right off the bat I see you have that port (1/1/3) configured as a mirror port, which obviously can't have an IPCode:SSH@switch-garage-rack-2>show ip int Interface IP-Address OK? Method Status Protocol VRF Eth mgmt1 172.16.0.13 YES NVRAM up up default-vrf SSH@switch-garage-rack-2>show int ve 1 Error - ve 1 was not configured
There's a bit in here. Sorry in advance!
Code:SSH@sw-core#show config ! Startup-config data location is flash memory ! Startup configuration: ! ver 08.0.30uT7f3 ! stack unit 1 module 1 icx6610-48p-poe-port-management-module module 2 icx6610-qsfp-10-port-160g-module module 3 icx6610-8-port-10g-dual-mode-module stack disable ! global-stp ! ! lag LAG-SW-R2-TOR dynamic id 2 ports ethernet 1/3/5 to 1/3/6 primary-port 1/3/5 deploy sflow forwarding ethernet 1/3/5 port-name SW-R2-TOR ethernet 1/3/5 sflow forwarding ethernet 1/3/6 port-name SW-R2-TOR ethernet 1/3/6 ! ! vlan 1 name DEFAULT-VLAN by port router-interface ve 1 spanning-tree 802-1w ! vlan 2 name VLAN-VIDEO by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 untagged ethe 1/1/41 to 1/1/48 router-interface ve 2 ! vlan 3 name VLAN-VOIP by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 3 spanning-tree 802-1w ! vlan 4 name VLAN-CORP-WIFI by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 4 spanning-tree 802-1w ! vlan 5 name VLAN-GUEST by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 router-interface ve 5 spanning-tree 802-1w ! vlan 6 name VLAN-CORPORATE by port tagged ethe 1/1/1 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 6 spanning-tree 802-1w ! vlan 7 name VLAN-DMZ-1 by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 7 spanning-tree 802-1w ! vlan 8 name VLAN-IOT by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 untagged ethe 1/1/35 router-interface ve 8 spanning-tree 802-1w ! vlan 9 name VLAN-KIDS-WIFI by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 9 spanning-tree 802-1w ! vlan 10 name VLAN-NET-SVC by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 untagged ethe 1/1/4 router-interface ve 10 spanning-tree 802-1w ! vlan 11 name VLAN-APT-CACHE by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 11 spanning-tree 802-1w ! vlan 20 name VLAN-APPS by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 20 spanning-tree 802-1w ! vlan 30 name VLAN-DEV by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 30 spanning-tree 802-1w ! vlan 71 name VLAN-ALEXA by port tagged ethe 1/1/1 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 71 spanning-tree 802-1w ! vlan 72 name VLAN-SONOS by port tagged ethe 1/1/1 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 72 spanning-tree 802-1w ! vlan 73 name VLAN-MAILBOX by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 73 spanning-tree 802-1w ! vlan 74 name VLAN-TV by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 74 spanning-tree 802-1w ! vlan 75 name VLAN-PLEX by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 75 spanning-tree 802-1w ! vlan 76 name VLAN-SYNCTHING by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 76 spanning-tree 802-1w ! vlan 77 name VLAN-GAMING by port tagged ethe 1/1/1 ethe 1/2/2 ethe 1/2/4 to 1/2/10 ethe 1/3/1 to 1/3/8 untagged ethe 1/1/10 router-interface ve 77 spanning-tree 802-1w ! vlan 78 name VLAN-LOGGING by port tagged ethe 1/1/1 to 1/1/2 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 78 spanning-tree 802-1w ! vlan 81 name VLAN-NEST by port tagged ethe 1/1/1 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 81 spanning-tree 802-1w ! vlan 82 name VLAN-ESP-HOME by port tagged ethe 1/1/1 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 82 spanning-tree 802-1w ! vlan 83 name VLAN-XIAOMI by port tagged ethe 1/1/1 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8 router-interface ve 83 spanning-tree 802-1w ! vlan 88 name VLAN-MIKROTIK by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 88 spanning-tree 802-1w ! vlan 95 name VLAN-BASTION by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 untagged ethe 1/1/8 router-interface ve 95 spanning-tree 802-1w ! vlan 96 name VLAN-BACKUP by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 untagged ethe 1/1/6 ethe 1/1/12 ethe 1/1/16 router-interface ve 96 spanning-tree 802-1w ! vlan 97 name VLAN-TRUENAS by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 97 spanning-tree 802-1w ! vlan 98 name VLAN-PROXMOX by port tagged ethe 1/1/1 ethe 1/2/1 ethe 1/2/3 ethe 1/3/1 to 1/3/8 router-interface ve 98 spanning-tree 802-1w ! vlan 99 name VLAN-IPMI by port tagged ethe 1/1/1 ethe 1/2/1 ethe 1/2/3 ethe 1/3/1 to 1/3/2 ethe 1/3/8 untagged ethe 1/1/9 ethe 1/1/11 ethe 1/1/15 router-interface ve 99 spanning-tree 802-1w ! vlan 100 name VLAN-STORAGE by port tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8 router-interface ve 100 spanning-tree 802-1w ! vlan 202 name VLAN-HIKVISION by port tagged ethe 1/3/1 to 1/3/8 spanning-tree 802-1w ! ! ! ! ! system-max l3-vlan 64 system-max ip-route 4096 system-max ip-route-default-vrf 1024 system-max ip6-route-default-vrf 100 system-max ip-route-vrf 128 system-max ip6-route-vrf 64 system-max max-dhcp-snoop-entries 2048 ! aaa authentication web-server default local aaa authentication login default local jumbo enable password-display enable telnet authentication enable aaa console enable user password-masking hostname sw-core ip dhcp-client disable ip dns domain-list kellgari.local ip dns domain-list kellgari ip dns server-address 10.0.1.1 10.0.10.10 10.0.10.20 1.1.1.1 ip forward-protocol udp 5353 ip forward-protocol udp bootps ip proxy-arp ip route 0.0.0.0/0 172.16.0.1 ip router-id 172.16.0.14 ip multicast query-interval 120 ! logging host 10.0.78.10 logging console mirror-port ethernet 1/1/3 ! username root password 8 XXXXXXX radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 default key 2 XXXXXXX cdp run fdp run snmp-server community 2 $JiYmJiY= ro snmp-server community 2 $U2kyXj1k ro ! ! clock timezone gmt GMT+10 ! ! ntp disable serve server 10.0.1.1 ! ! web-management https ssh access-group 90 ip multicast-routing ! router ospf area 0 redistribute connected ! ! ! ! ! ! router pim bsr-candidate ethernet 1/1/1 30 255 ! ! interface ethernet 1/1/1 port-name ROUTER dual-mode sflow forwarding ! interface ethernet 1/1/2 port-name AP-GARAGE dual-mode inline power sflow forwarding ! interface ethernet 1/1/3 port-name SRV-FIREWALL sflow forwarding ! interface ethernet 1/1/4 port-name PI-DHCP-1 dhcp snooping trust inline power priority 1 power-by-class 4 sflow forwarding ! interface ethernet 1/1/5 port-name PI-MONITORING-1 inline power sflow forwarding ! interface ethernet 1/1/6 port-name SW-R1-TOR-MANAGEMENT sflow forwarding ! interface ethernet 1/1/7 sflow forwarding ! interface ethernet 1/1/8 port-name PI-BASTION-1 inline power sflow forwarding ! interface ethernet 1/1/9 port-name SRV-FIREWALL-IPMI sflow forwarding ! interface ethernet 1/1/10 port-name PC-GAMING sflow forwarding ! interface ethernet 1/1/11 port-name SRV-BACKUP-1-IPMI sflow forwarding ! interface ethernet 1/1/12 port-name SRV-BACKUP-1 sflow forwarding ! interface ethernet 1/1/13 port-name PC-LOCAL-MGMT sflow forwarding ! interface ethernet 1/1/14 port-name PI-KVM-1 inline power priority 2 power-by-class 4 sflow forwarding ! interface ethernet 1/1/15 port-name SRV-BACKUP-2-IPMI sflow forwarding ! interface ethernet 1/1/16 port-name SRV-BACKUP-2 sflow forwarding ! interface ethernet 1/1/17 sflow forwarding ! interface ethernet 1/1/18 sflow forwarding ! interface ethernet 1/1/19 sflow forwarding ! interface ethernet 1/1/20 sflow forwarding ! interface ethernet 1/1/21 sflow forwarding ! interface ethernet 1/1/22 sflow forwarding ! interface ethernet 1/1/23 sflow forwarding ! interface ethernet 1/1/24 sflow forwarding ! interface ethernet 1/1/25 sflow forwarding ! interface ethernet 1/1/26 sflow forwarding ! interface ethernet 1/1/27 sflow forwarding ! interface ethernet 1/1/28 sflow forwarding ! interface ethernet 1/1/29 sflow forwarding ! interface ethernet 1/1/30 sflow forwarding ! interface ethernet 1/1/31 sflow forwarding ! interface ethernet 1/1/32 sflow forwarding ! interface ethernet 1/1/33 sflow forwarding ! interface ethernet 1/1/34 sflow forwarding ! interface ethernet 1/1/35 port-name TRADFRI sflow forwarding ! interface ethernet 1/1/36 sflow forwarding ! interface ethernet 1/1/37 sflow forwarding ! interface ethernet 1/1/38 sflow forwarding ! interface ethernet 1/1/39 sflow forwarding ! interface ethernet 1/1/40 sflow forwarding ! interface ethernet 1/1/41 port-name CAM-1 inline power sflow forwarding ! interface ethernet 1/1/42 port-name CAM-2 inline power sflow forwarding ! interface ethernet 1/1/43 port-name CAM-3 inline power sflow forwarding ! interface ethernet 1/1/44 port-name CAM-4 inline power sflow forwarding ! interface ethernet 1/1/45 port-name CAM-5 inline power sflow forwarding ! interface ethernet 1/1/46 port-name CAM-6 inline power sflow forwarding ! interface ethernet 1/1/47 inline power sflow forwarding ! interface ethernet 1/1/48 inline power sflow forwarding ! interface ethernet 1/2/1 dual-mode sflow forwarding ! interface ethernet 1/2/2 sflow forwarding ! interface ethernet 1/2/3 dual-mode sflow forwarding ! interface ethernet 1/2/4 sflow forwarding ! interface ethernet 1/2/5 sflow forwarding ! interface ethernet 1/2/6 sflow forwarding ! interface ethernet 1/2/7 dual-mode sflow forwarding ! interface ethernet 1/2/8 port-name SW-LOUNGE dual-mode sflow forwarding ! interface ethernet 1/2/9 port-name SW-OFFICE dual-mode sflow forwarding ! interface ethernet 1/2/10 port-name SW-MASTER dual-mode sflow forwarding ! interface ethernet 1/3/1 dual-mode speed-duplex 10G-full tag-profile enable ! interface ethernet 1/3/2 dual-mode speed-duplex 10G-full tag-profile enable ! interface ethernet 1/3/3 dual-mode speed-duplex 10G-full ! interface ethernet 1/3/4 dual-mode disable speed-duplex 10G-full ! interface ethernet 1/3/5 port-name SW-R2-TOR dual-mode speed-duplex 10G-full ! interface ethernet 1/3/7 dual-mode speed-duplex 10G-full ! interface ethernet 1/3/8 dual-mode speed-duplex 10G-full ! interface ve 1 ip address 172.16.0.14 255.255.255.0 ip helper-address 1 10.0.10.34 ip ospf area 0 ! interface ve 2 port-name VLAN-VIDEO ip access-group VIDEO-IN in ip address 192.168.1.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 3 port-name VLAN-VOIP ip address 172.16.3.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 4 port-name CORP-WIRELESS acl-logging ip access-group CORP-IN in ip address 172.16.4.250 255.255.255.0 ip pim ip helper-address 1 10.0.10.34 ! interface ve 5 port-name VLAN-GUEST ip access-group GUEST-IN in ip address 172.16.5.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 6 port-name CORP-WIRED ip access-group CORP-IN in ip address 172.16.6.250 255.255.255.0 ip pim ip helper-address 1 10.0.10.34 ! interface ve 7 port-name VLAN-DMZ-1 ip address 10.0.7.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 8 port-name VLAN-IOT ip address 10.0.8.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 9 port-name "VLAN-KIDS" ip access-group KIDS-IN in ip address 10.0.9.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 10 port-name VLAN-NET-SVC ip address 10.0.10.250 255.255.255.0 ! interface ve 11 port-name VLAN-APT-CACHE ip access-group APT-CACHE-IN in ip address 10.0.11.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 20 port-name VLAN-APPS ip address 10.0.20.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 30 port-name VLAN-DEV ip address 10.0.30.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 71 port-name VLAN-ALEXA ip access-group ALEXA-IN in ip address 10.0.71.250 255.255.255.0 ip pim ip helper-address 1 10.0.10.34 ! interface ve 72 port-name VLAN-SONOS ip address 10.0.72.250 255.255.255.0 ip pim ip helper-address 1 10.0.10.34 ! interface ve 73 port-name VLAN-MAILBOX ip address 10.0.73.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 74 port-name VLAN-TV ip address 10.0.74.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 75 port-name VLAN-PLEX ip address 10.0.75.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 76 port-name VLAN-SYNCTHING ip access-group ALL-IN in ip address 10.0.76.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 77 port-name VLAN-GAMING ip access-group GAMING-IN in ip address 10.0.77.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 78 port-name VLAN-LOGGING ip access-group LOGGING-IN in ip address 10.0.78.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 81 port-name VLAN-NEST ip access-group IOT-NEST-IN in ip address 10.0.81.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 82 port-name VLAN-ESP-HOME ip helper-address 1 10.0.10.34 ! interface ve 83 port-name VLAN-XIAOMI ip access-group IOT-XAIOMI-IN in ip address 10.0.83.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 88 port-name VLAN-MIKROTIK ip address 192.168.88.1 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 95 port-name VLAN-BASTION ip address 172.16.95.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 96 port-name VLAN-BACKUP ip access-group BACKUP-IN in ip address 172.16.96.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 97 port-name VLAN-TRUENAS ip access-group ALL-IN in ip address 172.16.97.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 98 port-name VLAN-PROXMOX ip address 172.16.98.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 99 port-name VLAN-IPMI ip address 172.16.99.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! interface ve 100 port-name VLAN-STORAGE ip address 10.0.100.250 255.255.255.0 ip helper-address 1 10.0.10.34 ! ! ! ip access-list extended ALEXA-IN remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any ! ip access-list extended ALL-IN permit ip any any ! ip access-list extended APPS-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit igmp in permit igmp any any remark permit ssdp udp permit ip any host 239.255.255.250 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit ad udp access permit udp any host 10.0.10.10 eq dns permit udp any host 10.0.10.10 eq kerberos permit udp any host 10.0.10.10 eq ntp permit udp any host 10.0.10.10 eq ldap permit udp any host 10.0.10.10 eq kpasswd permit udp any host 10.0.10.20 eq dns permit udp any host 10.0.10.20 eq kerberos permit udp any host 10.0.10.20 eq ntp permit udp any host 10.0.10.20 eq ldap permit udp any host 10.0.10.20 eq kpasswd remark permit ad tcp access permit tcp any host 10.0.10.10 eq dns permit tcp any host 10.0.10.10 eq kerberos permit tcp any host 10.0.10.10 eq loc-srv permit tcp any host 10.0.10.10 eq ldap permit tcp any host 10.0.10.10 eq microsoft-ds permit tcp any host 10.0.10.10 eq kpasswd permit tcp any host 10.0.10.10 eq ldaps permit tcp any host 10.0.10.10 eq 3268 permit tcp any host 10.0.10.10 eq 3269 permit tcp any host 10.0.10.20 eq dns permit tcp any host 10.0.10.20 eq kerberos permit tcp any host 10.0.10.20 eq loc-srv permit tcp any host 10.0.10.20 eq ldap permit tcp any host 10.0.10.20 eq microsoft-ds permit tcp any host 10.0.10.20 eq kpasswd permit tcp any host 10.0.10.20 eq ldaps permit tcp any host 10.0.10.20 eq 3268 permit tcp any host 10.0.10.20 eq 3269 remark permit apt proxy tcp in permit tcp any host 10.0.11.10 eq 3142 remark permit sonos controller tcp in permit tcp any 10.0.72.0 0.0.0.255 eq 1400 permit tcp any 10.0.72.0 0.0.0.255 eq 1433 permit tcp any 10.0.72.0 0.0.0.255 eq 1443 permit tcp any 10.0.72.0 0.0.0.255 eq 4444 remark permit airplay controller udp in permit udp any 10.0.72.0 0.0.0.255 eq ptp-event permit udp any 10.0.72.0 0.0.0.255 eq ptp-gen permit udp any 10.0.72.0 0.0.0.255 range 30000 65535 remark permit airplay controller udp in permit tcp any 10.0.72.0 0.0.0.255 eq 7000 permit tcp any 10.0.72.0 0.0.0.255 range 30000 65535 remark permit site smtp tcp access permit tcp any host 10.0.1.1 eq smtp remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark permit all networks (ie internet) permit ip any any ! ip access-list extended APT-CACHE-IN remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any ! ip access-list extended BACKUP-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit local app servers permit tcp any 10.0.20.0 0.0.0.255 remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark permit all networks (ie internet) permit ip any any ! ip access-list extended CORP-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit igmp in permit igmp any any remark permit ssdp udp permit ip any host 239.255.255.250 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit ad udp access permit udp any host 10.0.10.10 eq dns permit udp any host 10.0.10.10 eq kerberos permit udp any host 10.0.10.10 eq ntp permit udp any host 10.0.10.10 eq ldap permit udp any host 10.0.10.10 eq kpasswd permit udp any host 10.0.10.20 eq dns permit udp any host 10.0.10.20 eq kerberos permit udp any host 10.0.10.20 eq ntp permit udp any host 10.0.10.20 eq ldap permit udp any host 10.0.10.20 eq kpasswd remark permit ad tcp access permit tcp any host 10.0.10.10 eq dns permit tcp any host 10.0.10.10 eq kerberos permit tcp any host 10.0.10.10 eq loc-srv permit tcp any host 10.0.10.10 eq ldap permit tcp any host 10.0.10.10 eq microsoft-ds permit tcp any host 10.0.10.10 eq kpasswd permit tcp any host 10.0.10.10 eq ldaps permit tcp any host 10.0.10.10 eq 3268 permit tcp any host 10.0.10.10 eq 3269 permit tcp any host 10.0.10.20 eq dns permit tcp any host 10.0.10.20 eq kerberos permit tcp any host 10.0.10.20 eq loc-srv permit tcp any host 10.0.10.20 eq ldap permit tcp any host 10.0.10.20 eq microsoft-ds permit tcp any host 10.0.10.20 eq kpasswd permit tcp any host 10.0.10.20 eq ldaps permit tcp any host 10.0.10.20 eq 3268 permit tcp any host 10.0.10.20 eq 3269 remark permit plex tcp ingress permit tcp any host 10.0.20.41 eq 32400 remark permit sonos controller tcp in permit tcp any 10.0.72.0 0.0.0.255 eq 1400 permit tcp any 10.0.72.0 0.0.0.255 eq 1433 permit tcp any 10.0.72.0 0.0.0.255 eq 1443 permit tcp any 10.0.72.0 0.0.0.255 eq 4444 remark permit airplay controller udp in permit udp any 10.0.72.0 0.0.0.255 eq ptp-event permit udp any 10.0.72.0 0.0.0.255 eq ptp-gen permit udp any 10.0.72.0 0.0.0.255 range 30000 65535 remark permit airplay controller udp in permit tcp any 10.0.72.0 0.0.0.255 eq 7000 permit tcp any 10.0.72.0 0.0.0.255 range 30000 65535 remark permit local app servers permit tcp any 10.0.20.0 0.0.0.255 remark permit corp tcp in permit tcp any 172.16.4.0 0.0.0.255 permit tcp any 172.16.6.0 0.0.0.255 remark permit corp udp in permit udp any 172.16.4.0 0.0.0.255 permit udp any 172.16.6.0 0.0.0.255 remark permit smb tcp ingress permit tcp any host 10.0.100.20 range 137 netbios-ssn permit tcp any host 10.0.100.20 eq microsoft-ds remark permit smb tcp ingress permit udp any host 10.0.100.20 range netbios-ns netbios-ssn permit udp any host 10.0.100.20 eq microsoft-ds remark permit management-workstations tcp ingress permit tcp host 172.16.6.103 any remark permit management-workstations udp ingress permit udp host 172.16.6.103 any remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark permit gaming tcp in permit tcp any 10.0.77.0 0.0.0.255 remark permit gaming udp in permit udp any 10.0.77.0 0.0.0.255 remark permit all networks (ie internet) permit ip any any ! ip access-list extended GAMING-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit virtualhere USB access to desktop PC permit udp any host 172.16.6.103 eq 7575 remark permit virtualhere USB access to desktop PC permit tcp any host 172.16.6.103 eq 7575 remark permit Parsec access to corp network permit udp any 172.16.4.0 0.0.0.255 eq 9000 permit udp any 172.16.6.0 0.0.0.255 eq 9000 remark permit Parsec access to corp network permit udp any range 8000 8010 172.16.4.0 0.0.0.255 permit udp any range 8000 8010 172.16.6.0 0.0.0.255 remark permit RDP udp access to corp network permit udp any eq 3389 172.16.4.0 0.0.0.255 permit udp any eq 3389 172.16.6.0 0.0.0.255 remark permit RDP tcp access to corp network permit tcp any eq 3389 172.16.4.0 0.0.0.255 permit tcp any eq 3389 172.16.6.0 0.0.0.255 remark permit steamlink access to corp network permit udp any eq 27031 172.16.4.0 0.0.0.255 permit udp any eq 27036 172.16.4.0 0.0.0.255 permit udp any eq 27031 172.16.6.0 0.0.0.255 permit udp any eq 27036 172.16.6.0 0.0.0.255 remark permit RDP tcp access to corp network permit tcp any eq 27036 172.16.4.0 0.0.0.255 permit tcp any eq 27037 172.16.4.0 0.0.0.255 permit tcp any eq 27036 172.16.6.0 0.0.0.255 permit tcp any eq 27037 172.16.6.0 0.0.0.255 remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any remark deny all networks deny ip any any ! ip access-list extended GUEST-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any ! ip access-list extended IOT-NEST-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any ! ip access-list extended IOT-XAIOMI-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any ! ip access-list extended KIDS-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit kids dns udp access permit udp any host 10.0.10.30 eq dns remark permit kids dns tcp access permit tcp any host 10.0.10.30 eq dns remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark deny local networks deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.15.255.255 log deny ip any 192.168.0.0 0.0.255.255 log remark permit all networks (ie internet) permit ip any any ! ip access-list extended LOGGING-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit apt proxy tcp in permit tcp any host 10.0.11.10 eq 3142 remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark permit all networks (ie internet) permit ip any any ! ip access-list extended NET-SVC-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit all networks (ie internet) permit ip any any ! ip access-list extended SONOS-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit igmp in permit igmp any any remark permit ssdp udp permit ip any host 239.255.255.250 remark permit sonos device tcp in permit tcp any host 10.0.20.35 eq 3400 permit tcp any host 10.0.20.35 eq 3401 permit tcp any host 10.0.20.35 eq 3500 permit tcp any 172.16.4.0 0.0.0.255 eq 3400 permit tcp any 172.16.4.0 0.0.0.255 eq 3401 permit tcp any 172.16.4.0 0.0.0.255 eq 3500 permit tcp any 172.16.6.0 0.0.0.255 eq 3400 permit tcp any 172.16.6.0 0.0.0.255 eq 3401 permit tcp any 172.16.6.0 0.0.0.255 eq 3500 remark permit airplay device udp in permit udp any host 10.0.20.35 eq ptp-event permit udp any host 10.0.20.35 eq ptp-gen permit udp any 172.16.4.0 0.0.0.255 eq ptp-event permit udp any 172.16.4.0 0.0.0.255 eq ptp-gen permit udp any 172.16.6.0 0.0.0.255 eq ptp-event permit udp any 172.16.6.0 0.0.0.255 eq ptp-gen remark permit all networks (ie internet) permit ip any any ! ip access-list extended TRUENAS-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark permit site dns udp access permit udp any host 10.0.1.1 eq dns remark permit site dns tcp access permit tcp any host 10.0.1.1 eq dns remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit ad udp access permit udp any host 10.0.10.10 eq dns permit udp any host 10.0.10.10 eq kerberos permit udp any host 10.0.10.10 eq ntp permit udp any host 10.0.10.10 eq ldap permit udp any host 10.0.10.10 eq kpasswd permit udp any host 10.0.10.20 eq dns permit udp any host 10.0.10.20 eq kerberos permit udp any host 10.0.10.20 eq ntp permit udp any host 10.0.10.20 eq ldap permit udp any host 10.0.10.20 eq kpasswd remark permit ad tcp access permit tcp any host 10.0.10.10 eq dns permit tcp any host 10.0.10.10 eq kerberos permit tcp any host 10.0.10.10 eq loc-srv permit tcp any host 10.0.10.10 eq ldap permit tcp any host 10.0.10.10 eq microsoft-ds permit tcp any host 10.0.10.10 eq kpasswd permit tcp any host 10.0.10.10 eq ldaps permit tcp any host 10.0.10.10 eq 3268 permit tcp any host 10.0.10.10 eq 3269 permit tcp any host 10.0.10.20 eq dns permit tcp any host 10.0.10.20 eq kerberos permit tcp any host 10.0.10.20 eq loc-srv permit tcp any host 10.0.10.20 eq ldap permit tcp any host 10.0.10.20 eq microsoft-ds permit tcp any host 10.0.10.20 eq kpasswd permit tcp any host 10.0.10.20 eq ldaps permit tcp any host 10.0.10.20 eq 3268 permit tcp any host 10.0.10.20 eq 3269 remark permit apt proxy tcp in permit tcp any host 10.0.11.10 eq 3142 remark permit site smtp tcp access permit tcp any host 10.0.1.1 eq smtp remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark permit all networks (ie internet) permit ip any any ! ip access-list extended TV-IN permit icmp any any permit tcp any any established remark allow multicast permit ip any 224.0.0.0 15.255.255.255 remark allow DNS permit udp any host 10.0.1.1 eq dns remark allow NTP permit tcp any host 10.0.1.1 eq 123 permit udp any host 10.0.1.1 eq ntp remark deny all local networks deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.0.255.255 deny ip any 192.16.0.0 0.0.0.255 remark allow internet permit ip any any ! ip access-list extended VIDEO-IN remark permit all ICMP from internal networks permit icmp 10.0.0.0 0.255.255.255 any permit icmp 172.16.0.0 0.15.255.255 any permit icmp 192.168.0.0 0.0.255.255 any remark permit responses to any tcp established sessions permit tcp any any established remark permit ntp udp permit udp any host 10.0.1.1 eq ntp remark permit ntp tcp permit tcp any host 10.0.1.1 eq 123 remark deny dns udp access deny udp any any eq dns log remark deny dns tcp access deny tcp any any eq dns log remark permit local DHCP udp access permit udp any eq bootps any eq bootpc remark permit local DHCP udp access permit udp any eq bootpc any eq bootps remark permit rtsp udp access to blue iris servers permit udp any host 10.0.20.28 eq rtsp remark permit rtsp tcp access to blue iris servers permit tcp any host 10.0.20.28 eq rtsp remark deny all networks deny ip any any ! ip access-list extended XBOX-IN permit icmp any any permit tcp any any established remark allow multicast permit ip any 224.0.0.0 15.255.255.255 remark allow DNS permit udp any host 10.0.1.1 eq dns remark allow NTP permit tcp any host 10.0.1.1 eq 123 permit udp any host 10.0.1.1 eq ntp remark allow parsec ports permit udp any 172.16.4.0 0.0.0.255 eq 9000 permit udp any 172.16.6.0 0.0.0.255 eq 9000 permit udp any eq 3389 172.16.4.0 0.0.0.255 permit tcp any eq 3389 172.16.4.0 0.0.0.255 permit udp any eq 3389 172.16.6.0 0.0.0.255 permit tcp any eq 3389 172.16.6.0 0.0.0.255 remark deny all local networks deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.0.255.255 log deny ip any 192.16.0.0 0.0.0.255 remark allow internet permit ip any any ! ! sflow destination 10.0.1.1 ! lldp run ! ! ! ! end SSH@sw-core#