Building configuration...

Current configuration : 18739 bytes
!
! Last configuration change at 21:50:15 MSK Mon Jun 6 2022
! NVRAM config last updated at 01:00:03 MSK Thu Jul 28 2022
!
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
service unsupported-transceiver
!
hostname IZH-KG-P11-SW-2-1
!
boot-start-marker
boot-end-marker
!
logging buffered 512000 informational
enable secret 5 $1$j4UP$Wgs2xMeWlYNzcOvcwfmE90
!
username netadmin privilege 15 secret 5 $1$ks1B$fsJBlnRS0VwPSRIaPfaw2.
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone MSK 4 0
switch 1 provision ws-c2960x-48lps-l
no ip source-route
no ip gratuitous-arps
!
!
ip dhcp snooping vlan 150,154,204
no ip dhcp snooping information option
ip dhcp snooping
no ip domain-lookup
ip domain-name komos.ru
ip host tftp 10.4.0.214
ip host VM-KG-NET 10.1.12.70
no ip igmp snooping report-suppression
ip igmp snooping querier
ip igmp snooping vlan 4094 querier version 2
ip igmp snooping vlan 4094 mrouter interface Gi1/0/28
ip igmp snooping vlan 4094 mrouter interface Gi1/0/29
ip igmp snooping vlan 4094 mrouter interface Gi1/0/30
ip igmp snooping vlan 4094 mrouter interface Gi1/0/52
login on-failure log
login on-success log
vtp mode transparent
!
!
!
!
!
!
mvr vlan 15
mvr querytime 10
mvr mode dynamic
!
!
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/KG/P11-SW_L2/$H.$T.conf
 write-memory
 time-period 10080
!
spanning-tree mode rapid-pvst
spanning-tree logging
spanning-tree portfast edge bpdufilter default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause loopback
errdisable recovery interval 600
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name KG_LAN-USER
!
vlan 3
 name KG_LAN-RESTRICTED
!
vlan 4
 name KG_LAN-VDI
!
vlan 5
 name KG_LAN-ADMIN
!
vlan 6
 name IMP-LAN
!
vlan 9
 name Kaznach_restrict
!
vlan 11
 name KG_LAN-AS199014
!
vlan 12
 name UNIFI_WIRELESS
!
vlan 20
 name DMZ-1
!
vlan 25
 name VOICE_VLAN
!
vlan 100
 name Inbound_management
!
vlan 112
 name CISCO2911_MGMT
!
vlan 150
 name KG_WIFI-USER
!
vlan 152
 name KG_ARUBA_USERS
!
vlan 154
 name MGMT_ELTEX-WIFI_TEST
!
vlan 200
 name KG_MGMT-SRV
!
vlan 201
 name KG_LAN-SRV
!
vlan 204
 name KAZNACH_KG
!
vlan 297
 name srvNet_10.1.122.0_24
!
vlan 300
 name KG_MGMT-NET
!
vlan 301
 name KG_MGMT-WIFI
!
vlan 303
 name KG-ARUBA-AP
!
vlan 304
 name WIFI_ARUBA_MGM
!
vlan 350
 name IMP-VOIP
!
vlan 351
 name KG_VOIP
!
vlan 400
 name -Video-UZB-
!
vlan 500
 name KG_WIFI-GUEST
!
vlan 3073
 name --MTS_DMVPN--
!
vlan 3074
 name --RT_DMVPN--
!
vlan 3333
 name HUAWEI_WIFI_NETWORK
!
vlan 3334
 name HUAWEI_WIFI_NETWORK_USERS
!
vlan 3915
 name --TEST_ZLOBIN_DENIS_UNTIL_01.07.
!
vlan 4041
 name --VLAN_P11_VS17--
!
vlan 4092
 name ISP-Beeline_Kaznach
!
vlan 4093
 name ISP-IMP_ERTEL
!
vlan 4094
 name KG_VIDEO-RTK
!
ip tcp selective-ack
ip tcp path-mtu-discovery
lldp run
!
policy-map PM_default
 class class-default
!
!
! 
!
!
!
!
!
!
!
!
!
interface Loopback7777
 description TK7238m
 no ip address
 shutdown
!
interface Port-channel1
 description [CORE] SW-1-1
 switchport mode trunk
 ip dhcp snooping trust
!
interface FastEthernet0
 no ip address
 shutdown
!
interface GigabitEthernet1/0/1
 description ACCESS
 switchport access vlan 5
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/2
 description --TEST_ZLOBIN_DENIS_UNTIL_01.07--
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no snmp trap link-status
 storm-control broadcast level pps 200 180
 storm-control multicast level pps 200 180
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
 spanning-tree bpdufilter enable
!
interface GigabitEthernet1/0/3
 description ELTEX-WIFI_TEST
 switchport trunk allowed vlan 150,154
 switchport trunk native vlan 154
 switchport mode trunk
 no logging event link-status
 shutdown
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/4
 description AP_ARUBA
 switchport access vlan 303
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/5
 description ARUBA_AP
 switchport access vlan 303
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/6
 description ARUBA_AP
 switchport access vlan 303
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/7
 description ARUBA_AP
 switchport access vlan 303
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/8
 description ACCESS
 switchport access vlan 152
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/9
 description Semenov_Mihail
 switchport access vlan 5
 switchport mode access
 switchport voice vlan 351
 logging event trunk-status
 logging event spanning-tree
 no snmp trap link-status
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/10
 description HUAWEI_WIFI_NETWORK
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/11
 description [ACC] 220-3-1
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/12
 description !!KAZNACH_KG!!
 switchport access vlan 204
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/13
 description [ACC] cab_308
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/14
 description [ISP-4M] Beeline KAZNACH KG
 switchport access vlan 4092
 switchport mode access
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree guard root
!
interface GigabitEthernet1/0/15
 description [ACC]
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/16
 description [ACC] 220.3.2
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/17
 description SSN-HP_DL180G7-iLO
 switchport access vlan 100
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/18
 description IMP-WAN-ERT
 switchport access vlan 4093
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree bpdufilter enable
!
interface GigabitEthernet1/0/19
 description 206.2.3_Kaznacheistvo_restricted
 switchport access vlan 9
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
!
interface GigabitEthernet1/0/20
 description [PRN] 206.1.2
 switchport access vlan 2
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
!
interface GigabitEthernet1/0/21
 description KG-SRV-BackupDS-MGMT
 switchport access vlan 200
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
!
interface GigabitEthernet1/0/22
 description KG-SRV-BackupDS-MGMT
 switchport access vlan 200
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
!
interface GigabitEthernet1/0/23
 description [ACC] 217-7 Fokina
 switchport access vlan 5
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/24
 description ACCESS
 switchport access vlan 2
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
!
interface GigabitEthernet1/0/25
 description [WIFI] AP-3-304
 switchport access vlan 5
 switchport trunk allowed vlan 12,150
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 hold-queue 4095 out
!
interface GigabitEthernet1/0/26
 description MALKOV_NETWORK
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/27
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/28
 description IPTV_KAFE
 switchport access vlan 2
 switchport mode access
 switchport protected
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/29
 description IPTV_Source
 switchport access vlan 4094
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
!
interface GigabitEthernet1/0/30
 description IPTV_FOKINA
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 350
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/31
 description MALKOV_NETWORK_214-3-2
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/32
 description GARAZH
 switchport access vlan 2
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree bpdufilter enable
!
interface GigabitEthernet1/0/33
 description Seagate-Video-NAS
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
!
interface GigabitEthernet1/0/34
 description 3COMM-SW-Video-IZHASSO
 switchport access vlan 5
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
!
interface GigabitEthernet1/0/35
 description MALKOV_NETWORK_202-4-2
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 storm-control broadcast level 30.00
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/36
 description [WIFI] AP-1-106
 switchport trunk allowed vlan 12,150,500
 switchport trunk native vlan 12
 switchport mode trunk
 no snmp trap link-status
 storm-control broadcast level 30.00
!
interface GigabitEthernet1/0/37
 description [WIFI] AP-2-217-FLV
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/38
 description [WIFI] AP-1-105UPM
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/39
 description [WIFI] AP-2-214-PEU
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/40
 description [WIFI] AP-2-203-OKR
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/41
 description [WIFI] AP-2-222-BUH
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/42
 description ACCESS
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 351
 no logging event link-status
 no snmp trap link-status
 storm-control broadcast level 30.00
 no cdp enable
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/43
 description [WIFI] AP-2-203-OKR
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/44
 description [WIFI] AP-3-310-OFIP
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/45
 description [WIFI] AP-2-201-IT
 switchport trunk allowed vlan 9,10,12,150,301,500
 switchport trunk native vlan 12
 switchport mode trunk
 no logging event link-status
 power inline port 2x-mode
 no snmp trap link-status
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/46
 description [ACC] -Video-UZB-
 switchport access vlan 400
 switchport mode access
 storm-control broadcast level 10.00
 storm-control multicast level 10.00
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree guard root
!
interface GigabitEthernet1/0/47
 description [ISP-100M] Rostelecom RT-1-4_DMVPN
 switchport access vlan 3074
 switchport mode access
 no snmp trap link-status
 storm-control broadcast level 1.00
 no cdp enable
!
interface GigabitEthernet1/0/48
 description [SRV] kg-p11-bkp003
 switchport access vlan 297
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/49
 description [CORE] Po1 SW-1-1
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 channel-group 1 mode on
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/50
 description [CORE] Po1 SW-1-1
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 channel-group 1 mode on
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/51
 description [ISP-300M] Rostelecom L2VPN MK_VS17
 switchport access vlan 4041
 switchport mode access
 logging event trunk-status
 logging event spanning-tree
 speed nonegotiate
 spanning-tree bpdufilter enable
!
interface GigabitEthernet1/0/52
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan4
 description KG_LAN-VDI
 ip address 192.168.248.248 255.255.255.0
!
interface Vlan100
 ip address 10.1.1.21 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
!
ip default-gateway 10.1.1.1
no ip http server
no ip http secure-server
!
ip tftp source-interface Vlan100
ip ssh authentication-retries 2
ip ssh version 2
!
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging trap debugging
logging origin-id hostname
logging facility local6
logging source-interface Vlan100
logging host 10.4.244.4 transport udp port 515
access-list 23 permit any
access-list 23 deny   any log
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
!
radius-server attribute 31 send nas-port-detail
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
!
line con 0
 logging synchronous
 login authentication CONSOLE
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 logging synchronous
 length 0
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 120 0
 logging synchronous
 transport input ssh
!
ntp source Vlan100
ntp server 10.1.1.2
mac address-table notification change
mac address-table notification mac-move
!
end