8/9/2019 LPZ14F (1)

1/8

-------------------------------------------BASIC CONFIG---------------------------------------------------------------no service padservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryption!hostname LPZ14SWA!boot-start-markerboot-end-marker!logging buffered 32768!username techsupport privilege 15 secret u@$no aaa new-modelclock timezone PHT 8 0switch 1 provision ws-c3750x-48pswitch 2 provision ws-c3750x-48psystem mtu routing 1500ip dhcp excluded-address 10.70.40.1 10.70.40.20!ip dhcp pool VLAN_407

network 10.70.40.0 255.255.252.0default-router 10.70.40.1dns-server 10.0.149.3 10.0.149.4lease 7!!ip dhcp snooping vlan 407ip dhcp snoopingno ip domain-lookupip domain-name meralco.com.phvtp domain MERALCOvtp mode transparentudld enable

udld message time 7

!!!!spanning-tree mode mstspanning-tree mst configurationname MERALCO_CLANinstance 4094 vlan 1-4094instance 0 vlan 1,800,880instance 1 vlan 290,401-424,470

revision 1

spanning-tree mst 0 priority 61440spanning-tree mst 1 priority 61440!!!!!errdisable recovery cause bpduguard

8/9/2019 LPZ14F (1)

2/8

errdisable recovery cause channel-misconfig (STP)errdisable recovery cause storm-controlerrdisable recovery cause loopbackerrdisable recovery interval 900!!!!vlan internal allocation policy ascending!vlan 40name SCADA-EBS!vlan 41name SCADA_PRIV_NETWORK!vlan 103name VRRP_68!vlan 173name LOPEZ_MGE_UPS!vlan 290name ALU_WirelessAP_Mgmt

!vlan 300name ENT_WIFI_FACILITY!vlan 301name WIFI_HOTSPOT_UPLINK!vlan 305name INTERNET_SEGMENT!vlan 316name 3RD_ISP!

vlan 320name METER_TEST_VLAN!vlan 321name AMR_BACKHAUL!vlan 400!vlan 401name DATA_LPZ02F!vlan 402name DATA_LPZ03F

!vlan 403name DATA_LPZ04F!vlan 404name DATA_LPZ06F!vlan 405name DATA_LPZ09F!

8/9/2019 LPZ14F (1)

3/8

vlan 406name DATA_LPZ11F!vlan 407name DATA_LPZ14F!vlan 408name DATA_LPZ16F!vlan 409name DATA_TSB02F!vlan 410name DATA_TSB03F!vlan 411name DATA_TSB04F!vlan 412name DATA_LPZ05F!vlan 413name DATA_CWC!

vlan 414name DATA_OPB!vlan 415name DATA_HRB!vlan 416name DATA_GS!vlan 417name DATA_TRF!vlan 418

name DATA_SCB!vlan 419name DATA_JLB!vlan 420name DATA_BG!vlan 421name DATA_LTC!vlan 422name DATA_TRC

!vlan 423name DATA_BSC03F!vlan 424name DATA_BSC01F!vlan 425!vlan 470

8/9/2019 LPZ14F (1)

4/8

name CLAN_MGMT!vlan 500name Intranet_Portal_Dev!vlan 502name IDP_CORP_CNXN!vlan 503!vlan 505name Mrktng_Creative_Team!vlan 509!vlan 518name FACILITIES_ACU_MGNT!vlan 520name UCS_DEV_VLAN!vlan 522name 3rd_ISP_DHCP_enabled!

vlan 523name PLDT_FTH_INTERNET!vlan 525name LSummit_WiFi_AP!vlan 527name MOC_CCTV!vlan 540name MeterCamera!vlan 566

name Vidyo!vlan 567name Training_ADMS!vlan 650!vlan 751name PLDT_IPTV!vlan 800name VoiceVlan!

vlan 880name Call_Center!vlan 999!vlan 1188name TV5_INTL_FEED!vlan 2012name Video_Conf_POC

8/9/2019 LPZ14F (1)

5/8

!vlan 3364name IP_TV!!!!interface FastEthernet0no ip addressshutdown!

!

-------------------------------------------------PORT CONFIG--------------------------------------------------------------------!FOR:

interface range GigabitEthernet1/0/1-48, GigabitEthernet2/0/1-48switchport access vlan 1switchport mode accesspower inline neverno logging event link-status

speed 100duplex fullsrr-queue bandwidth share 1 25 60 5priority-queue outno snmp trap link-statusmls qos trust dscpstorm-control broadcast level 10.00spanning-tree portfastswitchport port-securityswitchport port-security maximum 5switchport port-security violation shutdown!!FOR:

int range g1/1/1,g2/1/1switchport trunk allowed vlan 1,40,41,103,173,290,300,301,305,316,320,321switchport trunk allowed vlan add 400-424,470,500-503,505,509,518,520,522,523switchport trunk allowed vlan add 525,527,540,566,567,751,800,880,1188,2012,3364description Uplink to MOCSW02switchport trunk encapsulation dot1qswitchport trunk native vlan 999switchport mode trunkswitchport nonegotiatemls qos trust dscpstorm-control broadcast level 10.00storm-control multicast level 40.00

ip dhcp snooping trustip dhcp snooping information option allow-untrusted!!!!!!!!!!!!!!!!!!!FOR: wireless configint gX/X/Xswitchport access vlan 292switchport mode accesspower inline neverno logging event link-statusspeed 100duplex full

8/9/2019 LPZ14F (1)

6/8

srr-queue bandwidth share 1 25 60 5priority-queue outno snmp trap link-statusmls qos trust dscpstorm-control broadcast level 10.00spanning-tree portfastswitchport port-securityswitchport port-security maximum 5switchport port-security violation shutdown!!FOR:int port-channel 1switchport trunk allowed vlan 1,40,41,103,173,290,300,301,305,316,320,321switchport trunk allowed vlan add 400-424,470,500-503,505,509,518,520,522,523switchport trunk allowed vlan add 525,527,540,566,567,751,800,880,1188,2012,3364description Uplink to MOCSW02switchport trunk encapsulation dot1qswitchport trunk native vlan 999switchport trunk allowed vlan 409,470,800switchport mode trunkswitchport nonegotiatemls qos trust dscp

storm-control broadcast level 10.00storm-control multicast level 40.00ip dhcp snooping trustip dhcp snooping information option allow-untrusted!interface Vlan1no ip addressshutdown!interface Vlan407description DHCP Interfaceip address 10.70.40.2 255.255.252.0!

interface Vlan470description Management Interfaceip address 10.70.1.13 255.255.255.0!no ip http serverno ip http secure-server!!ip access-list extended ADMINISTRATORSpermit tcp 192.168.128.0 0.0.0.255 any eq telnetpermit tcp 192.168.128.0 0.0.0.255 any eq 22permit tcp 192.168.129.0 0.0.0.255 any eq telnetpermit tcp 192.168.129.0 0.0.0.255 any eq 22

permit tcp host 10.0.133.2 any eq telnetpermit tcp host 10.0.133.2 any eq 22permit tcp host 10.0.138.131 any eq telnetpermit tcp host 10.0.138.131 any eq 22permit tcp host 10.0.129.161 any eq telnetpermit tcp host 10.0.129.161 any eq 22permit tcp host 10.0.157.99 any eq telnetpermit tcp host 10.0.157.99 any eq 22ip access-list extended Permit_DHCP_Onlypermit udp any any eq bootps

8/9/2019 LPZ14F (1)

7/8

permit udp any any eq bootpc!ip sla enable reaction-alertslogging trap warningslogging host 192.168.128.6!snmp-server community primelms_RO ROsnmp-server enable traps snmp authentication linkdown linkup coldstart warmstartsnmp-server enable traps flowmonsnmp-server enable traps transceiver allsnmp-server enable traps call-home message-send-fail server-failsnmp-server enable traps ttysnmp-server enable traps eigrpsnmp-server enable traps ospf state-changesnmp-server enable traps ospf errorssnmp-server enable traps ospf retransmitsnmp-server enable traps ospf lsasnmp-server enable traps ospf cisco-specific state-change nssa-trans-changesnmp-server enable traps ospf cisco-specific state-change shamlink interfacesnmp-server enable traps ospf cisco-specific state-change shamlink neighborsnmp-server enable traps ospf cisco-specific errorssnmp-server enable traps ospf cisco-specific retransmitsnmp-server enable traps ospf cisco-specific lsasnmp-server enable traps license

snmp-server enable traps auth-framework sec-violationsnmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistencysnmp-server enable traps clustersnmp-server enable traps config-copysnmp-server enable traps configsnmp-server enable traps config-ctidsnmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlansnmp-server enable traps energywisesnmp-server enable traps fru-ctrlsnmp-server enable traps entitysnmp-server enable traps event-manager

snmp-server enable traps hsrpsnmp-server enable traps ipmulticastsnmp-server enable traps ike policy addsnmp-server enable traps ike policy deletesnmp-server enable traps ike tunnel startsnmp-server enable traps ike tunnel stopsnmp-server enable traps ipsec cryptomap addsnmp-server enable traps ipsec cryptomap deletesnmp-server enable traps ipsec cryptomap attachsnmp-server enable traps ipsec cryptomap detachsnmp-server enable traps ipsec tunnel startsnmp-server enable traps ipsec tunnel stopsnmp-server enable traps ipsec too-many-sas

snmp-server enable traps power-ethernet group 1snmp-server enable traps power-ethernet group 2snmp-server enable traps power-ethernet group 3snmp-server enable traps power-ethernet group 4snmp-server enable traps power-ethernet policesnmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-messagesnmp-server enable traps cpu thresholdsnmp-server enable traps repsnmp-server enable traps ipsla

8/9/2019 LPZ14F (1)

8/8

snmp-server enable traps vstacksnmp-server enable traps bridge newroot topologychangesnmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistencysnmp-server enable traps syslogsnmp-server enable traps vtpsnmp-server enable traps vlancreatesnmp-server enable traps vlandeletesnmp-server enable traps flash insertion removalsnmp-server enable traps port-securitysnmp-server enable traps envmon fan shutdown supply temperature statussnmp-server enable traps stackwisesnmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-downsnmp-server enable traps errdisablesnmp-server enable traps mac-notification change move thresholdsnmp-server enable traps vlan-membership!banner motd ^C============================================================================********************************** WARNING *********************************This is a private property of MERALCO. Only AUTHORIZED MERALCO personnel areallowed to access this network device. All activities on this device loggedand saved. Violators of policies governing this system are subject todiciplinary action and may be reported to law enforcement.

****************************************************************************Avoid prosecution. If you have accidentally accessed this system,LOG-OFF IMMEDIATELY.

============================================================================^C!line con 0exec-timeout 5 0logging synchronouslogin localline vty 0 4exec-timeout 5 0

logging synchronouslogin localtransport input telnet sshline vty 5 15exec-timeout 5 0logging synchronouslogin localtransport input telnet ssh!ntp server 10.80.0.9ntp server 10.80.0.10mac address-table aging-time 1200end