Updated routers and switches to use NTP/SNTP. Secured peer and server modes on applicable models.

2018-02-09 14:59:50 -06:00 · 2018-02-09 14:59:50 -06:00 · 4c9a047a05
commit 4c9a047a05
parent 5c68380467
9 changed files with 314 additions and 28 deletions
--- a/mtp-configs/asn2net-vpnrtr.turnsys.net
+++ b/mtp-configs/asn2net-vpnrtr.turnsys.net
@ -89,7 +89,7 @@
 		<nextgid>2000</nextgid>
 		<timezone>America/Chicago</timezone>
 		<time-update-interval>300</time-update-interval>
-		<timeservers>0.pfsense.pool.ntp.org</timeservers>
+		<timeservers>pfv-ucs.turnsys.net satx-ucs.turnsys.net ovh-ucs.turnsys.net</timeservers>
 		<webgui>
 			<protocol>https</protocol>
 			<loginautocomplete></loginautocomplete>
@ -1490,8 +1490,8 @@ push route 192.168.120.0 255.255.255.252</custom_options>
 		<dnssecstripped></dnssecstripped>
 	</unbound>
 	<revision>
-		<time>1518050101</time>
-		<description><![CDATA[admin@10.40.50.77: /system_usermanager.php made unknown change]]></description>
+		<time>1518204775</time>
+		<description><![CDATA[admin@10.40.50.77: Updated NTP Server Settings]]></description>
 		<username>admin@10.40.50.77</username>
 	</revision>
 	<dhcpdv6></dhcpdv6>
@ -1883,7 +1883,17 @@ push route 192.168.120.0 255.255.255.252</custom_options>
 		<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2VhWDdMdFg1S0g5emcKMzBBNlVYZTFUUDV2Wm5sb1M3YjJvMndEOUdQeHpyaGM4Y2lFWFJHRVg4SGZCZ25VTFJOZWlvUHRoOGpWd1lHbApwVTkxODUvV1owRjllc0lCTkZFMmVmM2xZeTd3MnQ4L296R2QySXBIa21WU0c3Yk1DOTlOWVdVUHlOZG5DRHM3ClpMY0ptY3VXUUQ3QTN1L2Z3YlFJQzFpWUYwU0Vqa1lWblFaL2JGN2FINllDN0w2L2dPVExkQjE2ZzZnQTJMQk4Kb0FwUHJIT2NadEtkWlgrSEdyRHgrNy9HOGJ3ZzVjY2R3K1RiY0JZTExmUFdGN2hORXVNenhobURIOXZueWhtbwppUDhuU1NXd2E5Z0h6d2Mzbi9YeTcvU3FoT1Q1blovYkFsUWF5ZithdWJPM1I0eEhTRkJCbTFvWXppV2oyRnZBCmxmQmZIb0lHWDVXMmxiL1dEWWhzbE5VeUJFQ1pxSW5FWFA0K01LM3ZZdWZnRHltNjZJNHJ1VzYyWE9XL3R3K3oKTENGRjlCVGZxcUdWa3k4dEpORHNPN0Y5NTFOR28xSHNXcWU3dFJ3ZmpiazM2ajdzdUliampnYWZjaEJXMy9HWgpBMCt4Sm9mRUxoN0M2VzlWMWZQbDZDQmQwaE5xOStNMXgyQmtZT3MwTVRKdzR2K1l0NkNlT1FCcjFvdFBOQnJqCkJQNVUxUlhBWEhoQTRNSjhqVXVBZjVsdkZQZ3MvL2hWOS9SUGdIdGFvQ3ZrTnlSa0dOd1hvNlNmYlZPcDJ0TEgKdzlYSHh5WGszdVk1d2w2TFBYOE13UTJBTktya01PQk9PK0dnWGJyMHduM3BJcENiY3d0T3lDSmxIUVMzbGVpcwppVngwOHpvWGdXVzdXMi90SVJiRmNoYzhtb3RnVHdJREFRQUJBb0lDQURtdUlnd2Nwc0pvdmExbnZPUS9PNzVaCkxaLzBpU3B2djB3cER6Q1ZjVHJmMFlPT1NqdmdBM3ZXdmludDhmQS9CWGw4S0RONktLZWtrUWQybk90TzdSbE4KZWF3dDRhdzhsNEdsZzh4ZGcvOFJRdzdSNWtRYVQ2ZGw1OXl3Mkt1TmV4NmE0d2lQVWRkalNPWUVjeDFjMGFPQQoreGlSVkhoOStJYWhVdjMySXUyOVBFbXNabXhKVW5STDU4L1MwbFc2b2hSdTBEa0c3VXA1bkNCM3NLbDRHcFNOCllBME5veFRYcEN4SVJYazBGaE5JZDJzZ0pCbSt3MWdJd0d0cE1hTm15REhXNVAwNHdZS3h0UXdIN2hnbzZ6OUUKMVdGcWdhOUFZSGEzNXJlY01oK3R4RUlqbytvcE9SZm1uRWlWRmIveTFiNDl5ZDJVV21KQmFvOUNTVWJwUGVCdgpkL2dscXpBeXdyMmhXak1xTjNSWVA5dElPRXBDK013c1c1OVViSEVFcmZXbFhUUCtpclhEL3gxK2g5VEdnKzduCkhncHhFRU95bGlRSVBMQmc2MjV0QmpaVzAxT1Jnd2RCV1hXSXAzMFBwRno4WTg2aytnUkFOSXVUbGdXckZXYlgKV0p6V0RRWlNuM1ovUktQQ3JqRHBMcWprbnFUbUJVUll0UWdxdCtiMENUVEc5bWhQRFMrU1BGNVBERXRvUXlqRwpzaG5oVWFJczBtK3RLejZ0L1hISFI5S3VVZjRoR09vcW1KY3lDRXArSWE2VzI1akJNcHVwc0NBYjZOU2pVSks4CjhCVUtpSzc3NFp5RnFHaU41NlFKZzBaa29ETGo3aDNUVmpLZGNIUmRuYXUwYUs0Y3lVL0JqdkZHUTlkSDRtRTkKNm00bjZZcDVEMnFvQ3U5UEFyMmhBb0lCQVFEUXlWazI3N0RydDE4NGNkZHdaNi83R3d4ZllmbUdreXgzR2pqYwpacnFvOUowMWRnemFFQytORWFqMlpyQk1oYlY4T3pkZTliZkExTXJMQ2NCY0JLZkVGSklUYXh0MVNYTjhIbk9FCnJHS0VQY01TdjZnOEt5NFV0SnUrSXlvTkhFaUNJbER6TFNIUVFMUEhuWjFYUTVBMmJNVkozZkVVZGRYU3B6MnoKRU9RUEpWODJlN3IwRHlta2k0YjVIM2Vlc0dpeVB6cGlwMlBqbTBZU1ZENkk2WUNUOFNJNlRscTBOVGVGRS9qYgpWTHE4NVdoNndrKyt6WlZtb1pzd0lRMHltTzVRVzkzMnVBYUtZazUyVVNVVFRUWEZNeWV0UkZCbnlVQW5rdDhGClF2aUhUdVFMcUdQYmNHYytnbVFRVlJFVkM5eThRVTJHL0FJM3RJbDNzNTB0YzhGUkFvSUJBUURDTy9pam84UGYKbXNsSDFkTmtCc0lDUkVDQW44cmpvejJCMkpQVmZDdXNkNE41R0VpL2c3SDRodm53ZjRqd01MWTVDQ1pIUDRoNgpJOFk2TkJER2hEYW9BV3cwUmdJMzRMMHFQU2dmUmJBdCs5dVc3NXVqc3VzS3JLNE56OEFGT3F3RHRBMGlURk9MCmJQVjhLeU1ER1luRVNlZzE4QjIvU2NiM2QwcFJ2RDdDVlg4anNwLzd1NjV4djIrcHlpSUdxVTJsaVRYVWtUZEwKL3JyTkduNkQxcUlvaUUxWXh2dU9PU29OVWtnS2dvaHp4RmRWMVBzS2I4R3lGV21ZMENkNlNWVjJDalFJQWpSRwo5L2EzdzZOUXB3ZFU4NG1UbzdqYlZzRVdhdUpzMUJkaDJZK3I2MWJ5RjMwa2ZQYXowOGgwcDJEaUZ2YjR4UitzCi8xNXo0RmQwQlorZkFvSUJBRnl0YytlWjRCdlI2dmVnT1BTUllpR0JzUzFKelR4NmFkdDRqVkx3V3QwU3NCSUMKRTlSY0tPOWlybkNweG9wQk0vMHdQL1RyOTZRbUVOcXR1bkJlTktZcVIybE5Pd1FHRmJnN3dDVmRhK0d0bE1EbQp5R1BrK3ZCLzl6NGdWOU00QWN1YU5mcXJ4djJ0S3VCcHkyVG4vY1RhNVh4VGcyY0VvMlI5ampyRlBhYW5mU3N2Ckl4NmcrR2dzOHozMFJPSHhCcGhRenJicC9NSVVzN2NCSkQwY0FWSXFVSG8zTzdZUWhWT1NPUDRMRDFVNE0vZUIKOTJvSDBkQ2IzY293Y2E1TENrWXJjVXpLQlVVNk8vL3pKeFQ1U2V2K09CZUdZbmFmYzlYZE1SZ2gwVFltdzcyVgpBclp1bjdXMHBYeEdkbTIwTlVodmFGMkowZVl1UW5NYkRLTVhaZkVDZ2dFQURsVW1qOHl4MDNvMGlCeDdNTkplCjFwUDZ2b01NRWFnbURjTFJoZHRYemE0MEFXZU5WclI5R1gyOFM4YmRiL3ZvTm1VbmpmSmVPOFVRQjVOMytXNGcKS2wyUWducjRCdStLaGVkbFlvbGQ2c2ErK1hCTTU5TjRESjJaYW1OK0krU2tkTkdBZHB0elBzS1hpc1lVRzFKegpIQXpvR2JMU1B4OU9rMHcySzduY1Y3Sy9ZdjczVnpnT00wNlJDdEpqbUdJOTNJMDNiNndYaklBTGdMOEh2dXJECnBJSUtVeGE3MFU3ZWo0VVcwOCsyQ2ZUZkRQSmVZL0xETkVUb09lS0NSei9LRXAvR0h5RXFnbUloem9XZE00SmYKeENFRWNlU082NENIVndRa0dTdTlYZmNUNXZmQ3ZyS0ZCWUJESkJub25OTU5EeUhxcjRpOFFhUEdjSDZKZFlKRQp1UUtDQVFFQW5iL3B2UWUzUkYxM0NuQkM3L1dETXhNbm9WNDQ1OE9YM0gzTlNGYjlwNDhrUE9vRm8rVk5qWExVCjBtdzB5aWpGUVllWXJSUm9wWXM2UHRJY1BGMityeFdiK05qM2xVVmNYckVaMTZtd2pOcHpjQ0xwUzIzUHdlZFcKR0lxR2E2emNEN2xkUWM5VlRDSUpRc25sOUp5UWMzV0tBTERJVVdFTW9sUE9rSWpCQ3lqUXZBTDJ6OXkzaGFQOQprZkhlNTRRRXY5QVlDWU9Eb01aaStyZFFrMG9OdkVWNG1xWXRUYUxiTzFNRkF6WFRPSkFnNUc5UnNnclJ1d1E0CjNSeGRRMVJpbjFaRkswR0pQa3hlV2tGSFFQeUhzV1R0ZkZLMkxONGhrZ3oyYVVTWkQyUjZreldzM0xHSlpXWXMKZkZuUkQzS0hKbWNocW1WdmlMeWZpNUJGeGF1ald3PT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
 		<serial>4</serial>
 	</ca>
-	<ntpd></ntpd>
+	<ntpd>
+		<interface>lan</interface>
+		<noquery>yes</noquery>
+		<noserve>yes</noserve>
+		<restrictions>
+			<row>
+				<acl_network></acl_network>
+				<mask>128</mask>
+			</row>
+		</restrictions>
+	</ntpd>
 	<dhcrelay></dhcrelay>
 	<dhcrelay6></dhcrelay6>
 	<ovpnserver>
--- a/mtp-configs/ovh-core-rtr01.turnsys.net
+++ b/mtp-configs/ovh-core-rtr01.turnsys.net
@ -36,7 +36,7 @@
 		</user>
 		<nextuid>2000</nextuid>
 		<nextgid>2000</nextgid>
-		<timeservers>0.pfsense.pool.ntp.org</timeservers>
+		<timeservers>pfv-ucs.turnsys.net ovh-ucs.turnsys.net satx-ucs.turnsys.net</timeservers>
 		<webgui>
 			<protocol>https</protocol>
 			<loginautocomplete></loginautocomplete>
@ -979,8 +979,8 @@
 		<dnssecstripped></dnssecstripped>
 	</unbound>
 	<revision>
-		<time>1518049988</time>
-		<description><![CDATA[admin@10.40.50.77: /system_usermanager.php made unknown change]]></description>
+		<time>1518204673</time>
+		<description><![CDATA[admin@10.40.50.77: Updated NTP ACL Settings]]></description>
 		<username>admin@10.40.50.77</username>
 	</revision>
 	<cert>
@ -1242,4 +1242,15 @@
 			<fromaddress>ovh-core-rtr01@turnsys.net</fromaddress>
 		</smtp>
 	</notifications>
+	<ntpd>
+		<interface>lan</interface>
+		<noquery>yes</noquery>
+		<noserve>yes</noserve>
+		<restrictions>
+			<row>
+				<acl_network></acl_network>
+				<mask>128</mask>
+			</row>
+		</restrictions>
+	</ntpd>
 </pfsense>
--- a/mtp-configs/pfv-core-ap01.pfv.turnsys.net
+++ b/mtp-configs/pfv-core-ap01.pfv.turnsys.net
@ -1,7 +1,7 @@
 !
-! Last configuration change at 20:32:33 CST Thu Feb 1 2018 by cisco
-! NVRAM config last updated at 20:32:36 CST Thu Feb 1 2018 by cisco
-! NVRAM config last updated at 20:32:36 CST Thu Feb 1 2018 by cisco
+! Last configuration change at 14:50:15 CST Fri Feb 9 2018 by cisco
+! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
+! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
 version 15.2
 no service pad
 service timestamps debug datetime msec
@ -92,7 +92,7 @@ interface Dot11Radio0
 ssid TheNerdery
 !
 antenna gain 0
- mbssid   
+ mbssid
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2422
 station-role root
@ -188,7 +188,7 @@ interface GigabitEthernet0.200
 bridge-group 200
 bridge-group 200 spanning-disabled
 no bridge-group 200 source-learning
-!         
+!
 interface BVI1
 ip address 10.251.30.251 255.255.255.0
 no ip route-cache
@ -225,6 +225,8 @@ line vty 0 4
 transport input all
 !
 no exception crashinfo
-sntp server 10.251.30.253
+sntp server 10.40.100.200
+sntp server 10.251.30.71
+sntp server 10.253.3.201
 end

--- a/mtp-configs/pfv-core-sw01.pfv.turnsys.net
+++ b/mtp-configs/pfv-core-sw01.pfv.turnsys.net
@ -1,6 +1,6 @@
 !
-! Last configuration change at 22:40:16 CST Thu Feb 1 2018 by cisco
-! NVRAM config last updated at 20:34:03 CST Thu Feb 1 2018 by cisco
+! Last configuration change at 14:54:50 CST Fri Feb 9 2018 by cisco
+! NVRAM config last updated at 14:54:52 CST Fri Feb 9 2018 by cisco
 !
 version 12.2
 no service pad
@ -92,7 +92,7 @@ interface FastEthernet0/3
 description printer-pi
 switchport access vlan 22
 spanning-tree portfast
-!         
+!
 interface FastEthernet0/4
 description pfv-ucs
 switchport trunk encapsulation dot1q
@ -124,7 +124,7 @@ interface FastEthernet0/9
 interface FastEthernet0/10
 description ap4
 switchport access vlan 100
-!         
+!
 interface FastEthernet0/11
 description gallileo
 switchport access vlan 22
@ -188,7 +188,7 @@ interface FastEthernet0/24
 switchport mode trunk
 !
 interface GigabitEthernet0/1
-!         
+!
 interface GigabitEthernet0/2
 !
 interface Vlan1
@ -252,8 +252,10 @@ ip route 0.0.0.0 0.0.0.0 10.251.30.254
 no ip http server
 no ip http secure-server
 !
-!         
+!
 logging 10.253.3.99
+access-list 93 remark NTP access
+access-list 93 deny   any log
 snmp-server user kn3lmgmt kn3lmgmt v1 
 snmp-server user kn3lmgmt kn3lmgmt v2c 
 snmp-server community kn3lmgmt RO
@ -270,8 +272,12 @@ line vty 0 4
 transport input all
 line vty 5 15
 !
-ntp clock-period 36029637
-ntp server 10.251.30.254
-ntp server 10.251.30.253
+ntp clock-period 36029657
+ntp access-group peer 93
+ntp access-group serve 93
+ntp access-group serve-only 93
+ntp server 10.253.3.201
+ntp server 10.40.100.200
+ntp server 10.251.30.71
 end

--- a/mtp-configs/satx-ap-satxinternet.satx.turnsys.net
+++ b/mtp-configs/satx-ap-satxinternet.satx.turnsys.net
@ -1,4 +1,7 @@
 !
+! Last configuration change at 13:44:44 CST Fri Feb 9 2018 by cisco
+! NVRAM config last updated at 13:44:45 CST Fri Feb 9 2018 by cisco
+!
 version 12.3
 no service pad
 service timestamps debug datetime msec
@ -15,8 +18,8 @@ enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
 clock timezone CST -6
 ip subnet-zero
 no ip domain lookup
-ip domain name stmarytx.edu
-ip name-server 10.253.3.86
+ip domain name turnsys.net
+ip name-server 10.40.50.254
 !
 !
 no aaa new-model
@ -204,5 +207,230 @@ line vty 0 4
 !
 no exception crashinfo
 sntp server 10.251.30.253
+sntp server 10.40.100.200
+end
+
+outap-front#conf t
+Enter configuration commands, one per line.  End with CNTL/Z.
+outap-front(config)#no sntp server 10.251.30.253
+outap-front(config)#end
+outap-front#write mem
+Building configuration...
+[OK]
+outap-front#show run
+Building configuration...
+
+Current configuration : 5971 bytes
+!
+! Last configuration change at 13:46:16 CST Fri Feb 9 2018 by cisco
+! NVRAM config last updated at 13:46:19 CST Fri Feb 9 2018 by cisco
+!
+version 12.3
+no service pad
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+!
+hostname outap-front
+!
+logging rate-limit console 9
+no logging console
+no logging monitor
+enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
+!
+clock timezone CST -6
+ip subnet-zero
+no ip domain lookup
+ip domain name turnsys.net
+ip name-server 10.40.50.254
+!
+!
+no aaa new-model
+dot11 syslog
+dot11 vlan-name Public vlan 2
+dot11 vlan-name Video vlan 201
+dot11 vlan-name Voice vlan 200
+dot11 vlan-name Workstations vlan 50
+!
+dot11 ssid SATX-Internet
+   vlan 50
+   authentication open 
+   authentication key-management wpa
+   guest-mode
+   mbssid guest-mode dtim-period 75
+   wpa-psk ascii 7 070D2E43410E1C1704
+!
+dot11 network-map
+!
+crypto pki trustpoint TP-self-signed-4066931324
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-4066931324
+ revocation-check none
+ rsakeypair TP-self-signed-4066931324
+!
+!
+crypto ca certificate chain TP-self-signed-4066931324
+ certificate self-signed 01
+  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
+  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
+  69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333 
+  32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
+  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639 
+  33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
+  8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4 
+  335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96 
+  BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072 
+  04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636 
+  01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
+  551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06 
+  03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609 
+  2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D 
+  A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4 
+  33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F 
+  8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254 
+  F3452830 685FB60B 7BDEF67B C689FA
+  quit
+username Cisco privilege 15 password 7 02050D480809
+!
+bridge irb
+!
+!
+interface Dot11Radio0
+ no ip address
+ no ip route-cache
+ !
+ encryption mode ciphers aes-ccm 
+ !
+ encryption vlan 2 mode ciphers aes-ccm tkip 
+ !
+ encryption vlan 50 mode ciphers aes-ccm tkip 
+ !
+ encryption vlan 200 mode ciphers aes-ccm tkip 
+ !
+ encryption vlan 201 mode ciphers aes-ccm tkip 
+ !
+ ssid SATX-Internet
+ !
+ mbssid
+ speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
+ station-role root
+ antenna gain 0
+ bridge-group 1
+ bridge-group 1 subscriber-loop-control
+ bridge-group 1 block-unknown-source
+ no bridge-group 1 source-learning
+ no bridge-group 1 unicast-flooding
+ bridge-group 1 spanning-disabled
+!
+interface Dot11Radio0.2
+ encapsulation dot1Q 2
+ no ip route-cache
+ bridge-group 2
+ bridge-group 2 subscriber-loop-control
+ bridge-group 2 port-protected
+ bridge-group 2 block-unknown-source
+ no bridge-group 2 source-learning
+ no bridge-group 2 unicast-flooding
+ bridge-group 2 spanning-disabled
+!
+interface Dot11Radio0.50
+ encapsulation dot1Q 50
+ no ip route-cache
+ bridge-group 50
+ bridge-group 50 subscriber-loop-control
+ bridge-group 50 block-unknown-source
+ no bridge-group 50 source-learning
+ no bridge-group 50 unicast-flooding
+ bridge-group 50 spanning-disabled
+!
+interface Dot11Radio0.200
+ encapsulation dot1Q 200
+ no ip route-cache
+ bridge-group 200
+ bridge-group 200 subscriber-loop-control
+ bridge-group 200 block-unknown-source
+ no bridge-group 200 source-learning
+ no bridge-group 200 unicast-flooding
+ bridge-group 200 spanning-disabled
+!
+interface Dot11Radio0.201
+ encapsulation dot1Q 201
+ no ip route-cache
+ bridge-group 201
+ bridge-group 201 subscriber-loop-control
+ bridge-group 201 block-unknown-source
+ no bridge-group 201 source-learning
+ no bridge-group 201 unicast-flooding
+ bridge-group 201 spanning-disabled
+!
+interface FastEthernet0
+ no ip address
+ no ip route-cache
+ duplex auto
+ speed auto
+ bridge-group 1
+ no bridge-group 1 source-learning
+!
+interface FastEthernet0.2
+ encapsulation dot1Q 2
+ no ip route-cache
+ bridge-group 2
+ no bridge-group 2 source-learning
+ bridge-group 2 spanning-disabled
+!
+interface FastEthernet0.50
+ encapsulation dot1Q 50
+ no ip route-cache
+ bridge-group 50
+ no bridge-group 50 source-learning
+ bridge-group 50 spanning-disabled
+!
+interface FastEthernet0.200
+ encapsulation dot1Q 200
+ no ip route-cache
+ bridge-group 200
+ no bridge-group 200 source-learning
+ bridge-group 200 spanning-disabled
+!
+interface FastEthernet0.201
+ encapsulation dot1Q 201
+ no ip route-cache
+ bridge-group 201
+ no bridge-group 201 source-learning
+ bridge-group 201 spanning-disabled
+!
+interface BVI1
+ ip address 10.40.100.201 255.255.255.0
+ no ip route-cache
+!
+ip default-gateway 10.40.100.254
+no ip http server
+ip http secure-server
+ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
+!
+snmp-server community kn3lmgmt RO
+snmp-server location SATX
+snmp-server contact prodtechopsalerts@turnsys.com
+bridge 1 route ip
+!
+!
+banner login ^CC5
+===============================================================================
+-------------------------------------------------------------------------------
+RT - PRODUCTION SYSTEM - GO AWAY
+-------------------------------------------------------------------------------
+
+   This is a private computer system.
+===============================================================================
+^C
+!
+line con 0
+line vty 0 4
+ login local
+!
+no exception crashinfo
+sntp server 10.40.100.200
+sntp server 10.253.3.201
+sntp server 10.251.30.71
 end

--- a/mtp-configs/satx-prodsw1.satx.turnsys.net
+++ b/mtp-configs/satx-prodsw1.satx.turnsys.net
@ -121,16 +121,22 @@ username admin password a9166ce242b34acf0afb80b1092536bd level 15 encrypted
 snmp-server location satx
 snmp-server community kn3l rw 10.253.3.77 view DefaultSuper 
 snmp-server community kn3lmgmt ro view Default 
+clock timezone -6
+sntp client poll timer 120
+sntp unicast client enable
+sntp server 10.40.100.200
+sntp server 10.251.30.71
+sntp server 10.253.3.201
 ip domain-name turnsys.net


-
+                                            



 Default settings: 
 Service tag: CBRWFH1 
-                                            
+ 
 SW version 2.0.0.35 (date  27-Jan-2009 time  18:13:34) 
 
 Gigabit Ethernet Ports 
@ -146,7 +152,7 @@ no back-pressure
 interface vlan 1 
 interface port-channel 1 - 8 
 
-spanning-tree 
+spanning-tree                               
 spanning-tree mode STP 
 
 qos basic 
--- a/mtp-configs/satx-prodsw3.satx.turnsys.net
+++ b/mtp-configs/satx-prodsw3.satx.turnsys.net
@ -1,4 +1,7 @@
 !
+! Last configuration change at 20:06:32 UTC Fri Feb 9 2018 by cisco
+! NVRAM config last updated at 20:06:34 UTC Fri Feb 9 2018 by cisco
+!
 version 12.0
 no service pad
 service timestamps debug uptime
@ -137,6 +140,8 @@ interface VLAN201
 !
 ip default-gateway 10.40.100.254
 logging 10.253.3.99
+access-list 93 remark NTP access
+access-list 93 deny   any log
 snmp-server engineID local 00000009020000053274C2C0
 snmp-server community kn3lmgmt RO
 snmp-server location SATX
@ -150,5 +155,12 @@ line vty 0 4
 password 7 01100F175804
 line vty 5 15
 !
+ntp clock-period 11258997
+ntp access-group peer 93
+ntp access-group serve 93
+ntp access-group serve-only 93
+ntp server 10.253.3.201
+ntp server 10.40.100.200
+ntp server 10.251.30.71
 end

--- a/mtp-configs/satx-rr-rtr.satx.turnsys.net
+++ b/mtp-configs/satx-rr-rtr.satx.turnsys.net
@ -60,7 +60,7 @@ multilink bundle-name authenticated
 !
 !
 !
-!         
+!
 !
 !
 voice-card 0
@ -118,6 +118,8 @@ no ip http secure-server
 !
 !
 logging 10.253.3.99
+access-list 93 remark NTP access
+access-list 93 deny   any log
 !
 !
 !
@ -148,5 +150,11 @@ line vty 5 15
 login
 !
 scheduler allocate 20000 1000
+ntp access-group peer 93
+ntp access-group serve 93
+ntp access-group serve-only 93
+ntp server 10.251.30.71
+ntp server 10.40.100.200
+ntp server 10.253.3.201
 end

--- a/mtp-configs/satx-tsyscoresw1.satx.turnsys.net
+++ b/mtp-configs/satx-tsyscoresw1.satx.turnsys.net
@ -157,4 +157,7 @@ clock source sntp
 sntp client poll timer 60
 sntp unicast client enable
 sntp unicast client poll
+sntp server 10.40.100.200
+sntp server 10.251.30.71
+sntp server 10.253.3.201