From 6c8ae20ad4eeac45c0dd7e58bed628dc222d542b Mon Sep 17 00:00:00 2001 From: John Poland Date: Tue, 10 Mar 2026 20:33:26 -0400 Subject: [PATCH] grant/grant-mdf-4507.cfg Tue Mar 10 08:33:24 PM EDT 2026 --- configs/grant/grant-mdf-4507.cfg | 38 +++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/configs/grant/grant-mdf-4507.cfg b/configs/grant/grant-mdf-4507.cfg index b2c4929..a3a0d13 100644 --- a/configs/grant/grant-mdf-4507.cfg +++ b/configs/grant/grant-mdf-4507.cfg @@ -1,9 +1,9 @@ Building configuration... -Current configuration : 32927 bytes +Current configuration : 33834 bytes ! -! Last configuration change at 20:39:41 EST Thu Mar 5 2026 by jkafta72.admin -! NVRAM config last updated at 20:12:23 EST Thu Mar 5 2026 by jkafta72.admin +! Last configuration change at 14:45:13 EDT Tue Mar 10 2026 by estein66.admin +! NVRAM config last updated at 14:45:40 EDT Tue Mar 10 2026 by estein66.admin ! version 15.2 no service pad @@ -135,12 +135,26 @@ power redundancy-mode redundant archive path bootflash: maximum 12 +object-group network day-enterprise-servers + description day-enterprise-servers + host 10.1.230.11 + host 10.1.40.108 +! +object-group network dns-servers + description Internal-DNS-Servers + host 10.1.40.10 + host 10.1.48.11 +! object-group network netadmins-hosts description SCSD Network Administrators Hosts host 10.1.6.20 host 10.1.6.126 host 10.1.6.32 ! +object-group network ntp-servers + host 10.1.40.154 + host 10.1.48.103 +! ! spanning-tree mode rapid-pvst spanning-tree loopguard default @@ -206,6 +220,9 @@ vlan 72 vlan 107 name SBHC ! +vlan 230 + name HVAC +! vlan 233 name City-CGRs ! @@ -975,6 +992,11 @@ interface Vlan107 ip access-group sbhc-acl in no ip redirects ! +interface Vlan230 + ip address 10.9.230.1 255.255.255.224 + ip access-group hvac in + shutdown +! interface Vlan233 ip address 10.9.233.1 255.255.255.0 ! @@ -1081,6 +1103,16 @@ ip access-list extended AutoQos-4.0-ACL-Transactional-Data ip access-list extended CAP1-FILTER-LIST permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 +ip access-list extended hvac + permit ip 10.9.230.0 0.0.0.31 object-group day-enterprise-servers + permit udp 10.9.230.0 0.0.0.31 object-group dns-servers eq domain + permit udp 10.9.230.0 0.0.0.31 object-group ntp-servers eq ntp + permit icmp 10.9.230.0 0.0.0.31 host 10.9.230.1 + permit icmp host 10.9.230.1 10.9.230.0 0.0.0.31 + deny ip any 10.0.0.0 0.255.255.255 + deny ip any 192.168.0.0 0.0.255.255 + deny ip any 172.16.0.0 0.15.255.255 + permit tcp 10.9.230.0 0.0.0.31 any eq 587 log-input ip access-list extended sbhc-acl permit ip 10.9.107.0 0.0.0.255 10.107.50.0 0.0.0.255 permit tcp 10.9.107.0 0.0.0.255 any eq 443