be-morns55005-21#sh run Building configuration... Current configuration : 19763 bytes ! ! Last configuration change at 15:36:55 CET Mon May 13 2019 by michael ! version 16.9 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption service linenumber service call-home no platform punt-keepalive disable-kernel-core ! hostname be-morns55005-21 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 16000 enable secret 5 xxxxxxxxxxxx ! aaa new-model ! ! aaa group server tacacs+ ACS_GROUP server 10.233.129.20 server 10.233.129.21 ! aaa group server radius clearpass server name clearpass ! aaa authentication login LOC local-case aaa authentication login TAC group tacacs+ local-case aaa authentication dot1x default group clearpass aaa authorization exec default group tacacs+ if-authenticated aaa authorization network default group clearpass aaa accounting suppress null-username aaa accounting dot1x default start-stop group clearpass aaa accounting exec default start-stop group ACS_GROUP aaa accounting commands 1 default start-stop group ACS_GROUP aaa accounting commands 15 default start-stop group ACS_GROUP aaa accounting network default start-stop group ACS_GROUP aaa accounting connection default start-stop group ACS_GROUP aaa accounting system default start-stop group ACS_GROUP ! ! ! ! ! aaa server radius dynamic-author client 10.233.128.13 client 10.233.128.14 server-key 7 xxxxxxxxxxxx port 3799 ! aaa session-id common clock timezone CET 1 0 clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00 switch 1 provision c9300-24p ! ! ! ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com phone-number "+32 3 4447016 " source-interface Vlan1 profile "CiscoTAC-1" destination transport-method http no destination transport-method email profile "Agfa" reporting smart-licensing-data destination transport-method http no destination transport-method email destination address http http://10.233.129.27:80/Transportgateway/services/DeviceRequestHandler subscribe-to-alert-group environment severity normal no ip source-route ! no ip bootp server ip domain list agfa.be ! ! ! login block-for 100 attempts 2 within 100 login delay 10 login on-success log ! ! ! ! ! vtp mode transparent ! flow record defaultApplicationTraffic match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect transport tcp flags collect counter packets long ! ! crypto pki trustpoint TP-self-signed-2768646636 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2768646636 revocation-check none rsakeypair TP-self-signed-2768646636 ! crypto pki trustpoint SLA-TrustPoint enrollment terminal revocation-check crl ! ! crypto pki certificate chain TP-self-signed-2768646636 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32373638 36343636 3336301E 170D3139 30343034 31323533 35355A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37363836 34363633 36308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 01009198 75F435E4 EEC976F7 A7B13E6D B2C0325F 6FA1DE73 6D1366F3 35A41153 1FCEAC0F 3AA103E1 7C5D35A2 10177AFA B8025947 235CF47D 8CC115E5 90DB4F5F 830B8AD2 864BC186 B82FEEAB F38C0939 31BD71D2 6034578B EA273E6B 92624B73 A94A4F11 59E2DAEC ACC951E0 61DEBDB4 1553970C 2726257B 575839F3 FA712C8A 2A39B9D9 5EF14D87 3A1CE709 63F3F0D6 8ED382F7 1857A669 06734996 A85CC530 E62361D0 6E30D306 3AEFD160 164C71F0 2C321B9E 40ACF8A2 319E8565 AC86452A 14AE9EA0 BCB5303C 76BE398E C2B626A5 BF55334B 8A0E277A 3CD523E0 011A76E8 50E6AACE B9E395C4 F3A6B186 61EEA43C 855B218F FEC4844C E4D408A7 9AD31951 41990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 141A5CCF A7C34C54 D3981FA3 A5A3C30E 71C41EC8 E6301D06 03551D0E 04160414 1A5CCFA7 C34C54D3 981FA3A5 A3C30E71 C41EC8E6 300D0609 2A864886 F70D0101 05050003 82010100 333F2B79 B5CAEFFE 116A9125 7DC00762 A17423CB 83280C8B 4A3E20E9 C7636850 BCF8D4B6 727906DB A658ACAF 1C68FBEF 7F687723 E9562E66 266CF4E8 10C17079 FCD9B4B0 26175988 543F510D E2EAC5A1 8E224827 2D990307 61FB176F 8E87FA7E A710C6B7 74A6EE7D F76496B2 CB94E9C3 EC0A14F8 E2C5C68F 43FEBEDD 8FECCCCA 9FD3C66C 67F15C62 B31FC221 11421848 F0D2282C E4940ACF 4E308C1B EA004564 04F66D9E AE7A46AF E64DC298 DC27B8C4 8A77D37E 32625C79 C34B48A7 CEE972A5 0F73294A BB02A1F7 EE81E428 DBCA93EE D4D11262 ADA9F181 4351D580 8DCC1BEB 4B881B79 25E590A0 7B55A1D1 60514294 0958D341 398D340D AD612C65 626F2F4C quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit ! crypto pki certificate pool cabundle nvram:ios_core.p7b ! license boot level network-essentials addon dna-essentials ! ! diagnostic bootup level minimal ! spanning-tree mode pvst spanning-tree extend system-id dot1x system-auth-control ! ! username ncc privilege 15 password 7 xxxxxxxxxxxx ! redundancy mode sso ! ! ! ! ! transceiver type all monitoring ! vlan 5 name vlan5 ! vlan 152 ! ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description Inter FED, EWLC control, EWLC data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-high-rate-app description High Rate Applications class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any system-cpp-police-control-low-priority description General punt class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy class system-cpp-police-control-low-priority ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address shutdown speed 1000 negotiation auto ! interface GigabitEthernet1/0/1 description be-morns55005-11 switchport trunk allowed vlan 1,500,600,610,611 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/2 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/3 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/4 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/5 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/6 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/7 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/8 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/9 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/10 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/11 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/12 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/13 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/14 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/15 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/16 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/17 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/18 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/19 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/20 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/21 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/22 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/0/23 switchport mode access no cdp enable authentication port-control auto no snmp trap link-status mab dot1x pae authenticator dot1x timeout tx-period 3 spanning-tree portfast ! interface GigabitEthernet1/0/24 switchport access vlan 152 switchport mode access no cdp enable no snmp trap link-status spanning-tree portfast ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/5 ! interface TenGigabitEthernet1/1/6 ! interface TenGigabitEthernet1/1/7 ! interface TenGigabitEthernet1/1/8 ! interface FortyGigabitEthernet1/1/1 ! interface FortyGigabitEthernet1/1/2 ! interface TwentyFiveGigE1/1/1 ! interface TwentyFiveGigE1/1/2 ! interface Vlan1 ip address 10.30.2.31 255.255.255.0 ip helper-address 10.30.3.31 ! ip default-gateway 10.30.2.1 ip forward-protocol nd ip http server ip http authentication aaa login-authentication RAD ip http secure-server ip http secure-active-session-modules none ip http active-session-modules none ip http client source-interface Vlan1 ! ip radius source-interface Vlan1 ! ip access-list extended Default-Secure permit udp any any eq bootpc permit udp any any eq bootps permit udp any any eq domain permit tcp any host 10.233.128.13 eq www permit tcp any host 10.233.128.13 eq 443 permit tcp any host 10.233.128.14 eq 443 permit tcp any host 10.233.128.14 eq www permit tcp any host 10.233.128.15 eq www permit tcp any host 10.233.128.15 eq 443 deny ip any any ip access-list extended Onboard_ACL deny udp any any eq bootpc deny udp any any eq bootps deny tcp any host 10.233.128.15 deny tcp any host 10.233.128.13 deny tcp any host 10.233.128.14 deny udp any any eq domain permit ip any any access-list 90 remark -- SNMPc Remote pollers section Begin -- access-list 90 remark melwv0047 - 10.235.192.37 - SNMPc10 Remote Poller ASPAC access-list 90 permit 10.235.192.37 access-list 90 remark mucswv032 - 10.239.113.132 - SNMPc10 Remote Poller DE access-list 90 permit 10.239.113.132 access-list 90 remark wilswv015 - 10.237.64.182 - SNMPc10 Remote Poller NAFTA access-list 90 permit 10.237.64.182 access-list 90 remark buesuv006 - 10.247.129.103 - Check_MK monitor-ar-bue01 access-list 90 permit 10.247.129.103 access-list 90 permit 10.30.3.11 access-list 90 remark morsuv088 - 10.233.9.193 - Check_MK monitor-be-mor01 access-list 90 permit 10.233.9.193 access-list 90 remark melsuv003 - 10.235.192.16 - Check_MK monitor-au-mel01 access-list 90 permit 10.235.192.16 access-list 90 remark bnjsuv021 - 172.25.48.196 - Check_MK monitor-de-bnj01 access-list 90 permit 172.25.48.196 access-list 90 remark -- Check_MK section END -- access-list 90 remark morsua485 - 10.233.9.171 - Nagios access-list 90 permit 10.233.9.171 access-list 90 remark wtlslvnagios - 10.237.218.108 - OpenDCIM WTL access-list 90 permit 10.237.218.108 access-list 90 remark morsua484 - 10.233.9.179 - Nagios access-list 90 permit 10.233.9.179 access-list 90 remark bodsuv062 - 10.234.95.213 - Check_MK monitor-fr-bod01 access-list 90 permit 10.234.95.213 access-list 90 remark morsuv728 - 10.233.14.157 - Check_MK monitor-be-mor02 access-list 90 permit 10.233.14.157 access-list 90 remark saoswgv100 - 10.238.0.100 - SNMPc10 Remote Poller LATAM access-list 90 permit 10.238.0.100 access-list 90 remark morsua103 - 10.232.8.111 - NCC Server access-list 90 permit 10.232.8.111 access-list 90 remark morsua039 - 10.233.11.110 - Airwave access-list 90 permit 10.233.11.110 access-list 90 remark wtlslvmonitor - 10.237.218.182 - Check_MK Monitoring-Satellite-Waterloo access-list 90 permit 10.237.218.182 access-list 90 remark mgrdb-tr-01 - 172.25.32.26 - Check_MK Monitoring-Satellite-Trier access-list 90 permit 172.25.32.26 access-list 90 remark wtlsuv402 - 10.17.8.141 - Check_MK Monitoring-Satellite-Waterloo access-list 90 permit 10.17.8.141 access-list 90 remark morsua554 - 10.233.9.117 - Nagios access-list 90 permit 10.233.9.117 access-list 90 remark morsuv010 - 10.232.8.77 - Cacti-High access-list 90 permit 10.232.8.77 access-list 90 remark morsua499 - 10.233.9.69 - Nagios access-list 90 permit 10.233.9.69 access-list 90 remark bnjsuv012 - 172.25.48.50 - Check_MK Monitoring-Satellite-Bonn access-list 90 permit 172.25.48.50 access-list 90 remark morsuv729 - 10.233.15.82 - Check_MK monitor-be-mor03 access-list 90 permit 10.233.15.82 access-list 90 remark shgsuv003 - 10.235.57.29 - Check_MK monitor-cn-shg01 access-list 90 permit 10.235.57.29 access-list 90 remark nj3suv402 - 10.16.178.98 - Check_MK Monitoring-Satellite-New_Jersey_(Cologix_DC) access-list 90 permit 10.16.178.98 access-list 90 remark nj3swv015 - 10.16.178.73 - SNMPc10 Remote Poller NAFTA access-list 90 permit 10.16.178.73 access-list 90 remark optiview - 10.232.137.140 - Fluke Optiview Teledata access-list 90 permit 10.232.137.140 access-list 90 remark morswv288 - 10.233.129.18 - SNMPc10 Remote Poller BE access-list 90 remark -- SNMPc Remote pollers section END -- access-list 90 remark -- Check_MK section Begin -- access-list 90 remark viesuv019 - 10.231.160.163 - Check_MK Monitoring-Satellite-Vienna access-list 90 permit 10.231.160.163 access-list 90 remark --- Begin ACL 90 v44, march 20 2019 --- access-list 90 remark IFS-Monitoring subnet access-list 90 permit 10.233.129.0 0.0.0.63 access-list 90 deny any log access-list 90 remark --- End ACL 90 --- ! snmp-server community public RO 90 snmp-server location NCC-Testlab snmp-server contact Agfa_ICS/NCC snmp-server chassis-id $(hostname) snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps license snmp-server enable traps smart-license snmp-server enable traps cpu threshold snmp-server enable traps envmon snmp-server enable traps transceiver all snmp-server host 10.233.129.18 wvgh tacacs-server host 10.233.129.20 timeout 3 key 7 xxxxxxxxxxxx tacacs-server host 10.233.129.21 timeout 3 key 7 xxxxxxxxxxxx tacacs-server directed-request ! ! radius server clearpass address ipv4 10.233.128.14 auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxx ! ! control-plane service-policy input system-cpp-policy ! ! line con 0 password 7 xxxxxxxxxxxx logging synchronous login authentication LOC stopbits 1 line vty 0 4 session-timeout 90 exec-timeout 120 0 password 7 xxxxxxxxxxxx logging synchronous login authentication TAC transport input telnet line vty 5 15 session-timeout 90 exec-timeout 120 0 password 7 xxxxxxxxxxxx logging synchronous login authentication TAC transport input telnet ! ntp server 10.232.4.11 ntp server 10.232.4.12 ! ! ! ! ! ! end be-morns55005-21#