SWSFMI11# SWSFMI11#show run Building configuration... Current configuration : 13513 bytes ! ! Last configuration change at 16:09:03 GMT Mon Aug 14 2017 by _jflorest ! NVRAM config last updated at 15:50:57 GMT Mon Aug 14 2017 by _jflorest ! version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime localtime no service password-encryption service compress-config ! hostname SWSFMI11 ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 16000 logging console critical enable password v1rtu4l$201 ! username netmaster password 0 netmaster$201 aaa new-model ! ! aaa group server radius group1 server 172.22.7.41 server 172.22.7.19 ! aaa authentication login default group radius local aaa authorization exec default group radius local aaa authorization network default group radius local aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius ! ! ! ! ! ! aaa session-id common clock timezone GMT -5 0 switch 1 provision ws-c3650-24ts ip routing ! ip domain-name saga.com ip name-server 172.22.4.150 ip name-server 172.22.4.15 ip name-server 172.22.28.11 ip device tracking ! ! vtp mode transparent ! crypto pki trustpoint TP-self-signed-899352379 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-899352379 revocation-check none rsakeypair TP-self-signed-899352379 ! ! crypto pki certificate chain TP-self-signed-899352379 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 38393933 35323337 39301E17 0D313730 37303631 31303232 385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3839 39333532 33373930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 86C66E6B 534CE3DC 55C3911D D940A6BD 56F9EE80 98937053 CBB23200 DE24A24C 38C69D7A 4200A2BD EC3BC336 57DCD40B 5385E36E A35F2E31 A0B7A71A 569EE486 C06DD020 99175C24 017B7F4F 90450456 5F78448C C86FC206 145D82F6 461E110B BA65B2BE 6D75575E 504FCE27 FF3EF4BA 3A179B7C 9BB1B38D D8EA1D5B 577B357F 02030100 01A37130 6F300F06 03551D13 0101FF04 05300301 01FF301C 0603551D 11041530 13821153 5753464D 4931312E 73616761 2E636F6D 301F0603 551D2304 18301680 14E12E98 F3F09436 B959F224 CD222BEF FB3571A3 94301D06 03551D0E 04160414 E12E98F3 F09436B9 59F224CD 222BEFFB 3571A394 300D0609 2A864886 F70D0101 04050003 81810062 48CB6D90 38DDD108 11122B91 C3FF13EB 420A1222 B5BFD25B F4513AC6 BAAA8853 1442800C DCFAC0F8 69C661E5 A6F41509 1FE37AC7 1212A68B 3DD8C0A9 921E04C8 3F57C1CB 5898FAB0 03585603 F0AB83B0 1D796A70 4EFDD186 7812F685 671E1187 040C145D F1433B1A 51E7FDF9 D25CC195 51EBFDC1 C98415A4 68B540C1 3E7C72 quit ! ! ! ! ! diagnostic bootup level minimal spanning-tree mode pvst spanning-tree extend system-id ! redundancy mode sso ! ! vlan 12 name v12_Red_Terceros ! vlan 16 name v16_Red_POS ! vlan 502 name v502_Admin ! vlan 504 name v504_RF_Usuarios ! vlan 510 name v510_RF_Terminales ! vlan 511 name v511_Red_Voz ! vlan 514 name v514_Wigo ! vlan 515 name v515_RF_Comercial ! vlan 518 name v518_RF_Visitas ! vlan 520 name v520_Segmento_Extern ! vlan 601 name v601_Usuarios_BF ! vlan 611 name v611_Red_Voz_BF ! vlan 900 name v900_CLARO1 ! vlan 902 name v902_SF11_SF12 ! vlan 905 name v905_TDP1 ! track 1 ip sla 1 ! ip ssh time-out 60 ip ssh version 2 ! class-map match-any non-client-nrt-class match non-client-nrt ! policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 ! ! ! ! ! ! interface Port-channel1 description Uplink_OSPF_SF12 switchport trunk allowed vlan 902 switchport mode trunk switchport nonegotiate ! interface Port-channel2 description Uplink_Trunk_SW12 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet1/0/1 description Router CLARO1 switchport access vlan 900 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/2 description Router TDP1 switchport access vlan 905 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/3 description FW1-TRUST-0/1 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/4 speed 100 duplex full ! interface GigabitEthernet1/0/5 description FW1-UNTRUST-0/3 switchport access vlan 12 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/6 description FW1-DMZ2-0/4 switchport access vlan 16 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/7 description FW1-RF-0/5 switchport trunk allowed vlan 504,510,515 switchport mode trunk speed 100 duplex full ! interface GigabitEthernet1/0/8 description FW1-OUTSIDE-0/6 switchport trunk allowed vlan 520 switchport mode trunk speed 100 duplex full ! interface GigabitEthernet1/0/9 description FW1-CCFF-0/7 switchport access vlan 601 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 shutdown ! interface GigabitEthernet1/0/12 description Segmentos_Externos switchport access vlan 520 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/13 description ADS-21 switchport access vlan 16 switchport mode access speed 100 duplex full ! interface GigabitEthernet1/0/14 description WIGO switchport access vlan 514 switchport mode access ! interface GigabitEthernet1/0/15 description Central_Telefonica switchport access vlan 511 switchport mode access ! interface GigabitEthernet1/0/16 shutdown ! interface GigabitEthernet1/0/17 description Uplink SWSFMI16 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/18 description Uplink SWSFMI15a switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/19 description Uplink SWSFMI14 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/20 description Uplink SWSFMI13 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/21 description UplinkPo2 SWSFMI12 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate channel-group 2 mode active ! interface GigabitEthernet1/0/22 description UplinkPo2 SWSFMI12 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate channel-group 2 mode active ! interface GigabitEthernet1/0/23 description UplinkPo1 SWSFMI11 switchport trunk allowed vlan 902 switchport mode trunk switchport nonegotiate channel-group 1 mode active ! interface GigabitEthernet1/0/24 description UplinkPo1 SWSFMI11 switchport trunk allowed vlan 902 switchport mode trunk switchport nonegotiate channel-group 1 mode active ! interface GigabitEthernet1/1/1 description Uplink SWSFMI21 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/1/2 description Uplink SWSFMI31 switchport trunk allowed vlan 1,12,16,502,504,510,511,514,515,518,520,601,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface Vlan1 description USUARIOS_SF ip address 172.22.32.2 255.255.254.0 ip helper-address 172.22.173.100 ip helper-address 172.22.2.249 standby 1 ip 172.22.32.1 standby 1 priority 254 standby 1 preempt ! interface Vlan502 description Red_Admin ip address 10.161.15.71 255.255.255.128 standby 2 ip 10.161.15.1 standby 2 priority 254 standby 2 preempt ! interface Vlan511 description Red_Voz_SF ip address 172.21.32.2 255.255.255.0 standby 3 ip 172.21.32.1 standby 3 priority 254 standby 3 preempt ! interface Vlan611 description Red_Voz_BF ip address 172.21.147.2 255.255.255.192 ip helper-address 172.22.173.100 ip helper-address 172.22.2.249 standby 4 ip 172.21.147.1 standby 4 priority 254 standby 4 preempt ! interface Vlan900 description OSPF_CLARO1 ip address 172.24.235.165 255.255.255.252 ip ospf network point-to-point ip ospf cost 100 ! interface Vlan902 description OSPF_SF11_SF12 ip address 172.24.235.181 255.255.255.252 ip ospf network point-to-point ! interface Vlan905 description OSPF_TDP1 ip address 172.24.235.173 255.255.255.252 ip ospf network point-to-point ip ospf cost 300 ! router ospf 1 router-id 172.24.249.13 redistribute static subnets passive-interface default no passive-interface Vlan900 no passive-interface Vlan902 no passive-interface Vlan905 network 10.161.15.0 0.0.0.127 area 0 network 172.21.32.0 0.0.0.255 area 0 network 172.21.147.0 0.0.0.3 area 0 network 172.22.32.0 0.0.1.255 area 0 network 172.24.235.164 0.0.0.3 area 0 network 172.24.235.172 0.0.0.3 area 0 network 172.24.235.180 0.0.0.3 area 0 ! ip http server ip http authentication local ip http secure-server ! ip route 10.161.14.0 255.255.254.0 172.22.32.90 ip route 10.163.14.0 255.255.254.0 172.22.32.90 ip route 172.22.147.0 255.255.255.192 172.22.32.90 ip route 172.23.32.0 255.255.254.0 172.22.32.90 ! ip access-list extended ip_services permit ip any host 172.22.252.217 permit ip any host 6.6.6.6 ! ip radius source-interface Vlan502 ip sla 1 icmp-echo 172.24.235.174 frequency 5 ip sla schedule 1 life forever start-time now logging facility kern logging host 172.22.9.11 logging host 172.22.9.12 logging host 172.22.9.19 logging host 172.22.172.190 logging host 172.22.255.30 access-list 90 permit 172.22.2.172 access-list 90 permit 172.22.175.49 access-list 90 permit 172.22.175.48 access-list 90 permit 172.22.175.50 access-list 90 permit 172.22.9.128 access-list 90 permit 172.22.175.47 access-list 90 permit 172.22.2.251 access-list 90 permit 172.22.252.2 access-list 90 permit 172.24.246.6 access-list 90 permit 172.22.9.251 access-list 90 permit 172.22.9.250 access-list 90 permit 172.22.9.254 access-list 90 permit 172.22.9.252 access-list 90 permit 10.1.0.82 access-list 90 permit 172.22.2.200 access-list 90 permit 172.22.198.14 access-list 90 permit 172.22.175.102 access-list 90 permit 172.22.9.19 access-list 90 permit 172.22.9.18 access-list 90 permit 172.22.9.17 access-list 90 permit 172.22.9.16 access-list 90 permit 172.22.9.23 access-list 90 permit 172.22.9.22 access-list 90 permit 172.22.9.21 access-list 90 permit 172.22.9.20 access-list 90 permit 172.22.9.25 access-list 90 permit 172.22.9.24 access-list 90 permit 108.0.1.193 access-list 90 permit 172.22.7.9 access-list 90 permit 172.22.9.11 access-list 90 permit 172.22.7.4 access-list 90 permit 10.197.0.116 access-list 90 permit 172.22.7.1 access-list 90 permit 172.22.7.3 access-list 90 permit 172.22.7.2 access-list 90 permit 172.22.9.12 access-list 90 permit 172.22.9.114 access-list 90 permit 172.22.9.127 access-list 90 permit 172.22.9.126 access-list 90 permit 172.22.158.249 access-list 90 permit 172.22.7.85 access-list 90 permit 172.22.7.77 access-list 90 permit 108.10.0.151 access-list 90 permit 172.22.7.67 access-list 90 permit 108.10.0.152 access-list 90 permit 172.22.199.0 0.0.0.63 access-list 90 deny any log ! route-map PBR_TdP permit 10 match ip address ip_services set ip next-hop verify-availability 172.24.245.174 1 track 1 ! snmp-server community sag101 RW 90 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps flash insertion removal snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps port-security snmp-server enable traps entity snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server host 172.22.175.102 sag101 snmp-server host 172.22.4.102 sag101 snmp-server host 172.22.7.1 sag101 snmp-server host 172.22.9.19 sag101 snmp-server host 172.22.9.21 sag101 ! radius-server host 172.22.7.41 auth-port 1812 acct-port 1813 key cisco123 radius-server host 172.22.7.19 auth-port 1812 acct-port 1813 key cisco123 ! ! ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! ntp server 172.22.4.2 ntp server 172.22.4.20 wsma agent exec profile httplistener profile httpslistener wsma agent config profile httplistener profile httpslistener wsma agent filesys profile httplistener profile httpslistener wsma agent notify profile httplistener profile httpslistener ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ap group default-group end SWSFMI11# SWSFMI11#