! Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.06E RELEASE SOFTWARE (fc1) ! ! Image: Software: CAT3K_CAA-UNIVERSALK9-M, 03.06.06E RELEASE SOFTWARE (fc1) ! Image: Compiled: Sat 17-Dec-16 00:22 by prod_rel_team ! Image: flash:packages.conf ! Chassis type: WS-C3850-48P ! Memory: main 4194304K ! Processor ID: FCW2045C1BM ! CPU: MIPS ! Memory: nvram 2048K ! ! VTP: VTP Version capable : 1 to 3 ! VTP: VTP version running : 1 ! VTP: VTP Domain Name : ! VTP: VTP Pruning Mode : Disabled ! VTP: VTP Traps Generation : Disabled ! VTP: Device ID : 2852.61d9.8900 ! VTP: Feature VLAN: ! VTP: -------------- ! VTP: VTP Operating Mode : Transparent ! VTP: Maximum VLANs supported locally : 1005 ! VTP: Number of existing VLANs : 19 ! VTP: Configuration Revision : 0 ! VTP: MD5 digest : 0x32 0x22 0x76 0x44 0xA3 0x9D 0x60 0xFD ! VTP: 0x9C 0xDA 0x25 0x5C 0xA8 0xFC 0x7D 0x40 ! ! NAME: "c38xx Stack", DESCR: "c38xx Stack" ! PID: WS-C3850-48P , VID: V07 , SN: FCW2045C1BM ! ! NAME: "Switch 1", DESCR: "WS-C3850-48P-S" ! PID: WS-C3850-48P-S , VID: V07 , SN: FCW2045C1BM ! ! NAME: "Switch 1 - Power Supply B", DESCR: "Switch 1 - Power Supply B" ! PID: PWR-C1-715WAC , VID: V02 , SN: LIT20462YQQ ! ! NAME: "Switch 1 FRU Uplink Module 1", DESCR: "2x1G 2x10G Uplink Module" ! PID: C3850-NM-2-10G , VID: V01 , SN: FOC22403WW3 ! ! NAME: "GigabitEthernet1/1/1", DESCR: "1000BaseSX SFP" ! PID: , VID: , SN: 2024122307936 ! ! NAME: "GigabitEthernet1/1/2", DESCR: "1000BaseSX SFP" ! PID: , VID: , SN: 2024122307933 ! ! NAME: "TenGigabitEthernet1/1/3", DESCR: "1000BaseSX SFP" ! PID: , VID: , SN: 2024122307934 ! ! NAME: "TenGigabitEthernet1/1/4", DESCR: "1000BaseSX SFP" ! PID: , VID: , SN: FNS15081GLU ! ! ! ! Last configuration change at 20:51:49 EST Sat Jun 27 2026 by tim2 ! NVRAM config last updated at 08:25:20 EST Sat Jun 27 2026 by tim2 ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service compress-config ! hostname timsablabLayer3Switch ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 $1$ZaLT$qQm2yQh5z.1dh7c68RwxH1 ! username tim2 privilege 15 secret 5 $1$fd65$thFfDiYaPP0qkA1Gyc6IG. username admin privilege 15 secret 5 $1$y8U8$UOXWTc/JBD5Vyi10OEJCV/ username tjohnson privilege 15 secret 5 $1$qKXE$fYrkTuVJH9xpow8aWt9Ji. aaa new-model ! ! aaa group server tacacs+ TACACS_SERVERS server name TACACS1 ! aaa group server radius RADIUS-GROUP server name RADIUS-GROUP ! aaa authentication login default group radius group RADIUS-GROUP local aaa accounting exec default start-stop group radius group RADIUS-GROUP ! ! ! ! ! ! aaa session-id common clock timezone EST -5 0 switch 1 provision ws-c3850-48p ! ! ! ! ! ip routing ! no ip domain-lookup ip domain-name timsablab.ddns.net ip host officeSwitch 192.168.99.16 ip host newBoysBedrromSwitch 192.168.99.15 ip host newLivingroomSwitch 192.168.99.14 ip host pfSense 192.168.99.7 ip host nexusSwitch 192.168.99.5 ip host livingroom_switch 192.168.99.4 ip host basement_switch 192.168.99.3 ip host timsablabLayer3Switch 192.168.99.2 ip host adtran 192.168.99.13 ip host ciscoRouter 192.168.99.6 ip host livingroomswitch 192.168.99.4 ip host basementswitch 192.168.99.3 ip host layer3swtich 192.168.99.2 ip host mikrotik 192.168.99.1 ip dhcp excluded-address 192.168.142.1 192.168.142.50 ip dhcp excluded-address 192.168.110.1 192.168.110.20 ip dhcp excluded-address 192.168.40.1 192.168.40.20 ip dhcp excluded-address 192.168.30.1 ip dhcp excluded-address 192.168.30.2 192.168.30.99 ip dhcp excluded-address 192.168.30.254 ! ip dhcp pool VLAN20 network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 domain-name timsablab.ddns.net dns-server 192.168.99.43 ! ip dhcp pool VLAN132 network 192.168.232.0 255.255.255.0 default-router 192.168.232.1 dns-server 8.8.8.8 1.1.1.1 ! ip dhcp pool VLAN142 network 192.168.242.0 255.255.255.0 default-router 192.168.242.1 dns-server 8.8.8.8 1.1.1.1 ! ip dhcp pool VLAN402 network 192.168.142.0 255.255.255.0 default-router 192.168.142.1 option 42 ip 198.137.202.32 domain-name timsablab.ddns.net dns-server 192.168.99.43 ! ip dhcp pool VLAN110 network 192.168.110.0 255.255.255.0 default-router 192.168.110.1 option 42 ip 192.168.99.1 domain-name timsablab.ddns.net dns-server 192.168.99.43 ! ip dhcp pool VLAN40 network 192.168.40.0 255.255.255.0 default-router 192.168.40.1 domain-name timsablab.ddns.net dns-server 192.168.99.43 ! ip dhcp pool VLAN30-SERVERS network 192.168.30.0 255.255.255.0 default-router 192.168.30.1 domain-name timsablab.ddns.net dns-server 192.168.99.43 lease 7 ! ip dhcp pool VLAN302 network 192.168.132.0 255.255.255.0 default-router 192.168.132.1 dns-server 192.168.99.43 8.8.8.8 domain-name timsablab.ddns.net ! ip dhcp pool VLAN102 network 192.168.102.0 255.255.255.0 default-router 192.168.102.1 dns-server 192.168.99.43 8.8.8.8 1.1.1.1 domain-name timsablab.ddns.net ! ! ipv6 unicast-routing qos queue-softmax-multiplier 100 vtp mode transparent ! flow record TIMSLAB-FLOW-RECORD match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect counter bytes long collect counter packets long ! ! flow exporter TIMSLAB-EXPORTER destination 192.168.99.43 source Vlan99 transport udp 9995 ! ! flow monitor TIMSLAB-MONITOR exporter TIMSLAB-EXPORTER cache timeout active 60 record TIMSLAB-FLOW-RECORD ! ! table-map AutoQos-4.0-Trust-Cos-Table default copy ! ! ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 1-19,21-29,31-39,41-98,101,103-109,111-131,133 priority 4096 spanning-tree vlan 134-141,143-159,161-201,203-301,303-401,403 priority 4096 spanning-tree vlan 404-998,1000-4094 priority 4096 spanning-tree vlan 20,30,40,99-100,102,110,132,142,160,202,302 priority 8192 spanning-tree vlan 402,999 priority 8192 hw-switch switch 1 logging onboard message level 3 ! redundancy mode sso ! ! vlan 20 name vlan020-endpoints ! vlan 30 name vlan030-servers ! vlan 40 name vlan040-users ! vlan 99 name vlan099-mgmt ! vlan 100 name vlan100-dmz ! vlan 102 name vlan102-work ! vlan 110 name CiscoAP ! vlan 132 name vlan132-OPEN ! vlan 142 name vlan142-OPEN ! vlan 160 name vlan160-dirty ! vlan 202 name vlan202-work-voice ! vlan 302 name vlan302-pxe ! vlan 402 name vlan402-lab-voice ! vlan 999 name vlan999-native lldp run ! ip ftp username admin ip ftp password 7 025756085F5359 ! class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue match dscp af41 af42 af43 match cos 4 class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue match dscp af11 af12 af13 match cos 1 class-map match-any AutoQos-4.0-Output-Priority-Queue match dscp cs4 cs5 ef match cos 5 class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue match dscp af31 af32 af33 class-map match-any non-client-nrt-class class-map match-any AutoQos-4.0-Output-Trans-Data-Queue match dscp af21 af22 af23 match cos 2 class-map match-any AutoQos-4.0-Output-Scavenger-Queue match dscp cs1 class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue match dscp cs2 cs3 cs6 cs7 match cos 3 ! policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 policy-map AutoQos-4.0-Output-Policy class AutoQos-4.0-Output-Priority-Queue priority level 1 percent 30 class AutoQos-4.0-Output-Control-Mgmt-Queue bandwidth remaining percent 10 queue-limit dscp cs2 percent 80 queue-limit dscp cs3 percent 90 queue-limit dscp cs6 percent 100 queue-limit dscp cs7 percent 100 queue-buffers ratio 10 class AutoQos-4.0-Output-Multimedia-Conf-Queue bandwidth remaining percent 10 queue-buffers ratio 10 class AutoQos-4.0-Output-Trans-Data-Queue bandwidth remaining percent 10 queue-buffers ratio 10 class AutoQos-4.0-Output-Bulk-Data-Queue bandwidth remaining percent 4 queue-buffers ratio 10 class AutoQos-4.0-Output-Scavenger-Queue bandwidth remaining percent 1 queue-buffers ratio 10 class AutoQos-4.0-Output-Multimedia-Strm-Queue bandwidth remaining percent 10 queue-buffers ratio 10 class class-default bandwidth remaining percent 25 queue-buffers ratio 25 policy-map AutoQos-4.0-Trust-Cos-Input-Policy class class-default set cos cos table AutoQos-4.0-Trust-Cos-Table ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Port-channel1 description BOND_TO_MIKROTIK switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ! interface Port-channel2 description BUNDLE_TO_BASEMENT_SERVER_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ! interface Port-channel3 description BUNDLE_TO_LIVING_ROOM_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ! interface Port-channel4 description BUNDLE_TO_NEXUS_3048 switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ! interface Port-channel5 description LACP_TO_PFSENSE switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk spanning-tree portfast trunk ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet1/0/1 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/2 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/3 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/4 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/5 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/6 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/7 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/8 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/9 description Adtran-VOICE-eth0/2 switchport access vlan 402 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/10 description OPEN-STANDARD switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/11 description Adtran-MGMT-eth0/1 switchport access vlan 99 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 description pfsense-WAN switchport access vlan 30 switchport mode access spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 description pfSense-LAN-access switchport access vlan 99 switchport mode access spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 description LACP_TO_PFSENSE switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 description LACP_TO_PFSENSE switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 description LACP_TO_PFSENSE switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 description LACP_TO_PFSENSE switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 description Cisco_4221 switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk service-policy output AutoQos-4.0-Output-Policy ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface GigabitEthernet1/0/29 ! interface GigabitEthernet1/0/30 ! interface GigabitEthernet1/0/31 ! interface GigabitEthernet1/0/32 ! interface GigabitEthernet1/0/33 ! interface GigabitEthernet1/0/34 ! interface GigabitEthernet1/0/35 ! interface GigabitEthernet1/0/36 ! interface GigabitEthernet1/0/37 ! interface GigabitEthernet1/0/38 ! interface GigabitEthernet1/0/39 ! interface GigabitEthernet1/0/40 description UPLINK_TO_NEW_LIVINGROOM_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk spanning-tree link-type point-to-point service-policy output AutoQos-4.0-Output-Policy ! interface GigabitEthernet1/0/41 description LACP_TO_NEXUS switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet1/0/42 description LACP_TO_NEXUS switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 4 mode active spanning-tree link-type point-to-point ! interface GigabitEthernet1/0/43 description LACP_TO_LIVING_ROOM_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 3 mode active spanning-tree link-type point-to-point ! interface GigabitEthernet1/0/44 description LACP_TO_LIVING_ROOM_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk channel-group 3 mode active spanning-tree link-type point-to-point ! interface GigabitEthernet1/0/45 description LACP_TO_BASEMENT_SERVER_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ip flow monitor TIMSLAB-MONITOR input channel-group 2 mode active ! interface GigabitEthernet1/0/46 description LACP_TO_BASEMENT_SERVER_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ip flow monitor TIMSLAB-MONITOR input channel-group 2 mode active spanning-tree link-type point-to-point ! interface GigabitEthernet1/0/47 description LACP_TO_MIKROTIK switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ip flow monitor TIMSLAB-MONITOR input channel-protocol lacp channel-group 1 mode active ! interface GigabitEthernet1/0/48 description LACP_TO_MIKROTIK switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ip flow monitor TIMSLAB-MONITOR input channel-protocol lacp channel-group 1 mode active spanning-tree bpdufilter enable spanning-tree link-type point-to-point ! interface GigabitEthernet1/1/1 description UPLINK_TO_OFFICE_SWITCH switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk ip flow monitor TIMSLAB-MONITOR input auto qos trust spanning-tree link-type point-to-point service-policy input AutoQos-4.0-Trust-Cos-Input-Policy service-policy output AutoQos-4.0-Output-Policy ! interface GigabitEthernet1/1/2 description UPLINK_SFP2_1G switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk spanning-tree link-type point-to-point ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 description UPLINK_SFP3_10G switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk spanning-tree link-type point-to-point ! interface TenGigabitEthernet1/1/4 description UPLINK_SFP4_10G switchport trunk native vlan 999 switchport trunk allowed vlan 20,30,40,99,100,102,110,132,142,160,202,302,402 switchport trunk allowed vlan add 999 switchport mode trunk spanning-tree link-type point-to-point ! interface Vlan1 no ip address shutdown ! interface Vlan20 description vlan020-endpoints ip address 192.168.20.1 255.255.255.0 ipv6 address FD42:1234:5678:20::1/64 ipv6 nd prefix FD42:1234:5678:20::/64 ipv6 nd ra suppress all ipv6 traffic-filter V6_SUPPRESSED_VLAN_IN in ! interface Vlan30 description vlan030-servers ip address 192.168.30.1 255.255.255.0 ip access-group VLAN30_IN in ipv6 address FD42:1234:5678:30::1/64 ipv6 nd prefix FD42:1234:5678:30::/64 ! interface Vlan40 description vlan040-users ip address 192.168.40.1 255.255.255.0 ip access-group VLAN40_IN in ipv6 address FD42:1234:5678:40::1/64 ipv6 nd prefix FD42:1234:5678:40::/64 ! interface Vlan99 description vlan099-mgmt - MikroTik owns gateway ip address 192.168.99.2 255.255.255.0 ip access-group VLAN99_IN in ip ospf priority 255 ipv6 address FD42:1234:5678:99::2/64 ipv6 nd ra suppress all ! interface Vlan100 description vlan100-dmz no ip address shutdown ! interface Vlan102 description vlan102-work ip address 192.168.102.1 255.255.255.0 ip access-group VLAN102_IN in ! interface Vlan110 description CiscoAP ip address 192.168.110.1 255.255.255.0 ! interface Vlan132 description vlan132-guest1 ip address 192.168.232.1 255.255.255.0 ip access-group GUEST_DIRTY_IN in ipv6 address FD42:1234:5678:132::1/64 ipv6 nd prefix FD42:1234:5678:132::/64 ipv6 nd ra suppress all ipv6 traffic-filter V6_SUPPRESSED_VLAN_IN in ! interface Vlan142 description vlan142-guest2 ip address 192.168.242.1 255.255.255.0 ip access-group GUEST_DIRTY_IN in ipv6 address FD42:1234:5678:142::1/64 ipv6 nd prefix FD42:1234:5678:142::/64 ipv6 nd ra suppress all ipv6 traffic-filter V6_SUPPRESSED_VLAN_IN in ! interface Vlan160 description vlan160-dirty no ip address shutdown ! interface Vlan202 description vlan202-work-voice no ip address shutdown ! interface Vlan302 description vlan302-pxe ip address 192.168.132.1 255.255.255.0 ipv6 nd ra suppress all ipv6 traffic-filter V6_SUPPRESSED_VLAN_IN in ! interface Vlan402 description vlan402-lab-voice ip address 192.168.142.1 255.255.255.0 ipv6 address FD42:1234:5678:402::1/64 ipv6 nd prefix FD42:1234:5678:402::/64 ipv6 nd ra suppress all ipv6 traffic-filter V6_SUPPRESSED_VLAN_IN in ! interface Vlan999 description vlan999-native no ip address ! router ospf 1 router-id 192.168.99.2 network 192.168.99.0 0.0.0.255 area 0 ! ip forward-protocol nd no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.99.254 ip route 0.0.0.0 0.0.0.0 192.168.99.6 10 ip tacacs source-interface Vlan99 ip ssh version 2 ip ssh pubkey-chain username tim2 key-hash ssh-rsa 1A9C4E43FCD67336751D5BD2CE69A682 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip scp server enable ! ip access-list standard MGMT_ACCESS permit 192.168.99.0 0.0.0.255 permit 10.0.30.0 0.0.0.255 permit 172.31.255.0 0.0.0.3 ! ip access-list extended GUEST_DIRTY_IN permit ip 192.168.232.0 0.0.0.255 host 192.168.232.1 permit ip 192.168.242.0 0.0.0.255 host 192.168.242.1 deny ip 192.168.232.0 0.0.0.255 192.168.0.0 0.0.255.255 deny ip 192.168.232.0 0.0.0.255 172.16.0.0 0.15.255.255 deny ip 192.168.232.0 0.0.0.255 10.0.0.0 0.255.255.255 deny ip 192.168.242.0 0.0.0.255 192.168.0.0 0.0.255.255 deny ip 192.168.242.0 0.0.0.255 172.16.0.0 0.15.255.255 deny ip 192.168.242.0 0.0.0.255 10.0.0.0 0.255.255.255 permit ip any any ip access-list extended VLAN102_IN permit ip 192.168.102.0 0.0.0.255 host 192.168.99.43 permit tcp 192.168.102.0 0.0.0.255 host 192.168.100.10 eq www 443 permit tcp 192.168.102.0 0.0.0.255 192.168.30.0 0.0.0.255 eq www 443 22 3389 permit icmp 192.168.102.0 0.0.0.255 192.168.30.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 192.168.99.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 192.168.20.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 192.168.40.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 192.168.110.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 192.168.132.0 0.0.0.255 permit ip 192.168.102.0 0.0.0.255 any ip access-list extended VLAN30_IN permit ip 192.168.30.0 0.0.0.255 host 192.168.99.43 permit icmp 192.168.30.0 0.0.0.255 192.168.99.0 0.0.0.255 permit tcp 192.168.30.0 0.0.0.255 192.168.99.0 0.0.0.255 eq 161 cmd 8090 3000 permit ip 192.168.30.0 0.0.0.255 any ip access-list extended VLAN40_IN permit udp any any eq bootps bootpc permit ip 192.168.40.0 0.0.0.255 host 192.168.99.43 permit ip 192.168.40.0 0.0.0.255 host 192.168.99.44 permit tcp 192.168.40.0 0.0.0.255 host 192.168.100.10 eq www 443 permit tcp 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255 eq www 443 22 3389 8789 permit tcp 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 445 permit icmp 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255 permit icmp 192.168.40.0 0.0.0.255 host 192.168.99.43 permit ip 192.168.40.0 0.0.0.255 host 192.168.99.176 deny ip 192.168.40.0 0.0.0.255 192.168.99.0 0.0.0.255 deny ip 192.168.40.0 0.0.0.255 192.168.20.0 0.0.0.255 deny ip 192.168.40.0 0.0.0.255 192.168.102.0 0.0.0.255 deny ip 192.168.40.0 0.0.0.255 192.168.110.0 0.0.0.255 deny ip 192.168.40.0 0.0.0.255 192.168.132.0 0.0.0.255 permit ip 192.168.40.0 0.0.0.255 any ip access-list extended VLAN99_IN permit ip 192.168.99.0 0.0.0.255 any permit ip any any ! access-list 10 permit 192.168.99.1 access-list 11 permit 192.168.99.0 0.0.0.255 ipv6 route ::/0 FD42:1234:5678:99::1 ! snmp-server engineID local 000000000000000000000001 snmp-server group PRTG-GROUP v3 priv access 11 snmp-server community public RO snmp-server location Homelab snmp-server contact tim2 tacacs server TACACS1 address ipv4 192.168.30.101 key 7 12330A041A1E0D577E7A7608 ! radius server RADIUS-GROUP address ipv4 192.168.99.43 auth-port 1812 acct-port 1813 key 7 0521091C29594F5A4D544532 ! ! ! ipv6 access-list V6_SUPPRESSED_VLAN_IN remark Allow required IPv6 neighbor discovery permit icmp any any nd-ns permit icmp any any nd-na permit icmp any any router-solicitation remark Block suppressed VLANs from initiating to internal ULA deny ipv6 any FD42:1234:5678::/48 log remark Permit anything else for safety permit ipv6 any any ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 stopbits 1 line vty 0 4 access-class MGMT_ACCESS in exec-timeout 0 0 privilege level 15 logging synchronous transport input all line vty 5 15 access-class MGMT_ACCESS in exec-timeout 0 0 privilege level 15 logging synchronous transport input all ! ntp source Vlan99 ntp access-group peer 10 ntp access-group serve-only 11 ntp server 192.168.99.1 ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ! ap group default-group end