SWITCH_AGENZIA_Template#conf t service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname FDO-AG221N-SW0 ! enable secret 5 $1$mERr$2kSZR9DN2ofxLllbGij.S1 ! ! ! username cisco privilege 15 password 7 0822455D0A16061E010803 username findo_recovery privilege 15 password 7 04490E050037495C1026031E1C0F03 username recovery_user privilege 15 password 7 0214015804100A3355711918160405041E00 ! aaa new-model ! ! aaa group server radius ISE server name NACPROD01 server name NACPROD02 ip radius source-interface Vlan9 ! ! aaa authentication login default group tacacs+ local aaa authentication dot1x default group ISE aaa authorization exec default group tacacs+ local none aaa authorization commands 15 default local group tacacs+ aaa authorization network default group ISE aaa accounting update newinfo periodic 2880 aaa accounting dot1x default start-stop group ISE aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ ! aaa server radius dynamic-author client 10.169.59.4 server-key 7 11584C5625460F5D1139 client 10.169.59.5 server-key 7 075E741F7C5D1D540201 ! aaa session-id common clock timezone CET 1 0 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 ! device-sensor filter-list dhcp list DHCP-LIST option name host-name option name requested-address option name parameter-request-list option name class-identifier option name client-identifier ! device-sensor filter-list lldp list LLDP-LIST tlv name system-name tlv name system-description tlv name system-capabilities ! device-sensor filter-list cdp list CDP-LIST tlv name device-name tlv name address-type tlv name capabilities-type tlv name version-type tlv name platform-type device-sensor filter-spec dhcp include list DHCP-LIST device-sensor filter-spec lldp include list LLDP-LIST device-sensor filter-spec cdp include list CDP-LIST device-sensor accounting device-sensor notify all-changes no ip source-route ! ! no ip domain-lookup ip domain-name telecomitalia.it crypto key generate rsa general-keys modulus 1024 vtp domain AG221 vtp mode transparent ! ! authentication mac-move permit access-session acl default passthrough ! ! dot1x system-auth-control dot1x critical eapol ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! ! ! ! vlan internal allocation policy ascending ! vlan 9 name MANAGEMENT ! vlan 10 name PC ! vlan 20 name VOIP ! vlan 21 name VIDEO ! vlan 30 name STAMPANTI ! vlan 40 name SERVICE ! vlan 41 name TVCC ! vlan 45 name VETRINE-DIGITALI ! vlan 46 name BADGE ! vlan 666 name REMEDIATION ! VLAN 50 NAME WIFI ! ! lldp run ! interface GigabitEthernet1/0/1 description **FDO-AG221N-R0** switchport mode trunk no shut interface range GigabitEthernet1/0/2 - 8 description ** Endpoints and Users ** switchport access vlan 10 switchport mode access switchport voice vlan 20 authentication control-direction in authentication event server dead action reinitialize vlan 10 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server dynamic authentication violation restrict mab dot1x pae authenticator dot1x timeout tx-period 7 dot1x max-reauth-req 3 spanning-tree portfast edge ! interface range GigabitEthernet1/0/13 - 23 description ** Endpoints and Users ** switchport access vlan 10 switchport mode access switchport voice vlan 20 authentication control-direction in authentication event server dead action reinitialize vlan 10 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server dynamic authentication violation restrict mab dot1x pae authenticator dot1x timeout tx-period 7 dot1x max-reauth-req 3 spanning-tree portfast edge ! interface range GigabitEthernet1/0/9 - 10 description ** Video ** switchport access vlan 21 switchport mode access switchport voice vlan 20 authentication control-direction in authentication event server dead action reinitialize vlan 21 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server dynamic authentication violation restrict mab dot1x pae authenticator dot1x timeout tx-period 7 dot1x max-reauth-req 3 spanning-tree portfast edge ! interface range GigabitEthernet1/0/11 - 12 description ** Stampanti ** switchport access vlan 30 switchport mode access switchport voice vlan 20 authentication control-direction in authentication event server dead action reinitialize vlan 30 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server dynamic authentication violation restrict mab dot1x pae authenticator dot1x timeout tx-period 7 dot1x max-reauth-req 3 spanning-tree portfast edge ! interface GigabitEthernet1/0/24 description ** TVCC ** switchport access vlan 41 switchport mode access switchport voice vlan 20 authentication control-direction in authentication event server dead action reinitialize vlan 41 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server dynamic authentication violation restrict mab dot1x pae authenticator dot1x timeout tx-period 7 dot1x max-reauth-req 3 spanning-tree portfast edge interface rang gi1/0/25-28 shut interface Vlan1 no ip address shutdown ! interface Vlan9 description MANAGEMENT ip address 172.23.1.68 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp no shut ! ip default-gateway no ip http server no ip http secure-server ip http secure-active-session-modules none ip http max-connections 48 ip http active-session-modules none ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ip tacacs source-interface Vlan9 ! ip access-list extended ACL-POSTURE-REDIRECT deny udp any eq bootpc any eq bootps deny udp any any eq domain deny udp any host 10.169.59.4 eq 8905 deny udp any host 10.169.59.5 eq 8905 deny tcp any host 10.169.59.4 eq 8905 deny tcp any host 10.169.59.5 eq 8905 deny udp any host 10.169.59.4 eq 8909 deny udp any host 10.169.59.5 eq 8909 deny tcp any host 10.169.59.4 eq 8909 deny tcp any host 10.169.59.5 eq 8909 deny tcp any host 10.169.59.4 eq 8443 deny tcp any host 10.169.59.5 eq 8443 permit ip any any ip access-list extended ACL_WEBAUTH_REDIRECT deny ip any host 10.169.59.4 deny ip any host 10.169.59.5 permit tcp any any eq www permit tcp any any eq 443 ip access-list extended BLOCKHOLE permit tcp any any eq www permit tcp any any eq 443 ip access-list extended IPV4_PRE_AUTH_ACL permit udp any any eq bootpc permit udp any any eq domain deny ip any any logging trap warnings logging facility local3 logging source-interface Vlan9 logging host 10.101.101.101 access-list 20 permit 10.100.50.95 access-list 20 permit 10.100.50.120 access-list 20 permit 10.100.50.100 access-list 20 permit 10.101.101.50 access-list 20 permit 10.101.101.51 access-list 20 permit 10.101.102.50 access-list 20 permit 10.100.50.97 access-list 20 permit 10.100.50.10 access-list 20 permit 10.100.57.50 access-list 20 permit 10.101.101.101 access-list 20 permit 10.100.56.149 access-list 20 permit 10.169.58.68 access-list 20 permit 10.101.101.241 access-list 20 permit 10.100.50.161 access-list 20 permit 10.155.241.0 0.0.0.255 access-list 20 permit 10.100.250.0 0.0.0.255 access-list 20 permit 172.23.1.65 access-list 51 permit 10.100.50.95 access-list 51 permit 10.100.50.100 access-list 51 permit 10.101.101.101 access-list 51 permit 10.155.241.0 0.0.0.255 access-list 66 permit 10.101.101.101 access-list 78 permit 10.155.241.0 0.0.0.255 access-list 78 deny any access-list 79 permit 10.155.241.0 0.0.0.255 access-list 79 deny any ! snmp-server community r23771 RO 78 snmp-server community c20176 RW 79 snmp-server community Findo_RW RW 66 snmp-server community findo RO 51 snmp-server community ISENAC RO snmp-server trap timeout 120 snmp-server packetsize 4096 snmp-server location PALERMO_LAZIO_AG221 snmp-server contact Reti e Sistemi Telefonici snmp-server system-shutdown snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon fan shutdown supply temperature status snmp-server host 10.101.101.101 Findo_RW snmp-server host 10.155.241.2 undefined snmp ifmib ifindex persist tacacs-server host 10.155.241.3 tacacs-server directed-request tacacs-server key 7 012703085E08090202626F ! radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include radius-server attribute 31 mac format ietf upper-case radius-server attribute 31 send nas-port-detail mac-only radius-server dead-criteria time 10 tries 3 radius-server deadtime 15 ! radius server NACPROD01 address ipv4 10.169.59.4 auth-port 1812 acct-port 1813 automate-tester username test-user ignore-acct-port probe-on key 7 0257510839520B70595D ! radius server NACPROD02 address ipv4 10.169.59.5 auth-port 1812 acct-port 1813 automate-tester username test-user ignore-acct-port probe-on key 7 101F5C4A3743165A1917 ! banner exec ^CCCCCC ************************************************************************* ************************************************************************* Telecom Italia S.p.A. Cliente....: FINDOMESTIC BANCA SPA Hostname...: FDO-AG221N-SW0 Apparato...: Cisco 2960-X 24 porte Sede.......: FILIALE PALERMO Comune.....: PALERMO Indirizzo..: V.LE LAZIO N° 132 ************************************************************************* ******************* Ogni accesso non autorizzato e' vietato ************* ************************ Unauthorized access is denied ****************** ************************************************************************* ************************************************************************* ^C banner motd ^CCCCC ---------------------------- Telecom Italia S.p.A. ----------------------------- UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access or configure this device. All activities performed on this device may be logged based on TI Security Policy. -------------------------------------------------------------------------------- L'ACCESSO NON AUTORIZZATO A QUESTO DISPOSITIVO E' PROIBITO. Per accedere o configurare questo apparato e' necessario ottenere un permesso esplicito. Tutte le attivita' condotte su questo apparato possono essere registrate, in conformita' alle Security Policy di TI. Le violazioni a questa politica possono comportare azioni disciplinari e possono essere comunicate all'Autorita' Giudiziaria. L'utilizzo del sistema puo' essere monitorato senza ulteriori avvisi le leggi sulla Privacy non sono vigenti per l'utilizzo di questo apparato. ^C ! line con 0 exec-timeout 0 0 line vty 0 4 exec-timeout 3 0 password 7 104D000A0618 transport input all line vty 5 15 exec-timeout 3 0 password 7 094F471A1A0A transport input all ! ntp source Vlan9 ntp server 10.155.241.2 ntp server 10.155.241.3 ! end