Last active
May 2, 2020 16:05
-
-
Save briangordon/974b0f4c0f44e3c0dedd4787dec20cda to your computer and use it in GitHub Desktop.
Switch configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config-file-header | |
switch1 | |
v2.5.0.90 / RTESLA2.5_930_364_105 | |
CLI v1.0 | |
file SSD indicator encrypted | |
@ | |
ssd-control-start | |
ssd config | |
ssd file passphrase control unrestricted | |
no ssd file integrity control | |
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 | |
! | |
! | |
unit-type-control-start | |
unit-type unit 1 network gi uplink none | |
unit-type-control-end | |
! | |
vlan database | |
vlan 10,20 | |
exit | |
interface vlan 1 | |
private-vlan primary | |
exit | |
interface vlan 20 | |
private-vlan isolated | |
exit | |
interface vlan 10 | |
private-vlan community | |
exit | |
voice vlan oui-table add 0001e3 Siemens_AG_phone________ | |
voice vlan oui-table add 00036b Cisco_phone_____________ | |
voice vlan oui-table add 00096e Avaya___________________ | |
voice vlan oui-table add 000fe2 H3C_Aolynk______________ | |
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone | |
voice vlan oui-table add 00d01e Pingtel_phone___________ | |
voice vlan oui-table add 00e075 Polycom/Veritel_phone___ | |
voice vlan oui-table add 00e0bb 3Com_phone______________ | |
no boot host auto-config | |
no boot host auto-update | |
bonjour interface range vlan 1 | |
ip access-list extended Management | |
permit ip 192.168.0.0 0.0.255.255 192.168.1.254 0.0.0.0 ace-priority 1 | |
deny ip any 192.168.1.254 0.0.0.0 ace-priority 2 | |
exit | |
hostname switch1 | |
line console | |
no autobaud | |
exit | |
no passwords complexity enable | |
username brian password encrypted 9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684 privilege 15 | |
ip ssh server | |
ip ssh pubkey-auth auto-login | |
crypto key pubkey-chain ssh | |
user-key brian rsa | |
key-string row AAAAB3NzaC1yc2EAAAADAQABAAACAQD/9lZCi5NS | |
key-string row gYggYrLHqTwOu82bMEMO+uI/ULzAmJl13zG2eAKZ | |
key-string row wg00DlMX97TKb7waGju9wVpGFlOCUavhvo2eZwWN | |
key-string row 2WQx3+X8GG7VEoUvNNWLImFI5Pv9tEk0 | |
key-string row E8WwLTLf733bl/J2Iv1eNwDs9k6/BDxueuvYDIYH | |
key-string row 0OmvsvptPnhZNzaLxshw+Unq6B02EjbS/2slDbU5 | |
key-string row 80TA9RVMjGzmTs/wtuyLpHn3juHerVSm4B8wEc38 | |
key-string row 2nJ0gaCVHHNawQTVf4pOaMeQROMYrvLCfNyB6noX | |
key-string row xc8o/JihvchJ3aB2b3UzwfODGHOHS51SmPoavdks | |
key-string row 433XagvSQj14Ne715XB2TMsLogDrIc1fy3Dy9urL | |
key-string row toguAU0VV1mMshoOYm8YczyJInyoHVckVT9soo3x | |
key-string row Pup53dMPORbNgix+2vbr6zxerK2Ybspt6iWIPFvr | |
key-string row 66qShF1V7QB3vzjh4RuSrhAdnib7rdO70qmzo97V | |
key-string row 9xasDVQi628i4dWl1eLtLdoFEQxfIy3bi802Q/5M | |
key-string row /alaSBclZopVAkx4uhsTJ/9GpCt9HxIiAklGR6rR | |
key-string row fUbjJvfJipuy/BxueFVyWeIh2COsOxwKODmozqHi | |
key-string row ioQw8CsyYglbUw4dHYvz+h5M2asUIhhikRWsBIYX | |
key-string row gqpiqh/T1BB/Aq9XrQ2OIzeBUvHa1vBik3zYfoxo | |
key-string row IQ== | |
exit | |
exit | |
no ip http secure-server | |
clock timezone PST -8 | |
clock summer-time PDT recurring usa | |
ip domain name brian-gordon.net | |
ip name-server 192.168.1.1 | |
no pnp enable | |
! | |
interface vlan 1 | |
name Primary | |
ip address 192.168.1.254 255.255.255.0 | |
no ip address dhcp | |
private-vlan association add 10,20 | |
service-acl input Management default-action permit-any | |
! | |
interface vlan 10 | |
name Community | |
! | |
interface vlan 20 | |
name Isolated | |
! | |
interface GigabitEthernet1 | |
description Firewall | |
ip dhcp snooping trust | |
switchport mode private-vlan promiscuous | |
switchport private-vlan mapping 1 add 10,20 | |
! | |
interface GigabitEthernet2 | |
description "Main PC" | |
switchport mode private-vlan promiscuous | |
switchport private-vlan mapping 1 add 10 | |
! | |
interface GigabitEthernet3 | |
description maple | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
! | |
interface GigabitEthernet4 | |
description orbis | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
! | |
interface GigabitEthernet5 | |
description elnath | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
! | |
interface GigabitEthernet6 | |
shutdown | |
! | |
interface GigabitEthernet7 | |
shutdown | |
! | |
interface GigabitEthernet8 | |
description WAP | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
! | |
interface GigabitEthernet9 | |
channel-group 1 mode on | |
! | |
interface GigabitEthernet10 | |
channel-group 1 mode on | |
! | |
interface Port-Channel1 | |
description "Link to switch2" | |
ip dhcp snooping trust | |
switchport mode trunk | |
! | |
exit | |
ip dhcp snooping | |
ip dhcp snooping database | |
ip dhcp snooping vlan 1 | |
ip arp inspection | |
ip arp inspection validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config-file-header | |
switch2 | |
v2.4.5.71 / RTESLA2.4.5_930_181_144 | |
CLI v1.0 | |
file SSD indicator encrypted | |
@ | |
ssd-control-start | |
ssd config | |
ssd file passphrase control unrestricted | |
no ssd file integrity control | |
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 | |
! | |
! | |
unit-type-control-start | |
unit-type unit 1 network gi uplink none | |
unit-type-control-end | |
! | |
vlan database | |
vlan 10,20 | |
exit | |
interface vlan 1 | |
private-vlan primary | |
exit | |
interface vlan 20 | |
private-vlan isolated | |
exit | |
interface vlan 10 | |
private-vlan community | |
exit | |
voice vlan oui-table add 0001e3 Siemens_AG_phone________ | |
voice vlan oui-table add 00036b Cisco_phone_____________ | |
voice vlan oui-table add 00096e Avaya___________________ | |
voice vlan oui-table add 000fe2 H3C_Aolynk______________ | |
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone | |
voice vlan oui-table add 00d01e Pingtel_phone___________ | |
voice vlan oui-table add 00e075 Polycom/Veritel_phone___ | |
voice vlan oui-table add 00e0bb 3Com_phone______________ | |
bonjour interface range vlan 1 | |
ip access-list extended Management | |
permit ip 192.168.0.0 0.0.255.255 192.168.1.253 0.0.0.0 ace-priority 1 | |
deny ip any 192.168.1.253 0.0.0.0 ace-priority 2 | |
exit | |
hostname switch2 | |
line console | |
no autobaud | |
exit | |
no passwords complexity enable | |
username brian password encrypted 9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684 privilege 15 | |
ip ssh server | |
ip ssh pubkey-auth auto-login | |
crypto key pubkey-chain ssh | |
user-key brian rsa | |
key-string row AAAAB3NzaC1yc2EAAAADAQABAAACAQD/9lZCi5NS | |
key-string row gYggYrLHqTwOu82bMEMO+uI/ULzAmJl13zG2eAKZ | |
key-string row wg00DlMX97TKb7waGju9wVpGFlOCUavhvo2eZwWN | |
key-string row 2WQx3+X8GG7VEoUvNNWLImFI5Pv9tEk0 | |
key-string row E8WwLTLf733bl/J2Iv1eNwDs9k6/BDxueuvYDIYH | |
key-string row 0OmvsvptPnhZNzaLxshw+Unq6B02EjbS/2slDbU5 | |
key-string row 80TA9RVMjGzmTs/wtuyLpHn3juHerVSm4B8wEc38 | |
key-string row 2nJ0gaCVHHNawQTVf4pOaMeQROMYrvLCfNyB6noX | |
key-string row xc8o/JihvchJ3aB2b3UzwfODGHOHS51SmPoavdks | |
key-string row 433XagvSQj14Ne715XB2TMsLogDrIc1fy3Dy9urL | |
key-string row toguAU0VV1mMshoOYm8YczyJInyoHVckVT9soo3x | |
key-string row Pup53dMPORbNgix+2vbr6zxerK2Ybspt6iWIPFvr | |
key-string row 66qShF1V7QB3vzjh4RuSrhAdnib7rdO70qmzo97V | |
key-string row 9xasDVQi628i4dWl1eLtLdoFEQxfIy3bi802Q/5M | |
key-string row /alaSBclZopVAkx4uhsTJ/9GpCt9HxIiAklGR6rR | |
key-string row fUbjJvfJipuy/BxueFVyWeIh2COsOxwKODmozqHi | |
key-string row ioQw8CsyYglbUw4dHYvz+h5M2asUIhhikRWsBIYX | |
key-string row gqpiqh/T1BB/Aq9XrQ2OIzeBUvHa1vBik3zYfoxo | |
key-string row IQ== | |
exit | |
exit | |
no ip http secure-server | |
clock timezone PST -8 | |
clock summer-time PDT recurring usa | |
no ip domain lookup | |
ip domain name brian-gordon.net | |
ip name-server 192.168.1.1 | |
no pnp enable | |
! | |
interface vlan 1 | |
name Primary | |
ip address 192.168.1.253 255.255.255.0 | |
no ip address dhcp | |
private-vlan association add 10,20 | |
service-acl input Management default-action permit-any | |
! | |
interface vlan 10 | |
name Community | |
! | |
interface vlan 20 | |
name Isolated | |
! | |
interface GigabitEthernet1 | |
shutdown | |
! | |
interface GigabitEthernet2 | |
shutdown | |
! | |
interface GigabitEthernet3 | |
shutdown | |
! | |
interface GigabitEthernet4 | |
shutdown | |
! | |
interface GigabitEthernet5 | |
description Laptop | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 20 | |
! | |
interface GigabitEthernet6 | |
description "Workbench equipment" | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
! | |
interface GigabitEthernet7 | |
description "Workbench PC" | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
! | |
interface GigabitEthernet8 | |
description "TV netgear switch" | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 20 | |
! | |
interface GigabitEthernet9 | |
channel-group 1 mode on | |
! | |
interface GigabitEthernet10 | |
channel-group 1 mode on | |
! | |
interface Port-Channel1 | |
description "Link to switch1" | |
ip dhcp snooping trust | |
switchport mode trunk | |
! | |
exit | |
ip dhcp snooping | |
ip dhcp snooping database | |
ip dhcp snooping vlan 1 | |
ip arp inspection | |
ip arp inspection validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clock set 23:58:00 26 Dec 2019 | |
crypto certificate 1 generate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To turn on L3 functionality- | |
ip routing | |
ip route 0.0.0.0 0.0.0.0 192.168.1.1 | |
To set an interface to L3 mode- | |
no switchport | |
https://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config | |
interface GigabitEthernet4 | |
no shutdown | |
description "whatever" | |
switchport mode private-vlan host | |
switchport private-vlan host-association 1 10 | |
exit | |
exit | |
write | |
Note: change line 2 for the port name | |
Note: change line 4 for the device description | |
Note: change line 6 depending on whether the device should be on the community or isolated vlan. 10=community, 20=isolated |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment