Hello,
I am trying to setup a PIX 515, Cisco 2610 and Cisco 2924cXL switch. I am having trouble with access to the DMZ from the internal lan thru the PIX.
I can ping a server in the dmz from the PIX but not from the router.
Router Config
Building configuration...
Current configuration : 3399 bytes
!
! No configuration change since last restart
!
version 12.3
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname Limestone
!
boot-start-marker
boot-end-marker
!
logging buffered 7000 debugging
enable secret 5 $1$xHj9$l9/PcIdxR1pb.TkBPx/J1/
enable password mlowe
!
memory-size iomem 10
clock timezone CST -6
clock summer-time CDT recurring
no aaa new-model
ip subnet-zero
ip flow-cache timeout active 1
ip cef
!
!
ip dhcp excluded-address 172.18.14.1 172.18.14.30
ip dhcp excluded-address 172.18.14.230 172.18.14.254
ip dhcp excluded-address 172.18.14.40 172.18.14.45
ip dhcp excluded-address 172.18.14.100 172.18.14.110
!
ip dhcp pool pool1
import all
network 172.18.14.0 255.255.255.0
dns-server 172.16.3.16 172.18.14.100
default-router 172.18.14.1
netbios-name-server 172.16.3.16 172.18.14.100
domain-name brazos-ra.dst.tx.us
lease 0 0 15
!
!
!
!
!
class-map match-all Streaming-Video
match access-group 103
class-map match-all Video-Conf
match access-group 102
!
!
policy-map QoS-Policy
class Video-Conf
bandwidth 460
class Streaming-Video
bandwidth 150
class class-default
fair-queue
!
!
!
interface Ethernet0/0
ip address 172.18.14.1 255.255.255.0
ip route-cache flow
full-duplex
!
interface Serial0/0
bandwidth 1536
ip address 172.16.6.14 255.255.255.252
encapsulation frame-relay
ip route-cache flow
logging event subif-link-status
logging event dlci-status-change
no fair-queue
service-module t1 timeslots 1-24
frame-relay class cisco
frame-relay traffic-shaping
frame-relay interface-dlci 16
frame-relay lmi-type ansi
!
router eigrp 100
redistribute static
network 172.16.0.0
network 172.18.0.0
no auto-summary
!
no ip http server
ip flow-export source Ethernet0/0
ip flow-export version 5
ip flow-export destination 172.16.3.75 9996
ip classless
ip route 172.18.2.0 255.255.255.0 172.18.14.2
!
!
!
map-class frame-relay cisco
frame-relay cir 1544000
frame-relay bc 15440
frame-relay mincir 1544000
service-policy output QoS-Policy
logging trap debugging
logging source-interface Ethernet0/0
logging 172.16.3.75
access-list 102 permit ip any any dscp cs4
access-list 102 permit ip any any dscp af41
access-list 102 permit tcp any any eq 1720
access-list 102 permit udp any any eq 1720
access-list 102 permit tcp any any range 3230 3237
access-list 102 permit udp any any range 3230 3237
access-list 102 permit tcp any any range 1720 1725
access-list 102 permit udp any any range 1720 1743
access-list 103 permit ip any any dscp cs1
access-list 103 permit ip any any dscp af13
access-list 103 permit tcp any any eq 1755
access-list 103 permit udp any any eq 1755
access-list 103 permit tcp any any eq 554
access-list 103 permit udp any any eq 554
access-list 103 permit udp any any eq 5005
snmp-server community BRASNMP RW
snmp-server ifindex persist
snmp-server enable traps config-copy
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps syslog
line con 0
line aux 0
line vty 0 4
password mlowe
login
!
ntp clock-period 17208733
ntp server 172.16.3.3
!
end
PIX Config
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100basetx
interface ethernet1 100basetx
interface ethernet2 100basetx
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password t6YXBO/NJMEqq5xT encrypted
passwd t6YXBO/NJMEqq5xT encrypted
hostname DRFirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_in permit tcp any host ***.44.102.5 eq ftp-data
access-list acl_in permit tcp any host ***.44.102.5 eq ftp
access-list acl_in permit tcp any host ***.44.102.5 eq domain
access-list acl_in permit tcp any host ***.44.102.5 eq www
access-list acl_in permit tcp any host ***.44.102.6 eq ftp
access-list acl_in permit tcp any host ***.44.102.6 eq ftp-data
access-list acl_in permit tcp any host ***.44.102.6 eq telnet
access-list acl_in permit tcp any host ***.44.102.6 eq smtp
access-list acl_in permit icmp any any
access-list acl_in permit tcp any host ***.44.102.4 eq smtp
access-list acl_in permit tcp any host ***.44.102.2 eq telnet
access-list acl_in permit tcp any host ***.44.102.7 eq www
access-list acl_in permit tcp any host ***.44.102.7 eq https
access-list acl_in permit tcp any host ***.44.102.8 eq www
access-list acl_in permit tcp any host ***.44.102.8 eq https
access-list acl_in permit tcp any host ***.44.102.7 eq ftp
access-list acl_in permit tcp any host ***.44.102.7 eq ftp-data
access-list acl_in permit tcp any host ***.44.102.4 eq www
access-list acl_in permit tcp any host ***.44.102.9 eq www
access-list acl_in permit tcp any host ***.44.102.12 eq https
access-list acl_in permit udp any host ***.44.102.5 eq domain
access-list acl_in permit tcp any host ***.44.102.5 eq https
access-list dmz_in permit icmp any any
access-list dmz_in permit ip any any
pager lines 24
logging on
logging timestamp
logging buffered warnings
logging trap warnings
logging host inside 172.16.3.75
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside ***.44.102.2 255.255.255.240
ip address inside 172.18.14.2 255.255.255.0
ip address dmz 172.18.2.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
pdm location 172.18.14.2 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp ***.44.102.2 telnet 172.16.3.3 telnet netmask 255.255.255.255 0 0
static (inside,outside) tcp ***.44.102.33 telnet 172.18.14.1 telnet netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.6 172.16.3.29 dns netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.12 172.16.3.14 dns netmask 255.255.255.255 0 0
static (dmz,outside) ***.44.102.5 172.16.2.9 dns netmask 255.255.255.255 0 0
static (inside,dmz) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0
static (dmz,outside) ***.44.102.7 172.16.2.10 dns netmask 255.255.255.255 0 0
static (dmz,outside) ***.44.102.8 172.16.2.11 dns netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.4 172.16.3.25 netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.9 172.16.3.73 dns netmask 255.255.255.255 0 0
static (inside,dmz) 172.18.0.0 172.18.0.0 netmask 255.255.0.0 0 0
access-group acl_in in interface outside
access-group dmz_in in interface dmz
route outside 0.0.0.0 0.0.0.0 ***.44.102.33 1
route inside 172.16.0.0 255.255.0.0 172.18.14.1 1
route inside 172.18.0.0 255.255.0.0 172.18.14.1 1
route inside 172.18.12.0 255.255.255.0 172.16.3.230 1
route inside 172.18.17.0 255.255.255.0 172.16.3.230 1
route inside 172.18.19.0 255.255.255.0 172.16.3.230 1
route inside 172.18.20.0 255.255.255.0 172.16.3.230 1
route inside 172.18.21.0 255.255.255.0 172.16.3.230 1
route inside 172.18.22.0 255.255.255.0 172.16.3.230 1
route inside 172.18.23.0 255.255.255.0 172.16.3.230 1
route inside 172.18.24.0 255.255.255.0 172.16.3.230 1
route inside 172.18.25.0 255.255.255.0 172.16.3.230 1
route inside 172.18.26.0 255.255.255.0 172.16.3.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community BRASNMP
snmp-server enable traps
floodguard enable
sysopt noproxyarp inside
sysopt noproxyarp dmz
telnet 172.16.3.0 255.255.255.0 inside
telnet 172.18.2.9 255.255.255.255 inside
telnet 172.18.2.0 255.255.255.0 inside
telnet 172.16.3.0 255.255.255.0 dmz
telnet 172.18.14.0 255.255.255.0 dmz
telnet 172.18.2.9 255.255.255.255 dmz
telnet 172.18.2.0 255.255.255.0 dmz
telnet timeout 60
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:97d7f0506077011aaa48aad7c90f65cc
: end
Switch Config
Building configuration...
Current configuration:
!
! Last configuration change at 09:05:15 CDT Mon Apr 14 2008
! NVRAM config last updated at 09:05:16 CDT Mon Apr 14 2008
!
version 12.0
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname LimestoneSwitch
!
enable secret 5 $1$8JLN$a5FMJ9zKtAFrb4V69/Es70
enable password misoup
!
!
!
!
!
clock timezone CST -6
clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
duplex full
spanning-tree portfast
!
interface FastEthernet0/2
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/5
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
!
interface FastEthernet0/7
spanning-tree portfast
!
interface FastEthernet0/8
spanning-tree portfast
!
interface FastEthernet0/9
spanning-tree portfast
!
interface FastEthernet0/10
spanning-tree portfast
!
interface FastEthernet0/11
spanning-tree portfast
!
interface FastEthernet0/12
spanning-tree portfast
!
interface FastEthernet0/13
spanning-tree portfast
!
interface FastEthernet0/14
spanning-tree portfast
!
interface FastEthernet0/15
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/21
duplex full
speed 100
switchport access vlan 3
!
interface FastEthernet0/22
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface VLAN1
description BRA LAN
ip address 172.18.14.4 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
description External addresses
ip address ***.44.102.3 255.255.255.240
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN3
description DMZ
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 172.18.14.1
logging trap warnings
logging 172.16.3.75
!
line con 0
password mlowe
login
transport input none
stopbits 1
line vty 0 4
exec-timeout 60 0
password mlowe
login
line vty 5 15
password mlowe
login
!
ntp clock-period 22518065
ntp server 172.16.3.3
end
I am trying to setup a PIX 515, Cisco 2610 and Cisco 2924cXL switch. I am having trouble with access to the DMZ from the internal lan thru the PIX.
I can ping a server in the dmz from the PIX but not from the router.
Router Config
Building configuration...
Current configuration : 3399 bytes
!
! No configuration change since last restart
!
version 12.3
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname Limestone
!
boot-start-marker
boot-end-marker
!
logging buffered 7000 debugging
enable secret 5 $1$xHj9$l9/PcIdxR1pb.TkBPx/J1/
enable password mlowe
!
memory-size iomem 10
clock timezone CST -6
clock summer-time CDT recurring
no aaa new-model
ip subnet-zero
ip flow-cache timeout active 1
ip cef
!
!
ip dhcp excluded-address 172.18.14.1 172.18.14.30
ip dhcp excluded-address 172.18.14.230 172.18.14.254
ip dhcp excluded-address 172.18.14.40 172.18.14.45
ip dhcp excluded-address 172.18.14.100 172.18.14.110
!
ip dhcp pool pool1
import all
network 172.18.14.0 255.255.255.0
dns-server 172.16.3.16 172.18.14.100
default-router 172.18.14.1
netbios-name-server 172.16.3.16 172.18.14.100
domain-name brazos-ra.dst.tx.us
lease 0 0 15
!
!
!
!
!
class-map match-all Streaming-Video
match access-group 103
class-map match-all Video-Conf
match access-group 102
!
!
policy-map QoS-Policy
class Video-Conf
bandwidth 460
class Streaming-Video
bandwidth 150
class class-default
fair-queue
!
!
!
interface Ethernet0/0
ip address 172.18.14.1 255.255.255.0
ip route-cache flow
full-duplex
!
interface Serial0/0
bandwidth 1536
ip address 172.16.6.14 255.255.255.252
encapsulation frame-relay
ip route-cache flow
logging event subif-link-status
logging event dlci-status-change
no fair-queue
service-module t1 timeslots 1-24
frame-relay class cisco
frame-relay traffic-shaping
frame-relay interface-dlci 16
frame-relay lmi-type ansi
!
router eigrp 100
redistribute static
network 172.16.0.0
network 172.18.0.0
no auto-summary
!
no ip http server
ip flow-export source Ethernet0/0
ip flow-export version 5
ip flow-export destination 172.16.3.75 9996
ip classless
ip route 172.18.2.0 255.255.255.0 172.18.14.2
!
!
!
map-class frame-relay cisco
frame-relay cir 1544000
frame-relay bc 15440
frame-relay mincir 1544000
service-policy output QoS-Policy
logging trap debugging
logging source-interface Ethernet0/0
logging 172.16.3.75
access-list 102 permit ip any any dscp cs4
access-list 102 permit ip any any dscp af41
access-list 102 permit tcp any any eq 1720
access-list 102 permit udp any any eq 1720
access-list 102 permit tcp any any range 3230 3237
access-list 102 permit udp any any range 3230 3237
access-list 102 permit tcp any any range 1720 1725
access-list 102 permit udp any any range 1720 1743
access-list 103 permit ip any any dscp cs1
access-list 103 permit ip any any dscp af13
access-list 103 permit tcp any any eq 1755
access-list 103 permit udp any any eq 1755
access-list 103 permit tcp any any eq 554
access-list 103 permit udp any any eq 554
access-list 103 permit udp any any eq 5005
snmp-server community BRASNMP RW
snmp-server ifindex persist
snmp-server enable traps config-copy
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps syslog
line con 0
line aux 0
line vty 0 4
password mlowe
login
!
ntp clock-period 17208733
ntp server 172.16.3.3
!
end
PIX Config
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100basetx
interface ethernet1 100basetx
interface ethernet2 100basetx
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password t6YXBO/NJMEqq5xT encrypted
passwd t6YXBO/NJMEqq5xT encrypted
hostname DRFirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_in permit tcp any host ***.44.102.5 eq ftp-data
access-list acl_in permit tcp any host ***.44.102.5 eq ftp
access-list acl_in permit tcp any host ***.44.102.5 eq domain
access-list acl_in permit tcp any host ***.44.102.5 eq www
access-list acl_in permit tcp any host ***.44.102.6 eq ftp
access-list acl_in permit tcp any host ***.44.102.6 eq ftp-data
access-list acl_in permit tcp any host ***.44.102.6 eq telnet
access-list acl_in permit tcp any host ***.44.102.6 eq smtp
access-list acl_in permit icmp any any
access-list acl_in permit tcp any host ***.44.102.4 eq smtp
access-list acl_in permit tcp any host ***.44.102.2 eq telnet
access-list acl_in permit tcp any host ***.44.102.7 eq www
access-list acl_in permit tcp any host ***.44.102.7 eq https
access-list acl_in permit tcp any host ***.44.102.8 eq www
access-list acl_in permit tcp any host ***.44.102.8 eq https
access-list acl_in permit tcp any host ***.44.102.7 eq ftp
access-list acl_in permit tcp any host ***.44.102.7 eq ftp-data
access-list acl_in permit tcp any host ***.44.102.4 eq www
access-list acl_in permit tcp any host ***.44.102.9 eq www
access-list acl_in permit tcp any host ***.44.102.12 eq https
access-list acl_in permit udp any host ***.44.102.5 eq domain
access-list acl_in permit tcp any host ***.44.102.5 eq https
access-list dmz_in permit icmp any any
access-list dmz_in permit ip any any
pager lines 24
logging on
logging timestamp
logging buffered warnings
logging trap warnings
logging host inside 172.16.3.75
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside ***.44.102.2 255.255.255.240
ip address inside 172.18.14.2 255.255.255.0
ip address dmz 172.18.2.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
pdm location 172.18.14.2 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp ***.44.102.2 telnet 172.16.3.3 telnet netmask 255.255.255.255 0 0
static (inside,outside) tcp ***.44.102.33 telnet 172.18.14.1 telnet netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.6 172.16.3.29 dns netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.12 172.16.3.14 dns netmask 255.255.255.255 0 0
static (dmz,outside) ***.44.102.5 172.16.2.9 dns netmask 255.255.255.255 0 0
static (inside,dmz) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0
static (dmz,outside) ***.44.102.7 172.16.2.10 dns netmask 255.255.255.255 0 0
static (dmz,outside) ***.44.102.8 172.16.2.11 dns netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.4 172.16.3.25 netmask 255.255.255.255 0 0
static (inside,outside) ***.44.102.9 172.16.3.73 dns netmask 255.255.255.255 0 0
static (inside,dmz) 172.18.0.0 172.18.0.0 netmask 255.255.0.0 0 0
access-group acl_in in interface outside
access-group dmz_in in interface dmz
route outside 0.0.0.0 0.0.0.0 ***.44.102.33 1
route inside 172.16.0.0 255.255.0.0 172.18.14.1 1
route inside 172.18.0.0 255.255.0.0 172.18.14.1 1
route inside 172.18.12.0 255.255.255.0 172.16.3.230 1
route inside 172.18.17.0 255.255.255.0 172.16.3.230 1
route inside 172.18.19.0 255.255.255.0 172.16.3.230 1
route inside 172.18.20.0 255.255.255.0 172.16.3.230 1
route inside 172.18.21.0 255.255.255.0 172.16.3.230 1
route inside 172.18.22.0 255.255.255.0 172.16.3.230 1
route inside 172.18.23.0 255.255.255.0 172.16.3.230 1
route inside 172.18.24.0 255.255.255.0 172.16.3.230 1
route inside 172.18.25.0 255.255.255.0 172.16.3.230 1
route inside 172.18.26.0 255.255.255.0 172.16.3.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community BRASNMP
snmp-server enable traps
floodguard enable
sysopt noproxyarp inside
sysopt noproxyarp dmz
telnet 172.16.3.0 255.255.255.0 inside
telnet 172.18.2.9 255.255.255.255 inside
telnet 172.18.2.0 255.255.255.0 inside
telnet 172.16.3.0 255.255.255.0 dmz
telnet 172.18.14.0 255.255.255.0 dmz
telnet 172.18.2.9 255.255.255.255 dmz
telnet 172.18.2.0 255.255.255.0 dmz
telnet timeout 60
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:97d7f0506077011aaa48aad7c90f65cc
: end
Switch Config
Building configuration...
Current configuration:
!
! Last configuration change at 09:05:15 CDT Mon Apr 14 2008
! NVRAM config last updated at 09:05:16 CDT Mon Apr 14 2008
!
version 12.0
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname LimestoneSwitch
!
enable secret 5 $1$8JLN$a5FMJ9zKtAFrb4V69/Es70
enable password misoup
!
!
!
!
!
clock timezone CST -6
clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
duplex full
spanning-tree portfast
!
interface FastEthernet0/2
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/5
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
!
interface FastEthernet0/7
spanning-tree portfast
!
interface FastEthernet0/8
spanning-tree portfast
!
interface FastEthernet0/9
spanning-tree portfast
!
interface FastEthernet0/10
spanning-tree portfast
!
interface FastEthernet0/11
spanning-tree portfast
!
interface FastEthernet0/12
spanning-tree portfast
!
interface FastEthernet0/13
spanning-tree portfast
!
interface FastEthernet0/14
spanning-tree portfast
!
interface FastEthernet0/15
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/21
duplex full
speed 100
switchport access vlan 3
!
interface FastEthernet0/22
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface VLAN1
description BRA LAN
ip address 172.18.14.4 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
description External addresses
ip address ***.44.102.3 255.255.255.240
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN3
description DMZ
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 172.18.14.1
logging trap warnings
logging 172.16.3.75
!
line con 0
password mlowe
login
transport input none
stopbits 1
line vty 0 4
exec-timeout 60 0
password mlowe
login
line vty 5 15
password mlowe
login
!
ntp clock-period 22518065
ntp server 172.16.3.3
end