####################### INSTRUCTIONS #######################
#Remove these instructions before uploading the file to the#
#device. Every line that starts with a "#" is commented and#
#the device will not accept it. This means the line must be#
#reviewed and edited according to configuration needs.     #
#Edited this configuration and remove the "#" comment sign #
#before saving the new configuration file.                 #
############################################################

!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISROT
!
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
!
!
logging buffered 51200 warnings
# enable secret YOUR-PASSWORD-HERE
!
aaa new-model
!
!
aaa authentication login local_access local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.50.1
!
ip dhcp pool LightingDHCP
 import all
 network 10.0.50.0 255.255.255.0
 default-router 10.0.50.1
#dns-server <ENTER DNS1> <ENTER DNS2> 
 domain-name lighting.com
 lease 0 23 59
!
!
!
no ip domain lookup
ip domain name lighting.com
ip inspect name OUTGOING icmp
ip inspect name OUTGOING tcp
ip inspect name OUTGOING udp
ip inspect name OUTGOING ntp
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
flow record nbar-appmon
 match ipv4 source address
 match ipv4 destination address
 match application name
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp absolute first
 collect timestamp absolute last
!
!
flow monitor application-mon
 cache timeout active 60
 record nbar-appmon
!
parameter-map type inspect global
 max-incomplete low 18000
 max-incomplete high 20000
 nbar-classify
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network local_cws_net
!
object-group network local_lan_subnets
 any
!
object-group network vpn_remote_subnets
!
# username admin privilege 15 secret YOUR-PASSWORD-HERE
!
!
!
!
no cdp run
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
 match protocol msnmsgr
 match protocol ymsgr
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
!
!
vlan 100
 name lighting
!
vlan 999
 name not_in_use
no cdp run
!
!
!
##### ACCESS INTERFACE TEMPLATE #####
# description ACCESS PORTS
# switchport access vlan 100
# switchport mode access
# spanning-tree portfast
# spanning-tree bpdufilter enable
# spanning-tree bpduguard enable
!
!
##### TRUNK INTERFACE TEMPLATE #####
# description TRUNK PORT
# switchport mode trunk
# switchport trunk allowed vlan 100
# switchport nonegotiate
# no cdp enable
!
!
##### NOT-IN-USE INTERFACE TEMPLATE #####
# description NOT-IN-USE
# switchport mode access
# switchport access vlan 999
# switchport nonegotiate
# no cdp enable
# spanning-tree bpduguard enable
# shutdown
!
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface FastEthernet0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet1
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet2
#Insert template for access or trunk
#as per topology needs.t
!
interface GigabitEthernet3
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet4
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet5
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet6
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet7
#Insert template for access or trunk
#as per topology needs.
!
interface GigabitEthernet8
 description GE_WAN_OUTSIDE
 no ip dhcp client request tftp-server-address
# ip address <dhcp> / <ENTER FIXED IP HERE> <ENTER SUBNET HERE>
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip inspect OUTGOING out
 ip virtual-reassembly in
 duplex auto
 speed auto
 media-type rj45
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 description LightingVLAN
 ip address 10.0.50.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 ipv6 address FD2E:339B:A150:2::/64 eui-64
 ipv6 address autoconfig
 ipv6 enable
!
interface Async3
 no ip address
 encapsulation slip
 shutdown
!
ip forward-protocol nd
!
#ip route 0.0.0.0 0.0.0.0 <ENTER GATEWAY HERE> # ONLY WITH FIXED IP
!
ip nat inside source list 1 interface GigabitEthernet8 overload
ip ssh version 2
!
!
!
access-list 1 permit 10.0.50.0 0.0.0.255
access-list 23 permit 10.0.50.0 0.0.0.255
access-list 100 permit udp any eq bootps any eq bootpc
access-list 100 permit icmp any any echo-reply
access-list 100 deny icmp any any time-exceeded
access-list 100 deny icmp any any unreachable
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.168.0.0 0.0.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
 logging synchronous
 login authentication local_access
 no modem enable
line aux 0
line 3
 modem InOut
 speed 115200
 flowcontrol hardware
line vty 0 4
 access-class 23 in
 privilege level 15
 login authentication local_access
 transport input none
line vty 5 15
 access-class 23 in
 privilege level 15
 login authentication local_access
 transport input none
!
scheduler allocate 20000 1000
!
!
banner motd =

      SSSSS   SSSSS           III                                      III        FFFFF             
   SSSS          SSSS         III                                      III       FFF  FF             
  SSS     SSSSS     SSS                   GG  GG GG   nn nnnnn                   FFF                 
 SSS    SSSS SSSS    SSS    IIIII      GGGGG  GGGGG   nnnnnnnnnn     IIIII    FFFFFFFFFF   YYY     YYY
SSS     SSS           SSS     III     GGG      GGGG   nnn     nnn      III       FFF        YYY   YYY 
SSS      SSSSSSS      SSS     III     GGG       GGG   nnn     nnn      III       FFF         YYY YYY  
SSS           SSS     SSS     III     GGGG     GGGG   nnn     nnn      III       FFF          YYYYY   
 SSS    SSSS SSSS    SSS      III       GGGGGGGGGGG   nnn     nnn      III       FFF           YYY    
  SSS     SSSS      SSS    IIIIIIIIII           GGG   nnn     nnn   IIIIIIIIII   FFF           YY   
   SSSSS        SSSSS                   GGG    GGG                                        YY  YY     
      SSSSSSSSSSSSS                      GGGGGGGG                                         YYYYY      
          SSSSS                             GGG                                            YYY

          WARNING: Signify Authorized personnel only. UNAUTHORIZED ACCESS IS PROHIBITED!
=
!
end