Current configuration : 18394 bytes ! ! Last configuration change at 15:35:28 CST Wed Nov 8 2023 by admin ! version 17.9 service timestamps debug datetime msec service timestamps log datetime msec service internal no service dhcp ! Call-home is enabled by Smart-Licensing. service call-home no platform punt-keepalive disable-kernel-core ! hostname ord-hl2s-1 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! aaa new-model ! ! aaa group server radius RadiusServerGroup server name US2CO-SNPS-1 server name US2CO-SNPS-2 server-private 10.4.85.31 key xxxxx ip vrf forwarding Mgmt-vrf ip radius source-interface GigabitEthernet0/0 ! aaa authentication login VTY local group RadiusServerGroup aaa authentication login console local aaa authorization console aaa authorization exec console local aaa authorization exec VTY local group RadiusServerGroup if-authenticated aaa accounting exec VTY start-stop group RadiusServerGroup ! ! aaa server radius dynamic-author client 10.4.85.31 vrf Mgmt-vrf server-key xxxxx ! aaa session-id common clock timezone CST -6 0 clock summer-time CDT recurring boot system bootflash:packages.conf ! no ip domain lookup ip domain name xxxxx ! ! ! login on-success log vtp mode transparent ! ! ! ! license boot level network-essentials addon dna-essentials memory free low-watermark processor 288192 ! diagnostic bootup level complete ! spanning-tree mode mst spanning-tree portfast edge bpduguard default spanning-tree extend system-id spanning-tree vlan 94-101 priority 4096 spanning-tree vlan 94-99 forward-time 4 ! spanning-tree mst configuration name ORDDC-Rack412-HotZoneSwitch instance 94 vlan 94 instance 95 vlan 95 instance 96 vlan 96 instance 97 vlan 97 instance 98 vlan 98 instance 99 vlan 99 instance 300 vlan 300 ! spanning-tree mst forward-time 4 ! ! ! ! redundancy crypto engine compliance shield disable ! ! ! ! ! transceiver type all monitoring ! vlan 93 name FW-Browsing_VLAN ! vlan 94 name CBP_VLAN1 ! vlan 95 name CBP_VLAN2 ! vlan 96 name CBP_Internet_Failover ! vlan 97 name Mainfreight_VLAN ! vlan 98 name External_Firewall_VLAN ! vlan 99 name Internal_Firewall_VLAN ! vlan 101 name Aryaka_Private_Cloud ! vlan 200 name PA&ORD-RROU-20 ! vlan 300 name PA&ORD-RROU-21 ! vlan 700 name Aryaka-WOS ! vlan 800 name AT&T-L4YS.693771 ! vlan 1000 name Verizon-C0234612 ! lldp run ! class-map match-any system-cpp-police-ewlc-control description EWLC Control class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic class-map match-any system-cpp-default description EWLC Data, Inter FED Traffic class-map match-any system-cpp-police-sys-data description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-high-rate-app description High Rate Applications class-map match-any system-cpp-police-multicast description MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual OOB class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-ios-routing description L2 control, Topology control, Routing control, Low Latency class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt class-map match-any system-cpp-police-ios-feature description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed ! policy-map system-cpp-policy ! ! ! ! ! ! ! ! ! ! ! interface Port-channel1 description Trunk LACP to ord-hl2s-2 Port-channel1 switchport trunk allowed vlan 93-101,200,300,700,800,810,900,910,1000 switchport mode trunk speed nonegotiate ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address 10.1.130.132 255.255.255.0 negotiation auto ! interface TwentyFiveGigE1/0/1 description To AT&T Circuit ID L4YS.693771..ATI switchport access vlan 800 switchport mode access ! interface TwentyFiveGigE1/0/2 description To ORD-FROU-20 Gi0/0 VPN-Hot Interface switchport access vlan 99 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/3 description To ORD-FROU-22 Gi0/0 Internet-Hot Interface switchport access vlan 98 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/4 description Mainfreight Interconnect - MF Router us3-dmk-r1 g0/1 switchport access vlan 97 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/5 description Mainfreight Interconnect - MF Router us3-dmk-r1 g0/1 switchport access vlan 97 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/6 description To Verizon Circuit ID C0234612 switchport access vlan 1000 switchport mode access ! interface TwentyFiveGigE1/0/7 description US Customs MPLS - Primary switchport access vlan 94 switchport mode access ! interface TwentyFiveGigE1/0/8 no switchport no ip address ! interface TwentyFiveGigE1/0/9 no switchport no ip address ! interface TwentyFiveGigE1/0/10 switchport access vlan 93 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/11 description Connection to PA408_E1/1 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/12 description Connection to Aryaka ANAP-US2-AU2-DE1 switchport access vlan 700 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/13 description pfSense 1 port 1 switchport access vlan 99 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/14 description pfSense 2 port 1 switchport access vlan 99 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/15 no switchport no ip address ! interface TwentyFiveGigE1/0/16 no switchport no ip address ! interface TwentyFiveGigE1/0/17 no switchport no ip address ! interface TwentyFiveGigE1/0/18 description Connection to PA408_e1/8-Verizon Circuit C0234612 switchport access vlan 1000 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/19 description Trunk to ORD-RROU-20 Te0/0/1 switchport trunk allowed vlan 200,800 switchport mode trunk ! interface TwentyFiveGigE1/0/20 description To ORD-FROU-22 Gi0/2 AryakaPrivateCloud switchport access vlan 101 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/21 description To Aryaka-Private-Cloud-Circuit-12099463 switchport access vlan 101 switchport mode access spanning-tree portfast edge ! interface TwentyFiveGigE1/0/22 no switchport no ip address ! interface TwentyFiveGigE1/0/23 no switchport no ip address ! interface TwentyFiveGigE1/0/24 no switchport no ip address ! interface HundredGigE1/0/25 description Trunk to PAl-408 E1/23 switchport trunk allowed vlan 200,700 switchport mode trunk ! interface HundredGigE1/0/26 description Trunk to PAl-410 E1/23 switchport trunk allowed vlan 200,700 switchport mode trunk ! interface HundredGigE1/0/27 description Trunk to ord-hl2s-2 Hu1/0/27&28 switchport trunk allowed vlan 93-101,200,300,700,800,810,900,910,1000 switchport mode trunk channel-group 1 mode active ! interface HundredGigE1/0/28 description Trunk to ord-hl2s-2 Hu1/0/27&28 switchport trunk allowed vlan 93-101,200,300,700,800,810,900,910,1000 switchport mode trunk channel-group 1 mode active ! interface Vlan1 no ip address shutdown ! ip forward-protocol nd no ip http server ip http authentication local no ip http secure-server ip ftp source-interface GigabitEthernet0/0 ip tftp source-interface GigabitEthernet0/0 ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.1.130.1 name Mgmt-DefaultRoute ip route vrf Mgmt-vrf 10.4.85.31 255.255.255.255 10.1.130.1 name To-US2CO-SNPS-1 ip ssh source-interface GigabitEthernet0/0 ip ssh version 2 ! ip access-list extended VTY_ACCESS 10 permit tcp 10.1.0.0 0.0.255.255 any eq 22 log 20 permit tcp 10.27.0.0 0.0.255.255 any eq 22 log 30 permit tcp 10.44.0.0 0.0.255.255 any eq 22 log 40 permit tcp 10.61.0.0 0.0.255.255 any eq 22 log 50 permit tcp 10.2.0.0 0.0.255.255 any eq 22 log 60 permit tcp 10.4.0.0 0.0.255.255 any eq 22 log 70 permit ip 10.1.130.0 0.0.0.255 10.4.0.0 0.0.255.255 log 80 permit ip any any log ! ip radius source-interface GigabitEthernet0/0 vrf Mgmt-vrf logging history notifications ! snmp-server community TKfDaYZi RO 1999 snmp-server trap-source GigabitEthernet0/0 snmp-server location ORD DC Rack412 snmp-server contact xxxxxx snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps flowmon snmp-server enable traps entity-perf throughput-notif snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific state-change nssa-trans-change snmp-server enable traps ospf cisco-specific state-change shamlink interface snmp-server enable traps ospf cisco-specific state-change shamlink neighbor snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps bfd snmp-server enable traps license snmp-server enable traps smart-license snmp-server enable traps auth-framework sec-violation snmp-server enable traps rep snmp-server enable traps memory bufferpeak snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps fru-ctrl snmp-server enable traps entity snmp-server enable traps flash insertion removal lowspace snmp-server enable traps power-ethernet police snmp-server enable traps cpu threshold snmp-server enable traps syslog snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps port-security snmp-server enable traps envmon snmp-server enable traps stackwise snmp-server enable traps ipsla snmp-server enable traps dhcp snmp-server enable traps event-manager snmp-server enable traps ike policy add snmp-server enable traps ike policy delete snmp-server enable traps ike tunnel start snmp-server enable traps ike tunnel stop snmp-server enable traps ipsec cryptomap add snmp-server enable traps ipsec cryptomap delete snmp-server enable traps ipsec cryptomap attach snmp-server enable traps ipsec cryptomap detach snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop snmp-server enable traps ipsec too-many-sas snmp-server enable traps ospfv3 state-change snmp-server enable traps ospfv3 errors snmp-server enable traps ipmulticast snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election snmp-server enable traps msdp snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps bulkstat collection transfer snmp-server enable traps mac-notification change move threshold snmp-server enable traps errdisable snmp-server enable traps vlan-membership snmp-server enable traps transceiver all snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down snmp-server enable traps rf snmp-server host 10.2.82.13 version 2c TKfDaYZi ! radius server US2CO-SNPS-1 address ipv4 10.4.85.31 auth-port 1812 acct-port 1813 key xxxxx xxxxx ! radius server US2CO-SNPS-2 address ipv4 10.4.85.32 auth-port 1812 acct-port 1813 key xxxxx ! ! ! control-plane service-policy input system-cpp-policy ! privilege exec level 7 show startup-config privilege exec all level 7 show running-config privilege exec level 7 show ! line con 0 exec-timeout 0 0 privilege level 15 stopbits 1 line aux 0 line vty 0 4 access-class VTY_ACCESS in vrf-also exec-timeout 30 0 transport input ssh line vty 5 15 no exec transport input none ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ntp source GigabitEthernet0/0 ntp server 10.1.138.63 ! ! ! ! ! ! end