{{page>:menu}}
====== Catalyst Express 500 ======


===== Výchozí nastavení (výtah)=====
<code>spanning-tree mode rapid-pvst
spanning-tree extend system-id</code>
<code>
ip dhcp snooping vlan 1-1024
ip dhcp snooping track host
no ip dhcp snooping information option
ip dhcp snooping 
</code>


===== SmartPorts =====

==== Desktop ====
<code>
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2115 in
 service-policy input general-map
 srr-queue bandwidth share 5 5 40 50
 queue-set 2
 macro description cisco-desktop
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
</code>

==== Switch ====
<code>
 switchport mode trunk
 srr-queue bandwidth share 10 10 45 35
 srr-queue bandwidth shape  10  0  0  0 
 udld port aggressive
 mls qos trust cos
 macro description cisco-switch
 spanning-tree link-type point-to-point
 ip dhcp snooping trust 
</code>

==== Router ====
<code>
 switchport mode trunk
 service-policy input router-map
 srr-queue bandwidth share 10 10 45 35
 srr-queue bandwidth shape  10  0  0  0 
 queue-set 2
 udld port aggressive
 macro description cisco-router
 storm-control broadcast level 0.10
 ip dhcp snooping trust
</code>


==== IP Phone + Desktop ====
<code>
 switchport mode access
 switchport port-security maximum 3
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2118 in
 service-policy input general-map
 srr-queue bandwidth share 10 10 35 45
 srr-queue bandwidth shape  10  0  0  0 
 queue-set 2
 macro description cisco-ipphone
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
</code>

==== Access Point ====
<code>
 switchport mode trunk
 ip access-group 2119 in
 service-policy input general-map
 srr-queue bandwidth share 5 5 40 50
 queue-set 2
 macro description cisco-access-point
 storm-control broadcast level 0.10
</code>

==== Server ====
<code>
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2120 in
 service-policy input business-server-map
 srr-queue bandwidth share 5 5 70 20
 macro description cisco-server-business
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 ip dhcp snooping trust
</code>

==== Printer ====
<code>
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2121 in
 service-policy input general-map
 srr-queue bandwidth share 5 5 70 20
 macro description cisco-printer
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
</code>

==== Guest ====
<code>
 switchport mode access
 switchport port-security maximum 30
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2122 in
 service-policy input guest-port-map
 srr-queue bandwidth share 10 10 10 70
 queue-set 2
 macro description cisco-guest
 storm-control broadcast level 0.10
 mac access-group nonip in
</code>



==== Other ====
<code>
switchport mode access
macro description cisco-other
ip dhcp snooping trust 
</code>

===== Celý konfig =====
<code>

! THIS FILE HAS BEEN GENERATED BY THE GUI.
! ANY CHANGES TO THIS FILE MAY RESULT IN INCORRECT SWITCH BEHAVIOR.
!
! Last configuration change at 14:33:14 UTC Thu Oct 25 2007
! NVRAM config last updated at 14:37:36 UTC Thu Oct 25 2007 by datron
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE500
!
username datron privilege 15 secret 5 $1$dC/Q$T06v2KfzgK4XIAkrJUgrM.
no aaa new-model
clock timezone UTC 1
clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00
no system policy dhcponly server
no system policy dhcponly ap
no system policy dhcponly ipphone
no system policy dhcponly printer
no system policy dhcponly desktop
system policy access network 2
system policy access host 1
system policy access
vtp mode transparent
ip subnet-zero
!
ip dhcp snooping vlan 1-1024
ip dhcp snooping track host
no ip dhcp snooping information option
ip dhcp snooping
mls qos map policed-dscp  18 24 26 34 40 46 to 0
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33 
mls qos srr-queue input cos-map queue 1 threshold 2  1
mls qos srr-queue input cos-map queue 1 threshold 3  0
mls qos srr-queue input cos-map queue 2 threshold 1  2
mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3  3 5
mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3  32
mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7
mls qos srr-queue output cos-map queue 3 threshold 2  2
mls qos srr-queue output cos-map queue 3 threshold 3  4
mls qos srr-queue output cos-map queue 4 threshold 2  1
mls qos srr-queue output cos-map queue 4 threshold 3  0
mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 2  18
mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 19 20 21 22 23 32
mls qos srr-queue output dscp-map queue 3 threshold 3  33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 2  8 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 16 8 24 52
mls qos queue-set output 2 buffers 16 6 17 61
mls qos aggregate-policer business-server-router 30000000 800000 exceed-action policed-dscp-transmit
mls qos aggregate-policer critical-server-router 30000000 800000 exceed-action policed-dscp-transmit
mls qos aggregate-policer business-server 30000000 800000 exceed-action policed-dscp-transmit
mls qos aggregate-policer critical-server 30000000 800000 exceed-action policed-dscp-transmit
mls qos aggregate-policer guest-tcp-syn 1300000 8000 exceed-action policed-dscp-transmit
mls qos aggregate-policer guest-echo 415000 8000 exceed-action policed-dscp-transmit
mls qos aggregate-policer router-tcp-syn 1300000 8000 exceed-action policed-dscp-transmit
mls qos aggregate-policer router-echo 415000 8000 exceed-action policed-dscp-transmit
mls qos aggregate-policer tcp-syn 1300000 8000 exceed-action policed-dscp-transmit
mls qos aggregate-policer echo 415000 8000 exceed-action policed-dscp-transmit
no mls qos rewrite ip dscp
mls qos
!
!
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
no file verify auto
!
mac access-list extended nonip
 permit any any 0x800 0x0
 permit any any 0x806 0x0
 permit any any 0x836 0x0
no mac authentication
mac authentication table version 0
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
vlan access-map router-port 10
 action forward
 match ip address 2132
vlan access-map router-port-guest-vlan 10
 action forward
 match ip address 2133
vlan internal allocation policy ascending
!
class-map match-all VoIP-Control-class
  match access-group 2142
class-map match-any other-echo-class
  match access-group 2149
class-map match-any guest-echo-class
  match access-group 2147
class-map match-any other-tcp-syn-class
  match access-group 2150
class-map match-all router-VoIP-Control-class
  match access-group 2156
class-map match-any guest-tcp-syn-class
  match access-group 2148
class-map match-any guest-class
  match access-group 2151
class-map match-any business-eg-server-class
  match access-group 2153
class-map match-any business-tcp-syn-class
  match access-group 2146
class-map match-any business-in-server-class
  match access-group 2158
class-map match-any critical-in-server-class
  match access-group 2157
class-map match-any critical-tcp-syn-class
  match access-group 2144
class-map match-any critical-eg-server-class
  match access-group 2152
class-map match-any others-class
  match access-group 2140
class-map match-all VoIP-data-class
  match access-group 2141
class-map match-any critical-echo-class
  match access-group 2143
class-map match-any business-echo-class
  match access-group 2145
class-map match-all router-VoIP-data-class
  match access-group 2155
!
!
policy-map guest-port-map
  class other-echo-class
   set dscp cs1
    police aggregate guest-echo
  class other-tcp-syn-class
   set dscp cs1
    police aggregate guest-tcp-syn
  class others-class
   set dscp cs1
    police 30000000 800000 exceed-action drop
policy-map general-map
  class VoIP-data-class
   set dscp ef
    police 3200000 8000 exceed-action policed-dscp-transmit
  class VoIP-Control-class
   set dscp cs3
    police 640000 8000 exceed-action policed-dscp-transmit
  class guest-echo-class
   set dscp cs1
    police aggregate echo
  class other-echo-class
   set dscp 7
    police aggregate echo
  class guest-tcp-syn-class
   set dscp cs1
    police aggregate tcp-syn
  class other-tcp-syn-class
   set dscp 7
    police aggregate tcp-syn
  class guest-class
   set dscp cs1
    police 30000000 800000 exceed-action drop
  class others-class
   set dscp 7
    police 30000000 80000 exceed-action policed-dscp-transmit
policy-map router-map
  class router-VoIP-data-class
   set dscp ef
    police 3200000 8000 exceed-action policed-dscp-transmit
  class router-VoIP-Control-class
   set dscp cs3
    police 640000 8000 exceed-action policed-dscp-transmit
  class guest-echo-class
   set dscp cs1
    police aggregate router-echo
  class other-echo-class
   set dscp 7
    police aggregate router-echo
  class guest-tcp-syn-class
   set dscp cs1
    police aggregate router-tcp-syn
  class other-tcp-syn-class
   set dscp 7
    police aggregate router-tcp-syn
  class guest-class
   set dscp cs1
    police 30000000 800000 exceed-action drop
  class others-class
   set dscp 7
    police 30000000 80000 exceed-action policed-dscp-transmit
policy-map critical-server-map
  class critical-echo-class
   set dscp af41
    police 415000 8000 exceed-action policed-dscp-transmit
  class critical-tcp-syn-class
   set dscp af41
    police 1300000 8000 exceed-action policed-dscp-transmit
  class critical-in-server-class
   set dscp af41
    police 30000000 800000 exceed-action policed-dscp-transmit
  class critical-eg-server-class
   set dscp af41
    police 30000000 800000 exceed-action policed-dscp-transmit
policy-map business-server-map
  class business-echo-class
   set dscp af21
    police 415000 8000 exceed-action policed-dscp-transmit
  class business-tcp-syn-class
   set dscp af21
    police 1300000 8000 exceed-action policed-dscp-transmit
  class business-in-server-class
   set dscp af21
    police 30000000 800000 exceed-action policed-dscp-transmit
  class business-eg-server-class
   set dscp af21
    police 30000000 800000 exceed-action policed-dscp-transmit
!
!
interface FastEthernet1
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet2
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet3
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet4
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet5
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet6
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet7
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet8
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet9
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet10
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet11
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet12
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet13
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2115 in
 service-policy input general-map
 srr-queue bandwidth share 5 5 40 50
 queue-set 2
 macro description cisco-desktop
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
!
interface FastEthernet14
 switchport mode trunk
 srr-queue bandwidth share 10 10 45 35
 srr-queue bandwidth shape  10  0  0  0 
 udld port aggressive
 mls qos trust cos
 macro description cisco-switch
 spanning-tree link-type point-to-point
 ip dhcp snooping trust
!
interface FastEthernet15
 switchport mode trunk
 service-policy input router-map
 srr-queue bandwidth share 10 10 45 35
 srr-queue bandwidth shape  10  0  0  0 
 queue-set 2
 udld port aggressive
 macro description cisco-router
 storm-control broadcast level 0.10
 ip dhcp snooping trust
!
interface FastEthernet16
 switchport mode access
 switchport port-security maximum 3
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2118 in
 service-policy input general-map
 srr-queue bandwidth share 10 10 35 45
 srr-queue bandwidth shape  10  0  0  0 
 queue-set 2
 macro description cisco-ipphone
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
!
interface FastEthernet17
 switchport mode trunk
 ip access-group 2119 in
 service-policy input general-map
 srr-queue bandwidth share 5 5 40 50
 queue-set 2
 macro description cisco-access-point
 storm-control broadcast level 0.10
!
interface FastEthernet18
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2120 in
 service-policy input business-server-map
 srr-queue bandwidth share 5 5 70 20
 macro description cisco-server-business
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 ip dhcp snooping trust
!
interface FastEthernet19
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2121 in
 service-policy input general-map
 srr-queue bandwidth share 5 5 70 20
 macro description cisco-printer
 storm-control broadcast level 0.10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
!
interface FastEthernet20
 switchport mode access
 switchport port-security maximum 30
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip access-group 2122 in
 service-policy input guest-port-map
 srr-queue bandwidth share 10 10 10 70
 queue-set 2
 macro description cisco-guest
 storm-control broadcast level 0.10
 mac access-group nonip in
!
interface FastEthernet21
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet22
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet23
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface FastEthernet24
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface GigabitEthernet1
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface GigabitEthernet2
 switchport mode access
 macro description cisco-other
 ip dhcp snooping trust
!
interface Vlan1
 ip address 10.10.204.44 255.255.0.0
 no ip route-cache
!
ip http server
ip http authentication local
access-list 2122 permit udp any any eq bootps
access-list 2122 permit udp any eq bootpc any
access-list 2122 permit udp any eq domain any
access-list 2122 permit udp any any eq domain
access-list 2122 deny   ip any 192.168.0.0 0.0.255.255
access-list 2122 deny   ip any 10.0.0.0 0.255.255.255
access-list 2122 deny   ip any 172.16.0.0 0.0.255.255
access-list 2122 permit ip any any
access-list 2131 deny   ip any any
access-list 2140 permit ip any any
access-list 2143 permit icmp any any
access-list 2143 permit udp any any eq echo
access-list 2143 permit tcp any any eq echo
access-list 2143 permit udp any eq echo any
access-list 2143 permit tcp any eq echo any
access-list 2144 permit tcp any any syn
access-list 2145 permit icmp any any
access-list 2145 permit udp any any eq echo
access-list 2145 permit tcp any any eq echo
access-list 2145 permit udp any eq echo any
access-list 2145 permit tcp any eq echo any
access-list 2146 permit tcp any any syn
access-list 2149 permit icmp any any
access-list 2149 permit udp any any eq echo
access-list 2149 permit tcp any any eq echo
access-list 2149 permit udp any eq echo any
access-list 2149 permit tcp any eq echo any
access-list 2150 permit tcp any any syn
access-list 2152 permit ip any any
access-list 2153 permit ip any any
access-list 2155 permit ip any any dscp ef
access-list 2155 permit ip any any dscp cs5
access-list 2156 permit ip any any dscp cs3
access-list 2156 permit ip any any dscp af31
access-list 2157 permit ip any any
access-list 2158 permit ip any any
!
control-plane
!
!
line con 0
line vty 5 15
!
end
!9451
</code>