<MDE-ESA-S1720-DEPAEUCZ-C2>dis cur

!Software Version V200R011C10SPC500

#
sysname MDE-ESA-S1720-DEPAEUCZ-C2
#
info-center logbuffer size 1024
#
vlan batch 1024 1656 1661 1693 to 1694 1855 1878 1883 1910 1964 2188
vlan batch 2382 3287
#
stp bpdu-protection
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name multi_authen_profile
#
domain csac admin
#
igmp-snooping enable
#
telnet server enable
#
clock timezone CO minus 05:00:00
#
radius-server template default
#
hwtacacs-server template csac
hwtacacs-server authentication 10.159.125.4
hwtacacs-server authentication 10.159.125.5 secondary
hwtacacs-server authorization 10.159.125.4
hwtacacs-server authorization 10.159.125.5 secondary
hwtacacs-server accounting 10.159.125.4
hwtacacs-server accounting 10.159.125.5 secondary
hwtacacs-server shared-key cipher %^%#IUln*8,nY@!uD=0SS=l%^@oi"A>753/iYf;0B$LF%^%#
undo hwtacacs-server user-name domain-included
#
acl number 2999
description GESTION
rule 0 permit source 10.156.0.0 0.0.255.255
rule 1 permit source 10.153.0.0 0.0.255.255
rule 2 permit source 200.30.79.0 0.0.0.255
rule 3 permit source 10.165.0.0 0.0.255.255
rule 4 permit source 10.166.0.0 0.0.255.255
rule 5 permit source 10.167.0.0 0.0.255.255
rule 6 permit source 10.159.0.0 0.0.255.255
rule 7 permit source 10.158.0.0 0.0.255.255
rule 8 permit source 10.191.0.0 0.0.255.255
rule 9 permit source 10.192.0.0 0.7.255.255
rule 10 permit source 192.168.0.0 0.0.1.255
rule 20 permit source 10.69.16.0 0.0.0.255
rule 21 permit source 10.28.145.0 0.0.0.255
#
acl number 3000
description limitante de trafico inbound
rule 0 permit ip
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
vlan 1024
description GESTION
vlan 1656
description ACP-22702342_MUNICIPIO-DE-SANTUARIO(3)(FX:115886193)ESA_AAM4
vlan 1661
description BA_ACP-2531623_IE_CLARA_ZULUAGA _(EDATEL)_(FX:116414459)_ESA_AAM4_C3
vlan 1693
description D_ACCESO-
23994_UNE_EPM_TELECOMUNICACIONES_(SEDE_EL_SANTUARIO)_ESA_AAM4_C2
vlan 1694
description IE_ACP-3721417_DEPARTAMENTO DE ANTIOQUIA_(FX:138049324-1-
4)_ESA_AAM4_C2
vlan 1855
description BA_ACP-3134329_MUNICIPIO_DE_EL_SANTUARIO_(FX:117006852)_ESA_AAM4_C3
vlan 1878
description D_ACCESO-25447_COLOMBIA_TELECOM_(FISCALIA_SANTUARIO)_(FX:118633229-
2)_ESA_AAM4
vlan 1883
description BA_ACP-3178151_MAGCE_TENNIS_SAS_(FX:119920634)_ESA_AAM4_C3
vlan 1910
description D_ACCESO-
8674_REGISTRADURIA_(MUNICIPAL_SANTUARIO)_(FX:121133393)ESA_AAM4_C2
vlan 1964
description IE_ACP-3721417_DEPARTAMENTODEANTIOQUIA_(FX:138049324-1-4)_ESA_AAM4_C2
vlan 2188
description IE_ACP-3736521_DEPARTAMENTO DE ANTIOQUIA_(FX:138039326-1-
4)_ESA_AAM4_C2
vlan 2382
description BA_ACP-3575463_IMAGEN_TEXTIL_J_Y_S_SAS_(FX:135118545)_ESA_AAM4_C3
vlan 3287
description IE_ACP-
3676930_INDUSTRIAS_E_INVERSIONES_ABBA_(FX:137137771)_ESA_AAM4_C3
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authentication-scheme csac
authentication-mode hwtacacs local
authorization-scheme default
authorization-scheme csac
authorization-mode hwtacacs local
authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-scheme csac
accounting-mode hwtacacs
accounting start-fail online
recording-scheme csac
recording-mode hwtacacs csac
cmd recording-scheme csac
local-aaa-user password policy administrator
password history record number 0
password expire 0
domain default
 authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
domain csac
authentication-scheme csac
accounting-scheme csac
authorization-scheme csac
radius-server default
hwtacacs-server csac
local-user admin password irreversible-cipher $1a$don(4{@c2K$ww9lEb
%3rO{52XAr\,=(IcyjWqLL!=TMUd.*[jj#$
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh http
local-user contingencia password irreversible-cipher $1a$VKO77"T%Y0$H[#I'#$;
%LCqMvFrxr&3$"N|/xi"M*oRfj!13~{H$
local-user contingencia privilege level 3
local-user contingencia ftp-directory flash:
local-user contingencia service-type telnet terminal ssh http
#
ntp-service server disable
ntp-service ipv6 server disable
ntp-service unicast-server 10.194.47.1
#
interface Vlanif1
description VLAN_DE_GESTION_POR_DEFECTO_DEL_SW_NO_TOCAR
ip address 192.168.1.253 255.255.255.0
ip address dhcp-alloc unicast
#
interface Vlanif1024
description GESTION_METRO
ip address 10.194.47.29 255.255.255.0
#
interface GigabitEthernet0/0/1
description PUERTO_DE_GESTION_DEL_SW_NO_TOCAR
#
interface GigabitEthernet0/0/2
description IE_ACP-3736521_DEPARTAMENTO DE ANTIOQUIA_(FX:138039326-1-
4)_ESA_AAM4_C2
port link-type access
port default vlan 2188
loopback-detect recovery-time 60
loopback-detect enable
stp edged-port enable
traffic-limit inbound acl 3000 rule 0 cir 15360 pir 15360 cbs 1920000 pbs 1920000
undo ntdp enable
undo ndp enable
qos lr outbound cir 30720 cbs 3840000
multicast-suppression 5
broadcast-suppression 5
#
interface GigabitEthernet0/0/3
shutdown
#
interface GigabitEthernet0/0/4
shutdown
#
interface GigabitEthernet0/0/5
shutdown
#
interface GigabitEthernet0/0/6
shutdown
#
interface GigabitEthernet0/0/7
shutdown
#
interface GigabitEthernet0/0/8
shutdown
#
interface GigabitEthernet0/0/9
transceiver diagnosis threshold rx-power low-alarm -15.00 high-alarm -3.00
description ESA_AAM4 MDE-ESA-S2350-FISELSAN GE0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp loop-protection
multicast-suppression 1
broadcast-suppression 1
#
interface GigabitEthernet0/0/10
transceiver diagnosis threshold rx-power low-alarm -15.00 high-alarm -3.00
description ESA_AAM4 mde-esa-s9303-01 GE2/0/14
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp loop-protection
multicast-suppression 1
broadcast-suppression 1
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.194.47.1
#
snmp-agent
snmp-agent local-engineid 800007DB0360DEF3927CDA
snmp-agent community write cipher
%^%#]jY#>&^\~#X*1K/Me+sYIwJ1ZM;>l+[slD/O6E94W1F>6784%A5/kR8E*A9'+y@b>k'[1)_R
%wE=7M'M%^%# acl 2999
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 10.159.125.124 params securityname
cipher %^%#sh@@0}mx.(_*7|#v"</O_.!sEzw[^*a7(-,9Z.G2%^%# v2c
snmp-agent target-host trap address udp-domain 10.159.125.125 params securityname
cipher %^%#9/Ll#H-Y&6RNY=+^#45LUb!1:=vd\OL_:&6UE@GW%^%# v2c
snmp-agent target-host trap address udp-domain 10.159.125.167 params securityname
cipher %^%#%/wI-dQ.C6yh,4JJ*ARXG0*VW3@fQH0!GqR\AsG/%^%# v2c
snmp-agent target-host trap address udp-domain 10.28.145.18 params securityname
cipher %^%#"}Ik*-]\@K|T4682uZc/WI/HY3@@\3f9-%Lh8e!V%^%#
snmp-agent target-host trap address udp-domain 10.69.16.18 params securityname
cipher %^%#6p}I!C/Xp>*"{iK=-JFHjbL3-g21Z(WDEYDEPD<)%^%#
snmp-agent trap source Vlanif1024
snmp-agent trap enable
#
ssh user admin
ssh user admin service-type all
#
header login information "Todo acceso a este dispositivo es prohibido a menos que
exista una razOn previamente demostrada, autorizada, asignada y controlada en
funciOn de los requerimientos del negocio y/o del cliente"
#
user-interface con 0
 authentication-mode aaa
user-interface vty 0 4
acl 2999 inbound
authentication-mode aaa
user privilege level 15
protocol inbound all
user-interface vty 16 20
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return