Building configuration...

Current configuration : 11737 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$NoeH$.ISC9V2y8m3DiLxHc.
!
username admin privilege 15 secret 5 $1$a.ao$DuKWyH1N36xww4xlN1
!
!
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
!
!
aaa session-id common
clock timezone GMT 1
switch 1 provision ws-c3750x-48
system mtu routing 1500
ip routing
ip dhcp excluded-address 10.253.3.1
ip dhcp excluded-address 10.253.3.9
ip dhcp excluded-address 10.253.3.11
ip dhcp excluded-address 10.253.3.12
ip dhcp excluded-address 10.253.3.13
ip dhcp excluded-address 10.253.3.1 10.253.3.50
ip dhcp excluded-address 10.253.3.60 10.253.3.255
ip dhcp excluded-address 10.253.5.1
ip dhcp excluded-address 10.253.4.1
ip dhcp excluded-address 10.253.5.1 10.253.5.50
ip dhcp excluded-address 10.253.3.250 10.253.3.254
ip dhcp excluded-address 10.253.4.1 10.253.4.50
ip dhcp excluded-address 10.253.1.252
ip dhcp excluded-address 10.253.1.251
ip dhcp excluded-address 10.253.3.223
!
ip dhcp pool Servers
   network 10.253.3.0 255.255.255.0
   default-router 10.253.3.1
   domain-name mitto.ch
   dns-server 10.253.3.11
!
ip dhcp pool GuestWiFi
   network 10.253.4.0 255.255.255.0
   default-router 10.253.4.1
   domain-name mitto.ch
   dns-server 10.253.3.11
!
ip dhcp pool WiFi
   network 10.253.5.0 255.255.255.0
   default-router 10.253.5.1
   domain-name mitto.ch
   dns-server 10.253.3.11
!
ip dhcp pool Workstations
   network 10.253.1.0 255.255.255.0
   default-router 10.253.1.1
   domain-name mittoag.mitto.ch
   dns-server 10.253.3.11
!
ip dhcp pool printer1
   host 10.253.1.251 255.255.255.0
   client-identifier 01ac.e2d3.48d9.2c
!
!
ip domain-name domain.com
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-3958385536
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3958385536
 revocation-check none
 rsakeypair TP-self-signed-3958385536
!
!
crypto pki certificate chain TP-self-signed-3958385536
 certificate self-signed 01
  3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393538 33383535 3336301E 170D3933 30333031 30303031
  31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39353833
  38353533 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009890 E9EF7995 5380F918 677FE94C 98C6A23D 406A971B A05355A0 FCD8BE13
  A004B09C AB2434B1 3DEB6E60 1B8BDD69 8CE449C8 7DA2A106 65C047FD 107F5F31
  8DEC01B9 0360A496 3AB67A27 asC64AB4 83278D73 4C5FB10E C21E1DF6 CD42F537
  19EEDE81 65ADE2DE 6BB5B96D 25111DD3 B1F19802 752DC530 35242D56 3909F88F
  E0510203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
  03551D11 04253023 82217377 312E6267 642E6D69 74746F2E 63682E6D 6974746F
  61672E6D 6974746F 2E636830 1F060355 1D230418 30168014 EACD2DBF E92BA83B
  7F98BB45 617C876E 16764D8E 301D0603 551D0E04 160414EA CD2DBFE9 2BA83B7F
  98BB4561 7C876E16 764D8E30 0D06092A 864886F7 0D010104 05000381 810018B1
  96E6B5C6 43DA6BE2 146973BD 764A3727 4E36611C BE6A1349 05CDF111 A5E7BBD0
  7367C368 474A761E 3B92A91F 25A641D4 EA3A430A D446E2D3 378345D8 4240FC51
  477753F9 570AD7A8 CB8B2D2B 60F68B91 A92E9529 D080F26E 714CE5C3 5D42FCC9
  A3D34384 6684DE61 03CFCCF2 E7D6B01C 97BD85DA A96B4E18 FD0EC09F 8C3E
  quit
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel40
!
interface FastEthernet0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description Router
 no switchport
 ip address 10.253.255.250 255.255.255.240
!
interface GigabitEthernet1/0/2
 description HYPER-V
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 300-307
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 description UplinkToJuniper#1
 no switchport
 ip address 10.253.255.225 255.255.255.248
!
interface GigabitEthernet1/0/5
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/12
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 description DevOps_test_port
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
description link to sw2
 no switchport
 ip address 10.253.255.101 255.255.255.252
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
 description PA
 switchport access vlan 306
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/26
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/27
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/28
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/29
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/30
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/31
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/32
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/33
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/34
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/35
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/36
 switchport access vlan 301
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/37
 switchport access vlan 302
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/38
 switchport access vlan 303
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/39
 description WiFi1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 303
 switchport trunk allowed vlan 303-305
 switchport mode trunk
!
interface GigabitEthernet1/0/40
 switchport access vlan 301
 switchport mode access
!
interface GigabitEthernet1/0/41
 description WiFi2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 303
 switchport trunk allowed vlan 303-305
 switchport mode trunk
!
interface GigabitEthernet1/0/42
 switchport access vlan 301
 switchport mode access
!
interface GigabitEthernet1/0/43
 description WiFi3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 303
 switchport trunk allowed vlan 303-305
 switchport mode trunk
!
interface GigabitEthernet1/0/44
 switchport access vlan 301
 switchport mode access
!
interface GigabitEthernet1/0/45
 description WiFi4
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 303
 switchport trunk allowed vlan 303-305
 switchport mode trunk
!
interface GigabitEthernet1/0/46
 switchport access vlan 301
 switchport mode access
!
interface GigabitEthernet1/0/47
 description WiFi5
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 303
 switchport trunk allowed vlan 303-305
 switchport mode trunk
!
interface GigabitEthernet1/0/48
description trunk to sw2
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 300-307
 switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan300
 ip address 10.253.0.1 255.255.255.0
!
interface Vlan301
 ip address 10.253.1.1 255.255.255.0
 ip helper-address 10.253.3.12
!
interface Vlan302
 ip address 10.253.2.1 255.255.255.0
!
interface Vlan303
 ip address 10.253.3.1 255.255.255.0
!
interface Vlan304
 ip address 10.253.4.1 255.255.255.0
 ip access-group wifi in
!
interface Vlan305
 ip address 10.253.5.1 255.255.255.0
!
interface Vlan306
 ip address 10.253.6.1 255.255.255.0
!
interface Vlan307
 ip address 10.253.7.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.253.255.254 10 name DEFAULT
ip route 10.253.128.0 255.255.192.0 10.253.255.227 5
ip route 10.253.200.0 255.255.255.0 10.253.255.227 5
ip http server
ip http secure-server
!
ip access-list extended ADMIN_ACCESS
 permit ip 10.253.0.0 0.0.255.255 any
ip access-list extended xx-vpn
 permit ip host 10.253.3.11 host 10.255.9.11
ip access-list extended wifi
 permit ip any host 10.253.3.12
 permit udp any host 10.253.3.11 eq domain
 deny   ip 10.253.4.0 0.0.0.255 10.253.1.0 0.0.0.255
 deny   ip 10.253.4.0 0.0.0.255 10.253.2.0 0.0.0.255
 deny   ip 10.253.4.0 0.0.0.255 10.253.3.0 0.0.0.255
 deny   ip 10.253.4.0 0.0.0.255 10.253.5.0 0.0.0.255
 deny   ip 10.253.4.0 0.0.0.255 10.253.6.0 0.0.0.255
 deny   ip 10.253.4.0 0.0.0.255 10.254.1.0 0.0.0.255
 deny   ip 10.253.4.0 0.0.0.255 10.253.255.0 0.0.0.255
 permit ip any any
!
route-map fra-vpn permit 10
 match ip address xx-vpn
 set ip next-hop 10.253.3.222
!
radius-server host 10.255.9.16 auth-port 1645 acct-port 1646 key XXXX
radius-server host 10.253.3.12 auth-port 1645 acct-port 1646 key XXXX
!
!
line con 0
line vty 0 4
 access-class ADMIN_ACCESS in
 exec-timeout 15 0
 transport input ssh
line vty 5 15
 access-class ADMIN_ACCESS in
 exec-timeout 15 0
 transport input ssh
!
ntp server 193.190.230.66
ntp server 193.67.79.202
end