From d7935c9659471f4a5949ec7ed82d66333c963ea8 Mon Sep 17 00:00:00 2001 From: John Poland Date: Tue, 3 Sep 2024 09:46:16 -0400 Subject: [PATCH] bova/bova-mdf-a8360-sw1.cfg Tue Sep 3 09:46:16 AM EDT 2024 --- configs/bova/bova-mdf-a8360-sw1.cfg | 529 ++++++++++++++++++++++++++++ 1 file changed, 529 insertions(+) create mode 100755 configs/bova/bova-mdf-a8360-sw1.cfg diff --git a/configs/bova/bova-mdf-a8360-sw1.cfg b/configs/bova/bova-mdf-a8360-sw1.cfg new file mode 100755 index 0000000..7c7dcf3 --- /dev/null +++ b/configs/bova/bova-mdf-a8360-sw1.cfg @@ -0,0 +1,529 @@ +Current configuration: +! +!Version ArubaOS-CX LL.10.13.1010 +!export-password: default +hostname bova-mdf-a8360-sw1 +banner motd # +!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +! You are accessing a PRIVATE COMPUTING FACILITY. ! +! Access to this system is restricted to AUTHORIZED PERSONNEL. ! +! ! +! Anyone who accesses this system without authorization, or in ! +! excess of their authorization could be subject to a fine, ! +! imprisonment, or both under Public and Federal Law. By entering ! +! this system, you consent to having your accesses and activities ! +! monitored and recorded. If this monitoring or record reveals ! +! suspected unauthorized or criminal activity, the evidence will ! +! be provided to supervisory personnel and law enforcement officials. ! +! ! +! IF YOU ARE NOT AUTHORIZED TO BE HERE DISCONNECT NOW! ! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!# +user admin group administrators password ciphertext AQBapQQV9uGWgL9Nv60IYbFo9zjMyjFEA0m9js1ozawiyICkYgAAAOy8W69MCyjD1Q9USU46ZJXqP9XbdbWX50nliTq/2C8KUK88TE5mHBg3yGQXTmrnhKrbEB3oKhCZdzC7sAK/QHYW2UMIQHk2pU4vUfV906Dy6ZCnHoOtcESmXFk82lbEReGt +clock timezone america/new_york +profile aggregation-leaf +ntp server 10.1.1.2 iburst +ntp server 10.1.1.3 iburst +ntp enable +! +! +! +! +tacacs-server host 10.1.40.115 key ciphertext AQBapSuvkZ42oU63tX2A+AZ8lP8qC0+kYouNLefCIrqt8ZStCQAAAKHES1pt0Vp0Fg== +tacacs-server host 10.1.40.116 key ciphertext AQBapaEs5/SL2J162qOgL4A4eEyKzQEOM9k0LWQ4cJ6UjRDvCQAAAFrjjfLG6NF04Q== +tacacs-server host 10.1.40.117 key ciphertext AQBapVSELn/rkkpvMOd3vACVNbdnz7iC98pSzkCXdH9deBN5CQAAABvZ9joHN8VWWw== +! +radius-server host 10.1.40.115 key ciphertext AQBapbu7Z3RBzVrv1T93L4TizoItEOVefoB4LNz/ns1VCj9gCQAAAG8C9LBBMJgwdQ== +radius-server host 10.1.40.116 key ciphertext AQBapQSSLiUo+iyJmwXu0UThca1UcsVuuUXpy5ugH39hXTsNCQAAAGHPuE/0klTP6A== +radius-server host 10.1.40.117 key ciphertext AQBapcn6h8aHjLAUhpDlhARe02431IAWvzN18DvMp0LR1II8CQAAAPVybLcavSOz9w== +aaa authentication allow-fail-through +! +! +aaa authentication login default group tacacs local +aaa accounting all-mgmt console start-stop group tacacs +aaa accounting all-mgmt default start-stop group radius +aaa accounting all-mgmt https-server start-stop group radius +aaa accounting all-mgmt ssh start-stop group tacacs +! +logging 10.1.40.78 +ssh server vrf default +ssh server vrf mgmt +object-group ip address clearpass_servers + 10 10.1.40.115 + 20 10.1.40.116 + 30 10.1.40.117 +object-group ip address dom_cont + 10 10.1.40.10 + 20 10.1.40.95 + 30 10.1.48.120 + 40 10.21.48.10 + 50 10.1.203.21 + 60 10.1.48.10 + 70 10.21.48.10 +object-group ip address sccm_servers + 10 10.1.48.53 + 20 10.41.21.221 +object-group port clearpass_tcp_ports + 10 eq dce-rpc + 20 eq rdp +object-group port dc_tcp_ports + 10 eq dce-rpc + 20 eq ldap + 30 eq 3268 + 40 eq dns + 50 eq 88 + 70 eq microsoft-ds + 80 range 49666 49679 +object-group port dc_udp_ports + 10 eq ntp + 20 eq ldap + 30 eq dns + 40 eq isakmp +object-group port sccm_tcp_ports + 10 eq 8530 + 20 eq 10123 +object-group port sccm_udp_ports + 10 eq dce-rpc + 20 eq ldap + 50 eq dns + 60 eq 88 + 70 eq microsoft-ds + 90 eq isakmp + 140 gt 1022 +access-list ip Image-acl + 10 permit udp dom_cont group dc_udp_ports any + 15 comment DC_UDP_PORTS_IN + 20 permit udp any eq dhcp-client any eq dhcp-server + 25 permit udp any eq dhcp-server any eq dhcp-client + 30 comment DHCP_CLIENT_SERVER + 35 permit udp any any eq tftp + 40 comment TFTP_IN + 45 permit udp any eq tftp any + 50 comment TFTP_OUT + 55 permit udp any eq 4011 any eq 4011 + 60 comment PXE_BOOT + 65 permit udp any dom_cont group dc_udp_ports + 70 comment DC_UDP_PORTS_OUT + 75 permit tcp dom_cont group dc_tcp_ports any + 80 comment DC_TCP PORTS_IN + 85 permit tcp any dom_cont group dc_tcp_ports + 90 comment DC_TCP_PORTS_OUT + 95 permit udp sccm_servers group sccm_udp_ports any + 100 comment SCCM_UDP_PORTS_IN + 105 permit udp any sccm_servers group sccm_udp_ports + 110 comment SCCM_UDP_PORTS_OUT + 115 permit tcp sccm_servers group sccm_tcp_ports any + 120 comment SCCM_TCP_PORTS_IN + 125 permit tcp any sccm_servers group sccm_tcp_ports + 130 comment SCCM_TCP_PORTS_OUT + 135 permit udp any range 137 138 any + 140 comment UDP_137-138 + 145 permit tcp any eq http any + 150 comment HTTP_IN + 155 permit tcp any any eq http + 160 comment HTTP_OUT + 165 permit tcp any eq https any + 170 comment HTTPS_IN + 175 permit tcp any any eq https + 180 comment HTTPS_OUT + 185 permit tcp clearpass_servers group clearpass_tcp_ports any + 190 comment ClearPass_TCP_PORTS_IN + 195 permit tcp any clearpass_servers group clearpass_tcp_ports + 200 comment ClearPass_TCP_PORTS_OUT + 205 deny any any any +access-list ip users-acl + 10 deny any any 192.168.0.0/255.255.0.0 + 20 permit any any any +access-list log-timer 5 +flow exporter ipfix-to-orion + destination 10.1.48.37 vrf default + template data timeout 60 + transport udp 2055 +flow record ipfix-record + match ipv4 destination address + match ipv4 protocol + match ipv4 source address + match ipv4 version + match transport destination port + match transport source port + collect counter bytes + collect counter packets + collect timestamp absolute first + collect timestamp absolute last +flow monitor ipfix-monitor + cache timeout active 60 + exporter ipfix-to-orion + record ipfix-record +dhcpv4-snooping +dhcpv4-snooping option 82 untrusted-policy keep +vlan 1 +vlan 10 + name mgmt +vlan 20 + name Data + dhcpv4-snooping + ip igmp snooping enable +vlan 21 + name Imaging + dhcpv4-snooping + ip igmp snooping enable +vlan 30 + name IoT + description IoT VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 35 + name Wireless + description Wireless VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 40 + name Server40 + description Server 40 VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 48 + name Server48 + description Server 48 VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 50 + name Voice + voice + description Voice VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 70 + name Security + description Security VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 72 + name AccessControl + description Access Control VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 168 + name Default + description Default and Imaging VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 230 + name HVAC + description HVAC VLAN + dhcpv4-snooping + ip igmp snooping enable +vlan 254 + name transit + description Transit VLAN + dhcpv4-snooping +vlan 503 + name CT-A + dhcpv4-snooping +vlan 513 + name CT-B + dhcpv4-snooping +vlan 523 + name SH-A + dhcpv4-snooping +vlan 533 + name SH-B + dhcpv4-snooping +vlan 699 + name NativeVLAN +spanning-tree mode rpvst +spanning-tree +spanning-tree priority 2 +spanning-tree trap topology-change instance 0 +spanning-tree ignore-pvid-inconsistency +spanning-tree vlan 10,20,21,30,35,40,48,50,70,72,168,230,254,503,513,523,533,699 +interface mgmt + no shutdown + ip static 192.168.41.1/24 +qos queue-profile switchports + map queue 0 local-priority 0 + map queue 1 local-priority 1 + map queue 2 local-priority 2 + map queue 3 local-priority 3 + map queue 4 local-priority 4 + map queue 5 local-priority 6 + map queue 6 local-priority 7 + map queue 7 local-priority 5 +qos schedule-profile voip + dwrr queue 0 weight 1 + dwrr queue 1 weight 1 + dwrr queue 2 weight 1 + dwrr queue 3 weight 1 + dwrr queue 4 weight 1 + dwrr queue 5 weight 1 + dwrr queue 6 weight 1 + strict queue 7 +apply qos queue-profile switchports schedule-profile voip +qos trust dscp +qos dscp-map 40 local-priority 6 color green name CS5 +qos dscp-map 41 local-priority 6 color green name CS5 +qos dscp-map 42 local-priority 6 color green name CS5 +qos dscp-map 43 local-priority 6 color green name CS5 +qos dscp-map 44 local-priority 6 color green name CS5 +qos dscp-map 45 local-priority 6 color green name CS5 +qos dscp-map 47 local-priority 6 color green name CS5 +interface lag 5 multi-chassis + description Uplink to bova-mdf-sw1 + no shutdown + no routing + vlan trunk native 699 + vlan trunk allowed 10,20-21,30,35,40,48,50,70,72,168,230,254,503,513,523,533 + lacp mode active +interface lag 11 multi-chassis + description Uplink to bova-idf1-sw1 + no shutdown + no routing + vlan trunk native 699 + vlan trunk allowed 10,20-21,30,35,40,48,50,70,72,168,230,254,503,513,523,533 + lacp mode active +interface lag 21 multi-chassis + description Uplink to bova-idf2-sw1 + no shutdown + no routing + vlan trunk native 699 + vlan trunk allowed 10,20-21,30,35,40,48,50,70,72,168,230,254,503,513,523,533 + lacp mode active +interface lag 31 multi-chassis + description Uplink to bova-idf3-sw1 + no shutdown + no routing + vlan trunk native 699 + vlan trunk allowed 10,20-21,30,35,40,48,50,70,72,168,230,254,503,513,523,533 + lacp mode active +interface lag 41 multi-chassis + description Uplink to bova-idf4-sw1 + no shutdown + no routing + vlan trunk native 699 + vlan trunk allowed 10,20-21,30,35,40,48,50,70,72,168,230,254,503,513,523,533 + lacp mode active +interface lag 256 + description ISL link + no shutdown + no routing + vlan trunk native 699 tag + vlan trunk allowed all + lacp mode active + dhcpv4-snooping trust +interface 1/1/1 + no shutdown + lag 5 +interface 1/1/2 + no shutdown + lag 11 +interface 1/1/3 + no shutdown + lag 21 +interface 1/1/4 + no shutdown + lag 31 +interface 1/1/5 + no shutdown + lag 41 +interface 1/1/14 + description Connected to SCCM_DP + no shutdown + no routing + vlan access 21 + dhcpv4-snooping trust +interface 1/1/15 + description Connected to Voice Gateway + no shutdown + no routing + vlan access 50 +interface 1/1/16 + description Primary Link Connected to Ring_3 + no shutdown + flow-control rxtx + no routing + vlan trunk native 699 + vlan trunk allowed 503,513,523,533 + dhcpv4-snooping trust + ip flow monitor ipfix-monitor in +interface 1/1/17 + description ISL LAG + no shutdown + lag 256 +interface 1/1/18 + description ISL LAG + no shutdown + lag 256 +interface loopback 0 + ip address 10.41.254.253/32 + ip ospf 1 area 0.0.0.203 +interface vlan 1 + shutdown +interface vlan 10 + description NetworkManagement + ip address 192.168.41.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 192.168.41.1 + ip ospf 1 area 0.0.0.203 +interface vlan 20 + ip address 10.41.1.2/21 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.1.1 + ip helper-address 10.1.40.20 + ip helper-address 10.1.40.115 + ip helper-address 10.1.40.116 + ip helper-address 10.1.40.117 + ip helper-address 10.21.48.20 + ip helper-address 10.41.21.221 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 21 + ip address 10.41.21.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.21.1 + ip helper-address 10.1.40.20 + ip helper-address 10.1.40.115 + ip helper-address 10.21.48.20 + ip helper-address 10.41.21.221 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 30 + ip address 10.41.30.2/23 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.30.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 35 + ip address 10.41.35.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.35.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 40 + ip address 10.41.40.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.40.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 48 + ip address 10.41.48.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.48.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 50 + ip address 10.41.50.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.50.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip igmp static-group 239.1.150.50 + ip pim-sparse enable +interface vlan 70 + ip address 10.41.70.2/23 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.70.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 72 + ip address 10.41.72.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.72.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 168 + ip address 10.41.168.2/22 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.168.1 + ip helper-address 10.1.40.20 + ip helper-address 10.1.40.115 + ip helper-address 10.1.40.116 + ip helper-address 10.1.40.117 + ip helper-address 10.21.48.20 + ip helper-address 10.41.21.221 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 230 + ip address 10.41.230.2/24 + active-gateway ip mac 12:01:00:00:01:00 + active-gateway ip 10.41.230.1 + ip helper-address 10.1.40.20 + ip helper-address 10.21.48.20 + ip ospf 1 area 0.0.0.203 + ip igmp enable + ip pim-sparse enable +interface vlan 254 + description transit-vlan + ip address 10.254.41.1/24 + ip ospf 1 area 0.0.0.0 + no ip ospf passive + ip ospf network point-to-point + ip pim-sparse enable +interface vlan 503 + description to ring 3 + ip address 10.250.203.41/24 + ip ospf 1 area 0.0.0.0 + no ip ospf passive + ip pim-sparse enable +interface vlan 523 + description to ring 3 + ip address 10.254.223.41/24 + ip ospf 1 area 0.0.0.0 + no ip ospf passive + ip pim-sparse enable +snmp-server vrf default +snmp-server system-description bova-A8360-sw1 +snmp-server system-location Bova MDF +snmp-server system-contact Tim Marris +snmp-server community mickey03 +vsx + system-mac 02:01:00:00:01:40 + inter-switch-link lag 256 + role primary + keepalive peer 192.168.41.2 source 192.168.41.1 vrf mgmt +ip route 10.41.254.254/32 10.254.41.2 +mirror session 1 + destination cpu + source vlan 30 both + enable +ip dns domain-name scsd.ad +ip dns server-address 10.1.40.10 +ip dns server-address 10.21.48.10 +! +! +! +! +! +router ospf 1 + router-id 10.41.254.254 + passive-interface default + area 0.0.0.0 + area 0.0.0.203 nssa + area 0.0.0.203 range 10.41.0.0/16 type inter-area +router pim + enable + rp-address 10.1.0.1 +ip source-interface all interface loopback0 +https-server vrf default +https-server vrf mgmt \ No newline at end of file