!NOTE THIS CONFIG SHOULD BE READ AND CHANAGED BEFORE IT IS APPLIED TO A SWICH version 12.2 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption service compress-config service sequence-numbers ! hostname Core2 ! boot-start-marker boot-end-marker ! no logging console enable secret secretpassword ! username not-admin password secretpassword aaa new-model aaa authentication login default local-case ! aaa session-id common clock timezone BST 0 clock summer-time BST recurring last Sun Mar 0:00 last Sun Oct 0:00 ip subnet-zero no ip domain-lookup ip domain-name mydomain.com cry key generate rsa general-keys modulus 1024 ! ip ssh version 2 vtp interface vlan101 only vtp mode client vtp version 2 vtp domain mydomain vtp password VTPpassword1 ! ! ! ! ! power redundancy-mode redundant no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 1,10,101 priority 8192 spanning-tree vlan 20, priority 0 ! ! vlan access-map ACCESS-VLAN10 10 action forward match ip address ACCESS-VLAN10 vlan access-map ACCESS-VLAN20 20 action forward match ip address ACCESS-VLAN20 vlan filter ACCESS-VLAN10 vlan-list 10 vlan filter ACCESS-VLAN20 vlan-list 20 vlan internal allocation policy ascending ! interface Port-channel1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,20,101 switchport mode trunk logging event link-status logging event trunk-status spanning-tree portfast trunk ! interface GigabitEthernet1/1 description ** Link to Core 1 G1/1 ** switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,20,101 switchport mode trunk logging event link-status logging event trunk-status channel-group 1 mode desirable spanning-tree portfast trunk spanning-tree link-type point-to-point ! interface GigabitEthernet1/2 description ** Link to Core 1 G1/2 ** switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,20,101 switchport mode trunk logging event link-status logging event trunk-status channel-group 1 mode desirable spanning-tree portfast trunk spanning-tree link-type point-to-point ! interface GigabitEthernet2/1 description ** Link to ACCESS G4/0/1 ** switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,20 switchport mode trunk spanning-tree portfast trunk spanning-tree link-type point-to-point ! interface Vlan1 description ** Do Not use!! ** no ip address ! interface Vlan10 description Access-1 ip address 10.10.27.253 255.255.255.0 ip helper-address 10.10.1.72 ip helper-address 10.10.1.73 no ip redirects no ip unreachables standby authentication md5 key-string hsrp-vlan10 standby 1 ip 10.10.27.254 standby 1 preempt ! interface Vlan20 description Access-2 ip address 10.10.26.253 255.255.255.0 ip helper-address 10.10.1.72 no ip redirects no ip unreachables standby authentication md5 key-string hsrp-vlan20 standby 1 ip 10.10.26.254 standby 1 preempt ! interface Vlan101 description Management ip address 10.10.11.2 255.255.255.0 no ip redirects no ip unreachables standby authentication md5 key-string hsrp-vlan101 standby 1 ip 10.10.11.254 standby 1 priority 105 standby 1 preempt ! no ip http server no ip http secure-server ! ip access-list extended ACCESS-VLAN10 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps permit udp any eq bootpc host 255.255.255.255 eq bootps permit udp any eq bootps host 255.255.255.255 eq bootpc permit ip 10.10.27.0 0.0.0.255 any permit ip any 10.10.27.0 0.0.0.255 ip access-list extended ACCESS-VLAN20 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps permit udp any eq bootpc host 255.255.255.255 eq bootps permit udp any eq bootps host 255.255.255.255 eq bootpc permit ip 10.10.26.0 0.0.0.255 any permit ip any 10.10.26.0 0.0.0.255 ! logging trap errors logging source-interface Vlan101 logging 10.10.1.72 access-list 1 remark Server Network access-list 1 permit 10.10.1.0 0.0.0.255 ! snmp-server community not-public RO 1 snmp-server trap-source Vlan101 radius-server source-ports 1645-1646 banner login $ *********************************************************************** *********************************************************************** *** *** *** Unauthorised access or use of this equipment is prohibited *** *** and constitutes an offence under the Computer Misuse Act 1990. *** *** If you are not authorised to use this system, terminate this *** *** session now!!! *** *** *** *********************************************************************** *********************************************************************** $ ! line vty 0 4 transport input ssh ! ntp source Vlan101 ntp server 213.2.4.70 ntp server 194.153.168.75 ntp server 81.187.221.26 ntp server 81.178.50.155 ntp server 195.177.253.180 ntp server 87.75.128.50 ntp server 82.71.9.63 ntp server 195.92.137.112 ntp server 131.111.226.25 ! end