####################### INSTRUCTIONS #######################
#Remove these instructions before uploading the file to the#
#device. Every line that starts with a "#" is commented and#
#the device will not accept it. This means the line must be#
#reviewed and edited according to configuration needs.     #
#Edited this configuration and remove the "#" comment sign #
#before saving the new configuration file.                 #
############################################################

!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISROT
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
# enable secret YOUR-PASSWORD-HERE
!
aaa new-model
!
!
aaa authentication login local_access local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 10.0.50.1
!
ip dhcp pool LightingDHCP
 import all
 network 10.0.50.0 255.255.255.0
 default-router 10.0.50.1
# dns-server <ENTER DNS1> <ENTER DNS2> # PLEASE REQUEST IP FROM THE CUSTOMER
 domain-name lighting.com
 lease 0 23 59
!
!
!
no ip domain lookup
ip domain name lighting.com
ip inspect name OUTGOING icmp
ip inspect name OUTGOING tcp
ip inspect name OUTGOING udp
ip inspect name OUTGOING ntp
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
# username admin privilege 15 secret YOUR-PASSWORD-HERE
!
!
!
!
!
no cdp run
!
!
!
!
!
##### ACCESS INTERFACE TEMPLATE #####
# description ACCESS PORTS
# switchport access vlan 100
# switchport mode access
# spanning-tree portfast
!
!
##### TRUNK INTERFACE TEMPLATE #####
# description TRUNK PORT
# switchport mode trunk
# switchport trunk allowed vlan 100
# switchport nonegotiate
# no cdp enable
!
!
##### NOT-IN-USE INTERFACE TEMPLATE #####
# description NOT-IN-USE
# switchport mode access
# switchport access vlan 999
# switchport nonegotiate
# no cdp enable
# spanning-tree bpduguard enable
# shutdown
!
!
!
!
interface GigabitEthernet0/0
# ip address <dhcp> / <ENTER FIXED IP HERE> <ENTER SUBNET HERE> # PLEASE REQUEST IT FROM THE CUSTOMER, YOU CAN ONLY USE EITHER DHCP OR IP WITH SUBNET MASK
# EXAMPLE WITH DHCP - ip address dhcp
# EXAMPLE WITH FIXED IP - ip address 172.16.100.2 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip inspect OUTGOING out
 ip virtual-reassembly in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet1/1
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/2
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/3
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/4
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/5
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/6
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/7
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/8
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/9
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/10
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/11
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/12
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/13
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/14
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/15
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/16
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/17
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/18
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/19
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/20
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/21
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/22
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/23
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1/24
#Insert template for access or trunk
#as per topology needs.
!
vlan 999
 name not_in_use
no cdp run
!
vlan 100
 name LightingVLAN
no cdp run
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 description LightingVLAN
 ip address 10.0.50.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 ipv6 address FD2E:339B:A150:2::/64 eui-64
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
# ip route 0.0.0.0 0.0.0.0 <ENTER GATEWAY HERE> # ONLY WITH FIXED IP
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip ssh version 2
!
access-list 1 permit 10.0.50.0 0.0.0.255
access-list 23 permit 10.0.50.0 0.0.0.255
access-list 100 permit udp any eq bootps any eq bootpc
access-list 100 permit icmp any any echo-reply
access-list 100 deny icmp any any time-exceeded
access-list 100 deny icmp any any unreachable
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.168.0.0 0.0.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
 logging synchronous
 login authentication local_access
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login authentication local_access
 transport input ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login authentication local_access
 transport input ssh
!
scheduler allocate 20000 1000
!
!
banner motd =

      SSSSS   SSSSS           III                                      III        FFFFF             
   SSSS          SSSS         III                                      III       FFF  FF             
  SSS     SSSSS     SSS                   GG  GG GG   nn nnnnn                   FFF                 
 SSS    SSSS SSSS    SSS    IIIII      GGGGG  GGGGG   nnnnnnnnnn     IIIII    FFFFFFFFFF   YYY     YYY
SSS     SSS           SSS     III     GGG      GGGG   nnn     nnn      III       FFF        YYY   YYY 
SSS      SSSSSSS      SSS     III     GGG       GGG   nnn     nnn      III       FFF         YYY YYY  
SSS           SSS     SSS     III     GGGG     GGGG   nnn     nnn      III       FFF          YYYYY   
 SSS    SSSS SSSS    SSS      III       GGGGGGGGGGG   nnn     nnn      III       FFF           YYY    
  SSS     SSSS      SSS    IIIIIIIIII           GGG   nnn     nnn   IIIIIIIIII   FFF           YY   
   SSSSS        SSSSS                   GGG    GGG                                        YY  YY     
      SSSSSSSSSSSSS                      GGGGGGGG                                         YYYYY      
          SSSSS                             GGG                                            YYY

          WARNING: Signify Authorized personnel only. UNAUTHORIZED ACCESS IS PROHIBITED!
=
!
end