version 16.12 no service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption service call-home no platform punt-keepalive disable-kernel-core ! hostname 3650 Switch ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! ! ip name-server 192.168.200.22 192.168.200.23 ip domain lookup source-interface Vlan2 ip domain name Company ! ! ! ip dhcp snooping vlan 1-399,401-999 no ip dhcp snooping information option ip dhcp snooping ip arp inspection vlan 12-13,59-63,65,68,75,78,80,83,99-100,105-108,117,121-123 ip arp inspection vlan 140-144,150-155,162-165,200-202,204,258,300-302,304,307 ip arp inspection vlan 450,505-506,510,512,703-704,999 ip arp inspection validate src-mac no login on-success log ipv6 mld snooping ! ! ! ! ! epm logging authentication mac-move permit authentication logging verbose no device-tracking logging theft password encryption aes ! dot1x system-auth-control dot1x critical eapol license smart transport callhome ! ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id no spanning-tree vlan 828,998 memory free low-watermark processor 79502 ! errdisable recovery cause psecure-violation errdisable recovery cause arp-inspection ! redundancy mode sso ! ! ! ! ! transceiver type all monitoring vlan dot1q tag native ! ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description EWLC control, EWLC data, Inter FED class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any system-cpp-police-control-low-priority description ICMP redirect and general punt class-map match-any system-cpp-police-wireless-priority1 description Wireless priority 1 class-map match-any system-cpp-police-wireless-priority2 description Wireless priority 2 class-map match-any system-cpp-police-wireless-priority3-4-5 description Wireless priority 3,4 and 5 class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy class system-cpp-police-data police rate 200 pps class system-cpp-police-routing-control police rate 1800 pps class system-cpp-police-control-low-priority class system-cpp-police-wireless-priority1 class system-cpp-police-wireless-priority2 class system-cpp-police-wireless-priority3-4-5 policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 ! ! ! ! ! ! ! ! ! ! interface Tunnel1 no ip address ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet2/0/13 switchport access vlan 101 switchport mode access switchport voice vlan 108 switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security ip arp inspection limit rate 300 authentication event fail action next-method authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication timer reauthenticate server mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 2 spanning-tree portfast ip verify source mac-check end ! ! interface Vlan1 no ip address shutdown ! interface Vlan2 ip address 172.23.1.85 255.255.255.0 ! ip default-gateway 172.23.1.1 ip forward-protocol nd no ip http server ip http authentication local no ip http secure-server ip ssh version 2 ! ip access-list standard SNMP_ACL 10 permit 172.23.25.6 20 permit 172.19.0.17 30 deny any log ! ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data 10 permit tcp any any eq 22 20 permit tcp any any eq 465 30 permit tcp any any eq 143 40 permit tcp any any eq 993 50 permit tcp any any eq 995 60 permit tcp any any eq 1914 70 permit tcp any any eq ftp 80 permit tcp any any eq ftp-data 90 permit tcp any any eq smtp 100 permit tcp any any eq pop3 ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf 10 permit udp any any range 16384 32767 20 permit tcp any any range 50000 59999 ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger 10 permit tcp any any range 2300 2400 20 permit udp any any range 2300 2400 30 permit tcp any any range 6881 6999 40 permit tcp any any range 28800 29100 50 permit tcp any any eq 1214 60 permit udp any any eq 1214 70 permit tcp any any eq 3689 80 permit udp any any eq 3689 90 permit tcp any any eq 11999 ip access-list extended AutoQos-4.0-wlan-Acl-Signaling 10 permit tcp any any range 2000 2002 20 permit tcp any any range 5060 5061 30 permit udp any any range 5060 5061 ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data 10 permit tcp any any eq 443 20 permit tcp any any eq 1521 30 permit udp any any eq 1521 40 permit tcp any any eq 1526 50 permit udp any any eq 1526 60 permit tcp any any eq 1575 70 permit udp any any eq 1575 80 permit tcp any any eq 1630 90 permit udp any any eq 1630 100 permit tcp any any eq 1527 110 permit tcp any any eq 6200 120 permit tcp any any eq 3389 130 permit tcp any any eq 5985 140 permit tcp any any eq 8080 ! ip source binding 1C1B.0DF7.A1FD vlan 3 172.23.2.11 interface Gi2/0/3 ip source binding 000A.8301.AF94 vlan 503 172.23.91.9 interface Gi2/0/4 ip source binding 0080.67F9.5944 vlan 3 172.23.2.126 interface Gi1/0/2 logging trap critical logging host 172.19.0.113 ! ! ! ! control-plane service-policy input system-cpp-policy ! ! mac address-table notification change ! ! ! ! ! end