Difference between revisions of "24PinTechSwitch Config"
(Current running configuration of the main switch for the CTE network) |
(current switch config cleaned up a little) |
||
| Line 7: | Line 7: | ||
! | ! | ||
! Last configuration change at 15:17:16 UTC Fri Aug 30 2024 by 24PinTech | ! Last configuration change at 15:17:16 UTC Fri Aug 30 2024 by 24PinTech | ||
! | ! | ||
| Line 23: | Line 21: | ||
no platform punt-keepalive disable-kernel-core | no platform punt-keepalive disable-kernel-core | ||
! | ! | ||
hostname 24PinTech_Switch | hostname 24PinTech_Switch | ||
! | ! | ||
! | ! | ||
vrf definition Mgmt-vrf | vrf definition Mgmt-vrf | ||
! | ! | ||
| Line 39: | Line 33: | ||
exit-address-family | exit-address-family | ||
! | ! | ||
| Line 45: | Line 38: | ||
exit-address-family | exit-address-family | ||
! | ! | ||
enable secret 5 $1$bibk$uwpxgKcUpBT0Qz.R1EfA50 | enable secret 5 $1$bibk$uwpxgKcUpBT0Qz.R1EfA50 | ||
! | ! | ||
no aaa new-model | no aaa new-model | ||
switch 1 provision ws-c3650-24ps | switch 1 provision ws-c3650-24ps | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
shutdown vlan 99 | shutdown vlan 99 | ||
! | ! | ||
| Line 101: | Line 75: | ||
rsakeypair TP-self-signed-833429682 | rsakeypair TP-self-signed-833429682 | ||
! | ! | ||
! | ! | ||
crypto pki certificate chain TP-self-signed-833429682 | crypto pki certificate chain TP-self-signed-833429682 | ||
! | ! | ||
| Line 117: | Line 88: | ||
spanning-tree extend system-id | spanning-tree extend system-id | ||
! | ! | ||
! | ! | ||
username 24pintech privilege 15 password 7 03291A08345F6C6D7031395743025A0230792 | username 24pintech privilege 15 password 7 03291A08345F6C6D7031395743025A0230792 | ||
redundancy | redundancy | ||
mode sso | mode sso | ||
! | ! | ||
! | ! | ||
! | ! | ||
| Line 150: | Line 114: | ||
class-map match-any system-cpp-police-sys-data | class-map match-any system-cpp-police-sys-data | ||
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL | description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL | ||
class-map match-any system-cpp-police-punt-webauth | class-map match-any system-cpp-police-punt-webauth | ||
| Line 205: | Line 169: | ||
description Protocol snooping | description Protocol snooping | ||
! | ! | ||
| Line 261: | Line 224: | ||
class system-cpp-default | class system-cpp-default | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
! | ! | ||
| Line 297: | Line 246: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 307: | Line 255: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 317: | Line 264: | ||
switchport mode trunk | switchport mode trunk | ||
! | ! | ||
| Line 327: | Line 273: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 337: | Line 282: | ||
switchport mode trunk | switchport mode trunk | ||
! | ! | ||
| Line 347: | Line 291: | ||
negotiation auto | negotiation auto | ||
! | ! | ||
| Line 359: | Line 302: | ||
channel-group 3 mode active | channel-group 3 mode active | ||
! | ! | ||
| Line 371: | Line 313: | ||
channel-group 3 mode active | channel-group 3 mode active | ||
! | ! | ||
| Line 381: | Line 322: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 391: | Line 331: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 401: | Line 340: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 411: | Line 349: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 421: | Line 358: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 431: | Line 367: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 441: | Line 376: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 451: | Line 385: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 461: | Line 394: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 471: | Line 403: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 481: | Line 412: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 491: | Line 421: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 501: | Line 430: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 511: | Line 439: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 521: | Line 448: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 531: | Line 457: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 541: | Line 466: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 551: | Line 475: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 561: | Line 484: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 571: | Line 493: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 581: | Line 502: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
| Line 591: | Line 511: | ||
switchport mode access | switchport mode access | ||
! | ! | ||
interface GigabitEthernet1/1/1 | interface GigabitEthernet1/1/1 | ||
! | ! | ||
interface GigabitEthernet1/1/2 | interface GigabitEthernet1/1/2 | ||
! | ! | ||
interface GigabitEthernet1/1/3 | interface GigabitEthernet1/1/3 | ||
! | ! | ||
interface GigabitEthernet1/1/4 | interface GigabitEthernet1/1/4 | ||
! | ! | ||
| Line 615: | Line 530: | ||
shutdown | shutdown | ||
! | ! | ||
| Line 623: | Line 537: | ||
ip address 10.21.25.28 255.255.255.0 | ip address 10.21.25.28 255.255.255.0 | ||
! | ! | ||
| Line 631: | Line 544: | ||
no ip address | no ip address | ||
! | ! | ||
| Line 643: | Line 555: | ||
ip http secure-server | ip http secure-server | ||
! | ! | ||
| Line 731: | Line 642: | ||
permit tcp any any eq 8080 | permit tcp any any eq 8080 | ||
! | ! | ||
! | ! | ||
! | ! | ||
| Line 741: | Line 649: | ||
service-policy input system-cpp-policy | service-policy input system-cpp-policy | ||
! | ! | ||
banner motd ^CAuthorized personnel only! Violators will be subject to the wrath of Chambie!^C | banner motd ^CAuthorized personnel only! Violators will be subject to the wrath of Chambie!^C | ||
! | ! | ||
| Line 777: | Line 683: | ||
login | login | ||
! | ! | ||
! | ! | ||
wsma agent exec | wsma agent exec | ||
! | ! | ||
wsma agent config | wsma agent config | ||
! | ! | ||
wsma agent filesys | wsma agent filesys | ||
! | ! | ||
wsma agent notify | wsma agent notify | ||
! | ! | ||
! | ! | ||
| Line 815: | Line 714: | ||
end | end | ||
==Notes:== | ==Notes:== | ||
When running an [https://unraid.net/ UnRaid] server the normal <code>{(C-IF)#channel-group on}</code>command may '''NOT''' work, instead use <code>{(C-IF)#channel-protocol lacp}</code>to independently force '''LACP''' on all ports in range. (THIS WILL USUALLY BE NEEDED WHEN USING BOND MODE "ACTIVE-BACKUP (#)" ON UNRAID.) | When running an [https://unraid.net/ UnRaid] server the normal <code>{(C-IF)#channel-group on}</code>command may '''NOT''' work, instead use <code>{(C-IF)#channel-protocol lacp}</code>to independently force '''LACP''' on all ports in range. (THIS WILL USUALLY BE NEEDED WHEN USING BOND MODE "ACTIVE-BACKUP (#)" ON UNRAID.) | ||
Revision as of 17:27, 3 September 2024
Running Configuration
Configuration as of 8/30/24
Building configuration...
Current configuration : 10053 bytes
! ! Last configuration change at 15:17:16 UTC Fri Aug 30 2024 by 24PinTech !
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core !
hostname 24PinTech_Switch ! !
vrf definition Mgmt-vrf !
address-family ipv4
exit-address-family !
address-family ipv6
exit-address-family !
enable secret 5 $1$bibk$uwpxgKcUpBT0Qz.R1EfA50 !
no aaa new-model
switch 1 provision ws-c3650-24ps ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
shutdown vlan 99 !
crypto pki trustpoint TP-self-signed-833429682
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-833429682
revocation-check none
rsakeypair TP-self-signed-833429682 ! !
crypto pki certificate chain TP-self-signed-833429682 !
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id ! !
username 24pintech privilege 15 password 7 03291A08345F6C6D7031395743025A0230792
redundancy
mode sso ! ! !
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping !
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default ! ! ! ! ! ! ! ! ! ! ! ! ! !
interface Port-channel1
description Ports: 9, 10, 11, 12 to Asgard
switchport access vlan 25
switchport mode access !
interface Port-channel2
description Ports: 3, 4, 5, 6 to Valhalla
switchport access vlan 25
switchport mode access !
interface Port-channel3
description Ports: 1, 2 to School Network
switchport trunk allowed vlan 25
switchport mode trunk !
interface Port-channel4
description Ports: 13, 14, 15, 16 to SAKAAR
switchport access vlan 25
switchport mode access !
interface Port-channel5
description Ports: 17, 18, 19, 20 to BLACK ADAM
switchport access vlan 25
switchport mode trunk !
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto !
interface GigabitEthernet1/0/1
description Ports: 1, 2 to School Network
switchport trunk allowed vlan 25
switchport mode trunk
channel-group 3 mode active !
interface GigabitEthernet1/0/2
description Ports: 1, 2 to School Network
switchport trunk allowed vlan 25
switchport mode trunk
channel-group 3 mode active !
interface GigabitEthernet1/0/3
description Ports: 3, 4, 5, 6 to Valhalla
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/4
description Ports: 3, 4, 5, 6 to Valhalla
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/5
description Ports: 3, 4, 5, 6 to Valhalla
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/6
description Ports: 3, 4, 5, 6 to Valhalla
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/7
description OPEN
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/8
description OPEN
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/9
description Ports: 9, 10, 11, 12 to Asgard
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/10
description Ports: 9, 10, 11, 12 to Asgard
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/11
description Ports: 9, 10, 11, 12 to Asgard
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/12
description Ports: 9, 10, 11, 12 to Asgard
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/13
description Prots 13,14,15,16 to SAKAAR
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/14
description Prots 13,14,15,16 to SAKAAR
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/15
description Prots 13,14,15,16 to SAKAAR
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/16
description Prots 13,14,15,16 to SAKAAR
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/17
description Ports 17,18,19,20 to Pythagoras (Truenas)
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/18
description Ports 17,18,19,20 to Pythagoras (Truenas)
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/19
description Ports 17,18,19,20 to Pythagoras (Truenas)
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/20
description Ports 17,18,19,20 to Pythagoras (Truenas)
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/21
description connection to Xandar
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/22
description connection to Xandar
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/23
description connection to Xandar
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/0/24
description connection to Xandar
switchport access vlan 25
switchport mode access !
interface GigabitEthernet1/1/1 !
interface GigabitEthernet1/1/2 !
interface GigabitEthernet1/1/3 !
interface GigabitEthernet1/1/4 !
interface Vlan1
no ip address
shutdown !
interface Vlan25
description Used to create active SVI
ip address 10.21.25.28 255.255.255.0 !
interface Vlan99
description Management VLAN for CISCOACA.local domain
no ip address !
ip default-gateway 10.21.25.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server !
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080 ! ! !
control-plane
service-policy input system-cpp-policy !
banner motd ^CAuthorized personnel only! Violators will be subject to the wrath of Chambie!^C !
line con 0
password 7 080078764D4B554742
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 080878764A4A554742
logging synchronous
login local
line vty 5 15
password 7 080878764A4A554742
logging synchronous
login ! !
wsma agent exec !
wsma agent config !
wsma agent filesys !
wsma agent notify ! !
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end
Notes:
When running an UnRaid server the normal {(C-IF)#channel-group on}command may NOT work, instead use {(C-IF)#channel-protocol lacp}to independently force LACP on all ports in range. (THIS WILL USUALLY BE NEEDED WHEN USING BOND MODE "ACTIVE-BACKUP (#)" ON UNRAID.)