10.45.45.1 source-ip 10.20.128.1 timeout 1000 threshold 500 frequency 3 ip sla schedule 1 life forever start-time now ip sla enable reaction-alerts access-list 5 permit 0.0.0.0 access-list 10 permit 10.255.128.0 0.0.0.255 access-list 15 permit 10.20.130.0 0.0.0.255 access-list 20 permit 172.20.128.0 0.0.0.255 access-list 25 permit 12.96.115.64 0.0.0.25 access-list 30 permit 10.20.11.0 0.0.0.255 access-list 35 permit 10.15.1.0 0.0.0.255 access-list 40 permit 10.100.102.0 0.0.0.255 access-list 45 permit 10.20.117.0 0.0.0.255 access-list 50 permit 10.49.49.0 0.0.0.255 access-list 55 permit 10.23.24.0 0.0.0.255 access-list 60 permit 10.49.128.0 0.0.0.255 route-map DefaultRoute permit 10 match ip address 5 10 20 25 15 30 35 40 45 50 55 60 set as-path prepend 2386 2386 2386 ! route-map JConnect permit 15 match ip address 35 50 55 60 set local-preference 50 set weight 0 ! ! snmp-server community sfbnet RO snmp-server location West Columbia snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps errdisable snmp-server host 10.20.102.15 sfbnet ! banner motd ^C ****************************************************************************** THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY! INDIVIDUALS USING THIS COMPUTER SYSTEM WITHOUT AUTHORITY, OR IN EXCESS OF THEIR AUTHORITY, ARE SUBJECT TO DISCIPLINARY ACTION. ANYONE USING THIS SYSTEM EXPRESSLY CONSENTS TO MONITORING. BY ACCESSING THIS SYSTEM, YOU ARE ACCEPTING RESPONSIBILITY FOR ALL OF YOUR ACTIONS. THIS SYSTEM IS THE PROPERTY OF SECURITY FEDERAL BANK. ****************************************************************************** ^C ! line con 0 line vty 0 4 password 7 0822455D0A16 login local length 0 transport input telnet ssh transport output telnet ssh line vty 5 15 password 7 14141B180F0B login local transport input telnet ssh transport output telnet ssh ! ntp clock-period 36029054 ntp server 10.20.102.141 end ****************************** ROUTER CONFIG ****************************** ! ! No configuration change since last restart ! version 12.4 service timestamps debug datetime localtime show-timezone service timestamps log datetime msec localtime service password-encryption ! hostname RT11-2811-02 ! boot-start-marker boot-end-marker ! logging buffered 64000 warnings no logging console enable secret 5 $1$dMym$RwxePZpmGG5Pjc8tg4zyI/ ! no aaa new-model memory-size iomem 25 clock timezone EST -5 clock summer-time EST recurring dot11 syslog no ip source-route ip cef ! ! ! ! no ip bootp server no ip domain lookup ip domain name secfedbank.com multilink bundle-name authenticated ! ! ! ! ! username chall privilege 15 secret 5 $1$IEv5$nAtQe4Zgy10/QocwxoJlg1 username twessel privilege 15 password 7 052B575F7614 username sready privilege 15 password 7 106E5A495440 username att privilege 15 password 7 00071A150754 username wjerrell privilege 15 password 7 13250018595C527F archive log config logging enable notify syslog contenttype plaintext hidekeys ! ! ip ssh version 2 ! class-map match-all NMC_RP match access-group 178 class-map match-all NMC_SNMP match access-group 180 class-map match-any Business_Ingress match access-group 130 class-map match-any NMC match access-group 178 match access-group 180 class-map match-any Business_Data match ip dscp af21 match access-group 130 class-map match-any Voice match ip dscp ef match access-group name Voice-Traffic class-map match-any Voice_Ingress match access-group name Voice-Traffic class-map match-all COS3_SAA match ip dscp af21 match access-group 179 class-map match-all COS2_SAA match ip dscp af31 match access-group 179 class-map match-all COS1_SAA match ip dscp ef match access-group 179 class-map match-all COS4_SAA match ip dscp default match access-group 179 class-map match-all COS4_TRAFFIC match access-group 184 class-map match-any COS4 match class-map COS4_SAA match class-map COS4_TRAFFIC class-map match-all COS3_TRAFFIC match access-group 183 class-map match-any COS3 match class-map COS3_SAA match class-map COS3_TRAFFIC class-map match-all COS2_TRAFFIC match access-group 182 class-map match-any COS2 match class-map COS2_SAA match class-map COS2_TRAFFIC class-map match-all COS1_TRAFFIC match access-group 181 class-map match-any COS1 match class-map COS1_SAA match class-map COS1_TRAFFIC class-map match-any COS3_NONCONF match ip dscp af22 class-map match-any COS2_NONCONF match ip dscp af32 ! ! policy-map NMC_CLASSIFICATION class NMC_RP police cir 16000 bc 8000 be 8000 conform-action set-dscp-transmit cs6 exceed-action set-dscp-transmit cs6 class NMC_SNMP police cir 16000 bc 8000 be 8000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af21 policy-map COS4_CLASSIFICATION class COS4_TRAFFIC police cir 328000 bc 41000 be 41000 conform-action set-dscp-transmit default exceed-action set-dscp-transmit default policy-map COS2_CLASSIFICATION class COS2_TRAFFIC police cir 432000 bc 54000 be 54000 conform-action set-dscp-transmit af31 exceed-action set-dscp-transmit af32 policy-map COS3_CLASSIFICATION class COS3_TRAFFIC police cir 328000 bc 41000 be 41000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af22 policy-map COS1_CLASSIFICATION class COS1_TRAFFIC police cir 6000000 conform-action set-dscp-transmit ef exceed-action drop policy-map LAN_EGRESS_REMARK_PASSIVE class COS2_NONCONF set ip dscp af31 class COS3_NONCONF set ip dscp af21 policy-map Voice_Traffic class Voice bandwidth percent 40 class Business_Data bandwidth percent 20 class class-default fair-queue random-detect dscp-based policy-map CE_EGRESS_QUEUING class NMC bandwidth remaining percent 2 random-detect dscp-based random-detect exponential-weighting-constant 1 random-detect dscp 18 100 200 10 random-detect dscp 48 200 300 10 service-policy NMC_CLASSIFICATION class COS1 priority 6000 service-policy COS1_CLASSIFICATION class COS2 bandwidth remaining percent 20 random-detect dscp-based random-detect exponential-weighting-constant 1 random-detect dscp 26 480 640 10 random-detect dscp 28 260 380 10 service-policy COS2_CLASSIFICATION class COS3 bandwidth remaining percent 20 random-detect dscp-based random-detect exponential-weighting-constant 1 random-detect dscp 18 360 480 10 random-detect dscp 20 190 290 10 service-policy COS3_CLASSIFICATION class COS4 bandwidth remaining percent 20 random-detect dscp-based random-detect exponential-weighting-constant 1 random-detect dscp 0 361 480 10 service-policy COS4_CLASSIFICATION policy-map QOS_INGRESS_LAN class Business_Ingress set ip dscp af21 class Voice_Ingress set ip dscp ef ! ! ! ! interface FastEthernet0/0 ip address 10.20.128.110 255.255.255.0 ip flow ingress ip flow egress ip route-cache flow load-interval 30 speed 100 full-duplex ! interface FastEthernet0/0.172 description voice encapsulation dot1Q 172 no ip redirects no cdp enable ! interface FastEthernet0/1 no ip address ip route-cache flow speed 100 full-duplex service-policy output CE_EGRESS_QUEUING ! interface FastEthernet0/1.50 description W. Columbia - AT&T MLEC978948 bandwidth 20000 encapsulation dot1Q 50 ip address 192.168.0.98 255.255.255.252 ip flow ingress ip flow egress no cdp enable ! interface Serial0/1/0 no ip address shutdown ! interface Serial0/3/0 no ip address shutdown ! router bgp 65213 no synchronization bgp log-neighbor-changes network 10.20.128.0 mask 255.255.255.0 neighbor 10.20.128.1 remote-as 2386 neighbor 192.168.0.97 remote-as 13979 no auto-summary ! ip forward-protocol nd ip route 170.209.0.2 255.255.255.255 10.20.128.1 ip route 170.209.0.3 255.255.255.255 10.20.128.1 ! ip flow-cache timeout active 1 ip flow-export version 9 ip flow-export destination 10.20.102.15 2055 ! no ip http server no ip http secure-server ! logging trap debugging logging source-interface FastEthernet0/0 logging 10.20.102.15 access-list 10 permit 0.0.0.0 access-list 130 permit ip 10.20.0.0 0.0.255.255 10.20.0.0 0.0.255.255 access-list 178 permit tcp any any eq bgp access-list 178 permit tcp any eq bgp any access-list 179 permit icmp any any access-list 180 permit ip any host 200.200.200.200 access-list 181 remark Define & permit customer traffic to CoS1 access-list 181 permit ip 172.20.0.0 0.0.255.255 any access-list 181 permit ip any any dscp ef access-list 182 remark Define & permit customer traffic to CoS2 access-list 182 permit ip host 10.20.99.99 any access-list 182 permit ip any host 10.20.102.253 access-list 182 permit ip any host 10.20.102.254 access-list 182 permit ip any any dscp af31 access-list 182 permit ip host 10.20.128.254 any access-list 183 remark Define & permit customer traffic to CoS3 access-list 183 permit ip any host 10.20.102.33 access-list 183 permit ip any host 10.20.102.35 access-list 183 permit ip any any dscp af21 access-list 184 remark Permit remaining customer traffic to CoS4 access-list 184 permit ip any any snmp-server community sfbnet RO snmp-server ifindex persist snmp-server enable traps envmon snmp-server enable traps bgp snmp-server enable traps dot11-qos snmp-server enable traps ipsla snmp-server host 10.20.102.15 sfbnet snmp-server host 10.20.102.21 sfbnet ! ! control-plane ! banner motd ^CC ****************************************************************************** THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY! INDIVIDUALS USING THIS COMPUTER SYSTEM WITHOUT AUTHORITY, OR IN EXCESS OF THEIR AUTHORITY, ARE SUBJECT TO DISCIPLINARY ACTION. ANYONE USING THIS SYSTEM EXPRESSLY CONSENTS TO MONITORING. BY ACCESSING THIS SYSTEM, YOU ARE ACCEPTING RESPONSIBILITY FOR ALL OF YOUR ACTIONS. THIS SYSTEM IS THE PROPERTY OF SECURITY FEDERAL BANK. ****************************************************************************** ^C ! line con 0 line aux 0 line vty 0 4 login local transport input ssh transport output ssh line vty 5 15 login local transport input ssh transport output ssh ! scheduler allocate 20000 1000 ntp clock-period 17178058 ntp server 10.20.102.141 end