Building configuration...

Current configuration : 17639 bytes
!
! Last configuration change at 13:12:55 MSK Thu Jul 28 2022 by adm_kapustinal
! NVRAM config last updated at 10:59:49 MSK Thu Jul 28 2022 by adm_kapustinal
!
version 15.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
service unsupported-transceiver
!
hostname IZH-KG-P11-SW-1-3
!
boot-start-marker
boot-end-marker
!
logging buffered 65536
no logging console
enable secret 5 $1$.tEz$Hutes7k4bUis4LgJ26hPn/
!
username netadmin privilege 15 secret 5 $1$sBep$BrbjThNMOKPqlMxpDm4u7.
username akhmetzyanovrr_adm
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization console
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone MSK 4 0
switch 1 provision ws-c2960x-48lps-l
no ip source-route
no ip gratuitous-arps
!
!
ip domain-name komos.ru
ip host VM-KG-NET 10.1.12.70
ip host tftp 10.4.0.214
login on-failure log
login on-success log
vtp mode transparent
!
!
!
!
!
!
!
flow record FLOW-RECORD-L2VPN-INPUT
 description IPv4 NetFlow L2VPN IN
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect transport tcp flags
 collect interface output
 collect counter bytes long
 collect counter packets long
!
!
flow record FLOW-RECORD-L2VPN-OUTPUT
 description IPv4 NetFlow L2VPN OUT
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect transport tcp flags
 collect interface input
 collect counter bytes long
 collect counter packets long
!
!
flow monitor FLOW-MONITOR-L2VPN-INPUT
 description ingress
 cache timeout active 60
 record FLOW-RECORD-L2VPN-INPUT
!
!
flow monitor FLOW-MONITOR-L2VPN-OUTPUT
 description egress
 cache timeout active 60
 record FLOW-RECORD-L2VPN-OUTPUT
!
!
crypto pki trustpoint TP-self-signed-2890218112
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2890218112
 revocation-check none
 rsakeypair TP-self-signed-2890218112
!
!
crypto pki certificate chain TP-self-signed-2890218112
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32383930 32313831 3132301E 170D3030 30373133 30343433 
  35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38393032 
  31383131 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100A2FF 9A166990 248A868C 132D49C8 EF357969 DE5AABCF BCC0EB12 D0AF43C7 
  BECD39C1 827CA980 9D8F1864 9D995D9D CC9A82F6 25A4AABA F7747EDA 62403E18 
  BC43B725 6AA3CCCB DA0F40B4 3E1A9E21 22CEC796 9FB1AEF0 F0DCE02F 92951898 
  9DCADDE6 43D00E6D FB2AE32F 617B378D 4115AD5F 72482292 220DD6D8 E73C6CFE 
  37C90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 147D1068 716D81C1 6D2DBF01 B421D06A 6BE74719 96301D06 
  03551D0E 04160414 7D106871 6D81C16D 2DBF01B4 21D06A6B E7471996 300D0609 
  2A864886 F70D0101 05050003 8181003C 3E229CB8 16EE1017 AF712FE7 1E3092CE 
  3FF13297 283E634A B8DC9C02 FACA6DAB 324A8ED5 65CF05E3 076E407E 79A34240 
  9A5AAD04 3B1C1AC3 168DB4DA 15E6B692 741DE779 B51E7683 F152141F 556FF7B3 
  5D9EB431 B067E16B EDBF826A DDCFD2E5 D0C433A5 8FF201F3 B26393BD 22C85D0A 
  CD6632B9 FE0B0B5F A046F73B 864371
  	quit
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/KG/P11-SW_L2/$H.$T.conf
 write-memory
 time-period 10080
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
no errdisable detect cause gbic-invalid
errdisable recovery cause bpduguard
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause port-mode-failure
errdisable recovery cause loopback
errdisable recovery interval 600
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name KG_LAN-USER
!
vlan 4
 name KG_LAN-VDI
!
vlan 5
 name KG_LAN-ADMIN
!
vlan 6 
!
vlan 11
 name KG_LAN-AS199014
!
vlan 12
 name UNIFI_NETWORK
!
vlan 20
 name DMZ-1
!
vlan 25
 name VoIP
!
vlan 100
 name Inbound_management
!
vlan 101
 name WDS
!
vlan 149
 name -KG-MGMT-INT-10.1.254.0/24-
!
vlan 150 
!
vlan 152
 name KG-ARUBA-USERS
!
vlan 153
 name KG-ARUBA-USERS-GUEST
!
vlan 200
 name KG_MGMT-SRV
!
vlan 201
 name KG_LAN-SRV
!
vlan 202
 name KG_LAN-SRV-DMZ
!
vlan 249
 name --KG-SRV-BKP-10.1.249.0/26--
!
vlan 253
 name exchange_komos-group
!
vlan 289
 name --OCOD_VLAN_1--
!
vlan 296
 name -MLK-KCOD-SRV-All_10.1.123.0/24-
!
vlan 297
 name -MLK-KCOD-SRV-Exchange_10.1.122.
!
vlan 298
 name -KG-COD-Transit-Core-
!
vlan 300
 name KG_MGMT-NET
!
vlan 301
 name KG_MGMT-WIFI
!
vlan 302
 name WiFi_MGM_Aruba_test
!
vlan 349
 name MLK_LAN-DATACENTER-2
!
vlan 351
 name KG_VOIP
!
vlan 500
 name WIFI Guesrt KG
!
vlan 556
 name P2P_iBGP_KOMOS_AS_over_ER_Tel
!
vlan 557
 name P2P_iBGP_KOMOS_AS_over_MTS
!
vlan 558
 name -L2VPN-PVE_HA_ERTLC-
!
vlan 559
 name -L2VPN-PVE_HA_MTS-
!
vlan 598
 name BGP_KG_COD_TRANSIT
!
vlan 599
 name -MLK-KCOD-Trunk_172.30.30.0/27-
!
vlan 3001
 name -KG-ISOLATED-VLAN-
!
vlan 3900
 name -mlk_izh-vLab_net-servers-3900-
!
vlan 3901
 name -mlk_izh-vLab_net-servers-3901-
!
vlan 3902
 name -mlk_izh-vLab_net-servers-3902-
!
vlan 3903
 name -mlk_izh-vLab_net-servers-3903-
!
vlan 3904
 name -mlk_izh-vLab_net-servers-3904-
!
vlan 3905
 name -mlk_izh-vLab_net-servers-3905-
!
vlan 3906
 name -mlk_izh-vLab_net-servers-3906-
!
vlan 3907
 name -mlk_izh-vLab_net-servers-3907-
!
vlan 3908
 name -mlk_izh-vLab_net-servers-3908-
!
vlan 3909
 name -mlk_izh-vLab_net-servers-3909-
!
vlan 3910
 name -mlk_izh-vLab_net-servers-3910-
!
vlan 3911
 name -mlk_izh-vLab_net-servers-3911-
!
vlan 3912
 name -mlk_izh-vLab_net-servers-3912-
!
vlan 3913
 name -mlk_izh-vLab_net-servers-3913-
!
vlan 3914
 name -mlk_izh-vLab_net-servers-3914-
!
vlan 3915
 name -mlk_izh-vLab_net-servers-3915-
!
vlan 3916
 name -mlk_izh-vLab_net-servers-3916-
!
vlan 3917
 name -mlk_izh-vLab_net-servers-3917-
!
vlan 3918
 name -mlk_izh-vLab_net-servers-3918-
!
vlan 3919
 name -mlk_izh-vLab_net-servers-3919-
!
vlan 4030
 name -MLK-KCOD-Native-
!
vlan 4031
 name -MLK-KCOD-VeamRepl_172.31.31.0/2
!
vlan 4032
 name -MLK-KCOD-SQLRepl_172.31.33.0/24
!
vlan 4033
 name -MLK-KCOD-SrvVCHA_172.31.33.0/24
!
vlan 4034
 name -MLK-KCOD-ExchRepl_172.31.34.0/2
!
vlan 4035
 name -MLK-KCOD-Reserv_172.31.35.0/24-
!
vlan 4040
 name KG_LAN-SZB
!
vlan 4093
 name ISP-IMP_ERTEL
!
ip tftp source-interface Vlan100
ip ssh version 2
!
class-map match-any CM_QoS_CS3
 match ip dscp cs3  af31  af32  af33 
class-map match-any CM_QoS_CS2
 match ip dscp cs2  af21  af22  af23 
class-map match-any CM_QoS_CS1
 match ip dscp cs1  af11  af12  af13 
class-map match-any CM_QoS_CS0
 match ip dscp default  1  2  3 
class-map match-any CM_QoS_CS7
 match ip dscp cs7 
class-map match-any CM_QoS_CS6
 match ip dscp cs6  49 
class-map match-any CM_QoS_CS5
 match ip dscp cs5  41  42  45  ef  47 
class-map match-any CM_QoS_CS4
 match ip dscp cs4  af41  af42  af43 
!
policy-map PM_QoS_CLASS_IN
 class CM_QoS_CS7
!
!
! 
!
!
!
!
!
!
!
!
interface Loopback7777
 description TK7239m
 no ip address
 shutdown
!
interface Port-channel1
 description LINK_TO_6500
 switchport mode trunk
 shutdown
!
interface Port-channel2
 description [CORE] SW-1-2
 switchport trunk allowed vlan 4030-4034
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
!
interface Port-channel7
 description [SRV] Po7 cisco PVE2 ORSSI eth1 
 switchport trunk native vlan 201
 switchport trunk allowed vlan 2,5,201,500,558,559
 switchport mode trunk
 no snmp trap link-status
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
 description [SRV] p11-vmw001_eth0
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 description [SRV] p11-vmw002_eth0
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 description [SRV] p11-vmw003_eth0
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 description [SRV] p11-vmw004_eth0
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 description [SRV] p11-vmw005_eth0
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 description [SRV] ORSI_Cisco_Server
 switchport access vlan 5
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/12
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
 description NONE
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 description [SRV] p11-shd001_mg1
 switchport access vlan 298
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 description [SRV] PVE2-eth1
 switchport trunk native vlan 201
 switchport trunk allowed vlan 2,5,201,500,558,559
 switchport mode trunk
 no snmp trap link-status
 channel-group 7 mode active
!
interface GigabitEthernet1/0/16
 description NONE
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/17
 description [SRV] p11-vmw004_eth3
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/18
 description NONE
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/19
 description NONE
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/20
 description [SRV] p11-vmw001_eth2
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/21
 description [SRV] Cisco IMC_PVE2
 switchport access vlan 5
 switchport mode access
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
 description NONE
 switchport access vlan 5
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 description NONE
 switchport access vlan 349
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 description NONE
 switchport access vlan 349
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
 switchport access vlan 201
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/26
 switchport access vlan 201
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
 description TEST_DORADO_MGM
 switchport trunk native vlan 200
 switchport trunk allowed vlan 200
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/48
 description TEST_DORADO_MGM
 switchport trunk native vlan 200
 switchport trunk allowed vlan 200
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet1/0/49
 description [CORE] SW-1-1
 switchport trunk allowed vlan 1-4029,4035-4090
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 hold-queue 4096 in
 hold-queue 4096 out
!
interface GigabitEthernet1/0/50
 description [ISP-1G] L2VPN-to-MLK-IZM_MTS
 switchport trunk native vlan 4030
 switchport trunk allowed vlan 557,599,4031-4035
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 no cdp enable
 no lldp transmit
 no lldp receive
 hold-queue 4096 in
 hold-queue 4096 out
!
interface GigabitEthernet1/0/51
 description [CORE] Po2 SW-1-2
 switchport trunk allowed vlan 4030-4034
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 channel-group 2 mode active
!
interface GigabitEthernet1/0/52
 description [CORE] Po2 SW-1-2
 switchport trunk allowed vlan 4030-4034
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 channel-group 2 mode active
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.1.1.6 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan152
 ip address 10.1.34.100 255.255.254.0
!
ip default-gateway 10.1.1.1
no ip http server
ip http authentication local
no ip http secure-server
!
!
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging trap debugging
logging origin-id hostname
logging facility local6
logging source-interface Vlan100
logging host 192.168.2.25
logging host 10.4.244.4 transport udp port 515
access-list 23 permit any
access-list 23 deny   any log
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405
!
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
banner login ^CCC
*****************************************************************************
*                                                                           *
*                            OOO "KOMOS GROUP"                              *
*                              Pesochnaya 11                                *
*                                1st FLOOR                                  *
*                              DATACENTER-3                                 *
*                                                                           *
*                    UNAUTHORIZED ACCESS IS PROHIBITED                      *
*                                                                           *
*                     You have accessed network equipment.                  *
*  You must have authorized permission to access or configure this device.  *
*     All activities performed on this device are logged and monitored.     *
*                                                                           *
*****************************************************************************^C
!
line con 0
 login authentication CONSOLE
 stopbits 1
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 login authentication NPS
 length 0
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 120 0
 login authentication NPS
 transport input ssh
!
ntp source Vlan100
ntp server 10.1.1.1
end