!
! Last configuration change at 17:21:29 UTC Wed Jan 23 2019 by admin
!
version 16.6
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 250000
!
hostname Router01
!
boot-start-marker
boot system bootflash:c1100-universalk9_ias.16.06.05.SPA.bin
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
enable secret 5 <MASKED PASSWORD>
enable password 7 <MASKED PASSWORD>
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
!
aaa session-id common
clock timezone UTC -5 0
no ip source-route
no ip gratuitous-arps
!
!
ip nbar http-services
!
no ip bootp server
ip name-server 1.1.1.1 1.0.0.1
ip domain name <MASKED DOMAIN NAME>
no ip dhcp conflict logging
ip dhcp excluded-address 10.0.0.1 10.0.0.100
ip dhcp excluded-address 10.0.40.1 10.0.40.10
!
ip dhcp pool ENTERPRISE
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.1
 dns-server 1.1.1.1 1.0.0.1
!
ip dhcp pool GUESTS
 network 10.0.40.0 255.255.255.0
 default-router 10.0.40.1
 dns-server 1.1.1.1 1.0.0.1
!
!
!
login block-for 360 attempts 5 within 360
!
!
!
!
!
!
!
subscriber templating
no routing-default-optimize
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2716140574
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2716140574
 revocation-check none
 rsakeypair TP-self-signed-2716140574
!
!
crypto pki certificate chain TP-self-signed-2716140574
 certificate self-signed 01
<MASKED>
        quit
!
!
license udi pid C1111-8PWB sn <MASKED>
license accept end user agreement
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
username admin privilege 15 password 7 <MASKED>
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
no cdp run
!
!
!
!
!
!
interface Loopback0
 description Local Loopback interface with 6 Usable Hosts (10.10.10.97 - 10.10.10.102), network address 10.10.10.96
 ip address 10.10.10.100 255.255.255.248
 ip broadcast-address 10.10.10.103
!
interface GigabitEthernet0/0/0
 mac-address <MAC ADDRESS OF INTERFACE 0/0/1>
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 media-type sfp
 negotiation auto
!
interface GigabitEthernet0/0/1
 description Gigabit Ethernet WAN port
 mac-address <MAC ADDRESS OF INTERFACE 0/0/0>
 ip address <MASKED STATIC IP> <MASKED STATIC SUBNET>
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip nbar protocol-discovery
 ip verify unicast source reachable-via rx allow-default
 ip access-group NO_WEBCONFIG_SERVICES in
 speed 1000
 no negotiation auto
 !
 spanning-tree portfast disable
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Wlan-GigabitEthernet0/1/8
 switchport trunk allowed vlan 1,40
 switchport mode trunk
!
interface Vlan1
 description VLAN interface (Layer 3) with 254 Usable Hosts (10.0.0.1 - 10.0.0.254), network address 10.0.0.0
 ip address 10.0.0.1 255.255.255.0
 ip broadcast-address 10.0.0.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
!
interface Vlan40
 description VLAN interface (layer 3) with 254 Usable Hosts (10.0.40.1 - 10.0.40.254), network address 10.0.40.0
 ip address 10.0.40.1 255.255.255.0
 ip broadcast-address 10.0.40.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
!
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip nat inside source list 50 interface GigabitEthernet0/0/1 overload
ip nat inside source list 60 interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 <MASKED STATIC IP> permanent name ETC-BLK2
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
ip access-list extended NO_OUTFACING_SERVICES
 deny   tcp any any eq telnet
 deny   tcp any any eq 22
 deny   tcp any any eq www
 deny   tcp any any eq 443
ip access-list extended NO_WEBCONFIG_SERVICES
 deny   tcp any any eq www
 deny   tcp any any eq 443
 permit ip any any
!
ip access-list match-local-traffic
logging trap debugging
logging facility local2
access-list 50 permit 10.0.0.0 0.0.0.255
access-list 60 permit 10.0.40.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
!
!
route-map track-primary-if permit 1
 match ip address 197
 set interface GigabitEthernet0/0/1
!
!
!
!
!
control-plane
!
banner motd ^C

 This system is the property of MyCompany, LLC.
 UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
 You must have explicit permission to access this
 device.  All activities performed on this device
 are logged.  Any violations of access policy will result
 in disciplinary action.

^C
!
line con 0
 location S101.AZ04-26-DC
 login authentication local_auth
 transport input none
 transport output telnet
 escape-character 3
 stopbits 1
 speed 115200
line vty 0 4
 access-class NO_OUTFACING_SERVICES in vrf-also
 password 7 <MASKED PASSWORD>
 login authentication local_auth
 length 0
 transport input ssh
 escape-character 3
!
!
!
!
!
!
end