diff --git a/configs/king/king-4507-1.cfg b/configs/king/king-4507-1.cfg index 18ad64e..8a1cdb1 100644 --- a/configs/king/king-4507-1.cfg +++ b/configs/king/king-4507-1.cfg @@ -1,9 +1,9 @@ Building configuration... -Current configuration : 36773 bytes +Current configuration : 37687 bytes ! -! Last configuration change at 18:30:41 EDT Tue Aug 19 2025 by estein66.admin -! NVRAM config last updated at 18:31:27 EDT Tue Aug 19 2025 by estein66.admin +! Last configuration change at 15:24:51 EDT Tue Mar 10 2026 by estein66.admin +! NVRAM config last updated at 15:25:08 EDT Tue Mar 10 2026 by estein66.admin ! version 15.2 no service pad @@ -116,6 +116,16 @@ archive path bootflash: maximum 5 file privilege 10 +object-group network day-enterprise-servers + description day-enterprise-servers + host 10.1.230.11 + host 10.1.40.108 +! +object-group network dns-servers + description Internal-DNS-Servers + host 10.1.40.10 + host 10.1.48.11 +! object-group network netadmin-hosts description SCSD Network Administrators Hosts ! @@ -125,6 +135,10 @@ object-group network netadmins-hosts host 10.1.6.126 host 10.1.6.32 ! +object-group network ntp-servers + host 10.1.40.154 + host 10.1.48.103 +! object-group service zoom-tcp-390 description Zoom phones TCP 390 tcp eq 390 @@ -204,6 +218,9 @@ vlan 72 vlan 107 name health_services ! +vlan 230 + name HVAC +! vlan 505 name CC-Ring ! @@ -1131,6 +1148,11 @@ interface Vlan107 ip address 10.20.107.1 255.255.255.0 ip access-group sbhc-acl in ! +interface Vlan230 + ip address 10.20.230.1 255.255.255.224 + ip access-group hvac in + shutdown +! interface Vlan505 description to Ring #5 CCF Service S200282 ip address 10.250.205.20 255.255.255.0 @@ -1234,6 +1256,16 @@ ip access-list extended AutoQos-4.0-ACL-Transactional-Data permit udp any any eq 1575 permit tcp any any eq 1630 permit udp any any eq 1630 +ip access-list extended hvac + permit ip 10.20.230.0 0.0.0.31 object-group day-enterprise-servers + permit udp 10.20.230.0 0.0.0.31 object-group dns-servers eq domain + permit udp 10.20.230.0 0.0.0.31 object-group ntp-servers eq ntp + permit icmp 10.20.230.0 0.0.0.31 host 10.20.230.1 + permit icmp host 10.20.230.1 10.20.230.0 0.0.0.31 + deny ip any 10.0.0.0 0.255.255.255 + deny ip any 192.168.0.0 0.0.255.255 + deny ip any 172.16.0.0 0.15.255.255 + permit tcp 10.20.230.0 0.0.0.31 any eq 587 log-input ip access-list extended sbhc-acl permit ip 10.20.107.0 0.0.0.255 10.107.50.0 0.0.0.255 permit tcp 10.20.107.0 0.0.0.255 any eq 443