22.1.4 Lab – Troubleshoot CoPP Answers

Last Updated on February 27, 2021 by Admin

22.1.4 Lab – Troubleshoot CoPP Answers

Lab – Troubleshoot Control Plane Policing (CoPP) (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

This topology has 2 routers, 1 switch and 1 PC. PC1 is connected to AR1 F0/23. AR1 F0/1 is connected to R1 G0/0/1. R1 g0/0/0 is connected to R2 g0/0/0.

Addressing Table

Device

Interface

IP Address

Subnet Mask

R1

G0/0/0

172.16.12.1

255.255.255.252

R1

G0/0/1

10.10.1.1

255.255.255.0

R2

G0/0/0

172.16.12.2

255.255.255.252

A1

VLAN 1

10.10.1.4

255.255.255.0

PC1

NIC

10.10.1.5

255.255.255.0

Objectives

Troubleshoot network issues related to the configuration and operation of Control Plane Policing (CoPP).

Background / Scenario

Control Plane Policing (CoPP) is a protection feature for the router’s control plane CPU. CoPP can granularly permit, drop, or rate-limit traffic to or from the CPU using a Modular QoS CLI (MQC) policy. The CoPP policy is applied to a dedicated control-plane “interface” which protects the CPU from unexpected extreme rates of traffic that could impact the stability of the router.

Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switch used in the lab is a Cisco Catalyst 2960 with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Answers Note: Refer to the Answers Lab Manual for the procedures to initialize and reload devices.

Required Resources

  • 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
  • 1 Switch ((Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
  • 1 PC (Choice of operating system with a terminal emulation program and a packet capture utility installed)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet cables as shown in the topology

Instructions

Part 1:Trouble Ticket 22.1.4.1

Scenario:

At the main office, a decision was made to eliminate the use of Telnet for network device management. Rather than place ACLs on each interface, the main office network technician edited the existing CoPP configurations on the branch router R1, adding the restriction on Telnet by creating an ACL, class-map, and policy-map to drop all Telnet traffic to the router. The tech also added a traffic class for SSH access. While testing the new changes at the branch office, the branch network technician finds that Telnet is still possible.

Your tasks are to FIND the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure the following conditions are met:

1)the complaint received in the ticket is resolved

2)the control-plane policy-map keeps Telnet from succeeding either from the main office or from the branch management network.

Use the commands listed below to load the configuration files for this trouble ticket:

Answers Note: Commands for uploading the configuration are provided at the end of this document.

Device

Command

R1

copy flash:/enarsi/22.1.4.1-r1-config.txt run

R2

copy flash:/enarsi/22.1.4.1-r2-config.txt run

A1

copy flash:/enarsi/22.1.4.1-a1-config.txt run

  • PC1 is on the management network and is configured with a static IP address from the addressing table.
  • aaa new-model is enabled on router R1.
  • Privileged EXEC password is cisco12345cisco.
  • Passwords on all devices are cisco1234. If a username is required, use admin.
  • After you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:

banner motd # This is $(hostname) FIXED from ticket <ticket number> #

  • Save the configuration by issuing the wri command (on each device).
  • Inform your instructor that you are ready for the next ticket.
  • After the instructor approves your solution for this ticket, issue the privileged EXEC command reset.now. This script will clear your configurations and reload the devices.

Answers Notes:

CoPP configuration errors are difficult to see sometimes in a small network with virtually no traffic. Remind the students that they may not be able to recreate the identical symptoms. They should examine the configuration and operation of the devices carefully to find the issues.

This trouble ticket contains an intentional error.

The policy map is out of order. The class map CM-MGMT comes before the class map CM-TELNET in the policy map configuration. Class map CM-MGMT uses the MGMT ACL, which contains a permit tcp 10.1.1.0 0.0.0.255 any statement. That statement allows Telnet from the branch management network to succeed, whereas it fails from the main office network.

To fix problem: It is necessary to delete and recreate the policy map PM-COPP to reorder the statements to put the class CM-TELNET ahead of the class CM-MGMT. (suggest students use Notepad to cut and paste the changes) The commands to do this are:

R1(config)# control-plane

R1(config-cp)# no service-policy input PM-COPP

R1(config-cp)# exit

R1(config)# no policy-map PM-COPP

R1(config)# policy-map PM-COPP

R1(config-pmap)# class CM-SSH

R1(config-pmap-c)# police 50000 conform-action transmitexceed-action transmit

R1(config-pmap-c-police)# class CM-EIGRP

R1(config-pmap-c)# police rate 10 pps conform-action transmitexceed-action transmit

R1(config-pmap-c-police)# class CM-TELNET

R1(config-pmap-c)# police 8000 conform-action dropexceed-action drop

R1(config-pmap-c-police)# class CM-MGMT

R1(config-pmap-c)# police 8000 conform-action transmit exceed-action transmit

R1(config-pmap-c-police)# class CM-ICMP

R1(config-pmap-c)# police rate 10 pps conform-action transmitexceed-action drop

R1(config-pmap-c-police)# class class-default

R1(config-pmap-c)# police 12000 conform-action transmitexceed-action transmit

R1(config-pmap-c-police)# exit

R1(config-pmap-c)# exit

R1(config-pmap)# exit

R1(config)# control-plane

R1(config-cp)# service-policy input PM-COPP

R1(config-cp)# end

Note: Students may choose edit the MGMT ACL to remove the permit statement that is allowing the Telnet from the management network. Because that statement may be allowing other management traffic, it should not be removed.

Part 2:Trouble Ticket 22.1.4.2

Scenario:

While the main office network tech was editing the CoPP configuration on the branch R1 router, the tech noticed that there was not a separate class for SSH, that it was part of the MGMT class. The tech decided to add a traffic class for SSH access, so it would be easier to troubleshoot remote access issues. The branch technician reports that after the traffic class change was added, SSH seems much slower and less responsive than before.

Your tasks are to FIND the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure the following conditions are met:

1)the complaint received in the ticket is resolved

2)SSH traffic response issues are solved

Use the commands listed below to load the configuration files for this trouble ticket:

Answers Note: Commands for uploading the configuration are provided at the end of this document.

Device

Command

R1

copy flash:/enarsi/22.1.4.2-r1-config.txt run

R2

copy flash:/enarsi/22.1.4.2-r2-config.txt run

A1

copy flash:/enarsi/22.1.4.2-a1-config.txt run

  • PC1 is on the management network and is configured with a static IP address from the addressing table.
  • aaa new-model is enabled on router R1.
  • Privileged EXEC password is cisco12345cisco.
  • Passwords on all devices are cisco1234. If a username is required, use admin.
  • After you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:

banner motd # This is $(hostname) FIXED from ticket <ticket number> #

  • Save the configuration by issuing the wri command (on each device).
  • Inform your instructor that you are finished.
  • After the instructor approves your solution for this ticket, issue the privileged EXEC command reset.now. This script will clear your configurations and reload the devices.

Answers Notes:

CoPP configuration errors are difficult to see sometimes in a small network with virtually no traffic. Remind the students that they may not be able to recreate the identical symptoms. They should examine the configuration and operation of the devices carefully to find the issues.

This trouble ticket contains an intentional error.

The class CM-SSH is given the same policing action as the class CM-ICMP instead of the same actions as the CM-MGMT, which is the desired result.

To fix the problem: Correct the policing for SSH traffic, make it the same as the CM-MGMT class. It is not necessary to delete and recreate the policy map PM-COPP, only to remove it from the control-plane until it is edited. Commands to do this are:

R1(config)# control-plane

R1(config-cp)# no service-policy input PM-COPP

R1(config-cp)# exit

R1(config)# policy-map PM-COPP

R1(config-pmap)# class CM-SSH

R1(config-pmap-c)# police 8000 conform-action transmit exceed-action transmit

R1(config-pmap-c-police)# exit

R1(config-pmap-c)# exit

R1(config-pmap)# exit

R1(config)# control-plane

R1(config-cp)# service-policy input PM-COPP

R1(config-cp)# end

Router Interface Summary Table

Router Model

Ethernet Interface #1

Ethernet Interface #2

Serial Interface #1

Serial Interface #2

1800

Fast Ethernet 0/0 (F0/0)

Fast Ethernet 0/1 (F0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

1900

Gigabit Ethernet 0/0 (G0/0)

Gigabit Ethernet 0/1 (G0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

2801

Fast Ethernet 0/0 (F0/0)

Fast Ethernet 0/1 (F0/1)

Serial 0/1/0 (S0/1/0)

Serial 0/1/1 (S0/1/1)

2811

Fast Ethernet 0/0 (F0/0)

Fast Ethernet 0/1 (F0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

2900

Gigabit Ethernet 0/0 (G0/0)

Gigabit Ethernet 0/1 (G0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

4221

Gigabit Ethernet 0/0/0 (G0/0/0)

Gigabit Ethernet 0/0/1 (G0/0/1)

Serial 0/1/0 (S0/1/0)

Serial 0/1/1 (S0/1/1)

4300

Gigabit Ethernet 0/0/0 (G0/0/0)

Gigabit Ethernet 0/0/1 (G0/0/1)

Serial 0/1/0 (S0/1/0)

Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

End of document

Uploading Configuration Files

Use the commands below to create the configuration files on the lab devices for each trouble ticket in this lab. The TCL script commands help create and copy the configurations. However, the configuration commands could also be copied and pasted directly into global config mode on each device. Simply remove the TCL script commands, enter the enable and configure t commands on the device, and copy and paste the configuration commands.

Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the folder is missing, then create it using the mkdir flash:/enarsi privileged EXEC command. For all switches, make sure the vlan.dat file is set to the default. Use the delete vlan.dat privileged EXEC command, if necessary.

Reset scripts

These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy and paste the appropriate script to the appropriate device.

R1/R2 Router Reset Script

tclsh

puts [ open “flash:/enarsi/reset.tcl” w+ ] {

typeahead “\n”

copy running-config startup-config

typeahead “\n”

erase startup-config

puts “Reloading the router”

typeahead “\n”

reload

}

tclquit

A1 (Cisco 2960 Script) – The default 2960 SDM template does not support IPv6, so this script includes that setting.

tclsh

puts [ open “flash:/enarsi/reset.tcl” w+ ] {

typeahead “\n”

copy running-config startup-config

typeahead “\n”

erase startup-config

delete /force vlan.dat

delete /force multiple-fs

ios_config “sdm prefer lanbase-routing”

typeahead “\n”

puts “Reloading the switch”

typeahead “\n”

reload

}

tclquit

Router R1 Configuration File Scripts

!R1 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/22.1.4.1-r1-config.txt” w+ ] {

hostname R1

boot-start-marker

boot-end-marker

vrf definition Mgmt-intf

address-family ipv4

exit-address-family

address-family ipv6

exit-address-family

enable secret cisco12345cisco

aaa new-model

aaa authentication login default local enable

no ip domain lookup

ip domain name CCNPv8.CoPP.Lab

login on-success log

subscriber templating

multilink bundle-name authenticated

spanning-tree extend system-id

username admin privilege 15 algorithm-type scrypt secret cisco1234

redundancy

mode none

class-map match-all CM-MGMT

match access-group name MGMT

class-map match-all CM-TELNET

match access-group name TELNET

class-map match-all CM-ICMP

match access-group name ICMP

class-map match-all CM-EIGRP

match access-group name EIGRP

class-map match-all CM-SSH

match access-group name SSH

policy-map PM-COPP

class CM-EIGRP

police rate 10 pps conform-action transmitexceed-action transmit

class CM-MGMT

police 8000 conform-action transmit exceed-action transmit

class CM-SSH

police 50000 conform-action transmitexceed-action transmit

class CM-ICMP

police rate 10 pps conform-action transmit exceed-action drop

class CM-TELNET

police 8000 conform-action dropexceed-action drop

class class-default

police 12000 conform-action transmitexceed-action transmit

interface GigabitEthernet0/0/0

ip address 172.16.12.1 255.255.255.252

negotiation auto

no shutdown

interface GigabitEthernet0/0/1

ip address 10.10.1.1 255.255.255.0

negotiation auto

no shutdown

interface Serial0/1/0

no ip address

interface Serial0/1/1

no ip address

router eigrp 123

network 10.10.1.0 0.0.0.255

network 172.16.12.0 0.0.0.3

eigrp router-id 0.0.0.1

ip forward-protocol nd

no ip http server

ip http secure-server

ip tftp source-interface GigabitEthernet0/0/0

ip access-list extended EIGRP

permit eigrp any any

ip access-list extended ICMP

permit icmp any any echo

permit icmp any any echo-reply

permit icmp any any ttl-exceeded

permit icmp any any packet-too-big

permit icmp any any port-unreachable

permit icmp any any unreachable

ip access-list extended MGMT

permit tcp any eq telnet any established

permit tcp 10.10.1.0 0.0.0.255 any eq 22

permit tcp 10.10.1.0 0.0.0.255 eq 22 any established

permit udp 10.10.1.0 0.0.0.255 any eq snmp

permit tcp 10.10.1.0 0.0.0.255 any eq www

permit udp 10.10.1.0 0.0.0.255 any eq 443

permit tcp 10.10.1.0 0.0.0.255 any eq ftp

permit tcp 10.10.1.0 0.0.0.255 any eq ftp-data

permit tcp 10.10.1.0 0.0.0.255 any

permit udp any any eq syslog

permit udp any eq domain any

permit udp any any eq ntp

ip access-list extended SSH

permit tcp any any eq 22

permit tcp any eq 22 any established

ip access-list extended TELNET

permit tcp any any eq telnet

control-plane

service-policy input PM-COPP

banner motd R1: Lab Trouble Ticket 1

line con 0

exec-timeout 0 0

logging synchronous

transport input none

stopbits 1

line aux 0

stopbits 1

line vty 0 4

transport input telnet ssh

exit

crypto key generate rsa modulus 1024

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

!R1 – Trouble Ticket # 2

tclsh

puts [ open “flash:/enarsi/22.1.4.2-r1-config.txt” w+ ] {

hostname R1

boot-start-marker

boot-end-marker

vrf definition Mgmt-intf

address-family ipv4

exit-address-family

address-family ipv6

exit-address-family

enable secret cisco12345cisco

aaa new-model

username admin privilege 15 algorithm-type scrypt secret cisco1234

aaa authentication login default local enable

no ip domain lookup

ip domain name CCNPv8.CoPP.Lab

login on-success log

subscriber templating

multilink bundle-name authenticated

spanning-tree extend system-id

redundancy

mode none

class-map match-all CM-MGMT

match access-group name MGMT

class-map match-all CM-TELNET

match access-group name TELNET

class-map match-all CM-ICMP

match access-group name ICMP

class-map match-all CM-EIGRP

match access-group name EIGRP

class-map match-all CM-SSH

match access-group name SSH

policy-map PM-COPP

class CM-EIGRP

police rate 10 pps conform-action transmitexceed-action transmit

class CM-SSH

police rate 10 pps conform-action transmit exceed-action drop

class CM-TELNET

police 8000 conform-action dropexceed-action drop

class CM-MGMT

police 8000 conform-action transmit exceed-action transmit

class CM-ICMP

police rate 10 pps conform-action transmit exceed-action drop

class class-default

police 12000 conform-action transmitexceed-action transmit

interface GigabitEthernet0/0/0

ip address 172.16.12.1 255.255.255.252

negotiation auto

no shutdown

interface GigabitEthernet0/0/1

ip address 10.10.1.1 255.255.255.0

negotiation auto

no shutdown

router eigrp 123

network 10.10.1.0 0.0.0.255

network 172.16.12.0 0.0.0.3

eigrp router-id 0.0.0.1

ip forward-protocol nd

no ip http server

ip http secure-server

ip tftp source-interface GigabitEthernet0/0/0

ip access-list extended EIGRP

permit eigrp any any

ip access-list extended ICMP

permit icmp any any echo

permit icmp any any echo-reply

permit icmp any any ttl-exceeded

permit icmp any any packet-too-big

permit icmp any any port-unreachable

permit icmp any any unreachable

ip access-list extended MGMT

permit tcp any eq telnet any established

permit tcp 10.10.1.0 0.0.0.255 any eq 22

permit tcp 10.10.1.0 0.0.0.255 eq 22 any established

permit udp 10.10.1.0 0.0.0.255 any eq snmp

permit tcp 10.10.1.0 0.0.0.255 any eq www

permit udp 10.10.1.0 0.0.0.255 any eq 443

permit tcp 10.10.1.0 0.0.0.255 any eq ftp

permit tcp 10.10.1.0 0.0.0.255 any eq ftp-data

permit tcp 10.10.1.0 0.0.0.255 any

permit udp any any eq syslog

permit udp any eq domain any

permit udp any any eq ntp

ip access-list extended SSH

permit tcp any any eq 22

permit tcp any eq 22 any established

ip access-list extended TELNET

permit tcp any any eq telnet

control-plane

service-policy input PM-COPP

banner motd R1: Lab Trouble Ticket 2

line con 0

exec-timeout 0 0

logging synchronous

transport input none

stopbits 1

line aux 0

stopbits 1

line vty 0 4

transport input telnet ssh

exit

crypto key generate rsa modulus 1024

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

Router R2 Configuration File Scripts

!R2 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/22.1.4.1-r2-config.txt” w+ ] {

service timestamps debug datetime msec

service timestamps log datetime msec

hostname R2

vrf definition Mgmt-intf

address-family ipv4

exit-address-family

address-family ipv6

exit-address-family

no aaa new-model

no ip domain lookup

ip domain name CCNPv8.CoPP.Lab

login on-success log

username admin privilege 15 algorithm-type scrypt secret cisco1234

interface GigabitEthernet0/0/0

ip address 172.16.12.2 255.255.255.252

negotiation auto

no shutdown

router eigrp 123

network 172.16.12.0 0.0.0.3

eigrp router-id 0.0.0.2

ip forward-protocol nd

no ip http server

ip http secure-server

ip tftp source-interface GigabitEthernet0/0/0

control-plane

banner motd “R2: Lab Trouble Ticket 1”

line con 0

exec-timeout 0 0

logging synchronous

transport input none

stopbits 1

line aux 0

stopbits 1

line vty 0 4

transport input telnet ssh

exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

!R2 – Trouble Ticket # 2

tclsh

puts [ open “flash:/enarsi/22.1.4.2-r2-config.txt” w+ ] {

service timestamps debug datetime msec

service timestamps log datetime msec

hostname R2

vrf definition Mgmt-intf

address-family ipv4

exit-address-family

address-family ipv6

exit-address-family

no aaa new-model

no ip domain lookup

ip domain name CCNPv8.CoPP.Lab

login on-success log

username admin privilege 15 algorithm-type scrypt secret cisco1234

interface GigabitEthernet0/0/0

ip address 172.16.12.2 255.255.255.252

negotiation auto

no shutdown

router eigrp 123

network 172.16.12.0 0.0.0.3

eigrp router-id 0.0.0.2

ip forward-protocol nd

no ip http server

ip http secure-server

ip tftp source-interface GigabitEthernet0/0/0

control-plane

banner motd “R2: Lab Trouble Ticket 2

line con 0

exec-timeout 0 0

logging synchronous

transport input none

stopbits 1

line aux 0

stopbits 1

line vty 0 4

transport input telnet ssh

exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

Switch A1 Configurationi File Scripts

!A1 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/22.1.4.1-a1-config.txt” w+ ] {

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname A1

boot-start-marker

boot-end-marker

enable secret cisco12345cisco

username admin privilege 15 algorithm-type scrypt secret cisco1234

no aaa new-model

system mtu routing 1500

no ip domain-lookup

ip domain-name CCNPv8.COPP.LAB

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface FastEthernet0/1

shutdown

interface FastEthernet0/2

shutdown

interface FastEthernet0/3

shutdown

interface FastEthernet0/4

shutdown

interface FastEthernet0/5

shutdown

interface FastEthernet0/6

shutdown

interface FastEthernet0/7

shutdown

interface FastEthernet0/8

shutdown

interface FastEthernet0/9

shutdown

interface FastEthernet0/10

shutdown

interface FastEthernet0/11

no shutdown

interface FastEthernet0/12

shutdown

interface FastEthernet0/13

shutdown

interface FastEthernet0/14

shutdown

interface FastEthernet0/15

shutdown

interface FastEthernet0/16

shutdown

interface FastEthernet0/17

shutdown

interface FastEthernet0/18

shutdown

interface FastEthernet0/19

shutdown

interface FastEthernet0/20

shutdown

interface FastEthernet0/21

shutdown

interface FastEthernet0/22

shutdown

interface FastEthernet0/23

switchport mode access

no shutdown

interface FastEthernet0/24

shutdown

interface GigabitEthernet0/1

shutdown

interface GigabitEthernet0/2

shutdown

interface Vlan1

ip address 10.10.1.4 255.255.255.0

no shutdown

ip default-gateway 10.10.1.1

ip http server

ip http secure-server

banner motdA1, 22.1.4.1 Ticket 1

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

transport input telnet ssh

line vty 5 15

transport input telnet ssh

exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

!A1 – Trouble Ticket # 2

tclsh

puts [ open “flash:/enarsi/22.1.4.2-a1-config.txt” w+ ] {

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname A1

boot-start-marker

boot-end-marker

enable secret cisco12345cisco

username admin privilege 15 algorithm-type scrypt secret cisco1234

no aaa new-model

system mtu routing 1500

no ip domain-lookup

ip domain-name CCNPv8.COPP.LAB

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface FastEthernet0/1

shutdown

interface FastEthernet0/2

shutdown

interface FastEthernet0/3

shutdown

interface FastEthernet0/4

shutdown

interface FastEthernet0/5

shutdown

interface FastEthernet0/6

shutdown

interface FastEthernet0/7

shutdown

interface FastEthernet0/8

shutdown

interface FastEthernet0/9

shutdown

interface FastEthernet0/10

shutdown

interface FastEthernet0/11

no shutdown

interface FastEthernet0/12

shutdown

interface FastEthernet0/13

shutdown

interface FastEthernet0/14

shutdown

interface FastEthernet0/15

shutdown

interface FastEthernet0/16

shutdown

interface FastEthernet0/17

shutdown

interface FastEthernet0/18

shutdown

interface FastEthernet0/19

shutdown

interface FastEthernet0/20

shutdown

interface FastEthernet0/21

shutdown

interface FastEthernet0/22

shutdown

interface FastEthernet0/23

switchport mode access

no shut

interface FastEthernet0/24

shutdown

interface GigabitEthernet0/1

shutdown

interface GigabitEthernet0/2

shutdown

interface Vlan1

ip address 10.10.1.4 255.255.255.0

no shutdown

ip default-gateway 10.10.1.1

ip http server

ip http secure-server

banner motd A1, 22.1.4.2 Ticket 2

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

transport input telnet ssh

line vty 5 15

transport input telnet ssh

exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit