Scribd
Upload
3 views

Conf SW+ 400000WC9

The document outlines a series of configuration commands for a network switch, including QoS settings, SNMP configurations, and access control lists. It specifies the setup for traffic templates, logging, and authorized managers for various access methods. Additionally, it includes commands for reboot scheduling and interface configurations.

Uploaded by

lizdarlinivan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
3 views

Conf SW+ 400000WC9

The document outlines a series of configuration commands for a network switch, including QoS settings, SNMP configurations, and access control lists. It specifies the setup for traffic templates, logging, and authorized managers for various access methods. Additionally, it includes commands for reboot scheduling and interface configurations.

Uploaded by

lizdarlinivan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 13

alias SECCION (00_PREVIOS)

config
terminal type vt100
clock timezone GMT +1:00
time daylight-time-rule western-europe
clock summer-time

qos traffic-template 4_WC9_telnnahuaa_SW

qos queue-config 8-queues traffic-template 4_WC9_telnnahuaa_SW


y
y

===================================================================================
===============================
!***COPIAR HASTA AQUÍ Y ESPERAR REINICIO 1 DE 2 ---- Esperamos a que se reinicie, y
seguimos con la configuracion.
===================================================================================
===============================

alias SECCION (01_MAPEO_QoS)


config
qos traffic-template 4_WC9_telnnahuaa_SW
no map-traffic-group 1 priority 1
no map-traffic-group 2 priority 2
no map-traffic-group 3 priority 0
no map-traffic-group 4 priority 3
no map-traffic-group 5 priority 4
no map-traffic-group 6 priority 5
no map-traffic-group 7 priority 6
no map-traffic-group 8 priority 7

map-traffic-group 1 priority 0
map-traffic-group 1 priority 1
map-traffic-group 1 priority 2
map-traffic-group 1 priority 3
map-traffic-group 1 priority 4
map-traffic-group 1 priority 6
map-traffic-group 3 priority 7
map-traffic-group 8 priority 5
exit
qos queue-config 8-queues traffic-template 4_WC9_telnnahuaa_SW
y
y

===================================================================================
===============================
!***COPIAR HASTA AQUÍ Y ESPERAR REINICIO 2 DE 2 ---- Esperamos a que se reinicie, y
seguimos con la configuracion.
===================================================================================
===============================

schedule reboot delay 10


y

alias SECCION (02_BASICA)


configure
lldp run
cdp run
web-management
mac-age-time 60
snmp-server enable traps link-change all
timesync sntp
sntp unicast
sntp 30
sntp server priority 1 192.168.134.86
sntp server priority 2 192.168.134.87
hostname 4_WC9_telnnahuaa_SW
sysname 4_WC9_telnnahuaa_SW
module 1 type jl261a
console baud-rate 9600
console idle-timeout 300
console idle-timeout serial-usb 300
console max-sessions 5

snmp-server enable
snmp-server contact "CGP TIENDAS MOVISTAR" location "CALLE JOSE ISBERT 16, POZUELO
DE ALARCON - MADRID"
snmp-server community "public" unrestricted
snmp-server community "nvaiaJC4" operator restricted
snmp-server community "avsvMda" manager unrestricted
snmp-server enable traps mac-notify
snmp-server enable traps startup-config-change
snmp-server enable traps running-config-change
snmp-server enable traps mac-count-notify
snmp-server response-source loopback 6
snmp-server trap-source loopback 6

logging 192.168.134.79
logging facility Local7
logging filter Severidad 1 severity info permit
logging filter Severidad 2 severity major permit
logging filter Severidad default deny
logging filter Severidad enable

alias SECCION (03_GESTION)

interface loopback 6
ip address 10.222.105.196
exit

ip source-interface tacacs loopback 6


ip source-interface syslog loopback 6
ip source-interface telnet loopback 6
ip source-interface tftp loopback 6
ip source-interface sntp loopback 6
ip source-interface tunneled-node-server loopback 6
crypto key generate ssh rsa bits 2048
ip ssh

ip access-list standard GENERAL_GESTION_ENTRADA


remark "Gestion SNTP SNMP"
permit 192.168.134.0 0.0.0.255
permit 213.0.254.0 0.0.0.63
permit 213.0.187.192 0.0.0.63
permit 81.46.92.0 0.0.1.255
permit 213.0.190.192 0.0.0.63
permit 217.124.116.192 0.0.0.15
permit 81.45.156.0 0.0.1.255
permit 194.224.111.192 0.0.0.63
permit 195.76.102.0 0.0.0.255
permit 10.222.105.196 0.0.0.0
deny any
exit

ip access-list extended "SNMPYNTP"


10 permit udp any eq 123 10.222.105.196 0.0.0.0 log
20 permit udp 10.222.105.196 0.0.0.0 any eq 123
30 remark "ACL para permitir trafico de GESTION en salida"
30 permit udp 10.222.105.196 0.0.0.0 eq 161 any log
40 permit udp any 10.222.105.196 0.0.0.0 eq 161
50 permit udp any eq 162 10.222.105.196 0.0.0.0 log
60 permit udp 10.222.105.196 0.0.0.0 any eq 162
70 permit udp any eq 514 10.222.105.196 0.0.0.0 log
80 permit udp 10.222.105.196 0.0.0.0 any eq 514
90 permit tcp any 195.76.102.0 0.0.0.255 eq 23
100 permit tcp 195.76.102.0 0.0.0.255 eq 23 any
110 permit tcp any 10.222.105.196 0.0.0.0 eq 22
120 permit tcp 10.222.105.196 0.0.0.0 eq 22 any
130 permit tcp any 195.76.102.0 0.0.0.255 eq 22
140 permit tcp 195.76.102.0 0.0.0.255 eq 22 any
150 permit tcp any eq 69 10.222.105.196 0.0.0.0
160 permit tcp 10.222.105.196 0.0.0.0 any eq 69
170 permit udp any eq 49 10.222.105.196 0.0.0.0
180 permit udp 10.222.105.196 0.0.0.0 any eq 49
190 permit tcp any eq 49 10.222.105.196 0.0.0.0
200 permit tcp 10.222.105.196 0.0.0.0 any eq 49
210 permit udp any eq 560 10.222.105.196 0.0.0.0
220 permit udp 10.222.105.196 0.0.0.0 any eq 560
230 permit icmp 195.76.102.0 0.0.0.255 any
240 permit icmp 10.222.105.196 0.0.0.0 any
250 deny ip 0.0.0.0 255.255.255.255 any
exit

ip access-list standard "GENERAL_GESTION_ENTRADA"


10 permit 192.168.134.0 0.0.0.255
10 remark "Gestion SNTP SNMP"
20 permit 213.0.254.0 0.0.0.63
30 permit 213.0.187.192 0.0.0.63
40 permit 81.46.92.0 0.0.1.255
50 permit 213.0.190.192 0.0.0.63
60 permit 217.124.116.192 0.0.0.15
70 permit 81.45.156.0 0.0.1.255
80 permit 194.224.111.192 0.0.0.63
90 permit 195.76.102.0 0.0.0.255
100 permit 10.222.105.196 0.0.0.0
110 deny any
exit

ip dns server-address priority 1 80.58.61.250


ip dns server-address priority 2 80.58.61.254

ip authorized-managers 88.28.116.0 255.255.255.0 access manager access-method


telnet
ip authorized-managers 88.28.116.0 255.255.255.0 access manager access-method ssh
ip authorized-managers 88.28.116.0 255.255.255.0 access manager access-method tftp
ip authorized-managers 88.28.116.0 255.255.255.0 access manager access-method snmp
ip authorized-managers 88.28.116.0 255.255.255.0 access manager access-method web
ip authorized-managers 88.28.116.0 255.255.255.0 access manager access-method all

ip authorized-managers 88.28.117.0 255.255.255.0 access manager access-method


telnet
ip authorized-managers 88.28.117.0 255.255.255.0 access manager access-method ssh
ip authorized-managers 88.28.117.0 255.255.255.0 access manager access-method tftp
ip authorized-managers 88.28.117.0 255.255.255.0 access manager access-method snmp
ip authorized-managers 88.28.117.0 255.255.255.0 access manager access-method web
ip authorized-managers 88.28.117.0 255.255.255.0 access manager access-method all
ip authorized-managers 88.28.117.0 255.255.255.0 access manager

ip authorized-managers 81.46.92.0 255.255.254.0 access manager access-method telnet


ip authorized-managers 81.46.92.0 255.255.254.0 access manager access-method ssh
ip authorized-managers 81.46.92.0 255.255.254.0 access manager access-method tftp
ip authorized-managers 81.46.92.0 255.255.254.0 access manager access-method snmp
ip authorized-managers 81.46.92.0 255.255.254.0 access manager access-method web
ip authorized-managers 81.46.92.0 255.255.254.0 access manager access-method all
ip authorized-managers 81.46.92.0 255.255.254.0 access manager

ip authorized-managers 81.45.156.0 255.255.254.0 access manager access-method


telnet
ip authorized-managers 81.45.156.0 255.255.254.0 access manager access-method ssh
ip authorized-managers 81.45.156.0 255.255.254.0 access manager access-method tftp
ip authorized-managers 81.45.156.0 255.255.254.0 access manager access-method snmp
ip authorized-managers 81.45.156.0 255.255.254.0 access manager access-method web
ip authorized-managers 81.45.156.0 255.255.254.0 access manager access-method all
ip authorized-managers 81.45.156.0 255.255.254.0 access manager

ip authorized-managers 195.76.102.0 255.255.255.0 access manager access-method


telnet
ip authorized-managers 195.76.102.0 255.255.255.0 access manager access-method ssh
ip authorized-managers 195.76.102.0 255.255.255.0 access manager access-method tftp
ip authorized-managers 195.76.102.0 255.255.255.0 access manager access-method snmp
ip authorized-managers 195.76.102.0 255.255.255.0 access manager access-method web
ip authorized-managers 195.76.102.0 255.255.255.0 access manager access-method all
ip authorized-managers 195.76.102.0 255.255.255.0 access manager

ip authorized-managers 217.124.116.192 255.255.255.240 access manager access-method


telnet
ip authorized-managers 217.124.116.192 255.255.255.240 access manager access-method
ssh
ip authorized-managers 217.124.116.192 255.255.255.240 access manager access-method
tftp
ip authorized-managers 217.124.116.192 255.255.255.240 access manager access-method
snmp
ip authorized-managers 217.124.116.192 255.255.255.240 access manager access-method
web
ip authorized-managers 217.124.116.192 255.255.255.240 access manager access-method
all
ip authorized-managers 217.124.116.192 255.255.255.240 access manager

ip authorized-managers 194.224.111.192 255.255.255.192 access manager access-method


telnet
ip authorized-managers 194.224.111.192 255.255.255.192 access manager access-method
ssh
ip authorized-managers 194.224.111.192 255.255.255.192 access manager access-method
tftp
ip authorized-managers 194.224.111.192 255.255.255.192 access manager access-method
snmp
ip authorized-managers 194.224.111.192 255.255.255.192 access manager access-method
web
ip authorized-managers 194.224.111.192 255.255.255.192 access manager access-method
all
ip authorized-managers 194.224.111.192 255.255.255.192 access manager

ip authorized-managers 213.0.190.192 255.255.255.192 access manager access-method


telnet
ip authorized-managers 213.0.190.192 255.255.255.192 access manager access-method
ssh
ip authorized-managers 213.0.190.192 255.255.255.192 access manager access-method
tftp
ip authorized-managers 213.0.190.192 255.255.255.192 access manager access-method
snmp
ip authorized-managers 213.0.190.192 255.255.255.192 access manager access-method
web
ip authorized-managers 213.0.190.192 255.255.255.192 access manager access-method
all
ip authorized-managers 213.0.190.192 255.255.255.192 access manager

ip authorized-managers 213.0.187.192 255.255.255.192 access manager access-method


telnet
ip authorized-managers 213.0.187.192 255.255.255.192 access manager access-method
ssh
ip authorized-managers 213.0.187.192 255.255.255.192 access manager access-method
tftp
ip authorized-managers 213.0.187.192 255.255.255.192 access manager access-method
snmp
ip authorized-managers 213.0.187.192 255.255.255.192 access manager access-method
web
ip authorized-managers 213.0.187.192 255.255.255.192 access manager access-method
all
ip authorized-managers 213.0.187.192 255.255.255.192 access manager

ip authorized-managers 192.168.134.0 255.255.255.0 access manager access-method


telnet
ip authorized-managers 192.168.134.0 255.255.255.0 access manager access-method ssh
ip authorized-managers 192.168.134.0 255.255.255.0 access manager access-method
tftp
ip authorized-managers 192.168.134.0 255.255.255.0 access manager access-method
snmp
ip authorized-managers 192.168.134.0 255.255.255.0 access manager access-method web
ip authorized-managers 192.168.134.0 255.255.255.0 access manager access-method all
ip authorized-managers 192.168.134.0 255.255.255.0 access manager

ip authorized-managers 213.0.254.0 255.255.255.192 access manager access-method


telnet
ip authorized-managers 213.0.254.0 255.255.255.192 access manager access-method ssh
ip authorized-managers 213.0.254.0 255.255.255.192 access manager access-method
tftp
ip authorized-managers 213.0.254.0 255.255.255.192 access manager access-method
snmp
ip authorized-managers 213.0.254.0 255.255.255.192 access manager access-method web
ip authorized-managers 213.0.254.0 255.255.255.192 access manager access-method all
ip authorized-managers 213.0.254.0 255.255.255.192 access manager
ip timep dhcp
ip directed-broadcast
ip route 0.0.0.0 0.0.0.0 195.76.102.1
ip routing
ip source-interface tacacs 10.222.105.196
ip source-interface telnet loopback 6
ip source-interface syslog loopback 6
ip source-interface tftp loopback 6
ip source-interface sntp loopback 6
ip source-interface tunneled-node-server loopback 6
ip client-tracker untrusted
ip timep dhcp
ip udp-bcast-forward
ip multicast-routing

alias SECCION (04_ASIGNACION_QOS)

qos dscp-map 0 priority 0


qos dscp-map 1 priority 0
qos dscp-map 2 priority 0
qos dscp-map 3 priority 0
qos dscp-map 4 priority 0
qos dscp-map 5 priority 0
qos dscp-map 6 priority 0
qos dscp-map 7 priority 0
qos dscp-map 8 priority 0
qos dscp-map 9 priority 0
qos dscp-map 10 priority 0
qos dscp-map 11 priority 0
qos dscp-map 12 priority 0
qos dscp-map 13 priority 0
qos dscp-map 14 priority 0
qos dscp-map 15 priority 0
qos dscp-map 16 priority 0
qos dscp-map 17 priority 0
qos dscp-map 18 priority 0
qos dscp-map 19 priority 0
qos dscp-map 20 priority 0
qos dscp-map 21 priority 0
qos dscp-map 22 priority 0
qos dscp-map 23 priority 0
qos dscp-map 24 priority 0
qos dscp-map 25 priority 0
qos dscp-map 26 priority 0
qos dscp-map 27 priority 0
qos dscp-map 28 priority 0
qos dscp-map 29 priority 0
qos dscp-map 30 priority 0
qos dscp-map 31 priority 0
qos dscp-map 32 priority 0
qos dscp-map 33 priority 0
qos dscp-map 34 priority 0
qos dscp-map 35 priority 0
qos dscp-map 36 priority 0
qos dscp-map 37 priority 0
qos dscp-map 38 priority 0
qos dscp-map 39 priority 0
qos dscp-map 40 priority 5
qos dscp-map 41 priority 0
qos dscp-map 42 priority 0
qos dscp-map 43 priority 0
qos dscp-map 44 priority 0
qos dscp-map 45 priority 0
qos dscp-map 46 priority 5
qos dscp-map 47 priority 0
qos dscp-map 48 priority 0
qos dscp-map 49 priority 0
qos dscp-map 50 priority 0
qos dscp-map 51 priority 0
qos dscp-map 52 priority 0
qos dscp-map 53 priority 0
qos dscp-map 54 priority 0
qos dscp-map 55 priority 0
qos dscp-map 56 priority 7

qos tcp-port 20 dscp 56


qos tcp-port 21 dscp 56
qos tcp-port 23 dscp 56
qos tcp-port 22 dscp 56
qos udp-port 161 dscp 56
qos udp-port 162 dscp 56
qos tcp-port 49 dscp 56
qos udp-port 69 dscp 56

alias SECCION (05_PUERTOS_EDC)

no interface 1-2 power-over-ethernet


snmp-server enable traps link-change 1-2

alias SECCION (06_VLAN'S_X)

vlan 1
name "DEFAULT_VLAN"
tagged 1-24
untagged 25-28
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
monitor all both mirror 1
exit

vlan 30
name "VLAN de Gestion privada"
tagged 1-2,25-26
ip address 195.76.102.5 255.255.255.0
ip access-group "GENERAL_GESTION_ENTRADA" in
ip access-group "SNMPYNTP" out
ip access-group "SNMPYNTP" vlan-out
exit

vlan 40
name "Negocio"
tagged 1-2,25-28
no ip address
qos dscp cs5
exit
vlan 50
name "AMX"
tagged 1-2,25-28
no ip address
exit

vlan 51
name "Multimedia"
tagged 1-2,25-28
ip address 10.3.57.48 255.255.255.128
exit

vlan 52
name "Control"
tagged 1-2,25-28
no ip address
exit

vlan 60
name "Gestion"
tagged 1-2,25-28
no ip address
exit

interface 3-24
qos trust dot1p
bandwidth-min output 99 0 1 0 0 0 0 strict
exit
interface 3-24 power-over-ethernet high
interface 3-24 poe-allocate-by class
interface 3-24 poe-lldp-detect enabled

port-security 3-24 eavesdrop-prevention


undo port-security 3-10,13-22 learn-mode limited-continuous

undo port-security 3-10,13-22 action send-alarm

alias SECCION (07_WIFI_PUERTO_X)

vlan 18
name "WiFi Publica"
tagged 1-2,23-24
no ip address
exit

vlan 19
name "WiFi Datafono"
tagged 1-2,23-24
no ip address
exit

vlan 27
name "WiFi Multimedia"
tagged 1-2,23-24
no ip address
exit

vlan 28
name "WiFi Negocio"
tagged 1-2,23-24
no ip address
exit

alias SECCION (08_WIFI_EDC)

vlan 29
name "WIFI_GESTION-SERVICIO"
tagged 1-2,25-28
untagged 23-24
no ip address
exit

alias SECCION (09_PUERTOS_X_GESTION)

interface 1
name "CONEXION VPN 1 EDC PRINCIPAL"
qos trust dscp
poe-lldp-detect enabled
bandwidth-min output 80 0 20 0 0 0 0 strict
tagged vlan 1,18-19,27-30,40,50-52,60
mirror 1
exit

interface 2
name "CONEXION VPN 2 EDC BACKUP"
qos trust dscp
poe-lldp-detect enabled
bandwidth-min output 80 0 20 0 0 0 0 strict
tagged vlan 1,18-19,27-30,40,50-52,60
exit

alias SECCION (10_PUERTOS_CASCADA)

interface 25
name CONEXION_CON_SWITCH_1
qos trust dot1p
bandwidth-min output 80 0 20 0 0 0 0 strict
exit

interface 26
name CONEXION_CON_SWITCH_ULTIMO
qos trust dot1p
bandwidth-min output 80 0 20 0 0 0 0 strict
exit

snmp-server enable traps link-change 25-28

alias SECCION (11_PUERTOS_X)

interface 3
name "Gestor de Turnos"
untagged vlan 52

interface 4
name "Controlador Step-IN(2)/Camara 360(2)"
untagged vlan 52

interface 5
name "Controlador Step-IN(1)"
untagged vlan 52

interface 6
name "Camara 360"
untagged vlan 52

interface 7
name 'Player PLV 1'
untagged vlan 51

interface 8
name 'TV PLV 1'
untagged vlan 50

interface 9
name 'PantallaDC ext1'
untagged vlan 51

interface 10
name 'PantallaDC int1'
untagged vlan 51

interface 11
name 'Pantalla Movistar TV'
untagged vlan 18

interface 12
name 'R. Movistar TV 948357728'
untagged vlan 18

interface 13
name 'Puesto Venta 1'
untagged vlan 40

interface 14
name 'Puesto Venta 1'
untagged vlan 40

interface 15
name 'Puesto Venta 2'
untagged vlan 40
interface 16
name 'Puesto Venta 2'
untagged vlan 40

interface 17
name 'Puesto Venta 3'
untagged vlan 40

interface 18
name 'Puesto Venta 3'
untagged vlan 40

interface 19
name 'Puesto Venta 4'
untagged vlan 40

interface 20
name 'Puesto Venta 4'
untagged vlan 40

interface 21
name 'Impresora 1'
untagged vlan 40

interface 22
name 'Impresora 2'
untagged vlan 40

interface 23
name 'AP WIFI 2'
untagged vlan 29
qos trust dot1p
bandwidth-min output 80 0 20 0 0 0 0 strict
service-policy marcadscp in

interface 24
name 'AP WIFI 1'
untagged vlan 29
qos trust dot1p
bandwidth-min output 80 0 20 0 0 0 0 strict
service-policy marcadscp in

interface 25
disable

interface 26
disable
interface 27
disable

interface 28
disable

alias SECCION (12_PUERTO_AP_CLIENTE)

class ipv4 "ControladorCG"


10 match ip 217.124.106.196 0.0.0.0 192.168.134.0 0.0.0.255
20 match ip 217.124.106.196 0.0.0.0 213.0.187.192 0.0.0.63
30 match ip 217.124.106.196 0.0.0.0 213.0.254.0 0.0.0.63
40 match ip 217.124.106.196 0.0.0.0 81.46.92.0 0.0.1.255
50 match ip 217.124.106.196 0.0.0.0 194.224.111.192 0.0.0.63
60 match ip 217.124.106.196 0.0.0.0 213.0.190.192 0.0.0.63
exit

policy qos "marcadscp"


10 class ipv4 "ControladorCG" action dscp cs7
exit

lldp admin-status 23-24 tx_rx

loop-protect mode port


loop-protect 23-24
loop-protect 23-24 receiver-action send-disable
loop-protect disable-timer 600

alias SECCION (FINAL_TACACS)

banner motd "QUEDA PROHIBIDO CUALQUIER ACCESO NO AUTORIZADO\n"


banner exec "AVISO: ha accedido a un sistema propiedad de TELEFONICA.\nNecesita
tener autorizacion antes de usarlo,
estando usted\nestrictamente limitado al uso indicado en dicha autorizacion.\nEl
acceso no autorizado a este sistema o
el uso indebido del\nmismo esta prohibido y es contrario a la Politica
Corporativa\nde Seguridad y a la legislacion
vigente.\nEl uso que realice de este sistema puede ser monitorizado.\n"
mac-age-time 60
include-credentials

logging 192.168.134.79
logging facility local7
logging filter "Severidad" 1 severity info permit
logging filter "Severidad" 2 severity major permit
logging filter "Severidad" default deny
logging filter "Severidad" enable
include-credentials
password manager user-name "admin" sha1 "6622298ec05482928ff0162a9a7f9f56e4fbe943"
snmpv3 engineid "00:00:00:0b:00:00:10:4f:58:23:ee:c0"
tacacs-server host 213.0.190.208 key "nsn1spm"
tacacs-server host 213.0.187.234 key "nsn1spm"
aaa accounting commands stop-only tacacs
aaa accounting exec start-stop tacacs
aaa accounting system stop-only tacacs
aaa authentication login privilege-mode
aaa authentication console login tacacs
aaa authentication console enable tacacs
aaa authentication telnet login tacacs
aaa authentication telnet enable tacacs
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs
no tftp server
loop-protect disable-timer 600
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
radius-server host 10.128.0.109 acct-port 1813 auth-port 1812 key 'Restyling-
TDMovistar'
no reload
write memory

You might also like