From 63310f18b75dccbd9965d6971ac08f05fced27ee Mon Sep 17 00:00:00 2001 From: John Poland Date: Wed, 1 Apr 2026 20:32:43 -0400 Subject: [PATCH] grant/grant-mdf-4507.cfg Wed Apr 1 08:32:41 PM EDT 2026 --- configs/grant/grant-mdf-4507.cfg | 34 +++++++++++++++----------------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/configs/grant/grant-mdf-4507.cfg b/configs/grant/grant-mdf-4507.cfg index 2ae84a8..1cec549 100644 --- a/configs/grant/grant-mdf-4507.cfg +++ b/configs/grant/grant-mdf-4507.cfg @@ -1,9 +1,9 @@ Building configuration... -Current configuration : 34293 bytes +Current configuration : 34109 bytes ! -! Last configuration change at 07:41:06 EDT Tue Mar 31 2026 by jpoland.oa -! NVRAM config last updated at 07:41:06 EDT Tue Mar 31 2026 by jpoland.oa +! Last configuration change at 12:02:42 EDT Wed Apr 1 2026 by swalts49.admin +! NVRAM config last updated at 12:02:43 EDT Wed Apr 1 2026 by swalts49.admin ! version 15.2 no service pad @@ -420,7 +420,7 @@ interface Loopback0 interface Port-channel5 description To MDF .5 Stack ** switchport - switchport trunk allowed vlan 10,20,30,35,40,50,59,60,70 + switchport trunk allowed vlan 10,20,30,35,40,50,59,60,70,230 switchport trunk native vlan 10 switchport mode trunk ! @@ -462,7 +462,7 @@ interface Port-channel51 interface Port-channel61 description ** To IDF6 ** switchport - switchport trunk allowed vlan 10,20,30,35,40,56,70 + switchport trunk allowed vlan 10,20,30,35,40,56,70,230 switchport trunk native vlan 10 switchport mode trunk ! @@ -475,7 +475,7 @@ interface FastEthernet1 ! interface TenGigabitEthernet1/1 description *** To grant-mdf153-sw1 *** - switchport trunk allowed vlan 10,20,30,35,40,50,59,60,70 + switchport trunk allowed vlan 10,20,30,35,40,50,59,60,70,230 switchport trunk native vlan 10 switchport mode trunk channel-group 5 mode active @@ -517,7 +517,7 @@ interface TenGigabitEthernet1/6 ! interface TenGigabitEthernet1/7 description *** To grant-idf360-sw1 *** - switchport trunk allowed vlan 10,20,30,35,40,56,70 + switchport trunk allowed vlan 10,20,30,35,40,56,70,230 switchport trunk native vlan 10 switchport mode trunk channel-group 61 mode active @@ -543,7 +543,7 @@ interface TenGigabitEthernet1/12 ! interface TenGigabitEthernet2/1 description *** To grant-mdf153-sw1 *** - switchport trunk allowed vlan 10,20,30,35,40,50,59,60,70 + switchport trunk allowed vlan 10,20,30,35,40,50,59,60,70,230 switchport trunk native vlan 10 switchport mode trunk channel-group 5 mode active @@ -585,7 +585,7 @@ interface TenGigabitEthernet2/6 ! interface TenGigabitEthernet2/7 description *** To grant-idf360-sw1 *** - switchport trunk allowed vlan 10,20,30,35,40,56,70 + switchport trunk allowed vlan 10,20,30,35,40,56,70,230 switchport trunk native vlan 10 switchport mode trunk channel-group 61 mode active @@ -910,6 +910,7 @@ interface Vlan35 ! interface Vlan40 ip address 10.9.40.1 255.255.255.0 + ip access-group hvac-acl in no ip redirects ip pim sparse-mode ! @@ -1009,7 +1010,6 @@ interface Vlan107 ! interface Vlan230 ip address 10.9.230.1 255.255.255.224 - ip access-group hvac in ! interface Vlan233 ip address 10.9.233.1 255.255.255.0 @@ -1117,16 +1117,14 @@ ip access-list extended AutoQos-4.0-ACL-Transactional-Data ip access-list extended CAP1-FILTER-LIST permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 -ip access-list extended hvac - permit ip 10.9.230.0 0.0.0.31 object-group day-enterprise-servers - permit udp 10.9.230.0 0.0.0.31 object-group dns-servers eq domain - permit udp 10.9.230.0 0.0.0.31 object-group ntp-servers eq ntp - permit icmp 10.9.230.0 0.0.0.31 host 10.9.230.1 - permit icmp host 10.9.230.1 10.9.230.0 0.0.0.31 - deny ip any 10.0.0.0 0.255.255.255 +ip access-list extended hvac-acl + permit ip any host 10.1.230.11 + permit ip any host 10.1.40.108 + permit udp any any eq domain + deny ip any 10.0.0.0 0.0.0.255 deny ip any 192.168.0.0 0.0.255.255 deny ip any 172.16.0.0 0.15.255.255 - permit tcp 10.9.230.0 0.0.0.31 any eq 587 log-input + permit tcp any any eq 587 log count ip access-list extended sbhc-acl permit ip 10.9.107.0 0.0.0.255 10.107.50.0 0.0.0.255 permit tcp 10.9.107.0 0.0.0.255 any eq 443