S2#sh run Building configuration... Current configuration : 21945 bytes ! ! Last configuration change at 14:19:52 CEST Wed Jun 1 2022 by cisco ! NVRAM config last updated at 10:42:24 CEST Wed Jun 1 2022 by cisco ! version 16.6 no service pad service timestamps debug datetime msec service timestamps log datetime localtime show-timezone year no platform punt-keepalive disable-kernel-core ! hostname S2 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! no logging console enable secret 9 xxxxxxxxyyyyyyyyyyzzzzzzzz ! aaa new-model ! ! aaa group server tacacs+ TACACS-GROUP server name TACACS ! aaa authentication login default group TACACS-GROUP local aaa authorization console aaa authorization config-commands aaa authorization exec default group TACACS-GROUP none aaa authorization commands 0 default group TACACS-GROUP none aaa authorization commands 1 default group TACACS-GROUP none aaa authorization commands 15 default group TACACS-GROUP none aaa accounting exec default start-stop group TACACS-GROUP aaa accounting commands 15 default start-stop group TACACS-GROUP ! ! ! ! ! ! aaa session-id common clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 switch 1 provision ws-c3650-24ps ! ! ! ! ip routing ! ip name-server 192.168.10.250 ip domain name example.com ip dhcp excluded-address 172.24.100.1 172.24.100.9 ip dhcp excluded-address 172.24.100.200 172.24.100.254 ! ip dhcp pool NET_100_DHCP network 172.24.100.0 255.255.255.0 domain-name example.com default-router 172.24.100.1 dns-server 192.168.10.250 192.168.10.251 ! ! ! ip dhcp snooping vlan 1-4094 ip dhcp snooping no login on-success log ipv6 unicast-routing ! ! ! ! ! ! ! vtp mode transparent password encryption aes ! crypto pki trustpoint TP-self-signed-2371228376 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2371228376 revocation-check none rsakeypair TP-self-signed-2371228376 ! ! crypto pki certificate chain TP-self-signed-2371228376 ! ! ! diagnostic bootup level minimal spanning-tree mode rapid-pvst spanning-tree portfast default spanning-tree portfast bpduguard default spanning-tree extend system-id archive path ftp://192.168.2.198/config/$h/$h---$t.cfg write-memory file prompt quiet errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause link-flap errdisable recovery cause gbic-invalid errdisable recovery cause psecure-violation errdisable recovery interval 240 ! username abcdef privilege 15 secret 9 xxxxxxxxyyyyyyyyyyzzzzzzzz ! redundancy mode sso ! ! transceiver type all monitoring ! vlan 2 name Management ! vlan 5 name Printer ! vlan 10 name Server ! vlan 50 name NetworkCourses ! vlan 60 name Teacher ! vlan 70 name Cast ! vlan 90 name Deployment ! vlan 724 name Link_area_0-to-24 ! vlan 800 name WAN ! vlan 999 name Native ! vlan 1000 name BlackHole ! vlan 2001 name NET_1 ! vlan 2002 name NET_2 ! vlan 2003 name NET_3 ! vlan 2004 name NET_4 ! vlan 2005 name NET_5 ! vlan 2006 name NET_6 ! vlan 2007 name NET_7 ! vlan 2008 name NET_8 ! vlan 2009 name NET_9 ! vlan 2010 name NET_10 ! vlan 2011 name NET_11 ! vlan 2012 name NET_12 ! vlan 2013 name NET_13 ! vlan 2014 name NET_14 ! vlan 2015 name NET_15 ! vlan 2016 name NET_16 ! vlan 2017 name NET_17 ! vlan 2018 name NET_18 ! vlan 2019 name NET_19 ! vlan 2020 name NET_20 ! vlan 2100 name NET_100_DHCP ! ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description DHCP Snooping, EWLC control, EWCL data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold ! policy-map system-cpp-policy ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address dhcp negotiation auto ! interface GigabitEthernet1/0/1 description 172.24.1.0/24 switchport access vlan 2001 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/2 description 172.24.2.0/24 switchport access vlan 2002 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/3 description 172.24.3.0/24 switchport access vlan 2003 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/4 description 172.24.4.0/24 switchport access vlan 2004 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/5 description 172.24.5.0/24 switchport access vlan 2005 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/6 description 172.24.6.0/24 switchport access vlan 2006 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/7 description 172.24.7.0/24 switchport access vlan 2007 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/8 description 172.24.8.0/24 switchport access vlan 2008 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/9 description 172.24.9.0/24 switchport access vlan 2009 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/10 description 172.24.10.0/24 switchport access vlan 2010 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/11 description 172.24.11.0/24 switchport access vlan 2011 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/12 description 172.24.12.0/24 switchport access vlan 2012 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/13 description 172.24.13.0/24 switchport access vlan 2013 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/14 description 172.24.14.0/24 switchport access vlan 2014 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/15 description 172.24.15.0/24 switchport access vlan 2015 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/16 description 172.24.16.0/24 switchport access vlan 2016 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/17 description 172.24.17.0/24 switchport access vlan 2017 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/18 description 172.24.18.0/24 switchport access vlan 2018 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/19 description 172.24.19.0/24 switchport access vlan 2019 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/20 description 172.24.20.0/24 switchport access vlan 2020 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/21 description Printer switchport access vlan 5 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/22 description Cast switchport access vlan 70 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/23 description Teacher switchport access vlan 60 switchport mode access switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security no snmp trap link-status ! interface GigabitEthernet1/0/24 description Trunk to Local Switch switchport trunk native vlan 999 switchport trunk allowed vlan 2-999 switchport mode trunk no snmp trap link-status ip dhcp snooping trust ! interface GigabitEthernet1/1/1 description Trunk to CoreSW switchport trunk native vlan 999 switchport trunk allowed vlan 2-999 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet1/1/2 description Trunk to CoreSW switchport trunk native vlan 999 switchport trunk allowed vlan 2-999 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet1/1/3 description Trunk to CoreSW switchport trunk native vlan 999 switchport trunk allowed vlan 2-999 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet1/1/4 description Trunk to CoreSW switchport trunk native vlan 999 switchport trunk allowed vlan 2-999 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address shutdown ! interface Vlan2 description Management ip address 192.168.2.38 255.255.255.0 ! interface Vlan724 description Link area 0 to 24 ip address 172.24.0.2 255.255.255.0 ipv6 address FE80::2 link-local ipv6 address 2abc:1111:6789:1800::2/64 ospfv3 3 ipv4 area 0 ospfv3 3 ipv6 area 0 ! interface Vlan2001 description NET_1 ip address 172.24.1.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1801::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2002 description NET_2 ip address 172.24.2.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1802::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2003 description NET_3 ip address 172.24.3.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1803::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2004 description NET_4 ip address 172.24.4.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1804::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2005 description NET_5 ip address 172.24.5.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1805::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2006 description NET_6 ip address 172.24.6.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1806::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2007 description NET_7 ip address 172.24.7.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1807::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2008 description NET_8 ip address 172.24.8.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1808::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2009 description NET_9 ip address 172.24.9.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1809::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2010 description NET_10 ip address 172.24.10.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:180A::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2011 description NET_11 ip address 172.24.11.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:180B::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2012 description NET_12 ip address 172.24.12.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:180C::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2013 description NET_13 ip address 172.24.13.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:180D::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2014 description NET_14 ip address 172.24.14.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:180E::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2015 description NET_15 ip address 172.24.15.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:180F::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2016 description NET_16 ip address 172.24.16.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1810::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2017 description NET_17 ip address 172.24.17.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1811::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2018 description NET_18 ip address 172.24.18.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1812::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2019 description NET_19 ip address 172.24.19.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1813::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2020 description NET_20 ip address 172.24.20.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1814::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! interface Vlan2100 description NET_100_DHCP ip address 172.24.100.1 255.255.255.0 ipv6 address FE80::1 link-local ipv6 address 2abc:1111:6789:1864::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2abc:1111:6789:1800::1 ospfv3 3 ipv4 area 24 ospfv3 3 ipv6 area 24 ! router ospfv3 3 ! address-family ipv4 unicast passive-interface default no passive-interface Vlan724 router-id 4.24.99.1 area 24 stub no-summary area 24 range 24.172.0.0 255.255.0.0 exit-address-family ! address-family ipv6 unicast passive-interface default no passive-interface Vlan724 router-id 6.24.99.1 area 24 stub no-summary area 24 range 2abc:1111:6789:1800::/56 exit-address-family ! iox ip local policy route-map LOCAL-MGMT-PBR ip forward-protocol nd ip http server ip http secure-server ip http client source-interface GigabitEthernet0/0 ip ftp username backup ip ftp password 7 xxxxxxxxyyyyyyyyyyzzzzzzzz ip ssh version 2 ! ! ip access-list standard SNMP-ACCESS permit 192.168.2.196 ! ip access-list extended ACL-MGMT-LOCAL-PBR permit ip 192.168.2.0 0.0.0.255 any ! logging source-interface Vlan2 logging host 192.168.2.197 ! route-map LOCAL-MGMT-PBR permit 10 match ip address ACL-MGMT-LOCAL-PBR set ip next-hop 192.168.2.1 ! ! snmp-server community HHE3FDstr RO SNMP-ACCESS tacacs server TACACS address ipv4 192.168.2.120 key 6 xxxxxxxxyyyyyyyyyyzzzzzzzz single-connection ! ! ! control-plane service-policy input system-cpp-policy ! banner login ^C ********************************************************** ***** Unauthorized access is strictly prohibited ***** ***** All access and activity is logged. ***** ********************************************************** ^C ! line con 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 logging synchronous length 0 transport input ssh line vty 5 15 logging synchronous length 0 transport input ssh ! ntp server 192.168.2.1 ! ! ! ! ! ! end xxxxxxxxyyyyyyyyyyzzzzzzzz