[email protected]#sh running-config hostname ADM

admin@ADM-2G-Active#sh running-config hostname ADM
[email protected]#sh running-config
hostname ADM-2G-Active
no login-banner
no session-timeout
boot reactivate-zones
aaa authentication login local
aaa authentication enable local
username riverhead dynamic encrypted 18bDeIzywxCC6
username admin admin encrypted $1$NRKWelAK$Tv5uahS2D7k7TbziobmkJ.
enable password level admin encrypted $1$NOMYVqK1$J8/84WCyBF5KRnOaQ27e20
enable password level config encrypted $1$OgfM2.TA$7md4ILRKUtR5tlv2/GXCh/
enable password level dynamic encrypted $1$45.QbA0j$ln2I3Q.WMY/LYnjGNueI0/
snmp community cisco
interface giga1
mtu 1500
no shutdown
exit
interface giga2
mtu 1500
no shutdown
exit
interface mng
[email protected]#exit
[Connection to 127.0.0.81 closed by foreign host]
DC-BB-1#sh run
DC-BB-1#sh running-config
Building configuration...
Current configuration : 17333 bytes
!
! Last configuration change at 15:20:06 Korea Tue Nov 11 2008 by cisco
! NVRAM config last updated at 13:12:14 Korea Tue Nov 11 2008 by cisco
!
upgrade fpd auto
version 12.2
service timestamps debug uptime
service timestamps log datetime localtime
no service password-encryption
service counters max age 5
!
hostname DC-BB-1
!
boot-start-marker
boot system flash sup-bootdisk:s72033-adventerprisek9_wan-mz.122-33.SXH2a.bin
boot-end-marker
!
enable secret 5 $1$4uVM$5pXNCqIFMaid.OaXt0386.
enable password cisco123
!
username admin password 0 cisco
username root password 0 cisco123
username cisco password 0 cisco
aaa new-model
!
aaa session-id common
clock timezone Korea 9
svclc multiple-vlan-interfaces
svclc module 3 vlan-group 1,2,3,4,5,6,7,8,100,
anomaly-detector module 8 management-port access-vlan 100
anomaly-detector module 8 data-port 1 capture
anomaly-detector module 8 data-port 2 capture
anomaly-detector module 8 data-port 1 capture allowed-vlan 22-24
anomaly-detector module 8 data-port 2 capture allowed-vlan 25,51,998
anomaly-guard module 7 port 1 allowed-vlan 100,900,991
anomaly-guard module 7 port 2 allowed-vlan 900,991
anomaly-guard module 7 port 3 allowed-vlan 900,991
firewall multiple-vlan-interfaces
firewall module 2 vlan-group 1,2,3,4,5,7,9,100,
firewall vlan-group 1 22,32,42
firewall vlan-group 2 23,33,43
firewall vlan-group 3 24,34,44,54
firewall vlan-group 4 25,35
firewall vlan-group 5 99,198,199
firewall vlan-group 6 111,112
firewall vlan-group 7 298,299
firewall vlan-group 8 49,50
firewall vlan-group 100 100
analysis module 9 management-port access-vlan 100
analysis module 9 data-port 1 capture
analysis module 9 data-port 1 capture allowed-vlan 1,10-300,500,800,1002-1005
analysis module 9 data-port 1 capture allowed-vlan 801,900,920,991,998,999
call-home
alert-group configuration
alert-group diagnostic
alert-group environment
alert-group inventory
alert-group syslog
profile "CiscoTAC-1"
no active
no destination transport-method http
destination transport-method email
destination address email [email protected]
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
subscribe-to-alert-group diagnostic severity minor
subscribe-to-alert-group environment severity minor
subscribe-to-alert-group syslog severity major pattern ".*"
subscribe-to-alert-group configuration periodic monthly 11 16:09
subscribe-to-alert-group inventory periodic monthly 11 15:54
ip subnet-zero
!
!
!
ip vrf acevrf
rd 50:1
!
ip ssh authentication-retries 5
ip ssh version 1
no ip domain-lookup
ip domain-name ciscokorea.com
ip host 4710b 192.168.200.253
ip host 4710a 192.168.200.252
ip host cm 192.168.30.11
ip host center 192.168.30.10
ip host remote 192.168.101.10
ip host branch 172.16.3.2
ip host BB2 192.168.47.2
ipv6 mfib hardware-switching replication-mode ingress
vtp domain cbc-dc3.0
vtp mode transparent
mls ip cef load-sharing full simple
no mls acl tcam share-global
mls netflow interface
mls flow ip interface-full
no mls flow ipv6
mls qos
mls rate-limit unicast ip options 10 10
mls rate-limit all ttl-failure 10 10
mls cef error action reset
!
!
!
!
!
!
!
!
!
!
redundancy
keepalive-enable
mode sso
main-cpu
auto-sync running-config
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree vlan 49,51-52 priority 8192
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
port-channel load-balance dst-port
!
!
vlan access-map ADM 10
match ip address VACL_for_ADM
action forward capture
vlan access-map ADM 20
match ip address VACL_for_ADM
action forward
!
vlan access-map nam 199
match ip address NAM-Filter
action forward capture
!
vlan filter nam vlan-list 1,10-300,500,800-801,900,920,991,998-999
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 10
name =Core-Router-Link=
!
vlan 11
name =SVC-Module-Mgmt=
!
vlan 22
name =Admin-FW-Outside=
!
vlan 23
name =Red-FW-Outside=
!
vlan 24
name =Blue-FW-Outside=
!
vlan 25
name =Green-FW-Outside=
!
vlan 30
name =WAAS-Network=
!
vlan 31
name =WAAS_Test_Network=
!
vlan 32
name =Admin-FW-Inside&ACE-Client=
!
vlan 33
name =Red-FW-Inside&ACE-Client=
!
vlan 34
name =Blue-FW-Inside&ACE-Client=
!
vlan 35
name =Green-FW-Inside&ACE-Client=
!
vlan 42
name =Admin-ACE-Server=
!
vlan 43
name =Red-ACE-Server=
!
vlan 44
name =Blue-ACE-Server=
!
vlan 45
name =Green-ACE-Server=
!
vlan 54
name =BLUE-ACE-Cache=
!
vlan 99
name =ACE-FT-Vlan=
!
vlan 100
name =10.72.83.0-L2=
!
vlan 111
!
vlan 192
name =VFDC-server-conn=
!
vlan 198
name =FWSM-Failover-Vlan=
!
vlan 199
name =FWSM-State-Vlan=
!
vlan 200
name =ACE4710-A-Client=
!
vlan 201
name =ACE4710-FT-Vlan=
!
vlan 298-299
!
vlan 300
name =Kium-Security=
!
vlan 500,700
!
vlan 800
name AGM-Hijack-Selector
!
vlan 801
!
vlan 900
name =AGM-Hijacking=
!
vlan 910
name Kium-Test-Outside
!
vlan 911
name Kium-Test-Inside
!
vlan 920
!
vlan 991
name =AGM-Injection=
!
vlan 992
name =Test-wookkim=
!
vlan 998
name Cat6500-2_to_ADM1
remote-span
!
vlan 999
name Cat6500-1_to_ADM2
remote-span
!
class-map match-all CoPP
match access-group name CoPP
class-map match-all CoPP_Test
match access-group name CoPP_Frag
!
!
policy-map CoPP-Policy
class CoPP
police cir 10000000 bc 25600 be 25600
drop
conform-action transmit
exceed-action
violate-action drop
policy-map CoPP
class CoPP
policy-map CoPP_Test_Policy
class CoPP_Test
police 50000 12800 12800
violate-action drop
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip flow ingress
!
interface Loopback10
ip address 1.1.1.1 255.255.255.255
ip flow ingress
!
interface GigabitEthernet1/1
description =Core-Router=
switchport
switchport access vlan 10
switchport mode access
load-interval 30
spanning-tree portfast
!
interface GigabitEthernet1/2
conform-action transmit
exceed-action drop
no ip address
!
interface GigabitEthernet1/3
description =WAAS-CM=
switchport
switchport access vlan 100
switchport mode access
load-interval 30
rmon collection stats 6002 owner monitor
spanning-tree portfast
!
interface GigabitEthernet1/4
description =WAAS-CENTER=
switchport
switchport access vlan 30
switchport mode access
load-interval 30
rmon collection stats 6003 owner monitor
spanning-tree portfast
!
interface GigabitEthernet1/5
no ip address
!
interface GigabitEthernet1/6
no ip address
!
interface GigabitEthernet1/7
no ip address
!
interface GigabitEthernet1/8
no ip address
!
interface GigabitEthernet1/9
no ip address
!
interface GigabitEthernet1/10
no ip address
!
interface GigabitEthernet1/11
switchport
switchport access vlan 192
switchport trunk allowed vlan 192
switchport mode trunk
!
interface GigabitEthernet1/12
switchport
switchport access vlan 192
!
interface GigabitEthernet1/13
no ip address
!
interface GigabitEthernet1/14
no ip address
!
interface GigabitEthernet1/15
no ip address
!
interface GigabitEthernet1/16
switchport
switchport access vlan 992
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/17
description === VMware Web Servers for ACE LB ===
switchport
switchport access vlan 43
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/18
no ip address
!
interface GigabitEthernet1/19
no ip address
!
interface GigabitEthernet1/20
no ip address
!
interface GigabitEthernet1/21
no ip address
!
interface GigabitEthernet1/22
no ip address
!
interface GigabitEthernet1/23
no ip address
!
interface GigabitEthernet1/24
no ip address
!
interface GigabitEthernet1/25
switchport
switchport access vlan 192
!
interface GigabitEthernet1/26
switchport
switchport access vlan 192
!
interface GigabitEthernet1/27
switchport
switchport access vlan 192
!
interface GigabitEthernet1/28
switchport
switchport access vlan 192
!
interface GigabitEthernet1/29
switchport
switchport access vlan 192
!
interface GigabitEthernet1/30
switchport
switchport access vlan 192
!
interface GigabitEthernet1/31
switchport
switchport access vlan 192
!
interface GigabitEthernet1/32
switchport
switchport access vlan 192
!
interface GigabitEthernet1/33
switchport
switchport access vlan 192
!
interface GigabitEthernet1/34
switchport
switchport access vlan 192
!
interface GigabitEthernet1/35
switchport
switchport access vlan 192
!
interface GigabitEthernet1/36
switchport
switchport access vlan 192
!
interface GigabitEthernet1/37
no ip address
!
interface GigabitEthernet1/38
no ip address
!
interface GigabitEthernet1/39
no ip address
!
interface GigabitEthernet1/40
description =Smartbit-mgmt=
switchport
switchport access vlan 300
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/41
switchport
switchport access vlan 23
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/42
switchport
switchport access vlan 33
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/43
switchport
switchport access vlan 910
switchport mode access
!
interface GigabitEthernet1/44
switchport
switchport access vlan 911
switchport mode access
!
interface GigabitEthernet1/45
no ip address
!
interface GigabitEthernet1/46
switchport
switchport access vlan 100
load-interval 30
rmon collection stats 6045 owner monitor
!
interface GigabitEthernet1/47
no ip address
!
interface GigabitEthernet1/48
description =DC-Trunk-Vlan=
switchport
switchport trunk allowed vlan 2,11,22-25,30,32-35,42-45,49-52,99,100,198-201
switchport trunk allowed vlan add 298,299,500,800,991,998,999
switchport mode trunk
load-interval 30
!
interface GigabitEthernet4/1
switchport
switchport access vlan 910
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/2
switchport
switchport access vlan 911
switchport mode access
!
interface GigabitEthernet4/3
switchport
switchport access vlan 911
switchport mode access
!
interface GigabitEthernet4/4
no ip address
shutdown
!
interface GigabitEthernet4/5
no ip address
shutdown
!
interface GigabitEthernet4/6
no ip address
shutdown
!
interface GigabitEthernet4/7
no ip address
shutdown
!
interface GigabitEthernet4/8
no ip address
shutdown
!
interface GigabitEthernet4/9
no ip address
shutdown
!
interface GigabitEthernet4/10
no ip address
shutdown
!
interface GigabitEthernet4/11
no ip address
shutdown
!
interface GigabitEthernet4/12
no ip address
shutdown
!
interface GigabitEthernet4/13
no ip address
shutdown
!
interface GigabitEthernet4/14
no ip address
shutdown
!
interface GigabitEthernet4/15
no ip address
shutdown
!
interface GigabitEthernet4/16
no ip address
shutdown
!
interface GigabitEthernet5/1
no ip address
ip flow ingress
shutdown
!
interface GigabitEthernet5/2
no ip address
ip flow ingress
shutdown
!
interface GigabitEthernet6/1
switchport
switchport access vlan 500
switchport mode access
!
interface GigabitEthernet6/2
ip address 3.3.3.1 255.255.255.252
ip flow ingress
media-type rj45
spanning-tree portfast
!
interface Vlan1
no ip address
ip flow ingress
!
interface Vlan10
description =Core-Router-Link=
ip address 172.16.1.2 255.255.255.0
ip flow ingress
!
interface Vlan11
description =SVC-Module-Mgmt=
ip address 192.168.11.2 255.255.255.0
ip flow ingress
standby 11 ip 192.168.11.1
standby 11 priority 150
!
interface Vlan22
description =Admin-FW-Outside=
ip address 192.168.22.2 255.255.255.0
ip flow ingress
standby 22 ip 192.168.22.1
standby 22 priority 150
!
interface Vlan23
description =Red-FW-Outside=
ip address 192.168.23.2 255.255.255.0
ip flow ingress
standby 23 ip 192.168.23.1
standby 23 priority 150
!
interface Vlan24
description =Blue-FW-Outside=
ip address 192.168.24.2 255.255.255.0
ip flow ingress
standby 24 ip 192.168.24.1
standby 24 priority 150
!
interface Vlan25
description =Green-FW-Outside=
ip address 192.168.25.2 255.255.255.0
ip flow ingress
standby 25 ip 192.168.25.1
standby 25 priority 150
!
interface Vlan30
description =WAAS-Network=
ip address 192.168.30.2 255.255.255.0
ip flow ingress
standby 30 ip 192.168.30.1
standby 30 priority 150
!
interface Vlan31
description =WAAS_Test_Network=
ip address 192.168.31.1 255.255.255.0
ip policy route-map Center-Branch
!
interface Vlan32
no ip address
shutdown
!
interface Vlan34
no ip address
shutdown
!
interface Vlan35
no ip address
ip flow ingress
!
interface Vlan49
description =ACE Cache Client Vlan connected=
ip address 192.168.49.2 255.255.255.0
ip flow ingress
standby 49 ip 192.168.49.1
standby 49 priority 150
!
interface Vlan111
ip address 192.168.111.1 255.255.255.0
ip flow ingress
!
interface Vlan192
description =VFDC-server-connection=
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.61
!
interface Vlan200
description =ACE4710-GW=
ip address 192.168.200.2 255.255.255.0
no ip redirects
ip flow ingress
standby 200 ip 192.168.200.1
standby 200 priority 150
!
interface Vlan299
ip address 192.168.99.2 255.255.255.0
ip flow ingress
standby 99 ip 192.168.99.1
standby 99 priority 150
!
interface Vlan300
description =SmartBit=
ip address 10.72.81.1 255.255.255.0
!
interface Vlan500
ip address 192.168.50.2 255.255.255.0
ip flow ingress
standby 50 ip 192.168.50.1
standby 50 priority 105
standby 50 preempt
!
interface Vlan700
ip address 70.70.0.1 255.255.0.0
ip flow ingress
!
interface Vlan800
ip address 80.80.80.1 255.255.255.0
!
interface Vlan900
description === AGM-Active Hijacking ===
ip address 90.90.90.1 255.255.255.0
ip flow ingress
!
interface Vlan991
description =AGM-Injection=
ip address 91.91.91.2 255.255.255.0
ip flow ingress
ip policy route-map Guard-Injection-PBR
standby 91 ip 91.91.91.1
standby 91 priority 105
standby 91 preempt
!
interface Vlan992
description === Test-wookkim-gi1/16 ===
ip address 192.168.92.1 255.255.255.0
!
router eigrp 1
network 192.168.99.0
no auto-summary
!
router ospf 1
router-id 80.80.80.1
log-adjacency-changes
redistribute static metric 1 subnets route-map redib-ospf
network 80.80.80.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.1 name default-route
ip route 10.72.83.61 255.255.255.255 172.16.1.1
ip route 192.168.32.0 255.255.255.0 192.168.22.254 name red-network
ip route 192.168.33.0 255.255.255.0 192.168.23.254 name blue-network
ip route 192.168.34.0 255.255.255.0 192.168.24.100 name green-network
!
!
no ip http server
no ip http secure-server
!
ip access-list extended CoPP
permit ip any host 192.168.50.2
permit ip any host 192.168.99.2
permit ip any host 192.168.90.1
permit ip any host 192.168.99.1
ip access-list extended NAM-Filter
permit ip any any
ip access-list extended VACL_for_ADM
permit ip any any
ip access-list extended admin-net
permit ip any 192.168.22.0 0.0.0.255
permit ip any 192.168.32.0 0.0.0.255
ip access-list extended blue-net
permit ip any 192.168.24.0 0.0.0.255
permit ip any 192.168.34.0 0.0.0.255
ip access-list extended green-dsr-net
permit ip any 192.168.25.0 0.0.0.255
ip access-list extended red-net
permit ip any 192.168.23.0 0.0.0.255
permit ip any 192.168.33.0 0.0.0.255
ip access-list extended test-wookkim
permit ip any host 192.168.92.100
!
access-list 1 permit any log
access-list 100 permit ip any 10.10.10.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 permit ip any any
access-list 109 permit tcp any any eq www
access-list 110 permit tcp any eq www any
access-list 130 permit ip host 192.168.31.10 host 172.16.120.10
access-list 150 permit ip any any
!
route-map Center-Branch permit 10
match ip address 130
set ip next-hop 192.168.30.10
!
route-map Branch-Center permit 10
match ip address 131
set ip next-hop 192.168.30.10
!
route-map Guard-Injection-PBR permit 10
match ip address admin-net
set ip next-hop 172.16.22.254
!
route-map Guard-Injection-PBR permit 20
match ip address red-net
set ip next-hop 192.168.23.254
!
route-map Guard-Injection-PBR permit 30
match ip address blue-net
set ip next-hop 192.168.24.100
!
route-map Guard-Injection-PBR permit 40
match ip address green-dsr-net
set interface Vlan25
!
route-map Guard-Injection-PBR permit 50
match ip address test-wookkim
set interface Vlan992
!
route-map redib-ospf permit 10
match interface Vlan900
!
snmp-server community public RO
snmp-server community private RW
snmp-server community cisco RW
snmp-server trap-source Vlan10
tftp-server disk0:c6svc-fwm-k9.3-2-3.bin
tftp-server disk0:asdm-6104F.bin
tftp-server disk0:c6svc-fwm-k9.4-0-1.bin
tftp-server disk0:c6svc-fwm-k9.3-2-6.bin
tftp-server disk0:asdm-61151f.bin
!
radius-server source-ports 1645-1646
!
control-plane
!
!
dial-peer cor custom
!
!
!
alias exec fwsm ses slo 2 pr 1
alias exec nam ses slo 9 pr 1
alias exec adm ses slo 8 pr 1
alias exec ace ses slo 3 pr 0
alias exec agm ses slo 7 pr 1
alias exec pr show process cpu | inc five
!
line con 0
logging synchronous
line vty 0 4
exec-timeout 5 0
timeout login response 300
password cisco
transport input telnet ssh
line vty 5 15
exec-timeout 5 0
timeout login response 300
password cisco
transport input telnet ssh
!
!
monitor session 1 source remote vlan 998
no monitor session servicemodule
ntp source Vlan10
ntp master
ntp server 10.72.83.2
!
end
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement