version 16.9 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core platform hardware throughput level 300000 ! hostname Bordeaux ! boot-start-marker boot system flash:isr4300-universalk9.16.09.02.SPA.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 9 ! aaa new-model ! ! aaa authentication login default local aaa authentication login local_authen local aaa authorization exec local_authen local ! ! aaa session-id common clock timezone EST -5 0 clock summer-time EDF recurring ! ! ip name-server 10.0.0.50 10.0.0.51 no ip domain lookup ip domain name anchorage.local ! ! subscriber templating ! ! multilink bundle-name authenticated ! license udi pid ISR4331/K9 sn license accept end user agreement license boot level appxk9 license boot level uck9 license boot level securityk9 no license smart enable diagnostic bootup level minimal ! spanning-tree extend system-id ! ! username User1 privilege 15 secret 9 username User2 privilege 15 secret 9 ! redundancy mode none ! ! interface GigabitEthernet0/0/0 description Cable-WAN Interface ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip access-group IF-InternetAccess-ACL in negotiation auto ip virtual-reassembly ! interface GigabitEthernet0/0/1 no ip address shutdown negotiation auto ! interface GigabitEthernet0/0/2 description Uplink to Andover Core Switch no ip address no ip redirects no ip unreachables no ip proxy-arp ip nat inside negotiation auto ! interface GigabitEthernet0/0/2.10 description VLAN 10 - Internal Data Network encapsulation dot1Q 10 ip address 10.0.0.1 255.255.255.0 ip nat inside no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/2.11 description VLAN 11 - Internal Wireless encapsulation dot1Q 11 ip address 10.1.0.1 255.255.255.0 ip helper-address 10.0.0.50 ip helper-address 10.0.0.51 ip nat inside no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/2.20 description VLAN 20 - iSCSI Traffic 1 encapsulation dot1Q 20 ip address 10.255.1.1 255.255.255.0 ip nat inside no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/2.21 description VLAN 21 - iSCSI Traffic 2 encapsulation dot1Q 21 ip address 10.255.2.1 255.255.255.0 ip nat inside no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/2.99 description VLAN 99 - Guest Wireless encapsulation dot1Q 99 ip address 10.99.0.1 255.255.255.0 ip helper-address 10.0.0.50 ip helper-address 10.0.0.51 ip nat inside no cdp enable ip virtual-reassembly ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! router ospf 1 network 10.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.0.255 area 0 network 10.99.0.0 0.0.0.255 area 0 network 10.255.1.0 0.0.0.255 area 0 network 10.255.2.0 0.0.0.255 area 0 ! ip nat translation timeout 300 ip nat inside source static tcp 10.0.0.55 3389 interface GigabitEthernet0/0/0 3389 ip nat inside source static tcp 10.0.0.56 8443 interface GigabitEthernet0/0/0 8443 ip nat inside source static tcp 10.0.0.56 25565 interface GigabitEthernet0/0/0 25565 ip nat inside source route-map NATACL interface GigabitEthernet0/0/0 overload ip forward-protocol nd no ip http server no ip http secure-server ip tftp source-interface GigabitEthernet0 ! ip ssh maxstartups 10 ip ssh time-out 60 ip ssh authentication-retries 5 ip ssh logging events ip ssh version 2 ip ssh dscp 63 ! ! ip access-list extended IF-InternetAccess-ACL permit udp any any eq bootpc permit tcp any any eq 25565 permit tcp any any eq 8443 permit tcp any any eq 3389 ! ip access-list extended NAT permit ip 10.0.0.0 0.0.0.255 any permit ip 10.1.0.0 0.0.0.255 any permit ip 10.99.0.0 0.0.0.255 any ! ! route-map NATACL permit 10 match ip address NAT match interface GigabitEthernet0/0/0 ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! line con 0 exec-timeout 5 0 logging synchronous login authentication local_authen transport input none stopbits 1 speed 115200 line aux 0 stopbits 1 line vty 0 4 exec-timeout 5 0 authorization exec local_authen logging synchronous login authentication local_authen transport input ssh transport output ssh