Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
87 views

SW Config and Report

The document contains configuration details of a network switch including: - VLAN, port, and IP configurations - MAC address lists and filters applied to ports - Authentication and authorization settings configured to use a TACACS server - Rate limiting, SNMP, NTP, and other settings

Uploaded by

Anup Kumar Rajak
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
87 views

SW Config and Report

The document contains configuration details of a network switch including: - VLAN, port, and IP configurations - MAC address lists and filters applied to ports - Authentication and authorization settings configured to use a TACACS server - Rate limiting, SNMP, NTP, and other settings

Uploaded by

Anup Kumar Rajak
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

jwl-sntk-a01#sh run

System current configuration:


!ROS Version ROS_4.14.1822.ISCOM2110EA-MA.000.20130506
!command in view_mode
!
!command in config_mode first-step
create vlan 98,103,172,999 active
mac-access-list 0 deny any any any
mac-access-list 10 permit any 0024.0138.6991 any
mac-access-list 20 permit any b048.7af7.5821 any
mac-access-list 21 permit any 0026.2dfe.a0f1 any
mac-access-list 30 permit any 0027.2223.4c68 any
mac-access-list 31 permit any 0026.2298.f47d any
mac-access-list 40 permit any 001f.1661.beb8 any
mac-access-list 50 permit any 0019.215d.b304 any
mac-access-list 60 permit any 0015.c5ce.34ba any
mac-access-list 61 permit any 00a1.b060.b99d any
mac-access-list 70 permit any 001c.c03f.1f72 any
mac-access-list 71 permit any 048d.380b.c034 any
mac-access-list 80 permit any 90f6.5280.b69d any
!
!command in aclmap_mode
!
!command in enable_mode
user login tacacs-user
enable login tacacs-local server-no-response
hostname jwl-sntk-a01
clock timezone + 5 45
tacacs-server 202.79.32.39
tacacs-server key qxT3to2
tacacs authorization enable
!
!command in region_mode
!
!command in ip igmp profile mode
!
!command in service_mode
!
!command in port_mode
!
interface port 1
description aaravjbr
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 98
switchport mode trunk
mac-address-table threshold 2
!
interface port 2
description rakeshoxfam
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 98
switchport mode trunk
mac-address-table threshold 2
shutdown
!
interface port 3
description write2richa
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 98
switchport mode trunk
mac-address-table threshold 2
!
interface port 4
description johnbabu
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 172
switchport mode trunk
mac-address-table threshold 2
!
interface port 5
description shaileshs
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 98
switchport mode trunk
mac-address-table threshold 2
!
interface port 6
description pranabs
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 172
switchport mode trunk
mac-address-table threshold 2
!
interface port 7
description sobik
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 98
switchport mode trunk
mac-address-table threshold 2
!
interface port 8
description thereddevils
switchport trunk untagged vlan remove 1
switchport trunk untagged vlan 98
switchport mode trunk
mac-address-table threshold 2
!
interface port 9
description n
switchport mode trunk
media-priority copper
speed medium-type fiber 100
speed medium-type copper 100
duplex medium-type copper full
description medium-type copper n
speed 100
duplex full
!
interface port 10
switchport mode trunk
media-priority copper
speed medium-type fiber 100
speed medium-type copper 100
duplex medium-type copper full
speed 100
duplex full
!
!command in vlan configuration mode
vlan 98
name access
vlan 103
name mgmt
vlan 172
name Payplan_7777
vlan 999
name native
!
!command in ip interface mode
interface ip 0
ip address 10.12.8.91 255.255.255.0 103
!
!command in cluster_mode
!
!command in cmap_mode
class-map 20 match-all
match mac-access-list 20
exit
class-map 21 match-all
match mac-access-list 21
exit
class-map 30 match-all
match mac-access-list 30
exit
class-map 31 match-all
match mac-access-list 31
exit
class-map 40 match-all
match mac-access-list 40
exit
class-map 50 match-all
match mac-access-list 50
exit
class-map 60 match-all
match mac-access-list 60
exit
class-map 61 match-all
match mac-access-list 61
exit
class-map 70 match-all
match mac-access-list 70
exit
class-map 71 match-all
match mac-access-list 71
exit
class-map 80 match-all
match mac-access-list 80
exit
class-map 81 match-all
exit
class-map 10 match-all
match mac-access-list 10
exit
class-map 11 match-all
exit
!
!command in pmap_mode
policy-map 20
class-map 20
set vlan 98
exit
class-map 21
set vlan 98
exit
exit
policy-map 30
class-map 30
set vlan 98
exit
class-map 31
set vlan 98
exit
exit
policy-map 40
class-map 40
set vlan 172
exit
exit
policy-map 50
class-map 50
set vlan 98
exit
exit
policy-map 60
class-map 60
set vlan 172
exit
class-map 61
set vlan 172
exit
exit
policy-map 70
class-map 70
set vlan 98
exit
class-map 71
set vlan 98
exit
exit
policy-map 80
class-map 80
set vlan 98
exit
exit
policy-map 10
class-map 10
set vlan 98
exit
exit
!
!command in config_mode
filter enable
filter mac-access-list 0,20,21 ingress port-list 2
filter mac-access-list 0,30,31 ingress port-list 3
filter mac-access-list 0,40 ingress port-list 4
filter mac-access-list 0,50 ingress port-list 5
filter mac-access-list 0,60,61 ingress port-list 6
filter mac-access-list 0,70,71 ingress port-list 7
filter mac-access-list 0,80 ingress port-list 8
filter mac-access-list 0,10 ingress port-list 1
rate-limit port-list 1-8 ingress 10240 1047
rate-limit port-list 1-8 egress 10240 1047
service-policy 10 ingress 1
service-policy 20 ingress 2
service-policy 30 ingress 3
service-policy 40 ingress 4
service-policy 50 ingress 5
service-policy 60 ingress 6
service-policy 70 ingress 7
service-policy 80 ingress 8
no snmp-server community public
no snmp-server community private
snmp-server community encryption 0xfcf670f186d16363 ro
snmp-server community encryption 0x67f79017501a7d637fcb2890cf37e0e2 ro
snmp-server community encryption 0x3a31fc500cde519b rw
ip default-gateway 10.12.8.9
logging file
sntp server 202.79.32.104
loopback-detection enable port-list 1-8
loopback-detection error-device discarding port-list 1-8
loopback-detection hello-time 1
loopback-detection down-time 300
rtdp enable
lldp enable
no service config
jwl-sntk-a01#sh mac-address-table l2-address port 1
Aging time: 300 seconds
Mac Address Port Vlan Flags
--------------------------------------------------------
0024.0138.6991 1 98 Hit
Here the mac is correct as defined in ACL.
If the mac is mismatch then the mac should be visible along with default vlan. (
We need this in the new mac)
jwl-sntk-a01#sh mac-address-table l2-address port 1
Aging time: 300 seconds
Mac Address Port Vlan Flags
--------------------------------------------------------
0024.0138.6992 1 1 Hit
2) ROS_4.14.1907.ISCOM2110EA-MA.000.20130628 fullfill our requirement.
If the connectivity between tacacs+ server and switch is fine local user must no
t able to login to the device via local user.
But when there is connectivity issue then allow local user login to the device.
This is needed because we need to work on device even there is no connectivity b
etween server and switch.
3) I have ISCOM_ConExpress but this didn't worked.
Please send me how to guide I will try once OR you can provide remote support in
this case.

You might also like