!
! Last configuration change at 17:42:11 EST Mon Nov 27 2023 by admin
! NVRAM config last updated at 14:35:41 EST Tue Nov 28 2023 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
! Call-home is enabled by Smart-Licensing.
service call-home
platform punt-keepalive disable-kernel-core
!
hostname CORPSTACK1
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable password xxxxx
!
aaa new-model
!
!
aaa group server radius radii
 server name radius01
 server name radius02
 deadtime 1
!
aaa authentication dot1x default group radii
aaa authorization network default group radii 
!
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3650-48ps
switch 2 provision ws-c3650-48ps
switch 3 provision ws-c3650-48ps
switch 4 provision ws-c3650-48ps
switch 5 provision ws-c3650-48ps
switch 6 provision ws-c3650-48ps
switch 7 provision ws-c3650-48ps
software auto-upgrade enable
!
cisp enable
!
!
!
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
ip routing
!
!
!
!
!
ip name-server 8.8.8.8
!
!
!
login on-success log
!
!
!
!
!
authentication mac-move permit
no device-tracking logging theft
!
table-map policed-dscp
 map from  0 to 8
 map from  10 to 8
 map from  18 to 8
 map from  24 to 8
 map from  46 to 8
 default copy
!
!
crypto pki trustpoint TP-self-signed-1322654627
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1322654627
 revocation-check none
 rsakeypair TP-self-signed-1322654627
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
!
dot1x system-auth-control
!
!
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
archive
 path tftp://10.0.252.10/$H-$t
 write-memory
memory free low-watermark processor 79468
!
no errdisable detect cause gbic-invalid
errdisable recovery cause security-violation
username admin privilege 15 secret xxxxx
username rconfig privilege 5 password xxxxx
!
redundancy
 mode sso
!
!
!
!
!
transceiver type all
 monitoring
hw-switch switch 1 logging onboard message
hw-switch switch 2 logging onboard message
hw-switch switch 3 logging onboard message
hw-switch switch 4 logging onboard message
hw-switch switch 5 logging onboard message
hw-switch switch 6 logging onboard message
hw-switch switch 7 logging onboard message
!
!
class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
 match dscp af41  af42  af43 
 match cos  4 
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
 match dscp af11  af12  af13 
 match cos  1 
class-map match-any system-cpp-default
  description EWLC control, EWLC data, Inter FED 
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any AutoQos-4.0-Output-Priority-Queue
 match dscp cs4  cs5  ef 
 match cos  5 
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
 match dscp af31  af32  af33 
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any AutoQos-4.0-Voip-Data-CiscoPhone-Class
 match cos  5 
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any AutoQos-4.0-Voip-Signal-CiscoPhone-Class
 match cos  3 
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any AutoQos-4.0-Default-Class
 match access-group name AutoQos-4.0-Acl-Default
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
 match dscp af21  af22  af23 
 match cos  2 
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
 match dscp cs1 
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
 match dscp cs2  cs3  cs6  cs7 
 match cos  3 
!
policy-map AutoQos-4.0-Output-Policy
 class AutoQos-4.0-Output-Priority-Queue
  priority level 1 percent 30
 class AutoQos-4.0-Output-Control-Mgmt-Queue
  bandwidth remaining percent 10 
  queue-limit dscp cs2 percent 80
  queue-limit dscp cs3 percent 90
  queue-limit dscp cs6 percent 100
  queue-limit dscp cs7 percent 100
  queue-buffers ratio 10
 class AutoQos-4.0-Output-Multimedia-Conf-Queue
  bandwidth remaining percent 10 
  queue-buffers ratio 10
 class AutoQos-4.0-Output-Trans-Data-Queue
  bandwidth remaining percent 10 
  queue-buffers ratio 10
 class AutoQos-4.0-Output-Bulk-Data-Queue
  bandwidth remaining percent 4 
  queue-buffers ratio 10
 class AutoQos-4.0-Output-Scavenger-Queue
  bandwidth remaining percent 1 
  queue-buffers ratio 10
 class AutoQos-4.0-Output-Multimedia-Strm-Queue
  bandwidth remaining percent 10 
  queue-buffers ratio 10
 class class-default
  bandwidth remaining percent 25 
  queue-buffers ratio 25
policy-map system-cpp-policy
policy-map AutoQos-4.0-CiscoPhone-Input-Policy
 class AutoQos-4.0-Voip-Data-CiscoPhone-Class
  set dscp ef
  police cir 128000 bc 8000
   conform-action transmit 
   exceed-action set-dscp-transmit dscp table policed-dscp
 class AutoQos-4.0-Voip-Signal-CiscoPhone-Class
  set dscp cs3
  police cir 32000 bc 8000
   conform-action transmit 
   exceed-action set-dscp-transmit dscp table policed-dscp
 class AutoQos-4.0-Default-Class
  set dscp default
!
! 
!
!
!
!
interface GigabitEthernet5/0/32
 description Keystone E16
 switchport mode access
 switchport voice vlan 8
 authentication host-mode multi-auth
 authentication order mab dot1x
 authentication port-control auto
 authentication periodic
 mab
 dot1x pae authenticator
!
interface GigabitEthernet5/0/33
 description Keystone D41
 switchport mode access
 switchport voice vlan 8
 authentication host-mode multi-auth
 authentication order mab dot1x
 authentication port-control auto
 authentication periodic
 mab
 dot1x pae authenticator
 spanning-tree portfast
!
interface GigabitEthernet5/0/34
 description Keystone E17
 switchport mode trunk
 authentication port-control auto
 dot1x pae authenticator
 spanning-tree portfast trunk
!
!
interface Vlan1
 no ip address
!
!
interface Vlan200
 ip address 10.16.252.2 255.255.252.0
 ip helper-address 10.16.248.254
 ip helper-address 10.16.248.255
!
ip forward-protocol nd
ip http server
ip http secure-server
ip http client username admin
ip http client password xxxx
ip route 10.0.252.0 255.255.252.0 10.16.252.1
!
ip access-list extended AutoQos-4.0-Acl-Default
 10 permit ip any any
ip access-list extended denyDHCP
 10 deny   udp any any eq bootps
 20 deny   udp any any eq bootpc
 30 permit ip any any
!
!
snmp-server community public RO
snmp-server location Corporate HQ Datacenter
!
!
radius server radius01
 address ipv4 10.16.252.11 auth-port 1812 acct-port 1813
 key 7 xxxx
!
radius server radius02
 address ipv4 10.0.252.12 auth-port 1812 acct-port 1813
 key 7 xxxx
!
!
control-plane
 service-policy input system-cpp-policy
!
!
line con 0
 exec-timeout 1440 0
 password xxxx
 stopbits 1
line aux 0
 exec-timeout 1440 0
 password xxx
 stopbits 1
line vty 0 4
 exec-timeout 1440 0
 password xxxx
line vty 5 15
 exec-timeout 1440 0
 password xxxx
!
ntp server 129.6.15.28
ntp server 129.6.15.29
!
wsma agent exec
 profile httplistener
 profile httpslistener
!
wsma agent config
 profile httplistener
 profile httpslistener
!
wsma agent filesys
 profile httplistener
 profile httpslistener
!
wsma agent notify
 profile httplistener
 profile httpslistener
!
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
!
end