[go: up one dir, main page]
Scribd
Upload
51 views15 pages

Network Configuration and ACL Setup

The document outlines the configuration settings for a network switch, including user access controls, VLAN setups, and QoS policies. It specifies ACLs for SNMP management, authentication methods, and various interface configurations. Additionally, it includes time zone settings, logging configurations, and SNMP agent details.

Uploaded by

lizdarlinivan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
51 views15 pages

Network Configuration and ACL Setup

The document outlines the configuration settings for a network switch, including user access controls, VLAN setups, and QoS policies. It specifies ACLs for SNMP management, authentication methods, and various interface configurations. Additionally, it includes time zone settings, logging configurations, and SNMP agent details.

Uploaded by

lizdarlinivan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

#

! (00_PREVIOS)
#
Schedule reboot delay 10
y
system-view
#
! (00_DESACTIVAR_TACACS)
#
user-interface vty 0 4
undo command authorization
undo command accounting
user privilege level 3
authentication-mode none
#
! (01_BASICA)
#
clock timezone GMT+1 add [Link]
clock summer-time GMT+1 repeating [Link] 2000 March last Sunday [Link] 2000
October last Sunday [Link]
#
sysname 2_T6P_telns-sahc_SW
#
super authentication-mode scheme
#
ftp server acl 2051
ftp server dscp 56
#
domain default enable tacacsaaa
#
telnet server enable
telnet server dscp 56
#
undo ndp enable
#
lldp enable
#
port-security enable
port-security timer autolearn aging 1
#
ip http dscp 56
undo ip http enable
#
ssl version ssl3.0 disable
#
password-recovery enable
#
acl number 2050 name SNMP_LECTURA
description “Gestion SNMP lectura”
rule 10 permit source [Link] [Link]
rule 20 permit source [Link] [Link]
rule 30 permit source [Link] [Link]
rule 40 permit source [Link] [Link]
rule 50 permit source [Link] [Link]
rule 60 permit source [Link] [Link]
rule 70 permit source [Link] [Link]
rule 80 permit source [Link] [Link]
rule 90 permit source [Link] [Link]
rule 100 deny source any
#
acl number 2051 name SNMP_ESCRITURA
description “Gestion SNMP escritura”
rule 10 permit source [Link] [Link]
rule 20 permit source [Link] [Link]
rule 30 permit source [Link] [Link]
rule 40 permit source [Link] [Link]
rule 50 permit source [Link] [Link]
rule 60 permit source [Link] [Link]
rule 70 permit source [Link] [Link]
rule 80 permit source [Link] [Link]
rule 90 permit source [Link] [Link]
rule 100 deny source any
#
acl number 2053 name GESTION_NTP
description “Gestion NTP”
rule 10 permit source [Link] 0
rule 20 permit source [Link] 0
rule 30 deny
#
ntp-service access peer 2053
#
acl number 2052 name ACCESO_GESTION
description “ACL para el control del acceso al equipo”
rule 10 permit source [Link] [Link]
rule 20 permit source [Link] [Link]
rule 30 permit source [Link] [Link]
rule 40 permit source [Link] [Link]
rule 50 permit source [Link] [Link]
rule 60 permit source [Link] [Link]
rule 70 permit source [Link] [Link]
rule 80 permit source [Link] [Link]
rule 90 permit source [Link] [Link]
rule 100 deny source any
#
acl number 3000 name DSCP_5
rule 0 permit ip dscp cs5
rule 1 permit ip dscp ef
rule 2 permit ip dscp af41
#
acl number 3001 name DSCP_7
rule 0 permit ip dscp cs7
#
acl number 3002 name DSCP_OTRO
rule 0 deny ip dscp cs7
rule 1 deny ip dscp cs5
rule 2 deny ip dscp ef
rule 3 deny ip dscp af41
rule 4 permit ip
#
acl number 3069
rule 1 permit ip source [Link] 0 destination [Link] [Link]
rule 2 permit ip source [Link] 0 destination [Link] [Link]
rule 3 permit ip source [Link] 0 destination [Link] [Link]
rule 4 permit ip source [Link] 0 destination [Link] [Link]
rule 5 permit ip source [Link] 0 destination [Link] [Link]
rule 6 permit ip source [Link] 0 destination [Link] [Link]
rule 7 permit ip source [Link] 0 destination [Link] [Link]
rule 8 permit ip source [Link] 0 destination [Link] [Link]
rule 9 permit ip source [Link] 0 destination [Link] [Link]
rule 10 deny ip source any
#
vlan 1
#
vlan 18
name "WiFi Publica"
#
vlan 19
name "WiFi Datafono"
#
vlan 27
name "WiFi Multimedia"
#
vlan 28
name "WiFi Negocio"
#
vlan 29
name "GESTION_SILAN_WIFI"
#
vlan 30
name "GESTION SILAN LAN"
#
vlan 40
name "Negocio"
#
vlan 50
name "AMX"
#
vlan 51
name "Multimedia"
#
vlan 52
name "Control"
#
vlan 60
name "Gestion"
#
! (02_GESTION)
#
hwtacacs scheme tacacs+cg
primary authentication [Link]
secondary authentication [Link]
primary authorization [Link]
secondary authorization [Link]
primary accounting [Link]
secondary accounting [Link]
nas-ip [Link]
key authentication nsn1spm
key authorization nsn1spm
key accounting nsn1spm
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
domain tacacsaaa
authentication default hwtacacs-scheme tacacs+cg local
authorization default hwtacacs-scheme tacacs+cg local
accounting default hwtacacs-scheme tacacs+cg
authentication login hwtacacs-scheme tacacs+cg local
authorization login hwtacacs-scheme tacacs+cg local
accounting login hwtacacs-scheme tacacs+cg local
authentication super hwtacacs-scheme tacacs+cg
authorization command hwtacacs-scheme tacacs+cg local
accounting command hwtacacs-scheme tacacs+cg
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier clase_gestion operator and
if-match acl 3069
traffic classifier MARCADO_MULTIMEDIA operator and
if-match acl name DSCP_5
traffic classifier MARCADO_GESTION operator and
if-match acl name DSCP_7
traffic classifier MARCADO_DATOS operator and
if-match acl name DSCP_OTRO
#
traffic behavior clase_gestion
remark dscp cs7
remark dot1p 7
traffic behavior REMARCADO_DSCP_OTRO
remark dot1p 0
traffic behavior REMARCADO_DSCP_5
remark dot1p 5
traffic behavior REMARCADO_DSCP_7
remark dot1p 7
#
tftp client source interface LoopBack 0
ftp client source interface LoopBack 0
snmp-agent trap source LoopBack 0
ntp-service source-interface LoopBack 0
info-center loghost source LoopBack 0
#
ssh server dscp 56
ssh client dscp 56
ntp-service dscp 56
snmp-agent packet response dscp 56
info-center loghost [Link] dscp 56
telnet server dscp 56
telnet client dscp 56
ftp server dscp 56
ftp client dscp 56
tftp client dscp 56
ip http dscp 56
ip https dscp 56
#
! (03_QOS_8_24)
#
qos policy REMARCADO_QoS
classifier MARCADO_GESTION behavior REMARCADO_DSCP_7
classifier MARCADO_MULTIMEDIA behavior REMARCADO_DSCP_5
classifier MARCADO_DATOS behavior REMARCADO_DSCP_OTRO
qos policy iAP
classifier clase_gestion behavior clase_gestion
#
qos map-table dot1p-lp
import 0 export 3
import 1 export 0
import 2 export 0
import 3 export 0
import 4 export 0
import 5 export 1
import 6 export 0
import 7 export 2
#
qos map-table dscp-lp
import 0 export 3
import 1 export 0
import 2 export 0
import 3 export 0
import 4 export 0
import 5 export 1
import 6 export 0
import 7 export 2
import 8 export 0
import 9 export 0
import 10 export 0
import 11 export 0
import 12 export 0
import 13 export 0
import 14 export 0
import 15 export 0
import 16 export 0
import 17 export 0
import 18 export 0
import 19 export 0
import 20 export 0
import 21 export 0
import 22 export 0
import 23 export 0
import 24 export 0
import 25 export 0
import 26 export 0
import 27 export 0
import 28 export 0
import 29 export 0
import 30 export 0
import 31 export 0
import 32 export 0
import 33 export 0
import 34 export 0
import 35 export 0
import 36 export 0
import 37 export 0
import 38 export 0
import 39 export 0
import 40 export 1
import 41 export 1
import 42 export 0
import 43 export 0
import 44 export 0
import 45 export 0
import 46 export 1
import 47 export 0
import 48 export 0
import 49 export 0
import 50 export 0
import 51 export 0
import 52 export 0
import 53 export 0
import 54 export 0
import 55 export 0
import 56 export 2
import 57 export 0
import 58 export 0
import 59 export 0
import 60 export 0
import 61 export 0
import 62 export 0
import 63 export 0
#
user-group system
group-attribute allow-guest
#
local-user admin
password simple K!llers
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
local-user guest
password simple K!llers
authorization-attribute level 1
service-type ssh telnet terminal
#
stp region-configuration
region-name SILANCE
revision-level 3
active region-configuration
#
stp instance 0 root primary
stp bpdu-protection
stp enable
#
interface NULL0
#
interface LoopBack0
description Direccion IP de gestion SWITCH
ip address [Link] [Link]
#
interface Vlan-interface1
undo ip address
#
interface Vlan-interface29
description VLAN de Gestion WIFI
#
interface Vlan-interface30
description VLAN de Gestion privada
ip address [Link] [Link]
#
! (04_PUERTO_EDC)
#
interface GigabitEthernet1/0/1
description Linea Principal 942286264
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 18 to 19 27 to 30 40 to 60
stp disable
qos apply policy REMARCADO_QoS inbound
qos wrr 3 group 1 weight 35
qos wrr 2 group 1 weight 17
qos wrr 1 group sp
qos wrr 0 group 1 weight 3
qos trust dscp
#
interface GigabitEthernet1/0/2
description Linea Backup
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 18 to 19 27 to 30 40 to 60
stp disable
qos apply policy REMARCADO_QoS inbound
qos wrr 3 group 1 weight 35
qos wrr 2 group 1 weight 17
qos wrr 1 group sp
qos wrr 0 group 1 weight 3
qos trust dscp
#
ip route-static [Link] [Link] [Link]
#
info-center enable
info-center logbuffer size 1024
info-center source default channel console log state off
info-center loghost [Link] facility Local5
info-center loghost [Link] dscp 56
info-center source default channel loghost log level informational state on
info-center timestamp log date
info-center timestamp debugging date
info-center timestamp loghost date
info-center timestamp trap date
info-center source default channel 0 log state off
info-center source default channel 2 log level alerts
info-center loghost source LoopBack0
#
snmp-agent
snmp-agent local-engineid 383030303633413236353133324332333341303843413530
snmp-agent community write avsvMda acl 2051
snmp-agent community read nvaiaJC4 acl 2050
snmp-agent sys-info contact CGP Tiendas Movistar 917677015-900311104
snmp-agent sys-info location Jose_Isbert_16_Pozuelo_Alarcon
snmp-agent sys-info version all
snmp-agent trap source LoopBack0
snmp-agent packet response dscp 56
snmp-agent trap enable standard linkup linkdown coldstart warmstart
#
header shell %
AVISO: ha accedido a un sistema propiedad de TELEFONICA. Necesita tener
autorizacion antes de usarlo, estando usted estrictamente limitado al uso
indicado en dicha autorizacion. El acceso no autorizado a este sistema o el
uso indebido del mismo esta prohibido y es contrario a la Politica
Corporativa de Seguridad y a la legislacion vigente. El uso que realice de
este sistema puede ser monitorizado.
%
header login % QUEDA PROHIBIDO CUALQUIER ACCESO NO AUTORIZADO %
#
tftp-server acl 2051
tftp client source interface LoopBack0
tftp client dscp 56
#
ntp-service source-interface LoopBack0
ntp-service access peer 2053
ntp-service unicast-server [Link] priority
ntp-service unicast-server [Link]
ntp-service dscp 56
#
ssh server enable
ssh server dscp 56
#
rmon event 300 description SUPERADO_UMBRAL_DE_USO_DE_CPU log-trap public owner
config
rmon event 301 description USO_DE_CPU_ACEPTABLE log-trap public owner config
rmon alarm 300 hh3cEntityExtCpuUsage.8 3600 absolute rising-threshold 90 300
falling-threshold 60 301 owner config
rmon event 530 description SUPERADO_UMBRAL_DE_USO_DE_MEMORIA log-trap public owner
config
rmon event 531 description USO_DE_MEMORIA_ACEPTABLE log-trap public owner config
rmon alarm 530 hh3cEntityExtCpuUsage.8 3600 absolute rising-threshold 90 530
falling-threshold 70 531 owner config
#
ip https dscp 56
#
ftp client source interface LoopBack0
ftp client dscp 56
#
telnet client dscp 56
#
load xml-configuration
#
user-interface aux 0
authentication-mode scheme
command authorization
command accounting
user-interface vty 0 4
acl 2052 inbound
authentication-mode scheme
command authorization
command accounting
user privilege level 3
set authentication password cipher $c$3$/TjtdrOp2ZEGCnBOeI4M3SmMYiC7lrSMgE0=
user-interface vty 5 15
acl 2052 inbound
authentication-mode scheme
user privilege level 3
set authentication password cipher $c$3$aLBCuPHrqj/T5QFfEskXoRU9v/CpHWgH1So=
#
! (05_PUERTOS_CASCADA)
#
interface GigabitEthernet1/0/3
description Gestor de Turnos
port access vlan 52
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
poe enable
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/4
description Controlador Step-IN(2)/Camara 360(2)
port access vlan 52
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
poe enable
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/5
description PantallaDC ext2
port access vlan 51
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
poe enable
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/6
description Camara 360
port access vlan 52
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
poe enable
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/7
description Player PLV 1
port access vlan 51
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
poe enable
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/8
description TV PLV 1
port access vlan 50
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
poe enable
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/9
description Player PLV 2
port access vlan 51
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/10
description TV PLV 2
port access vlan 50
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/11
description Pantalla Movistar TV
port access vlan 18
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/12
description R. Movistar TV 942241694
port access vlan 18
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/13
description Puesto Venta 1
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/14
description Puesto Venta 1
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/15
description Puesto Venta 2
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/16
description Puesto Venta 2
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/17
description Puesto Venta 3
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/18
description PantallaDC int2
port access vlan 51
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/19
description Puesto Venta 4
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/20
description PantallaDC ext1
port access vlan 51
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/21
description Impresora 1
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/22
description Impresora 2
port access vlan 40
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
#
#
interface GigabitEthernet1/0/23
description PantallaDC int1
port access vlan 51
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
port auto-power-down
#
stp edged-port enable
lldp admin-status rx
speed auto
#
#
interface GigabitEthernet1/0/24
description AP WIFI 1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 18 to 19 27 to 29
port trunk pvid vlan 29
broadcast-suppression 1
multicast-suppression 1
unicast-suppression 1
qos apply policy iAP outbound
lldp admin-status rx
poe enable
undo shutdown
#
interface GigabitEthernet1/0/25
shutdown
stp edged-port enable
#
#
#
#
#
#
#
#
#
#
#
#
interface GigabitEthernet1/0/26
shutdown
stp edged-port enable
#
#
#
#
#
#
#
#
#
#
#
#
interface GigabitEthernet1/0/27
shutdown
stp edged-port enable
#
#
#
#
#
#
#
#
#
#
#
#
interface GigabitEthernet1/0/28
shutdown
stp edged-port enable
#
#
#
#
#
#
#
#
return

You might also like