jaraddowning/cswitch.conf

## cswitch.conf
version 15.2
no service pad
no service timestamps debug uptime
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname cswitch
!
boot-start-marker
boot-end-marker
!
enable secret 5 supersecrethash
!
username admin privilege 15 secret 5 supersecrethash
username user1 secret 5 supersecrethash
username user2 privilege 15 secret 5 supersecrethash
aaa new-model
!
!
aaa group server tacacs+ someauth
 server name SOMESERVER
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting send stop-record authentication failure
aaa accounting update newinfo periodic 5
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
!
!
!
!
!
!
aaa session-id common
process cpu threshold type total rising 75 interval 30 falling 70 interval 10
clock timezone EST -5 0
clock summer-time EDT date Apr 11 2019 1:00 Nov 3 2019 1:00
no ip source-route
!
!
ip domain-name local.lan
login block-for 120 attempts 5 within 100
login delay 10
!
!
!
!
!
!
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos
!
crypto pki trustpoint TP-self-signed-3641022720
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3641022720
 revocation-check none
 rsakeypair TP-self-signed-3641022720
!
!
crypto pki certificate chain TP-self-signed-3641022720
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  -- snip --
  A6AD3EAA 0B6A28F7 816E276E 5598B0
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 no ip address
!
interface Port-channel1
 description ESXi_PoCh_Trunk
 switchport mode access
!
interface FastEthernet0
 no ip address
 shutdown
!
interface GigabitEthernet0/1
 spanning-tree portfast
 switchport access vlan 20
!
interface GigabitEthernet0/2
 description computer1
 switchport access vlan 50
 spanning-tree portfast
!
interface GigabitEthernet0/3
 description raspberrypi
 switchport access vlan 50
 spanning-tree portfast
!
interface GigabitEthernet0/4
 description Dock
 switchport access vlan 20
 spanning-tree portfast
!
interface GigabitEthernet0/5
 description computer2
 switchport access vlan 20
 spanning-tree portfast
!
interface GigabitEthernet0/6
 description WOPR
 switchport access vlan 20
 switchport mode trunk
!
interface GigabitEthernet0/7
 description computer4
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet0/8
 description computer5
 switchport access vlan 20
 spanning-tree portfast
!
interface GigabitEthernet0/9
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/10
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/11
 switchport mode trunk
!
interface GigabitEthernet0/12
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/13
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/14
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/15
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/16
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/17
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/18
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/19
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/20
 description vmnic0
 switchport mode trunk
!
interface GigabitEthernet0/21
 description vmnic1
 switchport mode trunk
!
interface GigabitEthernet0/22
 description vmnic2
 switchport mode trunk
!
interface GigabitEthernet0/23
 description vmnic3
 switchport mode trunk
!
interface GigabitEthernet0/24
 description AP
 switchport mode trunk
!
interface GigabitEthernet0/25
 switchport mode trunk
 mls qos trust cos
 macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface GigabitEthernet0/26
 switchport mode trunk
 mls qos trust cos
 macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface Vlan1
 ip address 192.168.1.252 255.255.255.0
 ip access-group 10 in
!
interface Vlan10
 ip address 10.0.10.252 255.255.255.0
 ip helper-address 10.0.10.254
!
interface Vlan20
 ip address 10.0.21.252 255.255.254.0
 ip helper-address 10.0.21.254
!
interface Vlan30
 ip address 10.0.30.252 255.255.255.0
 ip helper-address 10.0.30.254
!
interface Vlan40
 ip address 10.0.40.252 255.255.255.0
 ip helper-address 10.0.40.254
!
interface Vlan50
 ip address 10.0.50.252 255.255.255.0
 ip helper-address 10.0.50.254
!
ip default-gateway 192.168.1.254
no ip http server
no ip http secure-server
!
ip ssh version 2
ip ssh pubkey-chain
  username user2
   key-hash ssh-rsa FB1-- snip --E3A1 AAAAB3-- snip --998jj user2@wopr
   key-hash ssh-rsa 4F3A-- snip --97FB8
ip tacacs source-interface Vlan20
!
ip access-list standard ACL-SNMP
 permit any
!
logging trap notifications
logging host 10.0.20.11
snmp-server group LOCALAUTHGROUP v3 priv
snmp-server view cutdown iso included
snmp-server view cutdown at excluded
snmp-server view cutdown snmpUsmMIB excluded
snmp-server view cutdown snmpVacmMIB excluded
snmp-server view cutdown snmpCommunityMIB excluded
snmp-server view cutdown ip.21 excluded
snmp-server view cutdown ip.22 excluded
snmp-server community localsnmp view cutdown RO
snmp-server location upstairs
snmp-server contact sysadmin@local.lan
tacacs-server key 7 1309070600091D7B
tacacs server SOMESERVER
 address ipv4 10.0.20.13
 key 7 07033158450C0054
!
!
line con 0
line vty 5 15
!
ntp server 204.11.201.12
end
	version 15.2
	no service pad
	no service timestamps debug uptime
	service timestamps log datetime msec
	service password-encryption
	service sequence-numbers
	!
	hostname cswitch
	!
	boot-start-marker
	boot-end-marker
	!
	enable secret 5 supersecrethash
	!
	username admin privilege 15 secret 5 supersecrethash
	username user1 secret 5 supersecrethash
	username user2 privilege 15 secret 5 supersecrethash
	aaa new-model
	!
	!
	aaa group server tacacs+ someauth
	server name SOMESERVER
	!
	aaa authentication login default group tacacs+ local
	aaa authentication enable default group tacacs+ enable
	aaa authorization config-commands
	aaa authorization commands 0 default group tacacs+ none
	aaa authorization commands 15 default group tacacs+ none
	aaa accounting send stop-record authentication failure
	aaa accounting update newinfo periodic 5
	aaa accounting exec default start-stop group tacacs+
	aaa accounting commands 0 default start-stop group tacacs+
	aaa accounting commands 15 default start-stop group tacacs+
	aaa accounting network default start-stop group tacacs+
	!
	!
	!
	!
	!
	!
	aaa session-id common
	process cpu threshold type total rising 75 interval 30 falling 70 interval 10
	clock timezone EST -5 0
	clock summer-time EDT date Apr 11 2019 1:00 Nov 3 2019 1:00
	no ip source-route
	!
	!
	ip domain-name local.lan
	login block-for 120 attempts 5 within 100
	login delay 10
	!
	!
	!
	!
	!
	!
	mls qos srr-queue output cos-map queue 1 threshold 3 5
	mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
	mls qos srr-queue output cos-map queue 3 threshold 3 2 4
	mls qos srr-queue output cos-map queue 4 threshold 2 1
	mls qos srr-queue output cos-map queue 4 threshold 3 0
	mls qos
	!
	crypto pki trustpoint TP-self-signed-3641022720
	enrollment selfsigned
	subject-name cn=IOS-Self-Signed-Certificate-3641022720
	revocation-check none
	rsakeypair TP-self-signed-3641022720
	!
	!
	crypto pki certificate chain TP-self-signed-3641022720
	certificate self-signed 01
	3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
	-- snip --
	A6AD3EAA 0B6A28F7 816E276E 5598B0
	quit
	spanning-tree mode pvst
	spanning-tree extend system-id
	!
	!
	!
	!
	vlan internal allocation policy ascending
	!
	!
	!
	!
	!
	!
	!
	!
	!
	!
	!
	interface Loopback0
	no ip address
	!
	interface Port-channel1
	description ESXi_PoCh_Trunk
	switchport mode access
	!
	interface FastEthernet0
	no ip address
	shutdown
	!
	interface GigabitEthernet0/1
	spanning-tree portfast
	switchport access vlan 20
	!
	interface GigabitEthernet0/2
	description computer1
	switchport access vlan 50
	spanning-tree portfast
	!
	interface GigabitEthernet0/3
	description raspberrypi
	switchport access vlan 50
	spanning-tree portfast
	!
	interface GigabitEthernet0/4
	description Dock
	switchport access vlan 20
	spanning-tree portfast
	!
	interface GigabitEthernet0/5
	description computer2
	switchport access vlan 20
	spanning-tree portfast
	!
	interface GigabitEthernet0/6
	description WOPR
	switchport access vlan 20
	switchport mode trunk
	!
	interface GigabitEthernet0/7
	description computer4
	switchport access vlan 20
	switchport mode access
	!
	interface GigabitEthernet0/8
	description computer5
	switchport access vlan 20
	spanning-tree portfast
	!
	interface GigabitEthernet0/9
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/10
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/11
	switchport mode trunk
	!
	interface GigabitEthernet0/12
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/13
	switchport access vlan 50
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/14
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/15
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/16
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/17
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/18
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/19
	switchport access vlan 20
	switchport mode access
	spanning-tree portfast
	!
	interface GigabitEthernet0/20
	description vmnic0
	switchport mode trunk
	!
	interface GigabitEthernet0/21
	description vmnic1
	switchport mode trunk
	!
	interface GigabitEthernet0/22
	description vmnic2
	switchport mode trunk
	!
	interface GigabitEthernet0/23
	description vmnic3
	switchport mode trunk
	!
	interface GigabitEthernet0/24
	description AP
	switchport mode trunk
	!
	interface GigabitEthernet0/25
	switchport mode trunk
	mls qos trust cos
	macro description cisco-switch
	spanning-tree link-type point-to-point
	!
	interface GigabitEthernet0/26
	switchport mode trunk
	mls qos trust cos
	macro description cisco-switch
	spanning-tree link-type point-to-point
	!
	interface Vlan1
	ip address 192.168.1.252 255.255.255.0
	ip access-group 10 in
	!
	interface Vlan10
	ip address 10.0.10.252 255.255.255.0
	ip helper-address 10.0.10.254
	!
	interface Vlan20
	ip address 10.0.21.252 255.255.254.0
	ip helper-address 10.0.21.254
	!
	interface Vlan30
	ip address 10.0.30.252 255.255.255.0
	ip helper-address 10.0.30.254
	!
	interface Vlan40
	ip address 10.0.40.252 255.255.255.0
	ip helper-address 10.0.40.254
	!
	interface Vlan50
	ip address 10.0.50.252 255.255.255.0
	ip helper-address 10.0.50.254
	!
	ip default-gateway 192.168.1.254
	no ip http server
	no ip http secure-server
	!
	ip ssh version 2
	ip ssh pubkey-chain
	username user2
	key-hash ssh-rsa FB1-- snip --E3A1 AAAAB3-- snip --998jj user2@wopr
	key-hash ssh-rsa 4F3A-- snip --97FB8
	ip tacacs source-interface Vlan20
	!
	ip access-list standard ACL-SNMP
	permit any
	!
	logging trap notifications
	logging host 10.0.20.11
	snmp-server group LOCALAUTHGROUP v3 priv
	snmp-server view cutdown iso included
	snmp-server view cutdown at excluded
	snmp-server view cutdown snmpUsmMIB excluded
	snmp-server view cutdown snmpVacmMIB excluded
	snmp-server view cutdown snmpCommunityMIB excluded
	snmp-server view cutdown ip.21 excluded
	snmp-server view cutdown ip.22 excluded
	snmp-server community localsnmp view cutdown RO
	snmp-server location upstairs
	snmp-server contact sysadmin@local.lan
	tacacs-server key 7 1309070600091D7B
	tacacs server SOMESERVER
	address ipv4 10.0.20.13
	key 7 07033158450C0054
	!
	!
	line con 0
	line vty 5 15
	!
	ntp server 204.11.201.12
	end