version 12.2 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec no service password-encryption ! hostname HAM-000-FP-CORE-S1 ! boot-start-marker boot-end-marker ! logging exception 16384 logging buffered 1280000 no logging console ! ! ! ! ! aaa session-id common clock timezone GMT 0 0 clock summer-time GMT recurring switch 1 provision ws-c3750x-24p switch 2 provision ws-c3750x-24p switch 3 provision ws-c3750x-12s switch 4 provision ws-c3750x-12s stack-mac persistent timer 10 system mtu routing 1500 ip routing ! ! ! ! ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name hamstp revision 1 ! spanning-tree mst 0-1 priority 4096 ! ! ! port-channel load-balance src-dst-ip ! vlan internal allocation policy ascending ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! ! ! ! ! interface Port-channel6 switchport trunk encapsulation dot1q switchport trunk native vlan 26 switchport mode trunk ! interface Port-channel9 description HAM-HQ-CORE-S1 and HQ-FB-S4 switch etherchannel switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface Port-channel10 description CORE SWITCH 1->2 INTERCONNECTION TRUNK switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface Port-channel40 description Link-to-C9300 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk ! interface Port-channel48 description Down link to Core Gi1/0/21 -24, Gi2/0/21 - 24 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk ! interface FastEthernet0 no ip address no ip route-cache cef no ip route-cache shutdown ! interface GigabitEthernet1/0/1 description Routing INT to CORESW1 no switchport ip address 10.100.1.1 255.255.255.252 ! interface GigabitEthernet1/0/2 description CORESW1-FPR1 switchport access vlan 99 switchport mode access ! interface GigabitEthernet1/0/3 description HAMVSphere05-iLO switchport access vlan 168 switchport mode access switchport nonegotiate spanning-tree portfast ! interface GigabitEthernet1/0/4 description HAMSVSAS02 MNGT NIC 1 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/5 description HAMIS03 NIC 1 192.6.1.105 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/6 description HAMSVSAS01 MNGT NIC 1 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/7 description Meraki MX84 Transit VLAN switchport access vlan 98 switchport mode access ! interface GigabitEthernet1/0/8 description Monitoring switchport access vlan 6 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/9 description FIREWALL HA FP ACTIVE G1/0 OutsideWS switchport access vlan 99 switchport mode access ! interface GigabitEthernet1/0/10 description TRUSTWAVE switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/11 description Uplink-HAM-0000-MX1-WAN1-TTB switchport access vlan 96 switchport mode access ! interface GigabitEthernet1/0/12 description Uplink-HAM-0000-MX1-WAN2-BT switchport access vlan 97 switchport mode access ! interface GigabitEthernet1/0/13 description iLo VSphere03 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/14 description iLo VSphere04 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/15 description Barracuda Backup Nic1 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/16 description Uplink-TalkTalk-Router switchport access vlan 96 switchport mode access ! interface GigabitEthernet1/0/17 description SBC Server from Phone network switchport access vlan 168 ! interface GigabitEthernet1/0/18 description FIREWALL HA FP ACTIVE G0/3 FAILOVER switchport access vlan 63 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/19 description FIREWALL HA FP ACTIVE G0/1 INSIDE switchport access vlan 64 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/20 description FIREWALL HA FP ACTIVE G0/2 DMZ switchport access vlan 10 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/21 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet1/0/22 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet1/0/23 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet1/0/24 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet1/1/1 shutdown ! interface GigabitEthernet1/1/2 shutdown ! interface GigabitEthernet1/1/3 shutdown ! interface GigabitEthernet1/1/4 shutdown ! interface TenGigabitEthernet1/1/1 description CORE SWITCH 1->2 INTERCONNECTION 1 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate mls qos trust dscp channel-group 10 mode on ! interface TenGigabitEthernet1/1/2 description Link-to-C9300-PortChn40 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 40 mode active ! interface GigabitEthernet2/0/1 description HAMFP01 NIC01 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/2 description HAMFP01 NIC02 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/3 description Barracuda Backup Nic2 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/4 description HAMSVSAS02 MNGT NIC 2 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/5 description Uplink->HAM-0001-MX01-Port3 switchport trunk encapsulation dot1q switchport trunk native vlan 16 switchport mode trunk ! interface GigabitEthernet2/0/6 description TRUNK TO HAM-FP-ACCESS-S2 switchport trunk encapsulation dot1q switchport trunk native vlan 26 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet2/0/7 description Uplink->ASA G1/5 TTB switchport access vlan 96 switchport mode access ! interface GigabitEthernet2/0/8 description HAMIS03 NIC 1 192.6.1.106 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/9 description HAMSVSAS01 MNGT NIC 2 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/10 description HAMIS01 switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/11 description Uplink-HAM-0001-MX02-WAN1-BT switchport access vlan 97 switchport mode access ! interface GigabitEthernet2/0/12 description Uplink-HAM-0001-MX02-WAN2-TTB switchport access vlan 96 switchport mode access ! interface GigabitEthernet2/0/13 description HAMFTP01 switchport access vlan 10 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/14 description Phone HAMPBX-8770 switchport access vlan 168 switchport mode access switchport nonegotiate spanning-tree portfast ! interface GigabitEthernet2/0/15 description UPS (POWER) switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/16 description HAMVSTOR01 iLO ! interface GigabitEthernet2/0/17 description SBC Server to CORE network -> Gamma switchport access vlan 11 switchport mode access ! interface GigabitEthernet2/0/18 description Uplink->ASA G1/6 BT switchport access vlan 97 switchport mode access ! interface GigabitEthernet2/0/19 description HAMXS02 (MAC SHARE) switchport access vlan 11 switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet2/0/20 description HAMDC05 switchport access vlan 11 ! interface GigabitEthernet2/0/21 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet2/0/22 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet2/0/23 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet2/0/24 description Down link to Core Po28 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 48 mode active ! interface GigabitEthernet2/1/1 shutdown ! interface GigabitEthernet2/1/2 shutdown ! interface GigabitEthernet2/1/3 shutdown ! interface GigabitEthernet2/1/4 shutdown ! interface TenGigabitEthernet2/1/1 description CORE SWITCH 1->2 INTERCONNECTION 2 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate mls qos trust dscp channel-group 10 mode on ! interface TenGigabitEthernet2/1/2 description Link-to-C9300-PortChn40 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 40 mode active ! interface GigabitEthernet3/0/1 shutdown ! interface GigabitEthernet3/0/2 shutdown ! interface GigabitEthernet3/0/3 shutdown ! interface GigabitEthernet3/0/4 shutdown ! interface GigabitEthernet3/0/5 ! interface GigabitEthernet3/0/6 description HQ-FP-S5, Gi1/0/2 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate speed nonegotiate ! interface GigabitEthernet3/0/7 description HQ-FP-S3, Gi1/0/2 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet3/0/8 description HQ-FP-S1, Gi1/0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet3/0/9 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet3/0/10 description HQ-FP-S6, Gi2/0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 26 switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet3/0/11 ! interface GigabitEthernet3/0/12 ! interface GigabitEthernet3/1/1 shutdown ! interface GigabitEthernet3/1/2 shutdown ! interface GigabitEthernet3/1/3 shutdown ! interface GigabitEthernet3/1/4 shutdown ! interface TenGigabitEthernet3/1/1 description CORE SWITCH 1->2 INTERCONNECTION 3 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate mls qos trust dscp channel-group 10 mode on ! interface TenGigabitEthernet3/1/2 description Link-to-C9300-PortChn40 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 40 mode active ! interface GigabitEthernet4/0/1 description RegentSt_B switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/2 description RegentSt_G switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/3 description RegentSt_1 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/4 description RegentSt_2 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/5 description RegentSt_3 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/6 description RegentSt_4 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/7 description RegentSt_5 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/8 description RegentSt_B-S2 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet4/0/9 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate switchport voice vlan 168 spanning-tree portfast ! interface GigabitEthernet4/0/10 description HQ-FP-S6, Gi3/0/49 switchport trunk encapsulation dot1q switchport trunk native vlan 26 switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet4/0/11 ! interface GigabitEthernet4/0/12 ! interface GigabitEthernet4/1/1 shutdown ! interface GigabitEthernet4/1/2 shutdown ! interface GigabitEthernet4/1/3 shutdown ! interface GigabitEthernet4/1/4 shutdown ! interface TenGigabitEthernet4/1/1 description CORE SWITCH 1->2 INTERCONNECTION 4 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk switchport nonegotiate mls qos trust dscp channel-group 10 mode on ! interface TenGigabitEthernet4/1/2 description Link-to-C9300-PortChn40 switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport mode trunk channel-group 40 mode active ! interface Vlan1 ip address 192.1.1.217 255.255.255.0 standby 0 ip 192.1.1.151 standby 0 priority 110 standby 0 preempt standby 0 name VLAN1 ! interface Vlan7 description RETAIL ip address 192.7.1.217 255.255.255.0 standby 0 ip 192.7.1.150 standby 0 priority 110 standby 0 preempt standby 0 name VLAN7 ! interface Vlan8 description TEST ip address 10.8.0.252 255.255.255.0 standby 0 ip 10.8.0.254 standby 0 priority 110 standby 0 preempt standby 0 name VLAN8 ! interface Vlan10 description DMZ no ip address ! interface Vlan11 description Server Farm ip address 10.11.0.252 255.255.255.0 standby 0 ip 10.11.0.254 standby 0 priority 110 standby 0 preempt standby 0 name VLAN11 ! interface Vlan16 ip address 10.6.1.217 255.255.255.0 shutdown standby 16 ip 10.6.1.254 standby 16 priority 90 standby 16 preempt ! interface Vlan17 ip address 10.7.1.217 255.255.255.0 ip helper-address 10.7.1.254 shutdown standby 17 ip 10.7.1.254 standby 17 priority 90 standby 17 preempt ! interface Vlan19 ip address 192.19.1.217 255.255.255.0 ! interface Vlan26 ip address 10.6.0.251 255.255.255.0 ip helper-address 10.11.0.22 ip helper-address 10.11.0.51 standby 26 ip 10.6.0.254 standby 26 priority 90 standby 26 preempt standby 26 name VLAN26 ! interface Vlan64 description INSIDE ip address 192.64.1.217 255.255.255.0 standby 0 ip 192.64.1.254 standby 0 priority 110 standby 0 preempt standby 0 name VLAN64 ! interface Vlan69 description vMotion ip address 10.69.1.251 255.255.255.0 standby 0 ip 10.69.1.254 standby 0 priority 110 standby 0 preempt standby 0 name VLAN69 ! interface Vlan70 description VMStorage ip address 10.70.0.251 255.255.255.0 standby 0 ip 10.70.0.254 standby 0 priority 110 standby 0 preempt standby 0 name VLAN70 ! interface Vlan98 description Meraki_Firewalls ip address 10.98.0.254 255.255.255.248 ! interface Vlan99 description CCTV ip address 10.99.0.254 255.255.255.0 shutdown ! interface Vlan101 ip address 192.101.1.217 255.255.255.0 ! interface Vlan102 description PUBLIC_WIFI ip address 10.102.0.254 255.255.255.0 ip helper-address 10.11.0.22 ! interface Vlan150 ip address 10.150.101.217 255.255.255.0 ! interface Vlan168 description VOICE ip address 192.6.168.217 255.255.255.0 standby 0 ip 192.6.168.254 standby 0 priority 110 standby 0 preempt standby 0 name VLAN168 ! interface Vlan199 description New_CCTV ip address 10.199.0.254 255.255.255.0 ! interface Vlan300 description TRANSIT ip address 10.100.1.9 255.255.255.252 ! router rip version 2 no validate-update-source redistribute connected redistribute static passive-interface default no passive-interface Vlan300 no passive-interface GigabitEthernet1/0/1 no passive-interface GigabitEthernet1/0/23 network 10.0.0.0 network 192.100.1.0 default-information originate distribute-list Advertise-VPN_LL-Router_Out out GigabitEthernet1/0/1 no auto-summary ! ip default-gateway 192.64.1.99 ip http server ip http authentication local ip http secure-server ip flow-cache timeout inactive 180 ip flow-export version 5 ip flow-export destination 192.6.1.150 2055 ! ip route 0.0.0.0 0.0.0.0 192.64.1.99 ip route 10.11.41.0 255.255.255.0 10.98.0.253 ip route 10.64.3.0 255.255.255.0 10.98.0.253 ip route 192.10.1.0 255.255.255.0 192.64.1.99 ip route 192.178.9.0 255.255.255.0 10.98.0.253 ! ip access-list standard Advertise-VPN_DSL-Router_Out permit 10.11.0.0 0.0.0.255 permit 192.6.1.0 0.0.0.255 permit 192.7.1.0 0.0.0.255 permit 192.68.1.0 0.0.0.255 permit 192.69.1.0 0.0.0.255 permit 192.6.168.0 0.0.0.255 permit 192.100.1.0 0.0.0.255 deny any ip access-list standard Advertise-VPN_LL-Router_Out permit 0.0.0.0 permit 192.6.1.0 0.0.0.255 permit 192.7.1.0 0.0.0.255 permit 192.68.1.0 0.0.0.255 permit 192.69.1.0 0.0.0.255 permit 192.6.168.0 0.0.0.255 permit 192.100.1.0 0.0.0.255 deny any ! ! ! ! ! ntp server 10.11.0.18 end HAM-000-FP-CORE-S1#