EXAMENSARBETE

NordskenInstallation | Konfiguration | Drift

Hadi BitarSebastian Stenlund

Robin Ågren2013

HögskoleexamenDatornätverk

Luleå tekniska universitetInstitutionen för system- och rymdteknik

T

Nordsken Installation | Konfiguration | Drift

17-06-2013 Sebastian Stenlund | Hadi Bitar | Robin Ågren

Förord Vi blev tillfrågade av föreningen Lan i Staan att sätta upp nätverket för eventet Nordsken.

Detta innebar att vi fick konfigurera switchar och accesspunkter, samt installera och

konfigurera olika tjänster på servrar för bland annat DHCP-utdelning och övervakning. Sedan

satte vi upp nätverket och kopplade kablar mellan alla enheter och skötte övervakning samt

support när vi väl var på plats.

Vi är väldigt tacksamma och glada över att ha fått göra detta arbete och hoppas kunna hjälpa

Lan i Staan även i framtiden.

Abstract Nordsken is a game festival that shows the game and geek hobby to the public. Visitors can

join in on tournaments and can try a large variety of computer and board games. Besides this,

Nordsken invites different companies and lecturers who tell and show the best from the game

and geek hobby.

600 participants gathered at Nordsken 2013 and over 1500 visitors came during these 3 days

to play games and hangout with likeminded.

As being responsible for Nordsken’s network, we had as a task to set up, configure and

monitor the network during the entire event and act as support when needed.

Ahead of the event a plan was introduced, which involved going through old documentation,

buying a new server, renting switches and deployment of these devices. After a logical

topology of the network was created, we began to configure all switches, wireless access

points and the server.

The network was split into three layers, core, distribution and access. The switches within

each layer were configured depending on its location and connection. VLAN’s were created

and configured into different sections based on the placement of the tables.

On the server, we installed two virtual machines with Ubuntu 12.04, one which included all

the services and another which included all the management tools that were necessary. The

services provided were DHCP for every VLAN, NAT for the Management VLAN and some

firewall functionality. The tools that were used were Adiscon LogAnalyzer, FTP, Ubiquity

Unifi Controller Software and Cacti with both the plug-ins, Thold and Monitor. Guides for

installing and configuring these services are included in this thesis.

All in all the event was a success when it comes to planning, installing, managing, and to take

it down. The only big problem that occurred was that the wireless network didn´t function as

well as we had hoped. We managed to solve the problem somewhat and the event went on as

planned.

The software that was installed and used on the server was chosen based on our past

encounter with them during different labs at the university.

Sammanfattning Nordsken är en spelfestival vars mål är att visa upp spel- och nördhobbyn för allmänheten.

Besökare erbjuds turneringar och prova-på i en mängd olika dator- samt bordsspel. Utöver

spel bjuder Nordsken in olika föreningar, företag och föreläsare som berättar om och visar

upp det bästa från spel- och nördhobbyn.

Nordsken 2013 samlade 600 deltagare och drygt 1500 dagsbesökare under tre dagar för att

spela spel och umgås med likasinnade.

Som ansvariga för Nordskens nätverk hade vi som uppgift att sätta upp, konfigurera och

övervaka nätverket under hela evenemanget samt agera support vid behov.

Inför Nordsken gjordes en planering som innehöll genomgång av gammal dokumentation,

inköp av server, hyra av switchar samt utplacering av dessa enheter i lokalen. Efter att vi

skapat en logisk topologi för nätverket började vi konfigurera switcharna, accesspunkterna

och servrarna.

Nätverket delades upp i tre lager, core, distribution och access, där switcharna inom varje

lager konfigurerades beroende på dess placering och koppling. VLAN skapades och

konfigurerades baserat på de olika sektionerna som Nordsken delades upp i.

På Nordskens rackserver installerades två virtuella Ubuntu 12.04-servrar som tillhandahöll

tjänster och verktyg för nätverket. Tjänsterna som tillhandahölls var DHCP för alla VLAN,

NAT för Management-nätverket och viss brandväggsfunktionalitet. Verktygen som användes

var Adiscon LogAnalyzer, FTP, Ubiquiti UniFi Controller Software och Cacti med tilläggen

Thold och Monitor. Guider för konfiguration av dessa tjänster bifogas i rapporten.

Allt som allt gick Nordsken mycket bra avseende planering, installeraring, drift och

nedtagning. Det enda stora problemet som egentligen dök upp var att det trådlösa inte

fungerade så bra som det skulle på grund av oförutsedda störningar. Detta gick dock att lösa

på ett någorlunda bra sätt och sedan flöt Nordsken på riktigt bra.

Programmen som användes under detta arbete valdes med utgångspunkt från program vi

använt på universitetet.

Innehållsförteckning 1. Introduktion ......................................................................................................................................... 1

2. Teori ..................................................................................................................................................... 2

2.1 Cacti ............................................................................................................................................... 2

2.1.1 Cacti Spine .............................................................................................................................. 2

2.1.2 Monitor ................................................................................................................................... 2

2.1.3 Thold ....................................................................................................................................... 2

2.2 Adiscon LogAnalyzer ...................................................................................................................... 2

2.3 VSFTPD ........................................................................................................................................... 2

2.4 Ubiquiti Unifi Controller Software ................................................................................................. 2

2.5 ISC-DHCP-Server ............................................................................................................................ 3

2.6 IP-tables ......................................................................................................................................... 3

2.7 Multi-mode och Single-mode-fiber ............................................................................................... 3

2.8 ESXi ................................................................................................................................................ 3

3. Metod .................................................................................................................................................. 4

3.1 Inför Nordsken ............................................................................................................................... 4

3.1.1 Dokumentation....................................................................................................................... 4

3.1.2 Inköp ....................................................................................................................................... 4

3.1.3 Hårdvara ................................................................................................................................. 4

3.1.4 Placering ................................................................................................................................. 4

3.1.5 Testning .................................................................................................................................. 5

3.2 Under Nordsken ............................................................................................................................ 5

3.2.1 Uppsättning & Kablage ........................................................................................................... 5

3.2.2 Övervakning ............................................................................................................................ 5

3.2.3 Support ................................................................................................................................... 5

3.2.4 Schema ................................................................................................................................... 6

3.3 Efter Nordsken ............................................................................................................................... 7

3.4 Servrar ........................................................................................................................................... 7

3.4.1 Verktyg ................................................................................................................................... 8

3.4.1.1 Cacti ................................................................................................................................. 8

3.4.1.2 Adiscon LogAnalyzer ........................................................................................................ 8

3.4.1.3 FTP ................................................................................................................................... 8

3.4.1.4 Ubiquiti UniFi Controller Software .................................................................................. 8

3.4.2 Tjänster ................................................................................................................................... 8

3.4.2.1 DHCP ................................................................................................................................ 8

3.4.2.2 NAT .................................................................................................................................. 9

3.4.2.3 Brandvägg ........................................................................................................................ 9

3.5 Nätverk .......................................................................................................................................... 9

3.5.1 Core ...................................................................................................................................... 11

3.5.2 Distribution ........................................................................................................................... 12

3.5.3 Access ................................................................................................................................... 12

3.5.4 Accesspunkter ...................................................................................................................... 13

4. Resultat .............................................................................................................................................. 15

4.1 Inför Nordsken ............................................................................................................................. 15

4.2 Under Nordsken .......................................................................................................................... 15

4.3 Efter Nordsken ............................................................................................................................. 15

4.4 Servrar ......................................................................................................................................... 15

4.5 Nätverk ........................................................................................................................................ 15

5. Diskussion .......................................................................................................................................... 16

5.1 Det trådlösa nätverket ................................................................................................................ 16

5.2 Testning ....................................................................................................................................... 16

5.3 Konfiguration ............................................................................................................................... 16

5.4 DHCP-snooping ............................................................................................................................ 17

5.5 FTP. .............................................................................................................................................. 17

5.6 NAT .............................................................................................................................................. 17

5.7 Övervakning ................................................................................................................................. 17

5.8 Ubiquiti UniFi Controller Software .............................................................................................. 18

5.9 Statistik ........................................................................................................................................ 18

5.10 Guider ........................................................................................................................................ 18

5.11 Slutsats ...................................................................................................................................... 18

6. Litteraturlista ..................................................................................................................................... 19

7. Bilagor ................................................................................................................................................ 20

7.1 Bilaga: Lokal ................................................................................................................................. 20

7.2 Bilaga: Switch-placering .............................................................................................................. 21

7.3 Bilaga: Förkortningslista .............................................................................................................. 22

1

1. Introduktion Föreningen Lan i Staan var i behov av hjälp med att lägga upp en komplett nätverkslösning

för deras event ”Nordsken”. Detta involverade allt från att titta igenom gammal konfiguration

av nätverket och server-tjänster till att förbättra det och komma med nya idéer. Det första som

gjordes var att ta reda på hur många nätverksenheter som behövdes, samt var de skulle vara

placerade i lokalen. Sedan undersökte vi vilka tjänster som skulle installeras på servrarna för

att kunna göra nätverket effektivare och säkrare.

Syftet med denna rapport är, förutom att utgöra exjobbsrapport, att förbättra dokumentationen

över Nordskens nätverk då detta är och kommer att vara ett återkommande event, vilket gör

att deras framtida nätverkstekniker kommer få det lättare med att sätta upp nätverket och göra

det säkrare.

2

2. Teori I detta avsnitt beskrivs teoretiskt olika program som har använts, t.ex. Cacti, VSFTPD och

Adiscon LogAnalyzer. Vi beskriver även skillnaden mellan en multi-mode och en single-

mode SFP.

2.1 Cacti Cacti är en mjukvara som används för övervakning via SNMP. Cactis huvudsakliga funktion

är att skapa grafer över de element som övervakas via SNMP t.ex. bandbreddsanvändning och

CPU-belastning. Med hjälp av tillägg så kan Cacti utgöra en komplett övervakningslösning.

2.1.1 Cacti Spine

Cacti Spine är en pollingmotor som hämtar information från SNMP-enheter och är effektivare

än den pollingmotor som är standard i Cacti.

2.1.2 Monitor

Monitor är ett plug-in till Cacti som gör det möjligt att få en överskådlig bild över de enheter

som är övervakade. På ett enkelt sätt visas vardera enhet i form av en ikon som kan befinna

sig i tre lägen.

Grön: Normal

Röd: Down

Blå: Recovering

2.1.3 Thold

Thold är ett tillägg till Cacti som är till för att sätta upp tröskelvärden när ett larm ska skickas,

till exempel om CPU belastningen börjar närma sig en kritisk nivå eller om ett interface går

upp eller ner.

2.2 Adiscon LogAnalyzer Adiscon LogAnalyzer är ett webgränssnitt för att underlätta hantering av information i

syslogfilen och andra nätverksloggar.

2.3 VSFTPD VSFTPD är en FTP-servermjukvara för Unix-liknande operativsystem. VSFTPD kan

konfigureras så att autentisering krävs för att användaren ska komma åt de filer som finns på

servern.

2.4 Ubiquiti Unifi Controller Software Ubiquiti Unifi Controller Software är en mjukvara som används för att konfigurera Ubiquiti

Unifi accesspunkter, denna mjukvara finns tillgänglig för Mac, Windows och Linux.

I Ubiquiti UniFi Controller Software finns många inställningsmöjligheter t.ex. hur många

enheter som får vara anslutna per accesspunkt, hur mycket bandbredd som får användas av

varje enhet m.m. Ubiquiti UniFi Controller Software har även möjlighet att föra statistik över

antalet anslutna enheter, hur mycket bandbredd som används m.m.

3

2.5 ISC-DHCP-Server Som namnet tyder på så är ISC-DHCP-Server en servermjukvara för dynamisk utdelning av

IP-adresser. Genom att konfigurera scopes i konfigurationsfilen för mjukvaran så delar

servern ut de adresser som finns tillgängliga i scopet. Förutom IP-adress och nätmask så kan

även default-gateway, DNS-serveradress och mer konfigureras för inkludering i DHCP-

paketet.

2.6 IP-tables IP-tables används för att bestämma hur paket ska routas vid och mellan serverns

nätverksinterface och används för att möjliggöra adressöversättning via NAT samt för att

konfigurera andra brandväggsfunktionaliteter.

2.7 Multi-mode och Single-mode-fiber Det finns två olika SFP-standarder för fiberanslutningar med olika funktionalitet. Multi-mode-

fiber använder sig av en tjockare kärna än single-mode-fiber och används för korta distanser.

2.8 ESXi ESXi är en mjukvara från VMware som används för virtualisering av hårdvara. Fördelen med

att använda ESXi är att det är en typ 1 hypervisor, vilket innebär att inget underliggande

operativsystem krävs.

4

3. Metod I detta avsnitt beskrivs hela processen av arbetet som har förflutit, vad som gjordes innan,

under och efter Nordsken. Nätverks- och server-delen beskrivs även djupare vad som

installerades och hur allting sattes upp.

3.1 Inför Nordsken Innan Nordsken skulle köras igång var det mycket som skulle göras i god tid, som att hyra

enheter, bestämma adressrymder, testa internet-åtkomsten i lokalen, konfigurera alla enheter,

sätta upp övervakning och mer därtill.

3.1.1 Dokumentation

Det första som undersöktes var dokumentationen från föregående Nordsken.

Dokumentationen innehöll switcharnas konfiguration, deras kopplingar och hur de var

placerade i lokalen. Någon direkt dokumentation av servrarna och deras tjänster fanns dock

inte att tillgå. Vilket gjorde att detta fick lösas på egen hand med hjälp av handledare och olika

guider på nätet. Det enda som stod något om i dokumentationen om servrarna var vilka sorters

tjänster och verktyg som använts.

3.1.2 Inköp

Det bestämdes i god tid att det skulle köpas in en ny server till detta Nordsken. Vilket innebar

att olika alternativ undersöktes för att hitta en server som var prisvärd och passade Nordskens

behov. Hyrning av switchar gjordes i någorlunda god tid då företaget Playstar som ansvarade

för uthyrningen var svårt att få tag på, blev det lite senare än tänkt. Switcharna kom fram i tid

trots detta.

3.1.3 Hårdvara

Enheterna som användes under Nordsken var switchar, accesspunkter och en server. Dessa

lånades, köptes in eller hyrdes från olika ställen. Alternativt fanns redan tillgängligt då

Nordsken köpt in det under tidigare år.

LTU Campus Skellefteå: Det som lånades från LTU Campus Skellefteå var 17 st

2960 switchar och 1 st 3560G switch.

Playstar: Från Playstar hyrdes 10 st 2960 switchar, 2 st 2960G switchar, 1 st 3560G

switch och även 2 st Singlemode SFP.

Nordsken: Nordsken köpte in en ny server och ägde redan 9st accesspunkter som

användes.

3.1.4 Placering

Innan en topologi kunde sättas upp var det fördelaktigt att se hur helheten i lokalen skulle se

ut, för att kunna placera switchar och accesspunkter på relevanta ställen för optimering av

nätverket. Då märktes det hur stort antal switchar som skulle behövas, samt var accesspunkter

skulle kunna placeras ut för att optimera täckningen i lokalen.

För mer information om hur lokalen såg ut, se bilaga 7.1 Bilaga: Lokal.

För mer information om hur switcharna placerades i lokalen, se bilaga 7.2 Bilaga: Switch-

placering.

5

3.1.5 Testning

Innan Nordsken skulle dra igång undersöktes det om Core-switchen hade internet-åtkomst via

fiberanslutningen. Vid de första testerna fanns ingen internet-åtkomst, vilket visade sig senare

vara på grund av att det användes en Multimode SFP i switchen för att koppla in fibern. Det

som behövdes för att switchen skulle få internet-åtkomst var att det skulle användas en

Singlemode SFP. Detta löstes genom att två stycken Singlemode SFP hyrdes från Playstar.

3.2 Under Nordsken Dagen innan Nordsken samlades alla Crew-medlemmar för att sätta upp och ställa i ordning

allting inför den kommande dagen.

3.2.1 Uppsättning & Kablage

Vår uppgift dagen innan Nordsken var att dra alla nätverkskablar och fästa dem i taket eller

väggarna, detta för att kablarna skulle vara i vägen så lite som möjligt. Sedan kopplades

kablarna in i switcharna som sedan monterades fast. Detta gjordes för att förhindra stöld av

hårdvara under själva evenemanget.

3.2.2 Övervakning

Då allting var uppsatt testades DHCP-servern för att se om den delade ut rätt IP-adresser till

rätt VLAN. Sedan användes Cacti för att se vilka enheter som var uppkopplade och även för

att kunna se ifall någon switch gick ner under själva evenemanget. Detta förenklade också

felsökningen under evenemanget då ett mail skickades ut till oss alla ifall någon enhet gick

ner.

3.2.3 Support

När väl Nordsken var igång och problemen som dök upp hade lösts allt eftersom blev det

väldigt lugnt. Detta innebar att vi gick omkring bland deltagarna och hjälpte dem ifall de

stötte på några nätverks-relaterade problem. De flesta problemen som deltagarna stötte på var

väldigt enkla då de antingen inte hade kopplat in sin Ethernet-kabel eller kopplat den till fel

port i switchen.

6

3.2.4 Schema

Ett schema skapades inför Nordsken för att underlätta när vi skulle kunna ta ledigt och sova.

Detta är schemat som skapades:

Sebastian Hadi Ågren

Torsdag ////////// ////////// //////////

10.00 - 12.00

12.00 - 16.00

16.00 - 20.00

20.00 - 00.00

Fredag ////////// ////////// //////////

00.00 - 04.00

04.00 - 08.00

08.00 - 12.00

12.00 - 16.00

16.00 - 20.00

20.00 - 00.00

Lördag ////////// ////////// //////////

00.00 - 04.00

04.00 - 08.00

08.00 - 12.00

12.00 - 16.00

16.00 - 18.00

Hur mycket vi trodde vi skulle vara där:

Sebastian Hadi Ågren

Torsdag ////////// ////////// //////////

10.00 - 12.00

12.00 - 16.00

16.00 - 20.00

20.00 - 00.00

Fredag ////////// ////////// //////////

00.00 - 04.00

04.00 - 08.00

08.00 - 12.00

12.00 - 16.00

16.00 - 20.00

20.00 - 00.00

Lördag ////////// ////////// //////////

00.00 - 04.00

04.00 - 08.00

08.00 - 12.00

12.00 - 16.00

16.00 - 18.00

7

Hur mycket vi var närvarande:

Sebastian Hadi Ågren

Torsdag ////////// ////////// //////////

10.00 - 12.00

12.00 - 16.00

16.00 - 20.00

20.00 - 00.00

Fredag ////////// ////////// //////////

00.00 - 04.00

04.00 - 08.00

08.00 - 12.00

12.00 - 16.00

16.00 - 20.00

20.00 - 00.00

Lördag ////////// ////////// //////////

00.00 - 04.00

04.00 - 08.00

08.00 - 12.00

12.00 - 16.00

16.00 - 18.00 Enligt schemat var ingen av oss närvarande mellan 04.00 och 08.00 på fredagen men vår

handledare befann sig då i lokalen ifall något skulle hända.

3.3 Efter Nordsken När eventet var över rensades alla switchar på sin konfiguration och allting monterades ner.

När allt var nedplockat kördes alla hårdvaror tillbaka till Campus där skolans switchar ställdes

in i Cisco-salen. De hyrda switcharna från Playstar packades ner i en pall för att skickas

tillbaka. Accesspunkterna kördes tillbaka till Legend i Skellefteå, dock förlorades en PoE-

adapter till en av accesspunkterna under eventet.

Då det inte fanns någon bra dokumentation över servrarnas tjänster eller verktyg, bestämdes

det att vi skulle skriva egna guider för att underlätta installationerna för kommande år.

3.4 Servrar För att tillhandahålla de tjänster och verktyg som krävdes installerades och konfigurerades två

virtuella servrar. En server innehållande verktyg för övervakning, FTP och

administrationsverktyg för det trådlösa nätverket samt en server med tjänsterna DHCP, NAT

och viss brandväggsfunktionalitet. På dessa servrar installerades Ubuntu Server 12.04 och

uppdaterades med de senaste uppdateringarna via apt-get update och apt-get upgrade. Under

installationen valdes även programpaketen OpenSSH och LAMP att installeras. Statisk IP

konfigurerades även på båda servrarna.

Under tidigare Nordsken har två separata servrar använts, men eftersom Nordsken köpte in en

rackserver installerades servrarna på två virtuella maskiner i EsXi.

8

3.4.1 Verktyg

På verktygsservern installerades som sagt övervakning, FTP och administrationsverktyg för

det trådlösa nätverket. De mjukvarorna som valdes att användas var Cacti och Adiscon

LogAnalyzer för övervakning samt VSFTPD för FTP och Ubiquiti UniFi Controller Software

för administration av det trådlösa nätverket. För att göra det möjligt att övervaka nätverket

installerades först SNMP och SNMPd på verktygsservern.

3.4.1.1 Cacti

Cacti 0.8.8a valdes att installeras på grund av att version 0.8.8 har plug-in architecture

implementerat från installation, efter att problem stötts på vid installation av 0.8.7s plug-in

architecture. Version 0.8.7 är dessvärre den senaste version som stöds av Ubuntu 12.04 men

genom att lägga till ett custom repository var det möjligt att installera nyaste versionen av

Cacti. Cacti Spine installerades även för att möjliggöra effektivare hämtning av information

från enheterna.

Alla nätverksenheter lades till i Cacti förutom accesspunkterna som inte stöder SNMP, vilket

gjorde det möjligt att övervaka nästintill alla nätverksenheter via Cacti. Övervakningen av det

trådlösa nätverket gjordes via Ubiquiti UniFi Controller Software.

Cactis mailtjänst användes för att meddela då en förändring i nätverket inträffade.

De tillägg som valdes att installeras för att underlätta övervakningen var Monitor och Thold.

3.4.1.2 Adiscon LogAnalyzer

Genom att konfigurera switchar och servrar att skicka loggmeddelanden till både

verktygsservern och dess egna loggfil så samlades alla nätverksloggar på ett och samma

ställe.

3.4.1.3 FTP

På verktygsservern installerades en FTP mjukvara för att göra det möjligt att ladda upp

konfigurationsfiler och liknande. Mjukvaran VSFTPD installerades och konfigurerades med

användarnamn och lösenord för autentisering.

3.4.1.4 Ubiquiti UniFi Controller Software

Nordsken använder sig av Ubiquiti UniFi accesspunkter och med hjälp av dess mjukvara

konfigurerades accesspunkterna efter önskemål.

3.4.2 Tjänster

På tjänsteservern installerades tjänster som är nyttiga för användarna, i huvudsak DHCP men

även NAT för Management-nätverket och viss brandväggsfunktionalitet.

3.4.2.1 DHCP

För dynamisk utdelning av adresser installerades ISC-DHCP-server där ett scope för varje

VLAN konfigurerades. För varje VLAN exkluderades default gateway samt övriga eventuella

fasta IP-adresser i det scopet. I DHCP-paketen skickades även Googles DNS-serveradress

med.

9

3.4.2.2 NAT

Eftersom Nordsken tilldelats en /22-adressrymd från Bredband2 användes NAT bara för

Management-nätverket då det inte använde sig av publika IP-adresser. Detta gjordes genom

att konfigurera IP-tables så att trafik från de interna IP-adresserna för VLAN 137 översattes

via PAT till en extern IP-adress i Crew-nätverket. Detta för att möjliggöra internetåtkomst

från Management-nätverket.

3.4.2.3 Brandvägg

Med hjälp av ett script förenklades konfigurationen av brandväggsfunktionaliteten. Scriptet

hjälpte främst till med att konfigurera IP-tables för att endast tillåta åtkomst från enheter i

VLAN 137.

3.5 Nätverk

Evenemanget skulle klara av totalt 1000 enheter, trådbundna samt trådlösa. Det var då

lämpligast att dela upp nätverket i tre lager, Core, Distribution och Access. Totalt 29 switchar

användes under evenemanget varav en Core, två Distribution och 26 Access-switchar.

Följande typer av enheter konfigurerades:

Cisco Catalyst 3560G-24TS

Cisco Catalyst 2960G-24TC

Cisco Catalyst 2960SL-24TS

Cisco Catalyst 2960-24TT

Ubiquiti UniFi 802.11N PoE AP

Bild 1. Nordskens topologi

Det första som gjordes var den grundläggande konfigurationen av alla switchar. Vilket

innebar konfiguration av hostname, användarnamn, lösenord samt en banner som meddelade

10

att bara behöriga fick tillgång till enheten. För att inte lösenord skulle synas i klartext

användes kommandot ”service password-encryption” för att kryptera dem. För snabbare

konvergens aktiverades RSTP på alla switchar.

För VTY-åtkomst konfigurerades SSH på alla switchar, med undantag av switch E2 som bara

tillåter VTY-åtkomst genom Telnet då den inte stöder SSH. För att switchen skall kunna

autentisera samt kryptera SSH-data skapades en RSA-krypteringsnyckel med en nyckelmodul

på 1024 bitar. En accesslista konfigurerades för att bara tillåta VTY-åtkomst genom SSH till

enheter tillhörandes Management-nätverket.

För övervakning av switcharna konfigurerades SNMP. På switcharna aktiverades traps och

pekade dem mot verktygsservern, som innehåller verktygen för övervakning av nätverket.

Switcharnas plats angavs i SNMP konfigurationen, för att enkelt kunna lokalisera dem ifall ett

eventuellt fel inträffade. För dataloggning aktiverades ”service timestamp debug” och

”service timestamp log” på switcharna och pekade dem mot Syslog-servern.

All konfiguration säkerhetskopierades och sparades till en FTP-server. Användarnamn och

lösenord till FTP-servern konfigurerades på switcharna, för att de skall kunna autentisera sig

mot servern vid uppladdning av konfigurationsfilerna.

VLAN skapades och konfigurerades baserad på de olika sektioner som Nordsken delades upp

i:

VLAN10: För deltagarna på bord A

VLAN20: För deltagarna på bord B

VLAN30: För deltagarna på bord C

VLAN40: För deltagarna på bord D

VLAN50: För deltagarna på bord E

VLAN60: För deltagarna på bord F

VLAN70: För deltagarna på bord G

VLAN80: För deltagarna på bord H

VLAN90: För deltagarna på borden I, J och K

VLAN100: Ett Spill VLAN för de adresser som blev över och kan behövas vid senare

fall.

VLAN110: För personalen på Nordsken (Crew)

VLAN137: Ett management VLAN för att hantera och konfigurera nätverket.

VLAN200: För det trådlösa nätverket

VLAN210: Ett reserv VLAN till det trådlösa nätverket

VLAN666: För kopplingen mellan Nordsken och Bredband2

Bredband2 tilldelade Nordsken följande adressrymder:

62.220.166.40/30: Denna adressrymd användes till kopplingen mellan Nordsken och

Bredband2.

11

31.208.24.0/22: Denna adressrymd användes till det interna nätet och subnettades

baserat på antalet klienter inom varje VLAN, där varje VLAN tillgavs en specifik

adressrymd, med undantag av VLAN 137 som tilldelades ett eget internt nät.

3.5.1 Core

För att få tillgång till internet genom Bredband2s nät konfigurerades en routed-port i Core-

switchen, en default gateway och en default route som pekar mot Bredband2. Två trunk-portar

konfigurerades på Core-switchen, där all trafik från de konfigurerade VLAN tilläts passera till

vardera switch i Distributions-lagret. En trunk-port mot EsXi-servern konfigurerades för att få

åtkomst från utsidan och insidan.

För enkelhetens skull kopplades Gamecrew-switchen direkt till Core genom en trunk-port, där

trafiken från VLAN 110, 137, 200 och 210 tilläts passera. VLAN 200 och 210 tilläts eftersom

en accesspunkt kopplades till den switchen. Enligt planeringen kopplades två accesspunkter

direkt till Core-switchen, där en trunk-port konfigurerades för vardera AP. På de portar med

en accesspunkt kopplad till sig konfigurerades VLAN 137 som ett native VLAN för att AP

skulle kunna skicka DHCP-requests över ett otaggat VLAN.

Ett SVI skapades för varje VLAN på nätverket för att relevant trafik skulle kunna dirigeras

mellan dem. Eftersom alla enheter som är kopplade till Access-lagret samt accesspunkterna

skulle kunna tilldelas en dynamisk IP-adress via DHCP, konfigurerades det en IP helper-

address i varje SVI som pekade mot DHCP-servern.

Som en säkerhetsåtgärd flyttades alla portar från VLAN 1 till VLAN 137, alla oanvända

portar konfigurerades om till access-portar och stängdes ner.

För mer information om konfigurationen på Core-switchen, se bilaga särskild guide.

Subnätnamn VLAN Antal Hostar Network Adress-range Broadcast Netmask /

Grundnät 1022 31.208.24.0 31.208.24.1 - 31.208.27.254 31.208.27.255 255.255.252.0 /22

BREDBAND2_WIFI_1 200 128 31.208.24.128 31.208.24.129 - 31.208.24.254 31.208.24.255 255.255.255.128 /25

BREDBAND2_WIFI_2 210 128 31.208.25.0 31.208.25.1 - 31.208.25.126 31.208.25.127 255.255.255.128 /25

CREW_VLAN 110 128 31.208.24.0 31.208.24.1 - 31.208.24.126 31.208.24.127 255.255.255.128 /25

VLAN_10 10 62 31.208.25.128 31.208.25.129 - 31.208.25.190 31.208.25.191 255.255.255.192 /26

VLAN_20 20 62 31.208.25.192 31.208.25.193 - 31.208.25.254 31.208.25.255 255.255.255.192 /26

VLAN_30 30 62 31.208.26.0 31.208.26.1 - 31.208.26.62 31.208.26.63 255.255.255.192 /26

VLAN_40 40 62 31.208.26.64 31.208.26.65 - 31.208.26.126 31.208.26.127 255.255.255.192 /26

VLAN_50 50 62 31.208.26.128 31.208.26.129 - 31.208.26.190 31.208.26.191 255.255.255.192 /26

VLAN_60 60 62 31.208.26.192 31.208.26.193 - 31.208.26.254 31.208.26.255 255.255.255.192 /26

VLAN_70 70 62 31.208.27.0 31.208.27.1 - 31.208.27.62 31.208.27.63 255.255.255.192 /26

VLAN_80 80 62 31.208.27.64 31.208.27.65 - 31.208.27.126 31.208.27.127 255.255.255.192 /26

VLAN_90 90 62 31.208.27.128 31.208.27.129 - 31.208.27.190 31.208.27.191 255.255.255.192 /26

VLAN_100 100 62 31.208.27.192 31.208.27.193 - 31.208.27.254 31.208.27.255 255.255.255.192 /26

VLAN_137 137 254 192.168.137.0 192.168.137.1 - 192.168.137.254 192.168.137.255 255.255.255.0 /24

VLAN_666 666 2 62.220.166.40 62.220.166.41 - 62.220.166.42 62.220.166.43 255.255.255.252 /30

12

3.5.2 Distribution

Distributions-switcharna (DIST1 & DIST2) konfigurerades med trunk-portar mot alla

switchar i respektive deltagarbord. Till dessa switchar tilläts trafik från det VLAN som

deltagarbordet tillhörde samt VLAN 137, med undantag av switcharna på bord C, H och K

där trafik från VLAN 110, VLAN 200 och VLAN 210 tilläts, då dessa switchar hade

accesspunkter kopplade till sig.

I DIST1 konfigurerades en extra trunk-port för Management-switchen, där trafik från VLAN

110 och VLAN 137 tilläts. Till skillnad från DIST1 kopplades det tre extra switchar till

DIST2, en för respektive bord I, J, och K, där alla tre tillhörde samma VLAN. En accesspunkt

kopplades till switchen på bord K, därför tilläts trafik från VLAN 110, VLAN 200 och VLAN

210 till den switchen ifrån DIST2.

Inga speciella säkerhetsåtgärder behövdes till Distribution-switcharna då dessa switchar

placerades uppe i taket och var ej nåbara. Det enda som gjordes var att stänga ner alla

oanvända portar. Ett SVI för VLAN137 skapades för att möjliggöra VTY-åtkomst genom

SSH till switcharna.

För mer information om konfigurationen på Distribution-switcharna, se bilaga särskild guide.

3.5.3 Access

Som tidigare nämnts användes totalt 26 switchar i Access-lagret. I dessa switchar skapades

det de VLAN som switchen tillhörde samt VLAN 137. Alla 24 fastethernet-portar

konfigurerades om till access-portar och flyttades till det VLAN som gällde för just den

switchen. Portfast konfigurerades på alla access-portar för att deltagare och Crew-medlemmar

skulle snabbt kunna koppla upp sig mot nätverket. En av gigabit-portarna konfigurerades som

trunk och kopplades till en av Distributions-switcharna, den andra gigabit-porten stängdes ner.

Ett SVI för VLAN 137 skapades på alla Access-switchar.

Alla switchar inom Access-lagret hade en gemensam konfiguration, med några få undantag i

switcharna avsedda för Crew:

Switch till Gamecrew: Till denna switch skapades VLAN 110, VLAN 137, VLAN

200 och VLAN 210. Båda gigabit-portarna konfigurerades om till trunk, varav en

kopplades mot Core och den andra mot Legend. En trunk-port konfigurerades för

accesspunkten som var kopplad till switchen.

Switch till Legend: Samma VLAN som skapades i Gamecrew-switchen skapades till

denna switch. Båda gigabit-portarna konfigurerades om till trunk, varav en mot

Gamecrew switchen och den andra till en accesspunkt.

Switch till Konsol: Till denna switch skapades VLAN 110 och VLAN 137. En

gigabit-port konfigurerades om till trunk och kopplades mot G2-switchen. Konsol-

switchen kopplades till G2 för enkelhetens skull, då G2 hade en ledig port och var

placerad närmast konsol-sektionen. LTUs monter kopplade sig till en access-port på

Konsol-switchen, då LTU hade en enkel plug-and-play switch som icket var

13

managerbar. Porten mot LTUs switch tillät att max tio mac-adresser kunde koppla sig

till den.

Switch till Management: Denna switch använde vi oss av för att hantera och

övervaka nätverket. VLAN 110 och 137 skapades på denna switch. Båda gigabit-

portarna konfigurerades om till trunk, varav en kopplades mot DIST1 och den andra

mot Mediacrew-switchen. Efter att projektledaren för Nordsken begärt en extra

switch till Scenmedia-sektionen, konfigurerades en extra trunk-port på Management-

switchen som kopplades mot Scenmedia-switchen.

Switch till Mediacrew: Samma VLAN som skapades till Management-switchen

skapades till denna switch. En gigabit-port konfigurerades om till trunk och kopplades

mot Management-switchen.

Switch till Scenmedia: Samma VLAN som skapades till Management-switchen

skapades till denna switch. En gigabit-port konfigurerades om till trunk och kopplades

mot Management-switchen.

Som säkerhetsåtgärd aktiverades DHCP-snooping och konfigurerades på alla portar i Access-

switcharna för att förhindra att en Man-In-the-Middle attack skulle uppstå. En DHCP limit

rate, där max 20 packet per sekund kunde skickas, satts på alla opålitliga portar. På alla

pålitliga portar dvs. upplänkarna skrevs kommandot ”ip dhcp snooping trust”. Port-security

konfigurerades på alla portar ifall antalet DHCP-packet som skickas är mer än 20 per sekund

ignoreras all trafik på den porten.

För mer information om alla switchar på Access-lagret, se bilaga särskild guide.

3.5.4 Accesspunkter

Accesspunkterna konfigurerades genom Ubiquiti UniFi Controller Software, som är ett

medföljande program och kan laddas ner ifrån UniFis hemsida. På accesspunkterna

konfigurerades tre olika trådlösa nätverk med varsitt SSID:

Ett öppet nätverk för alla deltagare på Nordsken samt gäster. VLAN 200 användes för

detta nätverk.

Ett låst nätverk för alla Crew-medlemmar. VLAN 110 användes för detta nätverk.

Ett låst nätverk för Management. VLAN 137 användes för detta nätverk.

Totalt antal accesspunkter som användes var nio och de kopplades på följande switchar:

Core: Två AP.

Gamecrew: En AP.

Legend: En AP.

Switch H1: En AP.

Switch H2: En AP.

Switch C1: En AP.

Switch C2: En AP.

Switch K1: En AP.

14

Accesspunkten kopplad till switch K1 användes först som en signalförstärkare ute i lobbyn,

men flyttades senare till K1 på grund av tekniska problem.

15

4. Resultat I detta avsnitt redovisas resultaten av arbetet med Nordskens nätverk, vilka tjänster och

funktioner som användes och vad som fungerade bra eller mindre bra.

4.1 Inför Nordsken All konfiguration och alla inköp som skulle göras behövde planeras i god tid, vilket krävde ett

bra samarbete då det fanns en tidig deadline. Arbetet delades upp för att hinna allt, samarbetet

gjorde dock att delarna gick ihop i varandra, vilket gjorde det till en bra helhetslösning.

4.2 Under Nordsken Efter att allt var installerat och konfigurerat klart fungerade det perfekt förutom det trådlösa

nätverket. Sedan användes Cacti för att hämta data från alla enheter med SNMP installerat.

4.3 Efter Nordsken

Här var arbetet klart och allt som återstod var att rensa konfigurationen, ta ner all hårdvara

och paketera en del av enheterna för transport till Campus. En annan del packeterades för att

skickas tillbaka till Playstar.

4.4 Servrar Den fysiska och de virtuella servrarna samt de installerade tjänsterna och verktygen fungerade

bra under hela Nordsken. Det var problem med NAT för Management-nätverket,

översättningen fungerade men var under vissa tillfällen långsamt. NAT valdes att installeras

på server då vi valde att använda så lite routingfunktionalitet på switcharna som möjligt.

4.5 Nätverk Resultatet av arbetet med Nordskens nätverk uppfyllde de behov och krav som ställdes när det

gällde det trådade nätverket med undantag av det egna interna nätet för VLAN 137,där

uppkopplingen var under förväntan på grund av NAT. Det trådlösa nätverket uppfyllde inte

till en början de krav som ställdes då flera problem uppstod under evenemanget, mestadels på

grund av oförutsedda faktorer.

16

5. Diskussion I detta avsnitt beskriver vi hur arbetet har gått, vad som gick bra och vad som gick dåligt eller

mindre bra. Vi pekar också på saker att tänka på i framtiden då Nordsken ska sättas upp.

5.1 Det trådlösa nätverket Det trådlösa nätverket tog tyvärr ett tag att få funktionellt. Till en början var det väldigt dålig

uppkoppling mot det trådlösa nätverket och de kan ha berott på att vi ställde in fasta kanaler

på accesspunkterna. Vi bytte dock senare tillbaka till automatiska kanaler och då blev

uppkopplingen snabbare. Vi hade även förberett ett VLAN (VLAN 210) som skulle ha agerat

som ett extra trådlöst VLAN ifall antalet IP-adresser skulle ta slut. Det som vi glömde göra

var att lägga in VLAN 210 i accesspunkterna och när vi väl kom på det kändes det dumt att

starta om alla accesspunkter för att lösa det.

I ett försök att förbättra det trådlösa nätverket testade vi även att flytta en accesspunkt för att

försöka få bättre täckning. För att lätta trycket på Gäst-nätverket satte vi en gräns för 20 IP-

adresser per accesspunkt. När vi väl fått det trådlösa nätverket att fungera gick det fortfarande

lite segt och vi försökte hitta vad som skulle kunna vara problemet. Tyvärr satt inte problemet

i våra inställningar eller konfigurationer, vilket innebär att det skulle ha kunnat vara

störningar från t.ex. datorer, mikrovågsugnar, Scandics trådlösa nätverk eller hörslingan som

löpte i hela lokalen.

Det som vi tror skulle kunna fixa problemen nu i efterhand är:

Sätta automatiska kanaler från början.

Bara köra två olika SSID på accesspunkterna istället för tre, då Management inte

behöver ett eget trådlöst.

Under besökstid gick trycket upp på det trådlösa väldigt mycket, det kan vi dock inte

göra något åt.

Sätta ett trådlöst VLAN för gäster som är 256 adresser istället för 128, vilket

förhindrar att adress-rymden tar slut.

5.2 Testning Som vi nämnt tidigare hade vi problem med att få internet-åtkomst för Core-switchen med

den SFP vi lånat från LTU Campus Skellefteå. Efter att vi tittat igenom vår konfiguration för

Core-switchen kom vi fram till att den var funktionell och problemet var antingen i kabeln

eller i SFP. Vi kollade lite mer noga på vår SFP och pratade med vår handledare, vi fick då

veta att det var en Multimode SFP och att det måste vara en Singlemode SFP för att kunna få

internet-åtkomst. När vi fick tag i en Singlemode SFP och gick till Scandic för att testa och

med den fungerade allt direkt.

5.3 Konfiguration Då vi hade tillgång till gammal konfiguration av switcharna var de inga problem att sätta upp

switcharna som vi ville ha dem, den gamla konfigurationen var till stor hjälp när vi bestämde

hur vi ville sätta upp det men vi ändrade även en del saker för att förbättra och göra hela

nätverket säkrare.

17

När vi väl var på plats och skulle koppla in allt började vi med att koppla in Core-switchen

och sedan servern för att se att det funkade och efter ett tag stötte vår handledare på ett

problem, han fick ingen internet-åtkomst. Efter att vi letat efter fel ett tag frågade vi om han

hade ändrat något då det hade funkat dagen innan. Det visade sig att han hade bytt IP-adress

för DHCP-servern och alla våra DHCP-helper kommandon pekade då mot fel adress. När vi

väl upptäckt detta bytte han alla DHCP-helper kommandon så att de pekade mot rätt IP-

adress.

5.4 DHCP-snooping DHCP-snooping konfigurerades på alla switchar inom Access-lagret. Vi stötte dock på

problem under konfigurationen av denna säkerhetsparameter, då vissa switchar inte delade ut

IP-adresser till den inkopplade enheten då DHCP-snooping var aktiverad. Efter en tidsperiod

av felsökning kom vi fram till att kommandot ”ip dhcp-snooping trust” måste skrivas in på

alla portar när det gällde switcharna vi lånat från LTU Campus Skellefteå. När det gällde de

inhyrda switcharna behövde vi bara skriva in kommandot på upplänkarna d.v.s. trunk-

portarna. Allt detta berodde på en skillnad i IOS-versionerna mellan de inlånade switcharna

från LTU och de inhyrda switcharna från Playstar.

5.5 FTP Från början valde vi att köra med TFTP då det är mindre resurskrävande än FTP men efter att

vi installerat TFTP upptäckte vi ett problem. När vi försökte lägga in filer fick vi ett

felmeddelande med ”File does not exist” vilket vi tyckte var konstigt då TFTP ska skapa filen

då den läggs in och ska inte behöva skapas i förväg. Detta problem lyckades vi aldrig lösa och

därför valde vi att använda FTP istället, för att spara alla konfigurationsfiler. Med FTP var det

inga problem att lägga in filer då den skapade dem som inte redan fanns, annars sparades den

befintliga filen över.

5.6 NAT Management-nätverket gick lite segt ibland och vi misstänker att det var på grund av NAT då

vi satt på ett eget internt nätverk. Vi hade kunnat skippa NAT om vi hade konfigurerat hälften

av portarna på vår switch till Crew-nätverket och använt de portarna för internet-access. Sen

låtit den andra hälften vara kvar på Management-nätverket för övervakning.

5.7 Övervakning Från början hade vi stora problem med Cacti, speciellt med att installera Plug-In Architecture

som tillåter en att installera tillägg i Cacti. När man väljer att installera Cacti i Ubuntu 12.04

installeras version 0.8.7 och med den medföljer inte PIA och man måste försöka

implementera det själv. Detta var väldigt svårt att göra då vi satt mer än en dag och försökte

göra det. Tillslut läste vi att i version 0.8.8 är PIA inbyggt i Cacti. Då valde vi att uppdatera

Cacti från version 0.8.7 till 0.8.8 vilket löste problemet.

Ett annat problem som dök upp när vi höll på att konfigurera Cacti på skolan var att få

mailtjänsten på tillägget Monitor att fungera. Vår handledare fick detta att fungera när vi väl

var på Scandic och skulle sätta upp allt. Vi kom fram till att mailen förmodligen inte kom

18

fram på grund av att Campus nätverk kan ha blockerat trafiken, då han gjorde exakt samma

inställningar som vi hade gjort tidigare.

5.8 Ubiquiti UniFi Controller Software Först installerade vi detta på en Windows 7 Management-burk då det verkade lättare än att

försöka implementera det i Ubuntu, senare hittade vi dock ett sätt att installera UniFi i Ubuntu

på Ubiquitis hemsida.

5.9 Statistik Mitt under Nordsken fick vi veta att de ville ha statistik på antalet användare som var

uppkopplade mot respektive switch under en viss tid. Hade vi fått veta detta tidigare hade vi

t.ex. kunnat installera OpenNMS för att automatisera detta. Eftersom vi fick veta det sent var

vi tvungna att sitta och titta i ”show ip interface brief” för att se vilka interface som var uppe

och räkna ihop alla.

5.10 Guider Som det nämnts tidigare fanns det inte någon bra dokumentation över servrarna och deras

tjänster, vad som installerats och hur det hade konfigurerats. Då kände vi att det kan vara bra

att ha noggrann dokumentation inför nästa år. Vi hörde med vår arbetsgivare om det var något

de skulle vara intresserade av och han tyckte det lät som en jättebra idé. Dessa guider kommer

då att spara mycket möda och besvär för de som ska vara nätverks-tekniker på Nordsken

kommande år.

5.11 Slutsats Allt som allt tycker vi att Nordsken gick riktigt bra. Det fanns 396 datorplatser och nästan alla

var bokade och det trådade nätverket de använde fungerade bra, eftersom vi inte fick några

klagomål från deltagarna. För Crew som använde det trådlösa fick vi en hel del klagomål tills

vi löst problemen som vi nämnde tidigare, då vi väl lyckats få en stabil om än inte snabb

uppkoppling kunde de i alla fall använda trådlösa enheter för att komma ut på internet. När

alla problem var lösta blev det väldigt lugnt för oss och då gick vi omkring och hjälpte

deltagare med problem ifall de hade några.

19

6. Litteraturlista 1. Arnold, S. (den 14 Augusti 2012). Steve's Blog. Hämtat från stevesbog.blogspot.se:

http://stevesbog.blogspot.se/2012/08/installing-and-configuring-loganalyzer.html den

7 Maj 2013

2. Cacti Documentation and Howtos. (u.d.). Cacti Documentation and Howtos. Hämtat

från docs.cacti.net: http://docs.cacti.net/manual:087:1_installation.9_pia den 6 Maj

2013

3. DigitalOcean. (u.d.). DigitalOcean. Hämtat från DigitalOcean.com:

https://www.digitalocean.com/community/articles/how-to-set-up-vsftpd-on-ubuntu-

12-04 den 1 Maj 2013

4. Gowifi. (den 23 Augusti 2012). Go Wireless NZ Ltd. Hämtat från blog.gowifi.co.nz:

http://blog.gowifi.co.nz/2012/08/install-ubiquiti-unifi-controller-on.html den 8 Maj

2013

5. Maggotbrain. (den 12 November 2012). AskUbuntu. Hämtat från askubuntu.com:

http://askubuntu.com/questions/138283/how-do-i-install-cacti-8-7i-with-pia-3-1plug-

in-architecture-for-12-04-server/223723#223723 den 6 Maj 2013

6. Ubuntu Geek. (den 14 September 2012). Ubuntu Geek. Hämtat från ubuntugeek.com:

http://www.ubuntugeek.com/how-to-install-dhcp-server-in-ubuntu-12-04-precise-

server.html den 2 Maj 2013

20

7. Bilagor

7.1 Bilaga: Lokal

21

7.2 Bilaga: Switch-placering

22

7.3 Bilaga: Förkortningslista

AP: Accesspunkt

En accesspunkt är en enhet som sprider trådlösa nätverk.

DHCP: Dynamic Host Configuration Protocol

DHCP delar dynamiskt ut IP-adresser till de enheter som efterfrågar en IP-adress.

DNS: Domain Name System

DNS är ett system för att förenkla adresseringen av datorer på nätverket och kopplar

ihop domännamn med IP-adresser.

FTP: File Transfer Protocol

FTP är ett protokoll för att överföra filer mellan enheter.

IP: Internet Protocol

Är ett kommunikationsprotokoll som används vid överföring av information i nätverk.

LAMP: Linux, Apache, MySQL, PHP

Är en samling program som används för att skapa en enkel webb-server.

LTU: Luleå Tekniska Universitet

Är ett universitet med sitt huvudsäte i Luleå.

NAT: Network Address Translation

Användes för att översätta interna IP-adresser till yttre IP-adresser.

PAT: Port Address Translation

Är ett sätt att översätta flera interna IP-adresser till en yttre IP-adress genom att även

översätta portnummer.

PIA: Plug-in Architecture

PIA är en mjukvara tillhörandes Cacti som installeras för att möjliggöra installation av

tillägg i Cacti.

PoE: Power over Ethernet

Är ett sätt att skicka ström över ethernet-kabeln.

RSA-krypteringsnyckel: Rivest, Shamir, Adleman

Är en nyckel till en känd krypteringsalgoritm.

RSTP: Rapid Spanning Tree Protocol

Convergerar enheterna snabbare än STP efter att en ändring har gjorts i nätverket.

SFP: Small Form-Factor Pluggable Transceiver

En modul som kan kopplas till switchar för att få fler eller andra interface på enheten.

SNMP: Simple Network Management Protocol

Är ett protokoll som används för att övervaka enheter på nätverket.

SNMPD: Simple Network Management Protocol Daemon

Är en daemon för att använda SNMP på Linux.

SSH: Secure Shell

Är ett sätt att ansluta sig säkert till andra enheter över internet, då datan krypteras.

SVI: Switch Virtual Interface

Är ett virtuellt interface som man kan använda för att styra trafik.

Thold: Threshold

Är ett tillägg till Cacti för att kunna sätta gränser då larm ska skickas från enheterna.

VLAN: Virtual Local Area Network

23

VLAN är logisk segmentering av ett fysisk LAN.

VSFTPD: Very Secure FTPD

Är en FTP-servermjukvara för Linux.

VTY: Virtual Terminal Line

Det är via detta interface man kommer åt switchars konfiguration via nätverket.

Brandvagg & NAT

I Ubuntu 12.04

2013-05-26 Sebastian Stenlund | Hadi Bitar |Robin Ågren

Innehållsförteckning Installation och konfiguration av brandvägg med NAT-egenskaper. ...................................................... 2

Scriptet ................................................................................................................................................ 2

Hur man använder scriptet ................................................................................................................. 3

Installation och konfiguration av brandvägg med NAT-funktionalitet. Istället för att konfigurera IP-tables manuellt valde vi att köra ett standardscript innehållande de viktigaste konfigurationerna för vårt ändamål.

Scriptet Här nedan finns det scriptet vi använde oss av, det krävs vissa modifikationer för att det ska fungera beroende på hur nätverket är designat.

#!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # # delete all existing rules. # iptables -F iptables -t mangle -F iptables -X # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT #Allow established connections, and those not coming from the outside #Beroende på vilket interface som används som outside/inside interface #så kan eth0 behöva ändras. iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT #Trusted machines #Nätverksadressen måste ändras till den adressen som används för #management nätverket. iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT # #Beroende på vilket interface som används som outside/inside interface #så kan eth0 och eth1 behöva ändras. #Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT #Beroende på vilket interface som används som outside/inside interface #så kan eth0 behöva ändras. #Masquerade iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # # # Port forwarding # Enable routing echo 1 > /proc/sys/net/ipv4/ip_forward # # # External rules #Nedan följer inställningar för externa regler, dessa kan #kommenteras/avkommenteras efter behov. # # SSH server iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # MySQL server

2

iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT # FTP server #iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 1024:1124 -j ACCEPT # Apache server iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # Ventrilo server iptables -A INPUT -p tcp -m tcp --dport 3784:3785 -j ACCEPT # RADIUS server iptables -A INPUT -p udp -m udp --dport 1812 -j ACCEPT # Ping iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # # # Routing #Nedan följer inställningar för port forwarding, dessa kan #kommenteras/avkommenteras efter behov. # # Radmin till Windows XP iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 8000 -j DNAT --to-destination 192.168.1.5:8000 # RDP Till Windows 7 Tiny iptables -A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.8:3389 # # Fucking end # # Packet-killer-motherfucker iptables -P INPUT DROP

Hur man använder scriptet För att köra scriptet så börjar vi med att spara filen på valfri plats, antingen genom att överföra filen via samba/FTP eller kopiera in den i en fil via SSH.

1. För att kopiera in filen via SSH kör sudo nano /home/username/s41iptables

2. Kopiera in texten och spara filen.

3

3. Kör sedan. sudo bash /home/username/s41iptables

4. För att kolla om iptables har uppdaterats kör. sudo iptables -L

4

Cacti, Thold och Monitor

I Ubuntu 12.04

2013-05-20 Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Installation och konfiguration av Cacti med pluginen Thold och Monitor.............................................. 2

Cacti ..................................................................................................................................................... 2

Plugins ................................................................................................................................................. 4

Lägga till enheter ................................................................................................................................. 5

Mail ...................................................................................................................................................... 5

Installation och konfiguration av Cacti med pluginen Thold och Monitor.

Cacti 1. Installera LAMP och SSH vid installationen av Ubuntu 12.04. 2. Börja med att sätta en fast IP-adress. 3. Installera snmp och snmpd.

sudo apt-get install snmp sudo apt-get install snmpd

4. Byt namn på konfigurationsfilen från ”snmpd.conf” till ”snmpd.conf.org”. sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org

5. Skapa en ny fil med namnet ”snmpd.conf” och öppna den. sudo nano /etc/snmp/snmpd.conf

6. Lägg till följande rader. rwcommunity private rocommunity public

7. Öppna ”/etc/default/snmpd”. sudo nano /etc/default/snmpd

8. Ändra SNMPDOPTS raden så att den ser ut så här SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'

2

9. Starta om snmpd. service snmpd restart

10. Börja med att installera python-software-properties för att göra det möjligt att lägga till custom repositories.

sudo apt-get install python-software-properties 11. Lägg sedan till repositoryn ”micahg”.

sudo add-apt-repository ppa:micahg/ppa 12. Tryck enter för att bekräfta. 13. Kör sedan.

sudo apt-get update För att uppdatera apt-get registret.

14. Installera sedan Cacti med kommandot. sudo apt-get install cacti

15. Tryck enter. 16. Välj apache2. 17. Ange mysql lösenord. 18. Besök ”http://ip-adress/cacti/”.

19. Tryck next tills installationen är slutförd. 20. Använd användarnamn admin och lösenord admin för att logga in.

3

21. Skriv sedan in det lösenord som du vill använda två gånger. 22. Installera sedan Cacti Spine för effektivare polling.

sudo apt-get install cacti-spine

Plugins 1. Besök ”http://docs.cacti.net/plugins” för att hitta plugins till Cacti. Vi valde att

installera Thold och Monitor. 2. För att installera plugins gå in i ”/usr/local/share/cacti/plugins/”.

cd /usr/local/share/cacti/plugins/ 3. Ladda ner Monitor pluginet.

sudo wget http://docs.cacti.net/_media/plugin:monitor-v1.3-1.tgz 4. Byt namn på filen från ”plugin\:monitor-v1.3-1.tgz” till ”monitor-v1.3-1.tgz”.

sudo mv plugin\:monitor-v1.3-1.tgz monitor-v1.3-1.tgz 5. Packa upp filen.

sudo tar -xvf monitor-v1.3-1.tgz 6. Gå in i Cacti och klicka på Plugin Management i menyn, allternativt gå till ”http://ip-

adress/cacti/plugins.php”. 7. Klicka först på den blå pilen för att installera Monitor klicka sen på den gröna pilen

för att starta pluginet. 8. Om man nu klickar på Monitor fliken så möts man av ett felmeddelande. Detta löses

genom att skapa en mjuklänk mellan ”/usr/local/share/cacti/” och ”/usr/share/cacti/site/include”.

cd /usr/local/share/cacti/ sudo ln -s ../../../share/cacti/site/include/ ./

9. För att installera Thold gå in i. cd /usr/local/share/cacti/plugins/

10. Ladda ner Thold pluginet. sudo wget http://docs.cacti.net/_media/plugin:thold-v0.4.9-3.tgz

11. Byt namn på filen från ”plugin\:thold-v0.4.9-3.tgz” till ”thold-v0.4.9-3.tgz”. sudo mv plugin\:thold-v0.4.9-3.tgz thold-v0.4.9-3.tgz

12. Packa upp filen. sudo tar -xvf thold-v0.4.9-3.tgz

13. Gå in i Cacti och klicka på Plugin Management i menyn, alternativt gå till ”http://ip-adress/cacti/plugins.php”.

4

14. Klicka först på den blå pilen för att installera Thold klicka sen på den gröna pilen för att starta pluginet.

15. För att köra Thold så krävs även pluginet Settings. 16. För att installera Settings, gå in i.

cd /usr/local/share/cacti/plugins/ 17. Ladda ner Settings pluginet.

sudo wget http://docs.cacti.net/_media/plugin:settings-v0.71-1.tgz 18. Byt namn på filen från ”plugin\:settings-v0.71-1.tgz” till ”settings-v0.71-1.tgz”.

sudo mv plugin\:settings-v0.71-1.tgz settings-v0.71-1.tgz 19. Packa upp filen.

sudo tar -xvf settings-v0.71-1.tgz 20. Gå in i Cacti och klicka på Plugin Management i menyn, alternativt gå till ”http://ip-

adress/cacti/plugins.php”. 21. Klicka först på den blå pilen för att installera Settings klicka sen på den gröna pilen för

att starta pluginet.

Lägga till enheter 1. För att lägga till enheter gå till ”http://ip-adress/cacti/host.php”. 2. Klicka på Add. 3. Fyll i Hostname, IP-adress, vilken Host Template som ska användas, vilken SNMP

version samt SNMP Community.

4. För att göra det möjligt för Cacti att skicka mail vid händelser så gå till ”http://ip-adress/cacti/settings.php” och klicka på Mail/DNS fliken.

Mail 1. Fyll i fältet Test Email med den email-adress som du vill att meddelandet ska skickas

till 2. Välj SMTP i dropdown menyn Mail Services. 3. I fälten From Email Address och From Name så kan valfritt namn och email-adress

fyllas i. 4. Fyll i SMTP-hostname, Port, Username och Password, detta måste vara giltiga

inställningar för att mailfunktionen ska fungera. 5. Fyll i Primary DNS IP Adress, förslagsvis Googles.

5

6

ISC-DHCP-Server

I Ubuntu 12.04

2013-05-22 Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Installation och konfiguration av ISC-DHCP-Server. ................................................................................ 2

Vår konfiguration ..................................................................................................................................... 4

Installation och konfiguration av ISC-DHCP-Server. 1. För att installera ISC-DHCP-Server i Ubuntu kör.

sudo apt-get install isc-dhcp-server 2. Öppna och editera filen /etc/default/isc-dhcp-server ändra INTERFACES=”eth0” till korrekt

interface.

3. Byt namn på filen dhcpd.conf till dhcpd.conf.back för att göra en backup.

sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.back 4. Skapa och editera filen dhcpd.conf, i den konfigureras DHCP-servern.

sudo nano /etc/dhcp/dhcpd.conf 5. Börja med att skriva in de parametrar som gäller för alla scopes dvs. ddns-update-style, default-

lease-time, max-lease-time, authoritative, log-facility local7 och option domain-name-servers.

6. Fyll sedan i de parametrar som är individuella för varje scope dvs. namn, subnät, nätmask, range

och option routers. Bilden nedan visar ett exempel.

2

7. Starta om DHCP-tjänsten. sudo service isc-dhcp-server restart

8. Om DHCP-tjänsten inte startar korrekt sök efter skrivfel i dhcpd.conf.

3

Vår konfiguration

4

FTP I Ubuntu 12.04

2013-05-24 Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Installation och konfiguration av FTP ...................................................................................................... 2

Installation och konfiguration av FTP 1. Börja med att installera vsftpd.

sudo apt-get install vsftpd 2. Öppna konfigurationsfilen “/etc/vsftpd.conf”.

sudo nano /etc/vsftpd.conf 3. Ändra raden ”anonymous_enable”=YES till ”anonymous_enable=NO”. 4. Avkommentera ”#local_enable=YES” så att det står ”local_enable=YES”. 5. Avkommentera ”#write_enable=YES” så att det står ”write_enable=YES”.

6. Avkommentera ” #chroot_local_user=YES” så att det står ”chroot_local_user=YES”.

2

7. Skapa en ny mapp i ”/home/username/” vi har valt att döpa den till files. mkdir /home/username/files

8. Ändra rättigheterna på den mappen. sudo chown root:root /home/username

9. Starta om vsftpd. sudo service vsftpd restart

10. Gå nu till ” ftp://ip-adress/” för att bekräfta att FTPn fungerar.

3

Ubiquiti UniFi Controller

I Ubuntu 12.04

2013-05-24 Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Installation av Ubiquiti UniFi Controller i Ubuntu 12.04 ......................................................................... 2

Installera MongoDB ............................................................................................................................. 2

Installera UniFi Controller ................................................................................................................... 2

Installation av Ubiquiti UniFi Controller i Ubuntu 12.04

Installera MongoDB 1. Importera 10gens publika GPG-nyckel.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 2. Skapa och editera filen ”/etc/apt/sources.list.d/10gen.list”.

sudo nano /etc/apt/sources.list.d/10gen.list 3. Lägg till raden.

deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

4. Kör sedan en update av apt-get registret. sudo apt-get update

5. Installera sedan mongodb-10gen. sudo apt-get install mongodb-10gen

Installera UniFi Controller 1. Lägg till följande rad i slutet av ”/etc/apt/sources.list”.

deb http://www.ubnt.com/downloads/unifi/distros/deb/precise precise ubiquiti

2. Lägg till GPG-nyckeln. sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50

2

3. Kör sedan en update av apt-get registret. sudo apt-get update

4. Installera UniFi. sudo apt-get install unifi

5. Surfa till https://ip-adress:8443 för att se om det fungerar.

6. Välj språk och land och tryck Next. 7. Om du har enheter kopplade till samma nätverk och de är nollställda så syns de här

men gör de inte det så fortsätt ändå genom att trycka Next. 8. Fyll i SSID för det trådlösa nätverket samt lösenord, klicka sedan Next. 9. Fyll i användarnamn och lösenord för administratörkontot och klicka på Next. 10. Se till så att allt stämmer och klicka på Finish för att slutföra installationen.

3

Konfiguration Core

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Core .......................................................................................................................... 2

Konfiguration Core ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname CORE3560G ! boot-start-marker boot-end-marker ! enable secret 5 $1$WGZw$KvzJozycB0a4OVu1Mw/XX1 ! username Lager3 secret 5 $1$W5R2$Jqj74s6ETt/Wu4G.79QBs/ aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ip routing no ip domain-lookup ip domain-name network.nordsken.se ! ! ! ! crypto pki trustpoint TP-self-signed-2674227968 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2674227968 revocation-check none rsakeypair TP-self-signed-2674227968 ! ! crypto pki certificate chain TP-self-signed-2674227968 certificate self-signed 01 30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363734 32323739 3638301E 170D3933 30333031 30303031 33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

2

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36373432 32373936 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CC7D E92C5765 1FDE9DA5 C3F4ABA0 3B2D4C64 2914ED6E 215FE651 1039F57E AD2451D9 845D0C45 CAC9A2CE 2C31FC3F D8B16A31 378C5718 3004189E EFE676BD 20A01BC5 5C3DD990 BF974894 2391C341 E586DF9D E2488BF7 C0904C5A 407DC0F5 DAF4D8F8 2147164B 3AC3D762 2BD9432C 07ACBA9F C2F88296 0816146D C0269A1C 7F030203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603 551D1104 21301F82 1D434F52 45333536 30472E6E 6574776F 726B2E6E 6F726473 6B656E2E 7365301F 0603551D 23041830 1680142D A4A0CB18 C81516B9 5B02F6D1 22B19863 E06CFA30 1D060355 1D0E0416 04142DA4 A0CB18C8 1516B95B 02F6D122 B19863E0 6CFA300D 06092A86 4886F70D 01010405 00038181 0015CAA2 B6C957DE A470735D DECA414C 25ECE5D7 FD27C948 1199E5CF B155A9B2 019FC5B7 2110EFE6 9EBA7786 E09135A6 2468D4D1 128A45E2 3CE3F784 5D1D5FC5 D7C4DE07 4D6E0A25 0F40FDE2 C786BE52 821C3D8F 324ED98E 867BFC16 60612346 CA9810F1 29CB67C2 07A582FF FD91E8A4 288F1991 07FB66AD D047587F F81CE091 FE quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name Bord_A ! vlan 20 name Bord_B ! vlan 30 name Bord_C ! vlan 40 name Bord_D ! vlan 50 name Bord_E

3

! vlan 60 name Bord_F ! vlan 70 name Bord_G ! vlan 80 name Bord_H ! vlan 90 name Bord_I_J_K ! vlan 100 name Spill ! vlan 110 name Crew ! vlan 137 name Management ! vlan 200 name BB2_Wifi1 ! vlan 210 name BB2_Wifi2 ! vlan 666 name Mot_BB2 ! ip ftp username sebastian ip ftp password 7 104F0F12071611000005247A767B68 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! interface GigabitEthernet0/1 description TRUNK_DIST1 switchport access vlan 137 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100,110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/2 description TRUNK_DIST2 switchport access vlan 137 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100,110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/3 switchport access vlan 137

4

switchport mode access ! interface GigabitEthernet0/4 switchport access vlan 137 shutdown ! interface GigabitEthernet0/5 switchport access vlan 137 shutdown ! interface GigabitEthernet0/6 switchport access vlan 137 shutdown ! interface GigabitEthernet0/7 switchport access vlan 137 shutdown ! interface GigabitEthernet0/8 switchport access vlan 137 shutdown ! interface GigabitEthernet0/9 switchport access vlan 137 shutdown ! interface GigabitEthernet0/10 description TRUNK_MOT_AP switchport access vlan 137 switchport trunk encapsulation dot1q switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/11 description TRUNK_MOT_AP switchport access vlan 137 switchport trunk encapsulation dot1q switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/12 switchport access vlan 137 shutdown ! interface GigabitEthernet0/13 switchport access vlan 137 shutdown ! interface GigabitEthernet0/14 switchport access vlan 137 shutdown ! interface GigabitEthernet0/15 switchport access vlan 137

5

shutdown ! interface GigabitEthernet0/16 switchport access vlan 137 shutdown ! interface GigabitEthernet0/17 description TRUNK_MOT_GAMECREW switchport access vlan 137 switchport trunk encapsulation dot1q switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/18 switchport access vlan 137 shutdown ! interface GigabitEthernet0/19 switchport access vlan 137 shutdown ! interface GigabitEthernet0/20 switchport access vlan 137 shutdown ! interface GigabitEthernet0/21 switchport access vlan 137 shutdown ! interface GigabitEthernet0/22 switchport access vlan 137 shutdown ! interface GigabitEthernet0/23 description PORT_MOT_SERVER switchport access vlan 137 switchport trunk encapsulation dot1q switchport trunk allowed vlan 110,137 switchport mode trunk ! interface GigabitEthernet0/24 switchport access vlan 137 shutdown ! interface GigabitEthernet0/25 description PORT_MOT_BB2 no switchport ip address 62.220.166.42 255.255.255.252 ! interface GigabitEthernet0/26 switchport access vlan 137 shutdown ! interface GigabitEthernet0/27 switchport access vlan 137 shutdown

6

! interface GigabitEthernet0/28 switchport access vlan 137 shutdown ! interface Vlan1 no ip address shutdown ! interface Vlan10 description Bord_A ip address 31.208.25.129 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan20 description Bord_B ip address 31.208.25.193 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan30 description Bord_C ip address 31.208.26.1 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan40 description Bord_D ip address 31.208.26.65 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan50 description Bord_E ip address 31.208.26.129 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan60 description Bord_F ip address 31.208.26.193 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan70 description Bord_G ip address 31.208.27.1 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan80 description Bord_H ip address 31.208.27.65 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan90 description Bord_I_J_K ip address 31.208.27.129 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan100 description Spill

7

ip address 31.208.27.193 255.255.255.192 ip helper-address 192.168.137.1 ! interface Vlan110 description Crew ip address 31.208.24.1 255.255.255.128 ip helper-address 192.168.137.1 ! interface Vlan137 description Management ip address 192.168.137.254 255.255.255.0 ip helper-address 192.168.137.1 ! interface Vlan200 description BB2_Wifi1 ip address 31.208.24.129 255.255.255.128 ip helper-address 192.168.137.1 ! interface Vlan210 description BB2_Wifi2 ip address 31.208.25.1 255.255.255.128 ip helper-address 192.168.137.1 ! interface Vlan666 description Mot_BB2 no ip address ! ip default-gateway 62.220.166.41 ip classless ip route 0.0.0.0 0.0.0.0 62.220.166.41 ip http server ip http secure-server ! ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ! logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 ! snmp-server community private RW snmp-server community public RO snmp-server location Serverhall snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

8

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old snmp-server enable traps ospf cisco-specific state-change shamlink neighbor snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps bgp snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps event-manager snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps isis snmp-server enable traps msdp snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps energywise snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps rtr snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! ! ! ! ! ! ! !

9

banner motd _ *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

10

Konfiguration Distribution

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration DIST1 ......................................................................................................................... 2

Konfiguration DIST2 ......................................................................................................................... 8

Konfiguration DIST1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname DIST1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$iS9C$M3dbvpQPtpfhLHCqOE3lQ/ ! username Lager2 password 7 01100F1758045F5660 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1083804672 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1083804672 revocation-check none rsakeypair TP-self-signed-1083804672 ! ! crypto pki certificate chain TP-self-signed-1083804672 certificate self-signed 01 30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31303833 38303436 3732301E 170D3933 30333031 30303033 34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30383338

2

30343637 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100963D 336CABE2 E8BE266E D053D2CB FC6BDCCD 3225DFFD D22C2934 082575EA C1380144 A6E6DFAE 8BE97017 30BDB505 5F100BEA FABD84C2 660DBCCD 0BB23C78 F9A971DE 0DDC0B88 1D4A83BD 0C2E3629 25A5409B 69C53C04 1DC1B6BF B6FBC75F 153AA6C9 3840BF08 223502CE 08CAA125 357A12B4 3C7F5922 EFE1B991 F3518942 7D070203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603 551D1104 1D301B82 19444953 54312E6E 6574776F 726B2E6E 6F726473 6B656E2E 7365301F 0603551D 23041830 16801494 B444B93A CAAF9009 44A43DC6 21471BE0 12CB1030 1D060355 1D0E0416 041494B4 44B93ACA AF900944 A43DC621 471BE012 CB10300D 06092A86 4886F70D 01010405 00038181 00318583 A1DC1F35 E6041F20 BDE025ED EC9F7CD2 3202A513 8F23419E 1D9FF4F3 7FFB4A29 20BBD6C1 98B50834 2E72720D FE0D047D FABFE3CF 87E10883 EEB4D027 12DD766C F471B4A7 E06EE7D3 092F988B 587DCB1B 7D13D163 D3042EF0 980615F0 98B91639 D5CF44BE 18A0F022 6AFFA03F 51327E05 5A0C77E6 33ADE4EF C9A8740F 03 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name Bord_A ! vlan 20 name Bord_B ! vlan 30 name Bord_C ! vlan 40 name Bord_D ! vlan 50 name Bord_E ! vlan 60 name Bord_F

3

! vlan 70 name Bord_G ! vlan 80 name Bord_H ! vlan 90 name Bord_I_J_K ! vlan 100 name Spill ! vlan 110 name Crew ! vlan 137 name Management ! vlan 200 name BB2_Wifi1 ! vlan 210 name BB2_Wifi2 ! vlan 666 name Mot_BB2 ! ip ftp username sebastian ip ftp password 7 0005150D065A080D0320421F5B4A5E ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface GigabitEthernet0/1 description TRUNK_MOT_A1 switchport trunk allowed vlan 10,137 switchport mode trunk ! interface GigabitEthernet0/2 description TRUNK_MOT_B1 switchport trunk allowed vlan 20,137 switchport mode trunk ! interface GigabitEthernet0/3 description TRUNK_MOT_C1 switchport trunk allowed vlan 30,110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/4 description TRUNK_MOT_D1 switchport trunk allowed vlan 40,137 switchport mode trunk ! interface GigabitEthernet0/5 description TRUNK_MOT_E1

4

switchport trunk allowed vlan 50,137 switchport mode trunk ! interface GigabitEthernet0/6 description TRUNK_MOT_F1 switchport trunk allowed vlan 60,137 switchport mode trunk ! interface GigabitEthernet0/7 description TRUNK_MOT_G1 switchport trunk allowed vlan 70,137 switchport mode trunk ! interface GigabitEthernet0/8 description TRUNK_MOT_H1 switchport trunk allowed vlan 80,110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/9 shutdown ! interface GigabitEthernet0/10 shutdown ! interface GigabitEthernet0/11 shutdown ! interface GigabitEthernet0/12 shutdown ! interface GigabitEthernet0/13 shutdown ! interface GigabitEthernet0/14 description NETWORK_CREW_SWITCH switchport trunk allowed vlan 110,137 switchport mode trunk ! interface GigabitEthernet0/15 shutdown ! interface GigabitEthernet0/16 shutdown ! interface GigabitEthernet0/17 shutdown ! interface GigabitEthernet0/18 shutdown ! interface GigabitEthernet0/19 shutdown ! interface GigabitEthernet0/20 shutdown !

5

interface GigabitEthernet0/21 shutdown ! interface GigabitEthernet0/22 shutdown ! interface GigabitEthernet0/23 shutdown ! interface GigabitEthernet0/24 description TRUNK_MOT_CORE switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100,110,137,200,210 switchport mode trunk ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.100 255.255.255.0 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Mellan_Borden snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps rtr

6

snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

7

Konfiguration DIST2 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname DIST2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$DMBo$4NTOR4wNKMA0yDPfbmAyA. ! username Lager2 password 7 094F471A1A0A4E4B4A aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-4217812352 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4217812352 revocation-check none rsakeypair TP-self-signed-4217812352 ! ! crypto pki certificate chain TP-self-signed-4217812352 certificate self-signed 01 30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323137 38313233 3532301E 170D3933 30333031 30303130 35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32313738

8

31323335 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B222 6BB38F41 B5FDCBB8 E78A6D52 518826E0 BB130B50 3710C645 D17E1073 66E00023 F4858362 E38F501F 55808ADA F443BD8E 76FD3CB8 E4AAE4F9 75AE2724 0B394B23 BA0AF28B 0805F24C BDBAB132 A5D96C59 46814C2C F2E842FE 5D7378AF 88715069 765E2197 69CCA31A E8EDB9D3 51A8C914 D6E93427 0F99ED0D 56EADC83 B6910203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603 551D1104 1D301B82 19444953 54322E6E 6574776F 726B2E6E 6F726473 6B656E2E 7365301F 0603551D 23041830 1680149D A062EC18 D445B98B 6F1EE500 2582FAF3 23E7BE30 1D060355 1D0E0416 04149DA0 62EC18D4 45B98B6F 1EE50025 82FAF323 E7BE300D 06092A86 4886F70D 01010405 00038181 006835D6 3434D52E 72CE9F5A FAB8C125 BC54DD9E DE6F2EC0 7529BD2C 67914160 7BBF1BD1 D1E62C56 A3BF21C4 AFC31D84 28AB10A2 2EDB4E49 1D6C77BF ECDCBBBF 2C72C6DD A2B9E685 89F82E54 F55A0892 875C2C1D BDFC5971 A0DE53A1 F6E697E7 9AF5BD90 59547151 BC52803F F4130EA0 21F50BF2 49F9F944 F2195ADC EF802E31 F6 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name Bord_A ! vlan 20 name Bord_B ! vlan 30 name Bord_C ! vlan 40 name Bord_D ! vlan 50 name Bord_E ! vlan 60 name Bord_F

9

! vlan 70 name Bord_G ! vlan 80 name Bord_H ! vlan 90 name Bord_I_J_K ! vlan 100 name Spill ! vlan 110 name Crew ! vlan 137 name Management ! vlan 200 name BB2_Wifi1 ! vlan 210 name BB2_Wifi2 ! vlan 666 name Mot_BB2 ! ip ftp username sebastian ip ftp password 7 1218031C100A0F0F262A2A79616679 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface GigabitEthernet0/1 description TRUNK_MOT_A2 switchport trunk allowed vlan 10,137 switchport mode trunk ! interface GigabitEthernet0/2 description TRUNK_MOT_B2 switchport trunk allowed vlan 20,137 switchport mode trunk ! interface GigabitEthernet0/3 description TRUNK_MOT_C2 switchport trunk allowed vlan 30,137,200,210 switchport mode trunk ! interface GigabitEthernet0/4 description TRUNK_MOT_D2 switchport trunk allowed vlan 40,137 switchport mode trunk ! interface GigabitEthernet0/5 description TRUNK_MOT_E2

10

switchport trunk allowed vlan 50,137 switchport mode trunk ! interface GigabitEthernet0/6 description TRUNK_MOT_F2 switchport trunk allowed vlan 60,137 switchport mode trunk ! interface GigabitEthernet0/7 description TRUNK_MOT_G2 switchport trunk allowed vlan 70,110,137 switchport mode trunk ! interface GigabitEthernet0/8 description TRUNK_MOT_H2 switchport trunk allowed vlan 80,110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/9 description TRUNK_MOT_I switchport trunk allowed vlan 90,137 switchport mode trunk ! interface GigabitEthernet0/10 description TRUNK_MOT_J switchport trunk allowed vlan 90,137 switchport mode trunk ! interface GigabitEthernet0/11 description TRUNK_MOT_K switchport trunk allowed vlan 90,110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/12 shutdown ! interface GigabitEthernet0/13 shutdown ! interface GigabitEthernet0/14 shutdown ! interface GigabitEthernet0/15 shutdown ! interface GigabitEthernet0/16 shutdown ! interface GigabitEthernet0/17 shutdown ! interface GigabitEthernet0/18 shutdown ! interface GigabitEthernet0/19 shutdown

11

! interface GigabitEthernet0/20 shutdown ! interface GigabitEthernet0/21 shutdown ! interface GigabitEthernet0/22 shutdown ! interface GigabitEthernet0/23 shutdown ! interface GigabitEthernet0/24 description TRUNK_MOT_CORE switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100,110,137,200,210 switchport mode trunk ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.200 255.255.255.0 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Mellan_Borden snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police

12

snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

13

Konfiguration Bord A

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch A1 .................................................................................................................. 2

Konfiguration Switch A2 ................................................................................................................ 10

Konfiguration Switch A1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname A1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 secret 5 $1$2b24$Fj882WWUmZfqSIk.hwxNQ0 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1838686592 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1838686592 revocation-check none rsakeypair TP-self-signed-1838686592 ! ! crypto pki certificate chain TP-self-signed-1838686592 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

2

69666963 6174652D 31383338 36383635 3932301E 170D3933 30333031 30303030 35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38333836 38363539 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100FB7E FB41FD6E ED3EEC4A A2BBD44D 9533A277 0ACC65DE 4AEC4353 3760EF13 4C330EE5 10413E20 E3B21FF3 44466B94 BF22F830 19BB30F7 CA26EB8D 73D088C2 F961475D 6AAD473A 9326129D BA520B43 82C2E440 C431555A 1F5B2820 A4C43A30 F3BB934D 8B509EE7 2AA30A86 26B74C36 F1D55CC2 2291F985 1CFFB491 3FF1EF03 7F710203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1641312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 B03BEAE4 0161B613 749A3950 F115F9C3 AE018C25 301D0603 551D0E04 160414B0 3BEAE401 61B61374 9A3950F1 15F9C3AE 018C2530 0D06092A 864886F7 0D010104 05000381 81006B74 02ED9308 EEA6AB8F BC130612 7309199E EADE41A6 2C70441F 59FF0693 49FA7E3E 73938A8A B36FB002 546500B8 1C2EC44D BBFC0BCC 12CE176E 8EE662AA 7AB97B5F 43EEF0BD 3E479165 B064E204 B5CE35E1 A10E7F48 3EC8702F 4A07C630 D3F90E21 301C009E 9C54C23F 06823E60 CFC56D76 C5AFE2D4 92521BC4 6FD156D5 2D98 quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name Bord_A ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 104F0F12071611000005247A767B68 ip ssh time-out 60 ip ssh authentication-retries 2 ! !

3

interface FastEthernet0/1 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 10

4

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 10 switchport mode access switchport port-security

5

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

6

ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 10,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown

7

! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.101 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_A snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable

8

snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch A2 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname A2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 secret 5 $1$V1o7$coGfEo2wpNpnPYIPjQt4k0 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3136113920 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3136113920 revocation-check none rsakeypair TP-self-signed-3136113920 ! ! crypto pki certificate chain TP-self-signed-3136113920 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

10

69666963 6174652D 33313336 31313339 3230301E 170D3933 30333031 30303034 31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31333631 31333932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AD5A D97123B8 A4E52063 AF806F00 27C67635 372A1F9F 26A57A04 A1A6FBD7 36AAA6E6 B4A669B9 A0C597E2 A7FC0D4B 297116BC B9773D78 C1CB7EFA F606BC9B 4551D044 8CA02BCB D5D53080 1F909142 D510D0E9 1A6EFCAD 2DA73FB5 5C64E4BC A91E0F97 FB8BC4B5 069B44C6 41AF8B68 5B3C987E 44265C61 05C21A39 036C6286 C7BB0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1641322E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 F9927C45 E53DC195 9026FFE8 5E43C4DF D5F5A42C 301D0603 551D0E04 160414F9 927C45E5 3DC19590 26FFE85E 43C4DFD5 F5A42C30 0D06092A 864886F7 0D010104 05000381 81007E30 76FA505E F038EA2A C4693231 965EC9C4 C726CADC 72DE695F DBE52D64 175E42C0 5F915001 3A2DCC25 A4C4E2AB 994EA22D B45435F0 EB556323 FC32A9AF EC7F980F 910980BB 409FCE2B 4DBD944F E256549B 6464F63E 6F4CAC66 FA849555 4332EF0C 2030F791 367F2078 C110A34D 3E39D1EA 5725628E AE6D1A75 DF0BCD4D 9417 quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 10 name Bord_A ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 094D48021B041419070D0A7B797773 ip ssh time-out 60 ip ssh authentication-retries 2 ! !

11

interface FastEthernet0/1 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 10

12

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 10 switchport mode access switchport port-security

13

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

14

ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 10 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 10,110,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown

15

! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.201 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_A snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable

16

snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord B

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch B1 .................................................................................................................. 2

Konfiguration Switch B2 ................................................................................................................ 10

Konfiguration Switch B1 ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname B1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 045802150C2E151748 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1842787584 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1842787584 revocation-check none rsakeypair TP-self-signed-1842787584 ! ! crypto pki certificate chain TP-self-signed-1842787584 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31383432 37383735 3834301E 170D3933 30333031 30303033

2

33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38343237 38373538 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E3EF B3635F0F 66AD3F22 A4281E5A C0C027AC 2EBC1E17 51348035 86382F22 C373934F 8DD5A2DB 2D971558 D22DAE6B B2DD0CC3 B28F09CB 249D52A2 692077C3 FA78D3AD 2DC3F3D2 86D1C179 6DFE449A 745A02A8 27758F93 DF203E93 F8C449F7 D13A8130 20AB2DE8 ADACC704 0769430C 59852AF9 CB9457A3 6023D197 1574F25E 9A210203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1642312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 7A39E880 045DC5E9 6063E289 3CA62312 4974425D 301D0603 551D0E04 1604147A 39E88004 5DC5E960 63E2893C A6231249 74425D30 0D06092A 864886F7 0D010104 05000381 81008FE6 96A37DDF 67770B5E 47A284FF 55E07BA1 ADECFBC0 D5F9A37C 50C14FF1 D5C5F21B 83CBF88C E3BB0022 9190081A D92E2C34 66D6CAC4 86DC7556 63D4E703 E5B3D3F9 4C35C79E 22741DEA CA8CE0AD 66AA033F A7625BD9 18CE12F1 8F8304D4 81E951EE 3CF74062 38B63AAD 364CD401 0EED9DBF 3DD95EA3 8E7E1AC7 1786992E 4F3F quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 20 name Bord_B ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 1218031C100A0F0F262A2A79616679 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 20

3

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 20 switchport mode access switchport port-security

4

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

5

ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust

6

! interface FastEthernet0/20 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 20,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1

7

no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.102 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_B snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public banner motd _C

8

*************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch B2 ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname B2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 01100F1758045F5660 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3386604672 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3386604672 revocation-check none rsakeypair TP-self-signed-3386604672 ! ! crypto pki certificate chain TP-self-signed-3386604672 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

10

69666963 6174652D 33333836 36303436 3732301E 170D3933 30333031 30303034 30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33383636 30343637 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100968A 63D96A35 CF7CBEB5 74203B8B 465DD8F2 525B2A02 A2365D56 A9AE2B4E FBE1C569 97986D8B 46A5FC48 43EB1CDB 82C15D29 4CB32667 FCB9D845 204A78F6 928D3DB1 773B5877 DA3EDAF2 460BA43C 547AF368 08FF27A1 FF4A38A0 9FCBA05E 7AEA8B4F FD399126 37FAF76E A87047AE 2625D203 3A5E9B1B 3BCC0717 E1622667 53610203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1642322E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 5D107F45 876AEE1C 5359A4C6 7DBD44D3 8AA9B79E 301D0603 551D0E04 1604145D 107F4587 6AEE1C53 59A4C67D BD44D38A A9B79E30 0D06092A 864886F7 0D010104 05000381 81005F57 A57C8A5A BBD28613 B5F1D1C6 2B6BFCF1 851CF6EB 3EEDA8F1 B624B7CF E0367401 55D076E9 80077773 C337101B 533F7690 88A77A7C D2E58F32 BD715DC6 4210D68F B5C51183 6D1D0624 F0BB9AA2 DAC1E8A9 F29A2B13 8FD74FA1 551C511B 4CA128A7 54682151 1052B19D E3D4BC13 3D914B39 051F13D6 D6BBFB73 11F98AA8 893F quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 20 name Bord_B ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 03055D00040E224742081754454150 ip ssh time-out 60 ip ssh authentication-retries 2 ! !

11

interface FastEthernet0/1 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 20

12

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 20 switchport mode access switchport port-security

13

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

14

ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 20 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 20,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown

15

! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.202 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_B snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable

16

snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord C

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch C1 .................................................................................................................. 2

Konfiguration Switch C2 ................................................................................................................ 10

Konfiguration Switch C1 ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname C1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 1511021F0725727D69 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-456669696 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-456669696 revocation-check none rsakeypair TP-self-signed-456669696 ! ! crypto pki certificate chain TP-self-signed-456669696 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34353636 36393639 36301E17 0D393330 33303130 30303833

2

385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3435 36363639 36393630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 DEAC6DFD 9176A4D2 B1ECCD38 633F025F 4C650B9C 6204A599 3697A817 4EBD7BDB 6A2FCE09 08FDD9BF 4F20801D 73BDBACA 82412FF8 025E6020 1BBE2668 636EC946 FFC8405C FE63A746 75A449FB 3F5150AA 241EFFC9 BB667F0F 3FD33984 C82E31DB AAD9D2DE C44F950D 8A660D56 B11E8986 29F9D34E 324B5FE6 FD20B88B 072F6801 02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D 11041A30 18821643 312E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 80146506 B72C6109 6B181EBE AC0A364D 71C91F69 0156301D 0603551D 0E041604 146506B7 2C61096B 181EBEAC 0A364D71 C91F6901 56300D06 092A8648 86F70D01 01040500 03818100 DCDA92A6 B7FD2920 2C443187 F158FE8C C0D9FFD8 645AA608 2A327DA4 D19A7907 C7E383D1 6D7677ED DF0A09BB 1150B91A AC12E2C2 8C029028 3B9FD314 A7314A1D 6B7A9997 FEC7339E 288632CA EB5E3A1D AAD58630 C01FE11C 52F5229A 01BC05F5 223BA0B9 9F403F09 4E768E4F 26C0974B 8B0C8851 F920591E 83ABF970 C46374FC quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 30 name Bord_C ! vlan 100 ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 11081F0E15130807082B25757A606E ip ssh time-out 60 ip ssh authentication-retries 2

3

! ! interface FastEthernet0/1 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust !

4

interface FastEthernet0/7 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 30

5

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 30 switchport mode access switchport port-security

6

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 30,110,137,200,210 switchport mode trunk ip dhcp snooping trust !

7

interface GigabitEthernet0/2 description TRUNK_MOT_AP switchport access vlan 30 switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.103 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_C snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr

8

snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch C2 ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname C2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 070C285F4D06405C56 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-518218112 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-518218112 revocation-check none rsakeypair TP-self-signed-518218112 ! ! crypto pki certificate chain TP-self-signed-518218112 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 35313832 31383131 32301E17 0D393330 33303130 30323030 345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

10

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3531 38323138 31313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 CDA53ECB 22EDC598 3CBE0745 59D6D491 C104E24F C7CE45F8 F6A0E3BC FB8DE143 A9D079B7 645F6D14 59F0F7AE 66252320 F39C03BC 7AECE7FF B4FCF996 2DFCF226 C9B56F38 8FA756D5 BA833A7D 60CE3C8B E2AB4B62 E8902EB9 6DAB4A32 2B91D90E 51C9AA41 E04A8515 688068A2 2452804E C62084D7 1495DDB3 FDE0C58F 37D91E0B 02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D 11041A30 18821643 322E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 801410A2 C795DCF4 BD260853 1E38849D CE279F6B BF90301D 0603551D 0E041604 1410A2C7 95DCF4BD 2608531E 38849DCE 279F6BBF 90300D06 092A8648 86F70D01 01040500 03818100 BC24C707 9D91E582 B6E2671B 1EE227F0 41489F4F 427A8404 CAD61206 68548EC1 293AA622 2D54A082 8447F765 498FAA2D 814A9AD1 ED4E2806 81921DE3 F0A64E08 FFCCA696 A386FE75 DD4D5C05 70CF4CA8 FA7AD51C ACFD5D41 A5C1E55D 4A1B2302 164E984D 580B8770 C068B69C 1B7AAC6B D967E753 CAC49004 1996C64A 53F685A0 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 30 name Bord_C ! vlan 110 ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 0112000F590A05042D4D40584B564C ip ssh time-out 60 ip ssh authentication-retries 2 !

11

! interface FastEthernet0/1 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7

12

switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 30 switchport mode access

13

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect

14

spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 30 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 30,110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2

15

description TRUNK_MOT_AP switchport access vlan 30 switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.203 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_C snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable

16

snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord D

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch D1 .................................................................................................................. 2

Konfiguration Switch D2 ................................................................................................................ 10

Konfiguration Switch D1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname D1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 060506324F41504044 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-518214528 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-518214528 revocation-check none rsakeypair TP-self-signed-518214528 ! ! crypto pki certificate chain TP-self-signed-518214528 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 35313832 31343532 38301E17 0D393330 33303130 30313030 355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3531 38323134

2

35323830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 CE261BB4 C63C1A09 1B4816B9 DCA7FF64 04B97A9E 4839DBBA C39BAA21 854D3801 5C05362A 015B704C C7D0DF12 EA9CDB48 3FA46ACD EED11972 5E12AD64 C4385FED 3ADC8AFD 2BC18DAA 41B148A6 8F01F9D7 E196DE48 1D1A6A4B 0B86CA45 10BA75DD C4748D6B 6436EF21 04FF80DB D396BD16 7C52617E 36418AC6 B7EFE1D2 61A84F31 02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D 11041A30 18821644 312E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 8014B16F 51D072CE 6A61D77F 1FBF6915 1805E6F0 1077301D 0603551D 0E041604 14B16F51 D072CE6A 61D77F1F BF691518 05E6F010 77300D06 092A8648 86F70D01 01040500 03818100 2B5CF20C B8A4E2DD 99BAFC0B D600D60E 78BBD7A1 7A2A55D1 30E557C1 E1688FC5 E805F95A C89BF29C 53DBD647 09D26F50 1350A5B7 A5A5CE51 5452EAD4 77645E36 BEA67A4F 5E18701B A3DE20D3 D043D70E BBA80628 B58A3C28 E505FE4C 12C3F868 D194E885 FB937DCE D342AE0A 249FDE10 0A69DF93 AA61C951 A18767C4 62E858C8 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 40 name Bord_D ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 045A0D0D0D204F4505180B46405857 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect

3

spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

4

ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust !

5

interface FastEthernet0/14 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 40

6

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 40,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown

7

! interface Vlan137 ip address 192.168.137.104 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_D snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! ! ! ! ! ! ! !

8

banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch D2 ! version 12.2 service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname D2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 14141B180F0B737265 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-453521408 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-453521408 revocation-check none rsakeypair TP-self-signed-453521408 ! ! crypto pki certificate chain TP-self-signed-453521408 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34353335 32313430 38301E17 0D393330 33303130 30303335

10

305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3435 33353231 34303830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 C84C8E1C 19CA9A46 7CAE5BF3 EDBE5AEA 1046E25B FC8E01FF A3E3525A 1DF3DB52 4CBE3776 D3615AA9 1A4AE6D1 BEB03D4E AC5124A9 3C61D0BD F84D24DF FBD9CBC6 27D29A8F 90C42BEF 788839A0 135971F4 1B9E3D63 BFB6F219 944B9ED3 0E8561EA 3A6E7269 39A487D8 FA811690 30B8BAFC 92B7937E 4F38C912 353F8D4F A0378EDD 02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D 11041A30 18821644 322E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 8014FD4C 90C5E282 429EC283 59512FD5 BBC42AFD 4666301D 0603551D 0E041604 14FD4C90 C5E28242 9EC28359 512FD5BB C42AFD46 66300D06 092A8648 86F70D01 01040500 03818100 19396B03 7894E890 D329BA72 90B8FBEA EF59C923 16C218DA DF82B57A BEA59792 4B41799A 0483F1CF 1BDCC959 CE819438 225705EA 28F1B73E D0FC8B49 5C1E5AA4 1B359BA0 B337D3FA DF10E191 E4447D67 53F0FADC 4D40589C 5EA6139F 797FBF3E 2B8F66F4 CB0D4FA0 45CA4F20 0BD4E43A D5B190D8 12056FEB A6069226 240CA772 quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 40 name Bord_D ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 13041119090D072127252662677148 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 40

11

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 40 switchport mode access switchport port-security

12

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

13

ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust

14

! interface FastEthernet0/20 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 40 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 40,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1

15

no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.204 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_D snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public banner motd _C

16

*************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord E

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch E1 .................................................................................................................. 2

Konfiguration Switch E2 ................................................................................................................ 10

Konfiguration Switch E1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname E1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 110A1016141D525545 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-528128896 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-528128896 revocation-check none rsakeypair TP-self-signed-528128896 ! ! crypto pki certificate chain TP-self-signed-528128896 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 35323831 32383839 36301E17 0D393330 33303130 30313334 365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3532 38313238

2

38393630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 DC836934 8AFE74B6 CA60358B 705A097B E47AFC93 CC91D04A 797B852F BA7FE357 3398E60E 9298468B 449788D5 ABB9066D 27C14CFD 57A72A08 8829E0E9 CC1E3041 F78AFBD2 2B13C169 0B117F6A AAD4AB84 20458B35 0CDA3D44 537F5242 A5FF5E2D FFEED54F 3C1C5B23 21D8FE72 550C86C9 31CBC43A 78DB716F F0A0D25C 8521D265 02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D 11041A30 18821645 312E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 8014C2E6 8AAB4218 91480013 B406A05D 0695937B DBAC301D 0603551D 0E041604 14C2E68A AB421891 480013B4 06A05D06 95937BDB AC300D06 092A8648 86F70D01 01040500 03818100 0613BCEE DCEB2B55 B7A56C7B AF724B61 FD8B6FFB 2C72E5CB 7710BAA9 7006DA5E C557B2A5 2875F26E 3ADBF058 B0D88D89 F536201F 44CF66C0 2EAA3B49 35AAA23B BABA2021 72A22951 CCD348F4 CD99203A 9B381825 C66920F0 06CB954C 09FFD6BF 28906BE1 19AD26D4 558D476D AAA8C1B1 809E5287 8A4D5654 B9BA52BD 1624E9D0 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 50 name Bord_E ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 094D48021B041419070D0A7B797773 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect

3

spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

4

ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust !

5

interface FastEthernet0/14 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 50

6

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/21 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 50,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown

7

! interface Vlan137 ip address 192.168.137.105 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_E snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! ! banner motd _C

8

*************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch E2 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname E2 ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 094F471A1A0A4E4B4A aaa new-model aaa authentication login default local ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ip ftp username sebastian ip ftp password 7 050A0004234D4D0215041943595F5F ! ! ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 50 name Bord_E ! vlan 137 name Management ! interface FastEthernet0/1 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 50

10

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 50 switchport mode access switchport port-security

11

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/13 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/14 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

12

ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/15 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/16 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/17 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/18 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/19 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/20 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust

13

! interface FastEthernet0/21 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/22 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/23 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 50 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ip dhcp snooping trust ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 50,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.205 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache !

14

ip http server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_E snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps mac-notification snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps vlan-membership snmp-server host 192.168.137.48 version 2c public radius-server source-ports 1645-1646 ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ !

15

line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous ! end

16

Konfiguration Bord F

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch F1 .................................................................................................................. 2

Konfiguration Switch F2 ................................................................................................................ 10

Konfiguration Switch F1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname F1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 094F471A1A0A4E4B4A aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1993644416 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1993644416 revocation-check none rsakeypair TP-self-signed-1993644416 ! ! crypto pki certificate chain TP-self-signed-1993644416 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393933 36343434 3136301E 170D3933 30333031 30303038 34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39393336

2

34343431 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C43C 6E6B8548 A1044DF1 9455648E 997CCB28 79444FA7 EAA38F26 91620446 D4C4444B 6B0BA9C6 0BCCD6AB 4D8C1DA1 5C7A854F D13183F7 972EDA04 784C9BEE 9A7E17B7 AA75D5DC 65A97F6E CD457884 65A21947 E8574589 37EE9ECF 74DBDFDF 3C2EAA17 83AE66CC 6BB34E0D D7ED2974 26BB7167 805C2174 815D681C 022E02CC C6490203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1646312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 DC061F12 1B12572F 11E3ED07 0A70D185 F4FFE6A5 301D0603 551D0E04 160414DC 061F121B 12572F11 E3ED070A 70D185F4 FFE6A530 0D06092A 864886F7 0D010104 05000381 81003BDE C237C969 1207FBD7 1F20D1F6 F8838DF2 60D00489 BE962CB9 CBFB25CE 082C2E5E A3EBA808 15CBF8E6 A1FA6B27 8A1695F8 7DDAC86D 7EC941DA D64C7125 D609650B E3F8CD8F CC57A5FD 516C7D13 075267DD 7AEE4864 F08C9E5F 57365CA5 DF548855 ACB858E1 CBCAAE0D A0C40AC7 79A98E6C 393AFCC2 0653EF47 64EE461B ADB2 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 60 name Bord_F ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 03055D00040E224742081754454150 ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect

3

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect

4

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect

5

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect

6

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 60,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.106 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_F snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity

7

snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous

8

transport input ssh ! end

9

Konfiguration Switch F2 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname F2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 060506324F41504044 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3395889280 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3395889280 revocation-check none rsakeypair TP-self-signed-3395889280 ! ! crypto pki certificate chain TP-self-signed-3395889280 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333935 38383932 3830301E 170D3933 30333031 30303138 35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

10

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393538 38393238 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D5DD C2C1D486 E8DEDDDF 80344F95 64CEAA03 E10961AE B534BA32 5A999E1E D82BEA47 9BCC294B 33F21597 79FF9037 5DBA5CAD A296F391 E121756E 7698C45C FA30E3AB 90AE59D3 191D9569 E27F5432 933AF6C0 0931FCD6 CFB44F69 D26486DA 1148A0BB 946BC888 44CB5277 C8D4B64E 71EF0F11 8240784B 05E27194 5D0B0056 3AFB0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1646322E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 ACDDBDA7 6B0D2394 1F7E5E7E E7750211 A5657D89 301D0603 551D0E04 160414AC DDBDA76B 0D23941F 7E5E7EE7 750211A5 657D8930 0D06092A 864886F7 0D010104 05000381 8100A178 A734EE4A C1E0827B EAF10DE9 83D95D49 D17C1919 386FB552 E8421E82 59E493AE 8C33E48F 60AC29BE E4674161 68427353 7EE71C64 7CD11975 934457E7 46930602 22700543 C8456217 C8731239 E2C9E82D B60A398B 0CEDC60D C09E2272 6CB40DE4 02168AB5 0D96C127 D979B406 D1647285 D7E9ACB7 60034093 9078C48D 5EAD quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 60 name Bord_F ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 11081F0E15130807082B25757A606E ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1 switchport access vlan 60 switchport mode access

11

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 60 switchport mode access

12

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 60 switchport mode access

13

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 60 switchport mode access

14

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 60 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 60,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.206 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_F snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty

15

snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15

16

access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord G

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch G1 .......................................................................................................................... 2

Konfiguration Switch G2 ........................................................................................................................ 10

Konfiguration Switch G1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname G1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 01100F1758045F5660 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3400437376 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3400437376 revocation-check none rsakeypair TP-self-signed-3400437376 ! ! crypto pki certificate chain TP-self-signed-3400437376 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33343030 34333733 3736301E 170D3933 30333031 30303035 31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

2

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34303034 33373337 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B400 F62DDFE3 843CCC2D C13024B0 C3AE521A EFD71597 65B87391 D779D421 167C4A43 794EC086 A2A45F33 218825AF A02F6C45 63780B5E 3887807D 6E6DD84A 9A683BD4 68F37AD9 81297102 31BB1AC9 E19E82ED E2DE3BD8 D4ED6ED8 1AD0B213 898D6D8A 4387B372 1D450A34 B8E6F344 A2D378C3 6DE6CCEE 1DA97F42 3304E05D 4DFB0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1647312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 901AD610 A1D588A6 6CEB2508 015B0590 9949E1D8 301D0603 551D0E04 16041490 1AD610A1 D588A66C EB250801 5B059099 49E1D830 0D06092A 864886F7 0D010104 05000381 81007FE8 9FDFDC02 00263F7F E2870D59 563ACF53 A106DAE7 CF296846 A31E79ED 7622D5EB 8CD97B8D F13F0FAD 6FB1429B 73E50E8D 2371F55C 128F4802 33B37344 82B7E060 6346154C 80C97BB4 912BBCD5 33D37829 D62DDFFB 6FA7F627 6C5F7557 68FBCBF9 7AC532E6 3307B0AA 08C49155 46326484 2F5DD012 E31E1964 2B34DF29 6275 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 70 name Bord_G ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 11081F0E15130807082B25757A606E ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1 switchport access vlan 70 switchport mode access

3

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 70 switchport mode access

4

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 70 switchport mode access

5

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 70 switchport mode access

6

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 70,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.107 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_G snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty

7

snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15

8

access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch G2 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname G2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 094F471A1A0A4E4B4A aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3398879488 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3398879488 revocation-check none rsakeypair TP-self-signed-3398879488 ! ! crypto pki certificate chain TP-self-signed-3398879488 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333938 38373934 3838301E 170D3933 30333031 30303133 31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

10

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393838 37393438 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D1BB C27FB15A 61705A0E 1007962A 532D51E6 87CD0BCB 0EFAC33A 4937E48F B5E38B91 157D4C12 B56D00BC 217AF03F DE2D1E87 92EDB1F4 F4A94415 DA0420DE 62A994F1 B392A9F0 8ACB90F5 FB5CC073 1314B4BB AEED7803 BC9DC51F F84AB186 E7DB2FB4 F4C75654 05FEE9A9 0DA8BEA4 A3B912DF D5790A15 5ED68238 C4312A2F F7A90203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1647322E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 76299D72 909A09E7 A3AB296A 2E8DA50B 40BF4982 301D0603 551D0E04 16041476 299D7290 9A09E7A3 AB296A2E 8DA50B40 BF498230 0D06092A 864886F7 0D010104 05000381 81002AB3 4194E29E 836F0559 CC5236FE E966694A A419693F 37F4B325 C44319DA B0CA42D7 F9F6409E D40C3FA7 1F1D0931 61C82278 6A3E4813 D1507F78 6A45A878 90C63F80 94E58284 4FFA2AE8 144AD5B6 30FD3F51 FEDAFAC0 713D3F8F 7E72E862 78469098 26217E1B 3295ACFC 8FB16AD6 D2A79EE1 9278148F 5E91B073 34385DA7 BC5E quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 70 name Bord_G ! vlan 110 ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 1218031C100A0F0F262A2A79616679 ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1

11

switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8

12

switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15

13

switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 70 switchport mode access switchport port-security maximum 10 switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 !

14

interface FastEthernet0/22 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 70 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 70,110,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 description TRUNK_MOT_KONSOL switchport trunk allowed vlan 110,137 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.207 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO

15

snmp-server location Bord_G snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0

16

logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord H

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch H1 .................................................................................................................. 2

Konfiguration Switch H2 ................................................................................................................ 10

Konfiguration Switch H1 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname H1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 110A1016141D525545 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-807501696 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-807501696 revocation-check none rsakeypair TP-self-signed-807501696 ! ! crypto pki certificate chain TP-self-signed-807501696 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 38303735 30313639 36301E17 0D393330 33303130 30303732 365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3830 37353031

2

36393630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B4478F9A 2EEC3369 6D2A8DC2 2DB46C63 2ABDE2E5 B6D78D4C 20BDBF1E 4836BB53 8176D448 BEDC57BF 17290A13 4155126C 82582036 B1A4A35D D4B1F2F0 D82FD6AB 61076769 4E4DC994 8DE0B2F4 4E35DFBB 4152F515 AD171786 926ADC47 8F737DF6 B9C99450 A65EEFC5 35669FB9 4F3DF70D 789341FD 07BA991B 90A83DD4 15B06BD7 02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D 11041A30 18821648 312E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 80144201 2FC9BFD0 D2C56C6B 30CD0316 373A91E8 17F7301D 0603551D 0E041604 1442012F C9BFD0D2 C56C6B30 CD031637 3A91E817 F7300D06 092A8648 86F70D01 01040500 03818100 94CE65F9 C0EA43ED 058DB589 5D9EC954 DC30B045 32540E2D 179CE383 9ECEC183 06A94C44 6A5AD98D 528CBF7B 17E75FB5 F3BCCEC8 C1382EB4 2A148B99 F3FE44BB 6AADF307 7A6D056F 44D44188 0C13D574 F8A741C6 783FD183 22279571 9BA08E8E 127307BB 0E90C41E ACD27B2A 713FD837 108C2483 59E5CB0B E9EE0F98 95D9CD96 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 80 name Bord_H ! vlan 110 ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 141614000E05292028293D6470405C ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1 switchport access vlan 80

3

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 80

4

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 80

5

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 80

6

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 80,110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 description TRUNK_MOT_AP switchport access vlan 80 switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.108 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO

7

snmp-server location Bord_H snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0

8

logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9

Konfiguration Switch H2 ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname H2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 060506324F41504044 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3400431104 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3400431104 revocation-check none rsakeypair TP-self-signed-3400431104 ! ! crypto pki certificate chain TP-self-signed-3400431104 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33343030 34333131 3034301E 170D3933 30333031 30303134 35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

10

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34303034 33313130 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C6E1 51DAE1C3 ABC47AA4 41D7F3D3 BBC5D561 08019C2C 0B6A5F5A D445803B 0CB07FB3 9F38BA2D 01A9547E 82C63C37 E0555D6C B91F65AA 8788785D 0987BD41 60C88AB3 F65C886F FEB6855E 755D8ED5 530B9525 E356964B 8F2A8D64 545D1F19 4385BB69 717758C4 A6F2D81B 38E2F3F2 D818BE9F 9CD4A5F5 9C4BC153 729BAB3B B6670203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1648322E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 F651807A 2B5E6BDE C36FBBF3 7CB1AF15 8A1FE98C 301D0603 551D0E04 160414F6 51807A2B 5E6BDEC3 6FBBF37C B1AF158A 1FE98C30 0D06092A 864886F7 0D010104 05000381 81006369 A667B75E C68BC9D5 2773FB78 B56D637C E41A64FF B1B12D30 997995F9 C320208B 0ACCD051 A1236A2A C748CC5E BF3880E4 072448B4 0E81A4C6 B82863CC 4F39EB79 7E30E0D8 48CCD042 75D9C17E C8F02D41 B203695E F1836B39 D964D33A 8430323B 144B4A49 60B0F40A F668BE4D 9A2125CF 58C521F4 62C0A042 7E818EEB B276 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 80 name Bord_H ! vlan 110 ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 0207025009070C2A404F0748574449 ip ssh time-out 60 ip ssh authentication-retries 2

11

! interface FastEthernet0/1 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

12

! interface FastEthernet0/8 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

13

! interface FastEthernet0/15 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

14

! interface FastEthernet0/22 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 80 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 80,110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 description TRUNK_MOT_AP switchport access vlan 80 switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.208 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137

15

logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_H snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** ***************************************************

16

_ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Bord I,J & K

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Switch I ..................................................................................................................... 2

Konfiguration Switch J ................................................................................................................... 10

Konfiguration Switch K .................................................................................................................. 18

Konfiguration Switch I ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname I1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 02050D48080956780D aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-2374863488 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2374863488 revocation-check none rsakeypair TP-self-signed-2374863488 ! ! crypto pki certificate chain TP-self-signed-2374863488 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32333734 38363334 3838301E 170D3933 30333031 30303035 34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33373438

2

36333438 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C04D 3690309D 5B8F9097 CDAD0465 EA3E611F EE8BFA1A F4365097 953450A1 CDCF1DDF 09471F51 A07747D1 35FB3C79 4C8052C7 204F1F49 4DDB6794 0A460C09 04A74C81 E4FEDB36 9BB2B6EF E65EFEAE C178C5FF D31BF4CE 607EC9D1 7633DB7D 89FDEDDD FC23982E 0B1D8AED 9891E280 B6F2A733 7598F6D1 82A268C3 A2645D0C C3590203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1649312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 2F7D9877 C90F350B 2D048625 30684256 62A9F5EE 301D0603 551D0E04 1604142F 7D9877C9 0F350B2D 04862530 68425662 A9F5EE30 0D06092A 864886F7 0D010104 05000381 8100B974 00FE415F 9EBB1D47 C6AA2DBA A0A7F3CD 8B569575 6A3C5A7A E9C1450F 8CDC33D7 2909793D FDC0D403 8B881988 21CC95F2 937378B3 83523700 8D26DF83 E880539E 1CC0B047 DA3E4F3D 4B5A4E90 2C2F1073 081D638D DC63536E 833E6327 1BC0E443 0BF7247C 58B00661 BCB11243 855001A2 E264D84C 09196BC6 13A9259C B160 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 90 name Bord_I_J_K ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 0112000F590A05042D4D40584B564C ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

3

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

4

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

5

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

6

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 90,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.209 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_I snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity

7

snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous

8

transport input ssh ! end

9

Konfiguration Switch J ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname J1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 14141B180F0B737265 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-3390016640 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3390016640 revocation-check none rsakeypair TP-self-signed-3390016640 ! ! crypto pki certificate chain TP-self-signed-3390016640 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333930 30313636 3430301E 170D3933 30333031 30303034 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393030

10

31363634 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B4A8 0D9E03AA 70A7CFF7 8030D76B F0C87DDF D3C9BB8C 370CF677 B3C84024 74807BDF E3140552 473E3744 220F59B0 79AE627F ADB7F937 810B927F 68E593DE 01E250FD 2D2A1024 F52EA9AB 4DAB6E7D 6F574460 B4ED2529 0EE25221 384044BA 0A631CE0 B760DFCF 19221C56 023D1871 E86BD0AE 9B1A9ABA BC67DB3F 1CB18342 B26B0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 164A312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 7F941C5C C4149DF7 32AC6663 ECC14B54 2B55B7A4 301D0603 551D0E04 1604147F 941C5CC4 149DF732 AC6663EC C14B542B 55B7A430 0D06092A 864886F7 0D010104 05000381 810088D4 27E26BC5 CD925D9C 6D7C35DA 55F3181F 2897441C 954A5B4F DB269931 A4840413 7CADF0C1 8EECF83E 57956728 D02EBD58 A515E2EC F8655910 6EC3B3C5 646398FF D5F68093 91412A8F 1E3AEE77 3DE5548D DCD9ECDD AF9F6222 155A44CD 84224C9B F6BCF08E BB27167D 24C9640F 2A152EF0 FD2FC014 31410D10 72C9DCB1 2B20 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 90 name Bord_I_J_K ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 104F0F12071611000005247A767B68 ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

11

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

12

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

13

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect

14

spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 90,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.210 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Bord_J snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity

15

snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous

16

transport input ssh ! end

17

Konfiguration Switch K ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname K1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 0822455D0A165C4E53 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1993685504 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1993685504 revocation-check none rsakeypair TP-self-signed-1993685504 ! ! crypto pki certificate chain TP-self-signed-1993685504 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393933 36383535 3034301E 170D3933 30333031 30303132 30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39393336

18

38353530 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C9B0 EB8F31F6 EAAC3080 A6BC9BA0 7B25DB62 C848ACFB 155CCB9A 7194ED8B 57EADC4E 5036709F 1562B868 24B9EA53 C88AF0EB 18FB9FEC D2011E57 F6FF1DEE 6A98811C C2EFE304 8C63CA8E DB024FEC 7286D81C 73F19B6E 56728561 FC6EFAEC 3385B4D9 837FE00D 1B233E78 5A253D3B 33F195B9 8B2BFA24 E9D80A8E 086052A8 6D050203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 164B312E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 364B88DC E25F5C02 30B8B829 B38F19FD 5D925328 301D0603 551D0E04 16041436 4B88DCE2 5F5C0230 B8B829B3 8F19FD5D 92532830 0D06092A 864886F7 0D010104 05000381 8100A6E6 CA70CFDB 022C33E1 A5B05EDC 031DEE26 B278BCB8 A49D0B6E 14CB64E7 4AF12CF2 151FB6B7 D344EDC9 7E216C10 75BF132C A60F39ED E690A0E0 0F361B79 12E8D29F A0ABC63E C72D6099 CCB13FD7 15FF4F58 0F8D6FBD E7E5F645 28D01805 14B9952F FF15F286 56626919 E6F133B1 2B62213D D8C72AF7 950294A6 7948A567 4910 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 90 name Bord_I_J_K ! vlan 110 ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 0112000F590A05042D4D40584B564C ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/1

19

switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8

20

switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15

21

switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22

22

switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 90 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST2 switchport trunk allowed vlan 90,110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 description Accesspunkt switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.211 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO

23

snmp-server location Bord_I snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0

24

logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

25

Konfiguration Crew

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Gamecrew ................................................................................................................ 2

Konfiguration Mediacrew .............................................................................................................. 10

Konfiguration Scenmedia .............................................................................................................. 18

Konfiguration Konsol ..................................................................................................................... 24

Konfiguration Legend .................................................................................................................... 32

Konfiguration Gamecrew ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname GameCrew ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 1511021F0725727D69 aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-518215936 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-518215936 revocation-check none rsakeypair TP-self-signed-518215936 ! ! crypto pki certificate chain TP-self-signed-518215936 certificate self-signed 01 30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 35313832 31353933 36301E17 0D393330 33303130 30333933 375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3531 38323135

2

39333630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 E90BAA95 370231E1 4B5A3FA1 90F365A5 9B3AAA5D DA95A175 DD2E6B30 7EEFC109 764C23D4 270D1D02 FCEC8A1F 3F481A52 81E8825B B6770440 8D243004 77B254AE A1452E49 52F97267 1267F8F4 802ABFA8 FEBBCFB0 CF3834F9 754852B3 987FEB3E 23E9EAA0 C2605E11 520D2FD6 C9458386 C741F57B A6B64DC7 0717BD6A 5E5D99B3 02030100 01A37C30 7A300F06 03551D13 0101FF04 05300301 01FF3027 0603551D 11042030 1E821C47 616D6543 7265772E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 71188964 B403A595 5859E052 20B6F58F DF316A7D 301D0603 551D0E04 16041471 188964B4 03A59558 59E05220 B6F58FDF 316A7D30 0D06092A 864886F7 0D010104 05000381 8100BCD4 A25BC4AE F8D7BD81 6EB9D51A 7383E6E5 85C19680 143FA52F 12D38A55 22ADA64D CACF2825 F53C846F 93A17FFF DC9CC969 38E1AE09 DC6301C1 F10A2974 51079386 7345EE51 E6DCC7B6 A21415F2 9C324065 D9D5112C 550E5C97 67249108 ADFF4EBD 4F2EC141 63933A52 9DBC57E3 29666CDD C716A231 AC49E3B6 7F158F15 346B quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 110 name Crew ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 0112000F590A05042D4D40584B564C ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 110 switchport mode access

3

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 110 switchport mode access

4

switchport port-security switchport port-security violation protect spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 110 switchport mode access switchport port-security

5

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 110 switchport mode access switchport port-security

6

switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 description TRUNK_MOT_AP switchport access vlan 110 switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_CORE switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 description TRUNK_MOT_LEGEND switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.110 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Gamecrew snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

7

snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in

8

logging synchronous transport input ssh ! end

9

Konfiguration Mediacrew ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname MediaCrew ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 094F471A1A0A4E4B4A ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1839389824 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1839389824 revocation-check none rsakeypair TP-self-signed-1839389824 ! ! crypto pki certificate chain TP-self-signed-1839389824 certificate self-signed 01 30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31383339 33383938 3234301E 170D3933 30333031 30303033

10

33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38333933 38393832 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AA84 E143DAFD D8FEBE90 49A511E1 446DA2AD 6C5779F9 9C22E0AF 1D1EC728 64F2CD9C 2083D837 072A9193 E6E816D2 491AA316 DCEA5ECE 6FD1FEBC 1F5A7A07 CBA8A522 B80A7D11 5D811F9C C5A3E211 8CDD24DD 9B27A7D1 86812CC6 C5C52C7A E1F65DB6 C138CBFF 2BA2FBE7 6FE9B691 11660DD9 ECF69EAF 5550B206 A251A59C 04350203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603 551D1104 1D301B82 194C6F62 62792E6E 6574776F 726B2E6E 6F726473 6B656E2E 7365301F 0603551D 23041830 1680142C 0723906D 9A0B156A CADFBD3A ED3CBCAF 7B30C830 1D060355 1D0E0416 04142C07 23906D9A 0B156ACA DFBD3AED 3CBCAF7B 30C8300D 06092A86 4886F70D 01010405 00038181 0085B8DC AD3DFCB9 FF180A6C 781F20D1 F940CE90 CCEDBEC2 EAE7FF3B 57BBE76A 17472046 2B3E027F 86640209 51F04127 8E4695FB 789ACFED D6A5E120 5BD9CA51 00943B78 5CB9E1E9 FF99EFB1 A4FEA04C 32C9C966 53314C31 FEF29349 37A77234 07A5CF66 B0AF492F 38087697 09F40B94 F16EB9CE 30163F1D D6E1B81F 459420D3 60 quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 110 name Crew ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 104F0F12071611000005247A767B68 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 110

11

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 110

12

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 110

13

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 110

14

switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_MANAGEMENT switchport trunk allowed vlan 110,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.10 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location MediaCrew snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

15

snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh

16

line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

17

Konfiguration Scenmedia ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname SCENMEDIA ! boot-start-marker boot-end-marker ! enable secret 5 $1$iS9C$M3dbvpQPtpfhLHCqOE3lQ/ ! username Lager1 password 7 13061E0108035D736A aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-526465152 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-526465152 revocation-check none rsakeypair TP-self-signed-526465152 ! ! crypto pki certificate chain TP-self-signed-526465152 certificate self-signed 01 30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 35323634 36353135 32301E17 0D393330 33303130 30303035 325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3532 36343635

18

31353230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 DB455967 BB0E5E0B 111E5097 C871CCB1 7034C2F2 174210E3 E9C9D244 E00D5007 40BBF387 CA628843 83941661 A0E3578C ECA53DAD BF122A58 E44E0893 A253455E 60BDE850 FE6088AC E1D1D222 8D018488 2AE06369 C9E4E79B 402F108A 83CF42C1 3EEB5566 8696B5E5 349D77DA 540DFE73 8D139FB6 8986B76A AEA41104 3A5521E1 02030100 01A37D30 7B300F06 03551D13 0101FF04 05300301 01FF3028 0603551D 11042130 1F821D53 43454E4D 45444941 2E6E6574 776F726B 2E6E6F72 64736B65 6E2E7365 301F0603 551D2304 18301680 1486BE31 61204E43 B5A0A87E 9D8A4234 67251DDD 9F301D06 03551D0E 04160414 86BE3161 204E43B5 A0A87E9D 8A423467 251DDD9F 300D0609 2A864886 F70D0101 04050003 81810081 0032F55F 0997D217 3D40A958 F3E691E2 22709266 DC09BBF1 E74CBDD6 320136A6 B2ED7441 60B10211 313FB56B 22DCE0AE C776E4DB 7B93DC67 16F74AAF 9F5FDC74 07F8826B EB079784 BEA331A4 72CA1FD4 F9200E3D 3B3F90B7 963BB9AB 43F1861A DA906988 DDE2C6FB 9EF8F5CF B6E1C3CE C08DD6DD 872CB622 F853BA2B DA9504 quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 110 name Crew ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 08204A450B18061C1E0A025578787F ! ! interface FastEthernet0/1 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/2

19

switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/3 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/4 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/5 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/6 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/7 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/8 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/9 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/10 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/11 switchport access vlan 110 switchport mode access

20

switchport port-security switchport port-security violation protect ! interface FastEthernet0/12 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/13 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/14 switchport access vlan 110 switchport trunk allowed vlan 110,137 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/15 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/16 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/17 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/18 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/19 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/20 switchport access vlan 110 switchport mode access switchport port-security

21

switchport port-security violation protect ! interface FastEthernet0/21 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/22 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/23 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/24 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface GigabitEthernet0/1 description TRUNK_MOT_MGMT switchport trunk allowed vlan 110,137 switchport mode trunk ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.112 255.255.255.0 no ip route-cache ! ip http server ip http secure-server ! control-plane ! ! ! ! ! ! ! ! !

22

banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 logging synchronous line vty 5 15 logging synchronous ! end

23

Konfiguration Konsol ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname Konsol ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 045802150C2E151748 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1841927936 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1841927936 revocation-check none rsakeypair TP-self-signed-1841927936 ! ! crypto pki certificate chain TP-self-signed-1841927936 certificate self-signed 01 30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

24

69666963 6174652D 31383431 39323739 3336301E 170D3933 30333031 30303033 31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38343139 32373933 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E25F 28624C87 180D6586 52A7E9C0 DEF49E8A 1B32759F 18D9C62F 7D5C5FE9 DCF8371B 31EB4F74 542B9D82 99E445A0 7BBABDF3 9D784612 771D9E45 A84833B3 3CF0DE29 FBB93807 2025BDA2 42AD6D33 C6BA32AD E07735C0 5EF954BF 4747C83C 6215B906 955DCC04 11327A34 FF475432 5F1BF743 8E73BFC5 6B453EFC 2E848C4F D38D0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603 551D1104 1E301C82 1A4B6F6E 736F6C2E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 7F2FB0DF 9202004F 3A214014 191C822F 8891164B 301D0603 551D0E04 1604147F 2FB0DF92 02004F3A 21401419 1C822F88 91164B30 0D06092A 864886F7 0D010104 05000381 8100019D A5FAF6A2 AED4B3FB D128475E D6EA4521 E5B29C25 A8CB76FC 32B7E654 02E04956 8FBC58F2 7CDE0FB1 1A111A54 502B8D53 F031EF10 88C57AB2 DA0BF777 B4E5157A 001AF2CF 6346F751 49AD3CFB 00A4F855 E8E8109C CD704D1F 5C87A1CF 8CEC51D7 AECC0FFC D8E5D970 494C6B1F 0EA41F0A 6A1BC1C4 1348CE4C A1952FC3 688A quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 110 name Crew ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 0207025009070C2A404F0748574449 ip ssh time-out 60 ip ssh authentication-retries 2 ! !

25

interface FastEthernet0/1 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 !

26

interface FastEthernet0/8 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 110 switchport mode access switchport port-security maximum 10 switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect ! interface FastEthernet0/12 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15

27

switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 110 switchport mode access switchport port-security maximum 10 switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 !

28

interface FastEthernet0/22 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_G2 switchport trunk allowed vlan 110,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 shutdown ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.212 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Konsol snmp-server contact The Network Busters

29

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in

30

logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

31

Konfiguration Legend ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname Legend ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 110A1016141D525545 ! ! aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent authentication mac-move permit ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-1842298624 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1842298624 revocation-check none rsakeypair TP-self-signed-1842298624 ! ! crypto pki certificate chain TP-self-signed-1842298624 certificate self-signed 01 30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

32

69666963 6174652D 31383432 32393836 3234301E 170D3933 30333031 30303039 32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38343232 39383632 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D86B E029F032 F9863579 BAEAA8E4 1151ECBF 5DFB73EF E68E66A2 ABE54EF1 FD27C95B D40654F9 67B779B1 F884253B D2436850 497EE0D4 7D416513 AB4699B8 F46FCC50 3A1FAB4D 4CC785C3 BF2E0118 7E60E4E6 2292ADC0 4C452F39 790454AA 981A09A7 54130686 9305AD0B 6CCD1AEF F5857FCE C5D8C389 B6ADD3A7 91C25CEC 1E110203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603 551D1104 1E301C82 1A4C6567 656E642E 6E657477 6F726B2E 6E6F7264 736B656E 2E736530 1F060355 1D230418 30168014 2A57CEE0 537D6175 BEF4033C A2E7CC88 5FA53C5F 301D0603 551D0E04 1604142A 57CEE053 7D6175BE F4033CA2 E7CC885F A53C5F30 0D06092A 864886F7 0D010104 05000381 8100C6B1 72002C0E 707424FD 6589FB30 4F66A4A0 4D4CDB26 BCE979C8 BC76D22C 8FEB1A9F 91E0FD74 20C901A5 5FB7C464 C4D27E8B 182B07AD 6C22FBC0 7F5DB2AB EAD7AA81 3EB7DE3D 70E6F0B0 D1BF3224 5FC0786E 396A4FF8 AECFF48F 6220D386 92AAB772 E40694AB F7AACBB6 6048DE6D 80A8F516 345E795A 3131D8CB 68C078FE BA9F quit ! ! ! ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 110 name Crew ! vlan 137 name Management ! vlan 200,210 ! ip ftp username sebastian ip ftp password 7 0607092A4E4F0A1209161C5A5E5771 ip ssh time-out 60 ip ssh authentication-retries 2

33

! ! interface FastEthernet0/1 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast

34

ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 110 switchport mode access switchport port-security spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

35

! interface FastEthernet0/15 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20

36

! interface FastEthernet0/22 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/24 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_AP switchport access vlan 137 switchport trunk native vlan 137 switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ! interface GigabitEthernet0/2 description TRUNK_MOT_GAMECREW switchport trunk allowed vlan 110,137,200,210 switchport mode trunk ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.111 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 ip sla enable reaction-alerts logging trap notifications logging source-interface Vlan137

37

logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location Legend snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _

38

! line con 0 logging synchronous line vty 0 4 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

39

Konfiguration Management

Sebastian Stenlund | Hadi Bitar | Robin Ågren

Innehållsförteckning Konfiguration Management ............................................................................................................ 2

Konfiguration Management ! version 12.2 service pad service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname Management ! boot-start-marker boot-end-marker ! enable secret 5 $1$NLu2$uvKrCG2elgtj/aQFQ228O/ ! username Lager1 password 7 13061E0108035D736A aaa new-model ! ! aaa authentication login default local ! ! ! aaa session-id common system mtu routing 1500 vtp mode transparent ip subnet-zero ! ! ip dhcp snooping vlan 10,20,30,40,50,60,70,80,90,110,137,200,210 ip dhcp snooping no ip domain-lookup ip domain-name network.nordsken.se ! ! crypto pki trustpoint TP-self-signed-526721920 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-526721920 revocation-check none rsakeypair TP-self-signed-526721920 ! ! crypto pki certificate chain TP-self-signed-526721920 certificate self-signed 01 30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 35323637 32313932 30301E17 0D393330 33303130 30303931 325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

2

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3532 36373231 39323030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B1F9307D 649EA38A 36A07B9B D9C66E41 73FDDCC9 8C87A846 DB809840 3299CFBC 49EDEEF3 7B1A6E2C DF37B93D 905F9727 4A1B0B39 E24A9F18 1A6473DA 93049D5E 72A46778 4C56FB73 1F977A1A BF9CAD47 B3ED4117 E72D0C1F F7115C56 AF9398DC EF7C13A5 3A7118B4 53748117 0902D148 CEBA2DE0 E1498E78 37B6D587 1870FBEF 02030100 01A37E30 7C300F06 03551D13 0101FF04 05300301 01FF3029 0603551D 11042230 20821E4D 616E6167 656D656E 742E6E65 74776F72 6B2E6E6F 7264736B 656E2E73 65301F06 03551D23 04183016 8014ECAB 0289AF54 4B899FA9 09F31AE2 FAC990AD C880301D 0603551D 0E041604 14ECAB02 89AF544B 899FA909 F31AE2FA C990ADC8 80300D06 092A8648 86F70D01 01040500 03818100 012D77CB CD65BD1D ED90F15D 873B586A 76EDED77 18B09206 3EF3DFCD A763935E 42C3BC34 10F8EE52 4B4CE37F A11E70E4 5089DE2E 8FBE5C1A 9834B93C 596A1EC4 AAD8C929 C63EB8CE 8E15C9C6 BD21BEF1 AD34C583 BED99D8F 9031900C BF40864B 299D5791 D4755164 7E06F0B3 09EC2ECC 7948A9B0 EE7ACC55 FBC1EE52 019C3ADE quit ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 110 name Crew ! vlan 137 name Management ! ip ftp username sebastian ip ftp password 7 08204A450B18061C1E0A025578787F ip ssh time-out 60 ip ssh authentication-retries 2 ! ! interface FastEthernet0/1 switchport access vlan 137 switchport mode access

3

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/2 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/3 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/4 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/5 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/6 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/7 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/8 switchport access vlan 137 switchport mode access

4

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/9 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/10 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/11 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/12 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/13 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/14 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/15 switchport access vlan 110 switchport mode access

5

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/16 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/17 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/18 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/19 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/20 switchport access vlan 110 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/21 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/22 switchport access vlan 137 switchport mode access

6

switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface FastEthernet0/23 description TRUNK_MOT_SCENMEDIA switchport access vlan 137 switchport trunk allowed vlan 110,137 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/24 switchport access vlan 137 switchport mode access switchport port-security switchport port-security violation protect spanning-tree portfast ip dhcp snooping limit rate 20 ! interface GigabitEthernet0/1 description TRUNK_MOT_DIST1 switchport trunk allowed vlan 110,137 switchport mode trunk ip dhcp snooping trust ! interface GigabitEthernet0/2 description TRUNK_MOT_MEDIASWITCH switchport mode trunk spanning-tree portfast ip dhcp snooping trust ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan137 ip address 192.168.137.109 255.255.255.0 ip helper-address 192.168.137.50 no ip route-cache ! ip http server ip http secure-server ! ip access-list standard SSH_MANAGEMENT_ONLY permit 192.168.137.0 0.0.0.255 logging trap notifications logging source-interface Vlan137 logging 192.168.137.48 snmp-server community private RW snmp-server community public RO snmp-server location The_Batcave snmp-server contact The Network Busters snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

7

snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps rtr snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 192.168.137.48 version 2c public ! control-plane ! banner motd _C *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** ** ** ** ## ## ## ## ** ** ## ## ## ## ** ** ############## ############## ** ** #### ###### #### #### ###### #### ** ** ###################### ###################### ** ** ## ############## ## ## ############## ## ** ** ## ## ## ## ## ## ## ## ** ** #### #### #### #### ** ** ** *************************************************** **********No Unauthorized Access Allowed!********** *************************************************** _ ! line con 0 logging synchronous line vty 0 4

8

access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh line vty 5 15 access-class SSH_MANAGEMENT_ONLY in logging synchronous transport input ssh ! end

9