From b5f6a30b0e899d46930235974956d19f59fa5533 Mon Sep 17 00:00:00 2001 From: John Poland Date: Tue, 10 Mar 2026 20:33:24 -0400 Subject: [PATCH] salem_h/salem_h-4507-1.cfg Tue Mar 10 08:33:24 PM EDT 2026 --- configs/salem_h/salem_h-4507-1.cfg | 36 ++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/configs/salem_h/salem_h-4507-1.cfg b/configs/salem_h/salem_h-4507-1.cfg index e78901a..8537991 100644 --- a/configs/salem_h/salem_h-4507-1.cfg +++ b/configs/salem_h/salem_h-4507-1.cfg @@ -1,9 +1,9 @@ Building configuration... -Current configuration : 33357 bytes +Current configuration : 33832 bytes ! -! Last configuration change at 19:55:55 EDT Thu Sep 18 2025 by jkafta72.admin -! NVRAM config last updated at 19:55:55 EDT Thu Sep 18 2025 by jkafta72.admin +! Last configuration change at 13:12:23 EDT Tue Mar 10 2026 by estein66.admin +! NVRAM config last updated at 13:12:24 EDT Tue Mar 10 2026 by estein66.admin ! version 15.2 no service pad @@ -115,6 +115,20 @@ archive path bootflash: maximum 5 file privilege 10 +object-group network day-enterprise-servers + description day-enterprise-servers + host 10.1.230.11 + host 10.1.40.108 +! +object-group network dns-servers + description Internal-DNS-Servers + host 10.1.40.10 + host 10.1.48.11 +! +object-group network ntp-servers + host 10.1.40.154 + host 10.1.48.103 +! ! spanning-tree mode rapid-pvst spanning-tree loopguard default @@ -1027,6 +1041,7 @@ interface Vlan107 ! interface Vlan230 ip address 10.30.230.1 255.255.255.224 + ip access-group hvac in ! interface Vlan233 ip address 10.30.233.1 255.255.255.0 @@ -1135,12 +1150,15 @@ ip access-list extended AutoQos-4.0-ACL-Transactional-Data permit tcp any any eq 1630 permit udp any any eq 1630 ip access-list extended hvac - permit tcp 10.30.230.0 0.0.0.31 eq 22 10.1.230.0 0.0.0.31 log - permit tcp 10.30.230.0 0.0.0.31 eq www 10.1.230.0 0.0.0.31 log - permit tcp 10.30.230.0 0.0.0.31 eq 443 10.1.230.0 0.0.0.31 log - permit icmp 10.30.230.0 0.0.0.31 10.1.230.0 0.0.0.31 - permit icmp 10.1.230.0 0.0.0.31 10.30.230.0 0.0.0.31 - deny ip any any + permit ip 10.30.230.0 0.0.0.31 object-group day-enterprise-servers + permit udp 10.30.230.0 0.0.0.31 object-group dns-servers eq domain + permit udp 10.30.230.0 0.0.0.31 object-group ntp-servers eq ntp + permit icmp 10.30.230.0 0.0.0.31 host 10.30.230.1 + permit icmp host 10.30.230.1 10.30.230.0 0.0.0.31 + deny ip any 10.0.0.0 0.255.255.255 + deny ip any 192.168.0.0 0.0.255.255 + deny ip any 172.16.0.0 0.15.255.255 + permit tcp 10.30.230.0 0.0.0.31 any eq 587 log-input ip access-list extended users deny ip any 192.168.0.0 0.0.255.255 permit ip any any