! ! Last configuration change at 10:52:31 MNT Wed Jan 16 2019 by pingpongguy ! NVRAM config last updated at 17:18:46 MNT Thu Jan 17 2019 by pingpongguy ! version 12.2 no service pad service tcp-keepalives-in service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname krar-1125-whse-swa1 ! boot-start-marker boot-end-marker ! logging buffered 64000 informational no logging console no logging monitor ! ! ! aaa new-model ! ! aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization console aaa authorization config-commands aaa authorization exec default group tacacs+ none aaa authorization commands 1 default group tacacs+ none aaa authorization commands 15 default group tacacs+ none aaa authorization network default group tacacs+ none aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ ! ! ! aaa session-id common clock timezone MNT -7 clock summer-time MDT recurring system mtu routing 1500 no ip source-route ! ! no ip domain-lookup ip domain-name net.dvn ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! vlan internal allocation policy ascending ! ! ! interface GigabitEthernet0/1 description Admin PC switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/2 description SecurityCamera switchport access vlan 6 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/3 description SecurityCamera switchport access vlan 6 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/4 description krar-fo1-sw3.41c5 switchport access vlan 5 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/5 description Admin PC switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/6 description Admin PC switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/7 description Admin PC switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/8 description Admin PC switchport access vlan 3 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/9 description krar-1125-term-swa1 G1/0/26 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/10 description Reserved switchport mode access shutdown spanning-tree portfast ! interface Vlan1 no ip address no ip route-cache no ip mroute-cache shutdown ! interface Vlan2 description ## SCADA Vlan no ip address ! interface Vlan3 description ## Admin Vlan ip address 10.75.45.5 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp no ip route-cache no ip mroute-cache no snmp trap link-status ! ip default-gateway 10.75.45.1 ip classless no ip http server no ip http secure-server ! ip access-list extended AccessControl permit ip host 10.52.5.69 any permit ip host 10.64.132.69 any permit ip 172.16.5.0 0.0.0.255 any permit ip 172.20.5.0 0.0.0.255 any permit ip 172.24.225.0 0.0.0.255 any permit ip 172.25.225.0 0.0.0.255 any permit tcp host 63.99.29.18 any eq 22 permit tcp host 63.99.29.40 any eq 22 permit tcp host 206.47.24.18 any eq 22 permit tcp host 206.47.24.169 any eq 22 ip access-list extended scada_in deny ip any any log ! ip sla enable reaction-alerts logging trap warnings logging 10.64.135.35 logging 172.25.20.61 access-list 96 permit 172.18.2.37 access-list 96 permit 172.18.18.21 access-list 97 permit 10.66.37.101 access-list 97 permit 10.52.12.12 access-list 97 permit 172.16.32.30 access-list 97 permit 172.16.32.31 access-list 97 permit 172.20.32.30 access-list 97 permit 172.20.32.31 access-list 97 permit 172.16.12.104 access-list 97 permit 172.16.32.116 access-list 97 permit 10.64.146.32 access-list 97 permit 172.16.5.0 0.0.0.255 access-list 97 permit 172.20.5.0 0.0.0.255 access-list 97 permit 172.24.225.0 0.0.0.255 access-list 97 permit 172.25.225.0 0.0.0.255 access-list 98 permit 172.25.36.129 access-list 98 permit 172.25.17.190 access-list 98 permit 172.22.136.17 access-list 98 permit 172.18.200.80 access-list 98 permit 172.18.136.27 access-list 98 permit 172.18.2.121 access-list 98 permit 172.18.66.57 access-list 98 permit 172.18.2.122 access-list 98 permit 172.25.40.78 ! snmp-server view mib-exclude iso included snmp-server view mib-exclude lldpMIB excluded snmp-server view HPmib-exclude iso included snmp-server view HPmib-exclude lldpMIB excluded snmp-server view HPmib-exclude at excluded snmp-server view HPmib-exclude snmpUsmMIB excluded snmp-server view HPmib-exclude snmpVacmMIB excluded snmp-server view HPmib-exclude snmpCommunityMIB excluded snmp-server view HPmib-exclude ip.21 excluded snmp-server view HPmib-exclude ip.22 excluded snmp-server location Kirby Lake, AB snmp-server contact ENS snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific state-change nssa-trans-change snmp-server enable traps ospf cisco-specific state-change shamlink interface-old snmp-server enable traps ospf cisco-specific state-change shamlink neighbor snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps license snmp-server enable traps auth-framework sec-violation snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency snmp-server enable traps cluster snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps energywise snmp-server enable traps fru-ctrl snmp-server enable traps entity snmp-server enable traps event-manager snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps power-ethernet group 1 snmp-server enable traps power-ethernet police snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps cpu threshold snmp-server enable traps rep snmp-server enable traps rtr snmp-server enable traps vstack snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps errdisable snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership tacacs-server host 172.25.243.22 tacacs-server host 172.24.243.22 tacacs-server timeout 6 tacacs-server directed-request ! banner exec ^C ***********************SYSTEM DESCRIPTION************************ * * * NAME: krar-1125-whse-swa1 * * LOCATION: Kirby Lake Aerodrome Warehouse * * CORPORATION: Devon Canada Corporation * * CONTACT: Enterprise Network Services * * DESCRIPTION: Cisco WS-C3560CG-8PC-S * * ASSET#: * ***************************************************************** ^C banner motd ^CCC **************************SECURITY NOTICE**************************** * ACCESS TO THIS SYSTEM IS RESTRICTED TO AUTHORIZED PERSONNEL ONLY. * USAGE OF THIS SYSTEM MAY BE LOGGED AND/OR MONITORED WITHOUT NOTICE. * DISCONNECT IMMEDIATELY IF YOU ARE NOT AN AUTHORIZED USER! *********************************************************************^C ! line con 0 exec-timeout 15 0 line vty 0 4 access-class AccessControl in exec-timeout 15 0 privilege level 15 transport input ssh line vty 5 15 access-class AccessControl in exec-timeout 15 0 privilege level 15 transport input ssh ! ntp clock-period 22518537 ntp source Vlan3 ntp server 172.20.2.34 ntp server 172.20.2.33 prefer end