Building configuration...

Current configuration : 53612 bytes
!
! Last configuration change at 14:37:31 SAMT Wed Jul 27 2022 by adm_kapustinal
! NVRAM config last updated at 14:39:34 SAMT Thu Jul 21 2022 by akhmetzyanovrr_adm
!
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
service compress-config
service unsupported-transceiver
!
hostname IZH-MLK-IZM-SW-1-1
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.08.01.E.152-4.E1.bin
license boot level entservices
boot-end-marker
!
!
vrf definition mgmtVrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging userinfo
logging buffered 64000
logging event link-status global
logging event trunk-status global
enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1
!
username netadmin privilege 15 secret 5 $1$TmCf$7DTGwTawupGEcfLxy5c9g/
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone SAMT 4 0
!
switch virtual domain 1
 switch mode virtual
 switch 1 priority 200
 switch 2 priority 150
 mac-address use-virtual
!
!
!
!
!
!
!
!
!
!
!
no ip domain-lookup
ip domain-name milkom-komos.ru
ip host tftp 10.4.0.214
ip name-server 192.168.8.200
ip name-server 192.168.8.201
!
!
login on-failure log
login on-success log
vtp domain MILKOM-KOMOS.RU
vtp mode off
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
 permit any 0022.bdcd.d200 0000.0000.00ff
 permit 0022.bdcd.d200 0000.0000.00ff any
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
port-channel load-balance src-dst-port
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/MLK/IZM-SW_L3/$H-$T
 write-memory
 time-period 10080
!
spanning-tree mode pvst
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 4096
!
redundancy
 mode sso
bfd-template single-hop p2p
 interval min-tx 300 min-rx 300 multiplier 3
!
!
vlan internal allocation policy ascending
!
vlan 8
 name --UserNet_8.0/24--
!
vlan 9
 name --UserNet_9.0/24--
!
vlan 10
 name --UserNet_10.0/24--
!
vlan 11
 name --UserNet_11.0/24--
!
vlan 12
 name --UserNet_12.0/24--
!
vlan 13
 name --UserNet_13.0/24--
!
vlan 14
 name --UserNet_14.0/24--
!
vlan 15
 name --UserNet_15.0/24--
!
vlan 16
 name --UserNet_16.0/24--
!
vlan 17
 name --UserNet_17.0/24--
!
vlan 18
 name --UserNet_18.0/24--
!
vlan 19
 name --UserNet_19.0/24--
!
vlan 20
 name --UserNet_20.0/24--
!
vlan 22
 name Nobel_Users
!
vlan 23
 name test_Rustam
!
vlan 90
 name NET_SERVER_150
!
vlan 93
 name --LINK_TO_vpn_SSTP--
!
vlan 96
 name --ERTELEKOM--
!
vlan 99
 name --MARK_ASTERISK--
!
vlan 101
 name --PRINTERS--
!
vlan 103
 name -=KPP_Vesi&Cam=-
!
vlan 110
 name --NET_KIP_PRODACTION--
!
vlan 111
 name TRANSIT_TO_C3925-1
!
vlan 112
 name Intraconnect_ospf_area_1
!
vlan 113
 name TRANSIT_TO_MIKROTIK
!
vlan 150
 name --Wi-Fi_Users_32.0/24--
!
vlan 151
 name --Wi-Fi_Prod_33.0/24--
!
vlan 172
 name TelephonyNet
!
vlan 173
 name TelephonyTest
!
vlan 201
 name --MANUFACTURE_VLAN--
!
vlan 202
 name --DMZ--
!
vlan 207
 name VCOD_Servers_DMZ_Frontend
!
vlan 208
 name VCOD_Servers_Backend
!
vlan 248
 name --SANDBOX_ELAR--
!
vlan 249
 name --ServTestC_36.0/24--
!
vlan 250
 name --ServerNet_0.0/24--
!
vlan 251
 name -=ServMail_7.0/28=-
!
vlan 252
 name --VOICE_ATS--
!
vlan 253
 name exchange_komos-group
!
vlan 254
 name -Service_SharePoint-
!
vlan 255
 name --ServerNet_2.0/24--
!
vlan 256
 name Server_Mon_1C_3.0/24
!
vlan 257
 name KONTUR_DEV_SQL5.0/27
!
vlan 288
 name SERVERS_DEV
!
vlan 289
 name -=SRVBakNet_245.0_24=-
!
vlan 290
 name -=SrvVmwVMon_242.0/26=-
!
vlan 291
 name -=SrvVmwVSan_242.64/26=-
!
vlan 292
 name -=SrvBakNet_243.0/24=-
!
vlan 294
 name --SRV_iLO_iDrack_etc--
!
vlan 299
 name --SrvMng_240.0\24--
!
vlan 300
 name --MANAGMENT--
!
vlan 301
 name --Wi-Fi_MANAGMENT--
!
vlan 302
 name -=Wi-Fi_MANAGMENT=-
!
vlan 350
 name --VOICE_28.0/23--
!
vlan 448
 name -=VideoKomos=-
!
vlan 500
 name --Wi-Fi_Guest_35.0/24--
!
vlan 550
 name --CISCO_ASA--
!
vlan 551
 name --TRANSIT_HSRP--
!
vlan 553
 name VST-IZM Peering
!
vlan 554
 name VRS-IZM Peering
!
vlan 556
 name P2P_iBGP_KOMOS_AS_over_ER_Telecom
!
vlan 557
 name P2P_iBGP_KOMOS_AS_over_MTS
!
vlan 596
 name P2P_RCOD-OCOD_ER_Telecom
!
vlan 597
 name --BGP_TRANSIT_TO_ISR4431--
!
vlan 599
 name MLK_TRUNK_TO_DC-MLK
!
vlan 600
 name --PET_PRODACTION--
!
vlan 601
 name --KMK_PRODACTION--
!
vlan 603
 name --CRPT-Mark--
!
vlan 650
 name --ISCSI--
!
vlan 1000
 name --ELAR-TEST--
!
vlan 1100
 name TEST_ARR_esr-10
!
vlan 1113
 name PI_RT-1-3
!
vlan 1500
 name dmz_env_1C_WMS_MLK
!
vlan 1501
 name safe_env_1C_WMS_MLK
!
vlan 1999
 name env_1C_Licensing
!
vlan 2145
 name Test_BGP
!
vlan 3915
 name IZM_VLAN3915_SPLUNK
!
vlan 4030
 name MLK_NATIVE_TO_DC-MLK
!
vlan 4031
 name --MLK-KCOD_VEAMREPL_172.31.31.0/24--
!
vlan 4032
 name --MLK-KCOD_SQLREPL_172.31.33.0/24--
!
vlan 4033
 name --MLK-KCOD_SRVVCHA_172.31.33.0/24--
!
vlan 4034
 name --MLK-KCOD_EXCHREPL_172.31.34.0/24--
!
vlan 4035
 name --MLK-KCOD_SRVVCMG_172.31.35.0/24--
lldp run
!
track 1 ip sla 1 reachability
 delay down 10 up 5
!
track 2 ip sla 2 reachability
 delay down 10 up 5
!
track 3 ip sla 3 reachability
 delay down 10 up 5
!
track 4 ip sla 4 reachability
 delay down 10 up 5
!
track 10 list boolean or
 object 1
 object 2
 object 3
 object 4
 delay down 5 up 30
!
!
class-map match-any VSL-MGMT-PACKETS
 match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
 match any 
class-map match-any VSL-L2-CONTROL-PACKETS
 match access-group name VSL-DOT1x
 match access-group name VSL-BPDU
 match access-group name VSL-CDP
 match access-group name VSL-LLDP
 match access-group name VSL-SSTP
 match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
 match access-group name VSL-IPV4-ROUTING
 match access-group name VSL-BFD
 match access-group name VSL-DHCP-CLIENT-TO-SERVER
 match access-group name VSL-DHCP-SERVER-TO-CLIENT
 match access-group name VSL-DHCP-SERVER-TO-SERVER
 match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
 match dscp af41 
 match dscp af42 
 match dscp af43 
 match dscp af31 
 match dscp af32 
 match dscp af33 
 match dscp af21 
 match dscp af22 
 match dscp af23 
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
 match dscp ef 
 match dscp cs4 
 match dscp cs5 
class-map match-any VSL-SIGNALING-NETWORK-MGMT
 match dscp cs2 
 match dscp cs3 
 match dscp cs6 
 match dscp cs7 
!
policy-map VSL-Queuing-Policy
 class VSL-MGMT-PACKETS
  bandwidth percent 5 
 class VSL-L2-CONTROL-PACKETS
  bandwidth percent 5 
 class VSL-L3-CONTROL-PACKETS
  bandwidth percent 5 
 class VSL-VOICE-VIDEO-TRAFFIC
  bandwidth percent 30 
 class VSL-SIGNALING-NETWORK-MGMT
  bandwidth percent 10 
 class VSL-MULTIMEDIA-TRAFFIC
  bandwidth percent 20 
 class VSL-DATA-PACKETS
  bandwidth percent 20 
 class class-default
  bandwidth percent 5 
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Null0
 no ip unreachables
!
interface Loopback11
 description KOMOS PI
 ip address 91.240.179.254 255.255.255.255
!
interface Port-channel1
 description [VSL] Link_1
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 1
!
interface Port-channel2
 description [VSL] Link_2
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 2
!
interface Port-channel4
 description --IZH-KY-04-SW1--
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel5
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel6
 description [KU] SW-18-2
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel7
 description [KU] SW-11-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel8
 description [KU] SW-2-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel9
 description --IZH-KY-04-SW0--
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel10
 description [KU] SW-6-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel11
 description [KU] SW-7-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel13
 description [KU] SW-8-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel14
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel15
 description [KU] SW-14-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel16
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel17
 description --IZH-KY-13-1-SW0--
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel18
 description [KU] SW-15-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel19
 description [KU] SW-16-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel20
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel21
 description [KU] SW-6-2
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel22
 description [CORE] SW-1-3
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel23
 description [KU] SW-7-2
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel24
 description [KU] SW-17-2
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel25
 description [KU] SW-18-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel26
 description [KU] SW-18-3
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel27
 description [KU] SW-5-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel28
 description [KU] SW-6-3
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel29
 description [KU] SW-19-1
 switchport
 switchport mode trunk
!
interface Port-channel31
 description [KU] SW-3-1
 switchport
 switchport mode trunk
!
interface Port-channel41
 description [KU] SW-4-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel100
 description [CORE] SW-1-4
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel101
 description [CORE] SW-1-2
 switchport
 switchport mode trunk
!
interface Port-channel102
 description [-CORE] Huawei CE6881
 switchport
 switchport mode trunk
!
interface Port-channel110
 description [KU] SW-10-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel121
 description [KU] SW-12-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface Port-channel131
 description [KU] SW-13-1
 switchport
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface FastEthernet1
 vrf forwarding mgmtVrf
 no ip address
 speed auto
 duplex auto
!
interface TenGigabitEthernet1/1/1
 description [KU] Po41 SW-4-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 41 mode active
!
interface TenGigabitEthernet1/1/2
 description [KU] Po131 SW-13-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 131 mode active
!
interface TenGigabitEthernet1/1/3
 description [KU] Po6 SW-18-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 6 mode on
!
interface TenGigabitEthernet1/1/4
 description [KU] Po7 SW-11-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 7 mode on
!
interface TenGigabitEthernet1/1/5
 description [KU] Po8 SW-2-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 8 mode on
!
interface TenGigabitEthernet1/1/6
 description --IZH-KY-04-SW0--
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 9 mode on
!
interface TenGigabitEthernet1/1/7
 description [KU] Po10 SW-6-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 10 mode on
!
interface TenGigabitEthernet1/1/8
 description [KU] Po11 SW-7-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 11 mode on
!
interface TenGigabitEthernet1/1/9
 description [KU] SW-3-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet1/1/10
 description [KU] Po13 SW-8-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 13 mode on
!
interface TenGigabitEthernet1/1/11
 description [KU] SW-9-2
 switchport mode trunk
!
interface TenGigabitEthernet1/1/12
 description [KU] Po15 SW-14-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 15 mode on
!
interface TenGigabitEthernet1/1/13
 description [KU] Po19 SW-16-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 19 mode on
!
interface TenGigabitEthernet1/1/14
 description [KU] SW-17-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet1/1/15
 description [KU] Po18 SW-15-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 18 mode active
!
interface TenGigabitEthernet1/1/16
 description [KU] SW-9-1
 switchport mode trunk
!
interface TenGigabitEthernet1/1/17
 description [KU] Po121 SW-12-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 121 mode active
!
interface TenGigabitEthernet1/1/18
 description [KU] Po21 SW-6-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 21 mode on
!
interface TenGigabitEthernet1/1/19
 description [CORE] Po22 SW-1-3
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 22 mode on
!
interface TenGigabitEthernet1/1/20
 description [KU] Po23 SW-7-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 23 mode on
!
interface TenGigabitEthernet1/1/21
 description [KU] Po24 SW-17-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 24 mode on
!
interface TenGigabitEthernet1/1/22
 description [KU] Po25 SW-18-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 25 mode on
!
interface TenGigabitEthernet1/1/23
 description [KU] Po26 SW-18-3
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 26 mode on
!
interface TenGigabitEthernet1/1/24
 description [KU] Po27 SW-5-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 27 mode on
!
interface TenGigabitEthernet1/1/25
 description [KU] Po28 SW-6-3
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 28 mode on
!
interface TenGigabitEthernet1/1/26
 description --IZH-MLK-IZM-SW-3-1--
 switchport mode trunk
 channel-group 31 mode on
!
interface TenGigabitEthernet1/1/27
 description [CORE] RT-1-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet1/1/28
 description [CORE] RT-1-1
 switchport trunk allowed vlan 100,111,112,300,551,556,557,597
 switchport mode trunk
!
interface TenGigabitEthernet1/1/29
 description [CORE] SW-1-2
 switchport mode trunk
 channel-group 101 mode active
!
interface TenGigabitEthernet1/1/30
 description [CORE] Po100 SW-1-4
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 100 mode active
!
interface TenGigabitEthernet1/1/31
 description [VSL] Po1 Link_1
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 channel-group 1 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/32
 description [VSL] Po1 Link_1
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 channel-group 1 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/2/1
 description [KU] Po31 SW-3-1
 switchport mode trunk
 channel-group 31 mode on
!
interface TenGigabitEthernet1/2/2
 description [KU] Po110 SW-10-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 110 mode active
!
interface TenGigabitEthernet1/2/3
!
interface TenGigabitEthernet1/2/4
!
interface TenGigabitEthernet1/2/5
!
interface TenGigabitEthernet1/2/6
!
interface TenGigabitEthernet1/2/7
!
interface TenGigabitEthernet1/2/8
 description [CORE] Huawei ce6881
 switchport mode trunk
 channel-group 102 mode active
!
interface TenGigabitEthernet2/1/1
 description [KU] Po41 SW-4-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 41 mode active
!
interface TenGigabitEthernet2/1/2
 description [KU] Po131 SW-13-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 131 mode active
!
interface TenGigabitEthernet2/1/3
 description [KU] Po6 SW-18-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 6 mode on
!
interface TenGigabitEthernet2/1/4
 description [KU] Po7 SW-11-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 7 mode on
!
interface TenGigabitEthernet2/1/5
 description [KU] Po8 SW-2-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 8 mode on
!
interface TenGigabitEthernet2/1/6
 description --IZH-KY-04-SW0--
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 9 mode on
!
interface TenGigabitEthernet2/1/7
 description [KU] Po10 SW-6-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 10 mode on
!
interface TenGigabitEthernet2/1/8
 description [KU] Po11 SW-7-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 11 mode on
!
interface TenGigabitEthernet2/1/9
 description FREE
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet2/1/10
 description [KU] Po13 SW-8-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 13 mode on
!
interface TenGigabitEthernet2/1/11
 description [KU] Po29 SW-19-1
 switchport mode trunk
 channel-group 29 mode active
!
interface TenGigabitEthernet2/1/12
 description [KU] Po15 SW-14-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 15 mode on
!
interface TenGigabitEthernet2/1/13
 description FREE
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet2/1/14
 description --IZH-KY-13-1-SW0--
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 17 mode on
!
interface TenGigabitEthernet2/1/15
 description --IZH-KY-15-0-SW0--
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 18 mode active
!
interface TenGigabitEthernet2/1/16
 description --IZH-KY-16-0-SW0--
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 19 mode on
!
interface TenGigabitEthernet2/1/17
 description [KU] Po121 SW-12-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 121 mode active
!
interface TenGigabitEthernet2/1/18
 description [KU] Po21 SW-6-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 21 mode on
!
interface TenGigabitEthernet2/1/19
 description [CORE] Po22 SW-1-3
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 22 mode on
!
interface TenGigabitEthernet2/1/20
 description [KU] Po23 SW-7-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 23 mode on
!
interface TenGigabitEthernet2/1/21
 description [KU] Po24 SW-17-2
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 24 mode on
!
interface TenGigabitEthernet2/1/22
 description [KU] Po25 SW-18-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 25 mode on
!
interface TenGigabitEthernet2/1/23
 description [KU] Po26 SW-18-3
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 26 mode on
!
interface TenGigabitEthernet2/1/24
 description [KU] Po27 SW-5-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 27 mode on
!
interface TenGigabitEthernet2/1/25
 description [KU] Po28 SW-6-3
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 28 mode on
!
interface TenGigabitEthernet2/1/26
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet2/1/27
 description [KU] SW-20-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet2/1/28
 description --IZH-KY-17-4-SW0--
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
!
interface TenGigabitEthernet2/1/29
 description [CORE] SW-1-2
 switchport mode trunk
 channel-group 101 mode active
!
interface TenGigabitEthernet2/1/30
 description [CORE] Po100 SW-1-4
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 100 mode active
!
interface TenGigabitEthernet2/1/31
 description [VSL] Po2 Link_2
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 channel-group 2 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/32
 description [VSL] Po2 Link_2
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 channel-group 2 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/2/1
 description [KU] Po31 SW-3-1
 switchport mode trunk
 channel-group 31 mode on
!
interface TenGigabitEthernet2/2/2
 description [KU] Po110 SW-10-1
 switchport trunk allowed vlan 1-447,449-4094
 switchport mode trunk
 channel-group 110 mode active
!
interface TenGigabitEthernet2/2/3
!
interface TenGigabitEthernet2/2/4
!
interface TenGigabitEthernet2/2/5
!
interface TenGigabitEthernet2/2/6
!
interface TenGigabitEthernet2/2/7
!
interface TenGigabitEthernet2/2/8
 description [CORE] Huawei ce6881
 switchport mode trunk
 channel-group 102 mode active
!
interface Vlan1
 description LOCAL
 ip dhcp relay information trusted
 ip address 192.168.110.254 255.255.255.0 secondary
 ip address 192.168.9.254 255.255.255.0 secondary
 ip address 192.168.8.254 255.255.255.0 secondary
 ip address 192.168.5.254 255.255.255.0
 ip helper-address 192.168.3.230 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan8
 description --UserNet_8.0/24--
 ip address 10.4.8.254 255.255.255.0
 ip helper-address 10.4.8.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan9
 description --UserNet_9.0/24--
 ip address 10.4.9.254 255.255.255.0
 ip helper-address 10.4.9.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan10
 description --UserNet_10.0/24--
 ip address 10.4.10.254 255.255.255.0
 ip helper-address 10.4.10.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan11
 description --UserNet_11.0/24--
 ip address 10.4.11.254 255.255.255.0
 ip helper-address 10.4.11.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan12
 description --UserNet_12.0/24--
 ip address 10.4.12.254 255.255.255.0
 ip helper-address 10.4.12.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan13
 description --UserNet_13.0/24--
 ip address 10.4.13.254 255.255.255.0
 ip helper-address 10.4.13.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan14
 description --UserNet_14.0/24--
 ip address 10.4.14.254 255.255.255.0
 ip helper-address 10.4.14.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan15
 description --UserNet_15.0/24--
 ip address 10.4.15.254 255.255.255.0
 ip helper-address 10.4.15.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan16
 description --UserNet_16.0/24--
 ip address 10.4.16.254 255.255.255.0
 ip helper-address 10.4.16.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan17
 description --UserNet_17.0/24--
 ip address 10.4.17.254 255.255.255.0
 ip helper-address 10.4.17.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan18
 description --UserNet_18.0/24--
 ip address 10.4.18.254 255.255.255.0
 ip helper-address 10.4.18.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan19
 description --UserNet_19.0/24--
 ip address 10.4.19.254 255.255.255.0
 ip helper-address 10.4.19.239 
 ip helper-address 10.4.16.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan20
 description --UserNet_20.0/24--
 ip address 10.4.20.254 255.255.255.0
 ip helper-address 10.4.16.239 
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan22
 ip address 192.168.255.254 255.255.255.0
!
interface Vlan23
 description --MILKOM_Nobel_Users--
 ip address 10.5.208.254 255.255.255.0
 ip helper-address 10.4.16.239 
 no ip redirects
!
interface Vlan90
 description NET_SERVER_150
 ip address 192.168.150.254 255.255.255.0
 shutdown
!
interface Vlan93
 description --MIKROTIK_VPN--
 ip address 172.30.35.253 255.255.254.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan101
 description --Printers--
 ip address 10.4.25.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan103
 description --KPP Vesi&Cam--
 ip address 10.4.41.254 255.255.255.0
!
interface Vlan110
 description --NET_KIP_PRODACTION--
 no ip address
!
interface Vlan111
 ip address 172.16.1.4 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan112
 description Intraconnect_ospf_area_1
 ip address 172.16.254.4 255.255.255.248
 shutdown
!
interface Vlan113
 ip address 10.10.254.254 255.255.255.252
!
interface Vlan150
 description --Wi-Fi_Users_32.0/24--
 ip address 10.4.32.254 255.255.255.0
 ip helper-address 10.4.32.239 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan151
 description --Wi-Fi_Prod_33.0/24--
 ip address 10.4.33.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan172
 description TelephoneNet
 ip address 172.17.100.6 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map SIP-ROUTING
!
interface Vlan173
 description TelephonyTest
 ip address 172.17.107.254 255.255.252.0
!
interface Vlan202
 description --DMZ--
 ip address 10.4.38.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map RM_DMZ
!
interface Vlan207
 description [SRV] VCOD DMZ Frontend
 ip address 10.100.0.126 255.255.255.128
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan208
 description [SRV] VCOD Backend
 ip address 10.100.0.254 255.255.255.128
!
interface Vlan248
 description --SANDBOX_ELAR--
 ip address 10.4.40.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan249
 description --ServTestC_36.0/24--
 ip address 10.4.36.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan250
 description --ServerNet_0.0/24--
 ip address 10.4.0.254 255.255.255.0
 ip helper-address 10.4.0.239 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan251
 description -=ServMail_7.0/28=-
 ip address 10.4.7.14 255.255.255.240
 no ip redirects
 ip policy route-map PBR_MAIL
 no snmp trap link-status
!
interface Vlan252
 description --VOICE_ATS--
 ip address 10.4.7.30 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map SIP-ROUTING
!
interface Vlan253
 description Exchange KOMOS-GROUP.RU
 ip address 10.4.44.254 255.255.255.0
!
interface Vlan254
 ip address 10.4.1.126 255.255.255.128
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan289
 description -=SRVBakNet_245.0_24=-
 ip address 10.4.245.254 255.255.255.0
 no ip redirects
!
interface Vlan290
 description -=SrvVmwVMon_242.0/26=-
 ip address 10.4.242.62 255.255.255.192
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan291
 description -=SrvVmwVSan_242.64/26=-
 ip address 10.4.242.126 255.255.255.192
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan292
 description -=SrvBakNet_243.0/24=-
 ip address 10.4.243.254 255.255.255.0
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan294
 description --SRV_iLO_iDrack_etc--
 ip address 10.4.242.254 255.255.255.128
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan299
 description --ServerMengNet_240.0\24--
 ip address 10.4.240.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan300
 description --MANAGMENT--
 ip address 10.4.254.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan301
 description --Wi-Fi_MANAGMENT--
 ip address 10.4.255.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan302
 description -=Wi-Fi_MANAGMENT=-
 ip address 10.4.252.254 255.255.255.0
 ip helper-address 10.4.16.239 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan350
 description --VOICE_28.0/23
 ip address 10.4.29.254 255.255.254.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan448
 description -=VideoKomos=-
 no ip address
!
interface Vlan450
 no ip address
 shutdown
!
interface Vlan500
 description --Wi-Fi_Guest_35.0/24--
 ip address 10.4.35.254 255.255.255.0
 ip access-group No_Local_For_GuestWiFI in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan550
 description --CISCO_ASA--
 ip address 10.4.239.2 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan551
 description --TRANSIT_HSRP--
 ip address 10.4.239.22 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan553
 description P2P VST-IZM Peering
 ip address 172.30.32.5 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bfd template p2p
!
interface Vlan554
 description P2P VRS-IZM Peering
 ip address 172.30.32.9 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan596
 description L2VPN_DOMRU_IZM-BGP-P11
 ip address 172.30.32.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bfd template p2p
!
interface Vlan597
 ip address 172.30.30.62 255.255.255.240
 no ip redirects
 bfd interval 50 min_rx 50 multiplier 3
!
interface Vlan599
 description L2VPN_MTS_IZM-BGP-P11
 ip address 172.30.30.1 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bfd template p2p
!
interface Vlan600
 description --PET_PRODACTION--
 ip address 10.4.37.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan601
 description --KMK_PRODACTION--
 ip address 10.4.39.30 255.255.255.224
 ip access-group ACL_KMK_PRODACTION_IN in
 ip access-group ACL_KMK_PRODACTION_OUT out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan603
 description --CRPT-Mark--
 ip address 10.4.39.126 255.255.255.192
 ip helper-address 10.4.16.239 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan1000
 description --ELAR-TEST-
 ip address 10.4.160.254 255.255.255.0
 ip access-group ACL_ELAR-TEST in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map PBR_ELAR-TEST
!
interface Vlan1100
 description [PI] TEST_ARR_ESR-10
 ip unnumbered Loopback11
 ip policy route-map RM_TEST_ARR
!
interface Vlan1113
 description [PI] RT-1-3
 ip unnumbered Loopback11
 ip policy route-map RM_TEST_ARR
!
interface Vlan3915
 description IZM_VLAN3915_SPLUNK
 ip address 10.4.244.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4031
 description -VeamRepl_172.31.31.0/24-
 ip address 172.31.31.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4032
 description -SQLRepl_172.31.33.0/24-
 ip address 172.31.32.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4033
 description -SrvVCHA_172.31.33.0/24-
 ip address 172.31.33.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4034
 description -ExchRepl_172.31.34.0/24-
 ip address 172.31.34.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4035
 description -SrvVCMg_172.31.35.0/24-
 ip address 172.31.35.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
!
interface Vlan4045
 no ip address
!
!
router eigrp 254
 network 10.4.0.0 0.0.0.255
 network 10.4.4.0 0.0.0.255
 network 10.4.5.0 0.0.0.255
 network 10.4.6.0 0.0.0.255
 network 10.4.7.0 0.0.0.15
 network 10.4.8.0 0.0.0.255
 network 10.4.9.0 0.0.0.255
 network 10.4.10.0 0.0.0.255
 network 10.4.11.0 0.0.0.255
 network 10.4.12.0 0.0.0.255
 network 10.4.13.0 0.0.0.255
 network 10.4.14.0 0.0.0.255
 network 10.4.28.0 0.0.1.255
 network 10.4.32.0 0.0.0.255
 network 10.4.35.0 0.0.0.255
 network 10.4.36.0 0.0.0.255
 network 10.4.239.0 0.0.0.15
 network 10.4.239.16 0.0.0.15
 network 10.4.254.0 0.0.0.255
 network 10.4.255.0 0.0.0.255
 network 172.17.100.0 0.0.0.7
 network 172.30.30.0 0.0.0.31
 network 172.31.31.0 0.0.0.255
 network 172.31.35.0 0.0.0.255
 network 192.168.7.0
 network 192.168.8.0
 network 192.168.9.0
 passive-interface default
 no passive-interface Vlan599
 no passive-interface Vlan550
 no passive-interface Vlan551
!
router bgp 64512
 bgp router-id 172.30.30.62
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 neighbor PG_BGP_MILKOM peer-group
 neighbor PG_BGP_MILKOM remote-as 64512
 neighbor PG_BGP_IZM-P11 peer-group
 neighbor PG_BGP_IZM-P11 remote-as 64513
 neighbor PG_BGP_IZM-P11 description BGP over L2VPN
 neighbor PG_BGP_IZM-P11 fall-over bfd
 neighbor 10.4.239.1 peer-group PG_BGP_MILKOM
 neighbor 10.4.239.1 description --CISCO_ASA--
 neighbor 172.30.30.2 peer-group PG_BGP_IZM-P11
 neighbor 172.30.30.55 peer-group PG_BGP_MILKOM
 neighbor 172.30.30.55 description SW-1-1_Huawei
 neighbor 172.30.30.57 peer-group PG_BGP_MILKOM
 neighbor 172.30.30.57 description --IZH-MLK-IZM-RT-1-3--
 neighbor 172.30.30.58 peer-group PG_BGP_MILKOM
 neighbor 172.30.30.58 description --IZH-MLK-IZM-RT-1-4--
 neighbor 172.30.30.60 remote-as 199014
 neighbor 172.30.30.61 peer-group PG_BGP_MILKOM
 neighbor 172.30.30.61 description --IZH-MLK-IZM-RT-1-2--
 neighbor 172.30.32.2 peer-group PG_BGP_IZM-P11
 neighbor 172.30.32.6 remote-as 64539
 neighbor 172.30.32.6 description IZH-VST-IZM-SW-1-1
 neighbor 172.30.32.10 remote-as 64523
 neighbor 172.30.32.10 description IZH-VRS-IZM-SW-1-1
 neighbor 172.30.35.254 remote-as 65500
 neighbor 172.30.35.254 description --MIKROTIK_VPN--
 !
 address-family ipv4
  network 10.4.0.0 mask 255.255.0.0
  network 10.4.0.0 mask 255.255.255.0
  network 10.4.8.0 mask 255.255.255.0
  network 10.4.32.0 mask 255.255.255.0
  network 10.4.192.0 mask 255.255.255.0
  network 10.4.239.0 mask 255.255.255.240
  network 10.4.239.16 mask 255.255.255.240
  network 10.5.208.0 mask 255.255.248.0
  network 10.5.208.0 mask 255.255.255.0
  network 10.100.0.0 mask 255.255.255.0
  network 10.100.0.0 mask 255.255.255.128
  network 10.100.0.128 mask 255.255.255.128
  network 10.111.0.0 mask 255.255.0.0
  network 172.17.100.0 mask 255.255.255.248
  network 172.31.31.0 mask 255.255.255.0
  network 172.31.35.0 mask 255.255.255.0
  network 192.168.8.0
  network 192.168.9.0
  network 192.168.110.0
  redistribute static route-map RM_REDIS_STATIC_PI
  neighbor PG_BGP_MILKOM next-hop-self all
  neighbor PG_BGP_MILKOM soft-reconfiguration inbound
  neighbor PG_BGP_MILKOM route-map RM_LOCAL_OUT out
  neighbor PG_BGP_IZM-P11 next-hop-self
  neighbor PG_BGP_IZM-P11 soft-reconfiguration inbound
  neighbor PG_BGP_IZM-P11 route-map RM_BGP_IZM-P11_OUT out
  neighbor 10.4.239.1 activate
  neighbor 172.30.30.2 activate
  neighbor 172.30.30.2 route-map RM_BGP_IZM-P11_MTS_IN in
  neighbor 172.30.30.55 activate
  neighbor 172.30.30.57 activate
  neighbor 172.30.30.58 activate
  neighbor 172.30.30.58 route-map RM_LP_PVF_1C in
  neighbor 172.30.30.60 activate
  neighbor 172.30.30.60 route-map RM_KOMOS_PI_IN in
  neighbor 172.30.30.61 activate
  neighbor 172.30.32.2 activate
  neighbor 172.30.32.2 route-map RM_BGP_IZM-P11_DOMRU_IN in
  neighbor 172.30.32.6 activate
  neighbor 172.30.32.6 next-hop-self
  neighbor 172.30.32.6 route-map RM_FROM_VST-P2P in
  neighbor 172.30.32.6 route-map RM_TO_VST-P2P out
  neighbor 172.30.32.10 activate
  neighbor 172.30.32.10 next-hop-self
  neighbor 172.30.32.10 route-map RM_FROM_VRS-P2P in
  neighbor 172.30.32.10 route-map RM_TO_VRS-P2P out
  neighbor 172.30.35.254 activate
  neighbor 172.30.35.254 next-hop-self
  neighbor 172.30.35.254 soft-reconfiguration inbound
  neighbor 172.30.35.254 prefix-list PFL_MIKROTIK_VPN_IN in
  neighbor 172.30.35.254 prefix-list PFL_MIKROTIK_VPN_OUT out
  maximum-paths 2
  distance bgp 150 150 150
 exit-address-family
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
ip as-path access-list 11 permit ^64513$
ip route 0.0.0.0 0.0.0.0 10.4.239.17 50 name --HSRP_ON_3925--
ip route 1.1.1.1 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
ip route 10.4.0.0 255.255.0.0 Null0 254
ip route 10.4.241.0 255.255.255.0 172.30.30.2 100 name --KOMOS-MANAGEMENT-SERVER--
ip route 10.4.253.0 255.255.255.0 172.30.30.2 100 name --KOMOS-MANAGEMENT-SERVER--
ip route 10.10.1.36 255.255.255.255 10.10.254.253
ip route 10.10.11.0 255.255.255.0 10.10.254.253
ip route 10.10.12.0 255.255.255.0 10.10.254.253
ip route 10.15.72.0 255.255.255.0 10.4.239.18
ip route 10.100.0.0 255.255.255.0 Null0 254
ip route 10.111.0.0 255.255.0.0 Null0 254
ip route 31.173.105.53 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
ip route 77.88.8.3 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
ip route 77.88.8.7 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
ip route 91.240.179.240 255.255.255.255 Vlan1100 100 name TEST_ARR_ESR-10
ip route 91.240.179.243 255.255.255.255 Vlan1113 100 name RT-1-3
ip route 193.232.108.67 255.255.255.255 10.4.239.18 name --PARTNER.X5.RU--
ip route 217.14.195.253 255.255.255.255 10.4.239.18
ip route 217.14.195.254 255.255.255.255 10.4.239.18 name --MARK-ITT--
ip ssh pubkey-chain
  username FTP
   key-hash ssh-rsa 32D3770B81F9128668142CC5C9BBF20F ftp@izh-asbl001
!
ip access-list standard ACL_CREATIO
 permit 10.4.0.123
ip access-list standard ACL_DMZ
 permit 10.4.38.3
ip access-list standard ACL_GUEST_Wi-Fi
 permit 10.4.35.0 0.0.0.255
ip access-list standard ACL_HELP.KOMOS.RU
 permit 10.4.0.184
ip access-list standard ACL_HELP_CES_KOMOS
 permit 10.4.0.120
ip access-list standard ACL_KOMOS_RU
 permit 10.4.8.8
 permit 10.4.0.172
 permit 10.4.0.178
ip access-list standard ACL_MAIL_VIA_KG
 deny   10.4.7.7
 permit 10.4.7.0 0.0.0.7
ip access-list standard ACL_ROUTE_TO_P11
 permit 10.4.0.45
ip access-list standard ACL_ROZ_MIKR
 permit 172.30.35.254
ip access-list standard ACL_SIP_GLAZOV
 permit 172.17.100.2
ip access-list standard ACL_SIP_KOMOS
 permit 10.4.7.17
ip access-list standard ACL_TRAFFIC_TO_MARK
 permit 10.4.7.12
 permit 192.168.8.81
 permit 192.168.2.37
 permit 192.168.8.52
 permit 192.168.8.54
 permit 10.4.8.80
 permit 192.168.8.59
 permit 192.168.1.9
 permit 192.168.1.5
 permit 192.168.8.225
 permit 192.168.8.226
 permit 192.168.8.228
 permit 192.168.8.234
 permit 192.168.8.163
 permit 192.168.8.185
 permit 10.4.0.249
ip access-list standard ACL_WAP2
 permit 10.4.38.1
 permit 10.4.38.2
ip access-list standard ACL_WWW_KOMOS_RU
 permit 10.4.0.172
ip access-list standard SIP_TRAFFIC
 permit 172.17.100.1
 permit 172.17.100.5
!
ip access-list extended ACL_ELAR-TEST
 permit tcp host 10.4.160.1 eq 88 10.4.0.0 0.0.255.255
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip 10.4.160.0 0.0.0.255 any time-range TIME_ELAR-TEST
ip access-list extended ACL_KMK_PRODACTION_IN
 permit ip any any
ip access-list extended ACL_KMK_PRODACTION_OUT
 permit ip any any
ip access-list extended ACL_KSMG
 permit ip host 10.4.38.21 any
 permit ip host 10.4.38.22 any
ip access-list extended ACL_TEST_ARR
 permit ip host 91.240.179.243 any
 permit ip host 91.240.179.240 any
ip access-list extended LOCAL_TRAFFIC
 permit ip any 192.168.0.0 0.0.255.255
 permit ip any 10.0.0.0 0.255.255.255
 permit ip any 172.16.0.0 0.15.255.255
ip access-list extended No_Local_For_GuestWiFI
 permit tcp any host 192.168.8.200 eq domain
 permit udp any host 192.168.8.200 eq domain
 permit tcp any host 192.168.8.201 eq domain
 permit udp any host 192.168.8.201 eq domain
 permit tcp any host 10.4.7.6 eq 443
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any
ip access-list extended ROUTE_TO_ISP4
 permit ip any host 192.168.8.4
 permit ip any host 192.168.8.6
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
!
ip prefix-list PFL_MIKROTIK_VPN_IN seq 10 permit 10.73.0.0/16 le 29
ip prefix-list PFL_MIKROTIK_VPN_IN seq 15 permit 10.1.30.0/24
!
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 10 permit 10.4.0.0/16 le 24
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 20 permit 192.168.8.0/24
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 25 permit 10.1.19.0/24
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 30 permit 10.1.15.0/24
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 35 permit 10.1.13.0/24
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 40 permit 10.1.122.0/24
!
ip prefix-list PL_BGP_IZM-P11 seq 5 permit 10.0.0.0/8 le 32
ip prefix-list PL_BGP_IZM-P11 seq 10 permit 192.168.0.0/16 le 32
ip prefix-list PL_BGP_IZM-P11 seq 15 permit 172.16.0.0/12 le 32
!
ip prefix-list PL_FROM_VRS-P2P seq 5 permit 10.8.64.0/21 le 26
ip prefix-list PL_FROM_VRS-P2P seq 10 permit 192.168.72.0/24
!
ip prefix-list PL_FROM_VST-P2P seq 5 permit 10.88.104.0/21 le 24
!
ip prefix-list PL_KOMOS_PI seq 5 permit 91.240.179.0/24 ge 32
!
ip prefix-list PL_LOCAL_OUT seq 5 permit 10.0.0.0/8 le 32
ip prefix-list PL_LOCAL_OUT seq 10 permit 192.168.0.0/16 le 32
ip prefix-list PL_LOCAL_OUT seq 15 permit 172.16.0.0/12 le 32
!
ip prefix-list PL_MILKOM_OUT seq 5 deny 0.0.0.0/0
ip prefix-list PL_MILKOM_OUT seq 10 permit 10.0.0.0/8 le 32
ip prefix-list PL_MILKOM_OUT seq 15 permit 192.168.0.0/16 le 32
ip prefix-list PL_MILKOM_OUT seq 20 permit 172.16.0.0/12 le 32
!
ip prefix-list PL_REDIS_STATIC_PI seq 5 permit 91.240.179.0/24 le 32
!
ip prefix-list pvf_1c seq 4 permit 192.168.72.0/24 le 32
ip prefix-list pvf_1c seq 5 permit 192.168.72.0/24
ip sla 1
 icmp-echo 31.173.105.53 source-interface Vlan300
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 1.1.1.1 source-interface Vlan300
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
 icmp-echo 77.88.8.7 source-interface Vlan300
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 3 life forever start-time now
ip sla 4
 icmp-echo 77.88.8.3 source-interface Vlan300
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 4 life forever start-time now
logging origin-id hostname
logging facility local2
logging source-interface Vlan300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
access-list 5 permit 192.168.8.99
access-list 5 permit 10.1.19.28
access-list 5 permit 10.4.0.58
access-list 5 permit 10.2.1.245
access-list 8 remark -==domination==-
access-list 8 permit 192.168.9.101
access-list 8 permit 192.168.9.100
access-list 8 permit 192.168.9.103
access-list 8 permit 192.168.9.102
access-list 8 permit 192.168.9.105
access-list 8 permit 192.168.9.104
access-list 9 remark -=izh-1cl002_17=-
access-list 9 permit 192.168.8.4
access-list 9 permit 192.168.8.6
access-list 9 permit 192.168.8.7
access-list 9 permit 192.168.8.191
access-list 10 permit 192.168.8.229
access-list 10 remark --IZH-TS011--
access-list 10 permit 192.168.8.176
access-list 10 permit 192.168.8.177
access-list 10 remark --IZH-TRM011--
access-list 10 permit 192.168.8.178
access-list 10 remark --IZH-FTP004--
access-list 10 permit 192.168.8.138
access-list 10 remark --IZH-FLS013--
access-list 10 permit 192.168.8.159
access-list 11 remark -=mail_to_komos=-
access-list 11 permit 192.168.8.72
access-list 11 permit 192.168.8.73
access-list 11 permit 192.168.8.77
access-list 11 permit 10.4.7.0 0.0.0.15
access-list 12 permit 192.168.8.70
access-list 12 permit 192.168.8.71
access-list 12 permit 192.168.8.95
access-list 12 permit 192.168.8.59
access-list 12 permit 192.168.8.163
access-list 12 permit 192.168.8.165
access-list 12 permit 192.168.8.177
access-list 12 permit 192.168.8.178
access-list 12 permit 192.168.8.187
access-list 12 permit 192.168.8.138
access-list 12 permit 192.168.8.139
access-list 13 remark -=TestNetElar=-
access-list 13 permit 10.4.160.0 0.0.0.255
access-list 14 remark -=izh-msx001=-
access-list 14 permit 10.4.7.12
!
route-map RM_REDIS_STATIC_PI permit 10
 description Redistribute static PI address for unnumbered lo11
 match ip address prefix-list PL_REDIS_STATIC_PI
!
route-map RM_KOMOS_PI_IN permit 10
 match ip address prefix-list PL_KOMOS_PI
 set local-preference 1000
!
route-map RM_KOMOS_PI_IN permit 20
!
route-map RM_DMZ deny 10
 match ip address LOCAL_TRAFFIC
!
route-map RM_DMZ permit 20
 match ip address ACL_DMZ
 set ip next-hop 10.4.239.18
!
route-map RM_DMZ permit 30
 match ip address ACL_WAP2
 set ip next-hop 172.30.30.2
!
route-map RM_DMZ permit 40
 match ip address ACL_KSMG
 set ip next-hop 172.30.30.2
!
route-map PBR_MAIL deny 10
 match ip address LOCAL_TRAFFIC
!
route-map PBR_MAIL permit 20
 match ip address 14 SIP_TRAFFIC
 set ip next-hop 10.4.239.18
!
route-map PBR_MAIL permit 30
 match ip address ACL_MAIL_VIA_KG
!
route-map RM_LOCAL_OUT permit 10
 match ip address prefix-list PL_LOCAL_OUT
!
route-map RM_TO_RCOD_ER-TELECOM permit 30
 match ip address prefix-list PL_LOCAL_OUT
!
route-map RM_BGP_IZM-P11_MTS_IN permit 10
 match as-path 11
 set local-preference 1500
!
route-map RM_BGP_IZM-P11_MTS_IN permit 20
!
route-map RM_FROM_RCOD_ER-TELECOM permit 30
!
route-map RM_BGP_IZM-P11_DOMRU_IN permit 10
 match as-path 11
 set local-preference 1500
!
route-map RM_BGP_IZM-P11_DOMRU_IN permit 20
!
route-map SIP-ROUTING deny 10
 match ip address LOCAL_TRAFFIC
!
route-map SIP-ROUTING permit 20
 match ip address SIP_TRAFFIC
 set ip next-hop 10.4.239.18 10.4.239.19
!
route-map SIP-ROUTING permit 30
 match ip address ACL_SIP_GLAZOV
!
route-map SIP-ROUTING permit 40
 match ip address ACL_SIP_KOMOS
 set ip next-hop 10.4.239.19
!
route-map PBR_ELAR-TEST permit 10
 set ip next-hop 10.4.239.19
!
route-map RM_FROM_VRS-P2P permit 10
 match ip address prefix-list PL_FROM_VRS-P2P
 set local-preference 1500
!
route-map RM_FROM_VST-P2P permit 10
 match ip address prefix-list PL_FROM_VST-P2P
 set local-preference 1500
!
route-map RM_TEST_ARR permit 10
 match ip address ACL_TEST_ARR
 set ip next-hop 10.4.239.18
!
route-map RM_TO_VST-P2P permit 10
!
route-map RM_TO_VRS-P2P permit 10
!
route-map RM_MILKOM_OUT permit 10
!
route-map RM_RCOD_MTS_OUT permit 30
 match ip address prefix-list PL_LOCAL_OUT
!
route-map RM_LP_PVF_1C permit 10
 match ip address prefix-list pvf_1c
 set local-preference 150
!
route-map RM_LP_PVF_1C permit 20
!
route-map RM_BGP_IZM-P11_OUT permit 10
 match ip address prefix-list PL_BGP_IZM-P11
!
route-map GLOBAL-ROUTING deny 5
 match ip address LOCAL_TRAFFIC
!
route-map GLOBAL-ROUTING permit 7
 description Route to P11 for Publication(NAT)
 match ip address ACL_ROUTE_TO_P11
 set ip next-hop 172.30.30.2
!
route-map GLOBAL-ROUTING permit 8
 match ip address ACL_ROZ_MIKR
 set ip next-hop 10.4.239.18
!
route-map GLOBAL-ROUTING permit 9
 match ip address ACL_HELP_CES_KOMOS
 set ip next-hop 172.30.30.2
!
route-map GLOBAL-ROUTING permit 10
 match ip address 9 ROUTE_TO_ISP4 ACL_TRAFFIC_TO_MARK 14 8 ACL_KOMOS_RU
 set ip next-hop 10.4.239.18
!
route-map GLOBAL-ROUTING permit 20
 match ip address 11 12 10
 set ip next-hop 10.4.239.19
!
route-map GLOBAL-ROUTING permit 30
 description --HELP.KOMOS.RU--
 match ip address ACL_HELP.KOMOS.RU
 set ip next-hop 172.30.30.2
!
snmp-server community lmTUEsk6Yvlv RO
snmp ifmib ifindex persist
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
!
no vstack
banner exec ^C
	Welcome to $(hostname). You are connected on line $(line) on domain $(domain)
^C
banner login ^C
*****************************************************************************
*                                                                           *
*                    UNAUTHORIZED ACCESS IS PROHIBITED                      *
*                                                                           *
*                     You have accessed network equipment.                  *
*  You must have authorized permission to access or configure this device.  *
*     All activities performed on this device are logged and monitored.     *
*                                                                           *
*****************************************************************************
^C
alias exec sib sh ip int brief
!
line con 0
 logging synchronous
 login authentication CONSOLE
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 logging synchronous
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 transport input ssh
!
!
module provision switch 1
 chassis-type 72 base-mac 64F6.9DBC.B2C0
 slot 1 slot-type 402 base-mac 64F6.9DBC.B2C0
 slot 2 slot-type 400 base-mac A0EC.87A2.6BA0
 !
module provision switch 2
 chassis-type 72 base-mac 74A2.E66E.3BC0
 slot 1 slot-type 402 base-mac 74A2.E66E.3BC0
 slot 2 slot-type 400 base-mac A0EC.1C03.29D0
 
!

 ntp server 192.168.8.200
 time-range TIME_ELAR-TEST
  periodic weekdays 8:00 to 19:00
  periodic weekend 8:00 to 19:00
 !
 mac address-table notification change
 mac address-table static 02bf.0a04.0706 vlan 251 interface Port-Channel100
 event manager applet --MEGAFON_DOWN--
  event syslog pattern "10 list boolean or Up -> Down"
  action 001 cli command "enable"
  action 002 cli command "conf t"
  action 003 cli command "route-map PBR_MAIL permit 30"
  action 004 cli command "set ip next-hop 172.30.30.2"
  action 005 cli command "route-map GLOBAL-ROUTING permit 20"
  action 006 cli command "set ip next-hop 10.4.239.18"
  action 007 cli command "no set ip next-hop 10.4.239.19"
  action 008 cli command "route-map SIP-ROUTING permit 30"
  action 009 cli command "set ip next-hop 172.30.30.58"
  action 010 cli command "end"
  action 011 syslog msg "--MEGAFON is DOWN--"
 event manager applet --MEGAFON_UP--
  event syslog pattern "10 list boolean or Down -> Up"
  action 001 cli command "enable"
  action 002 cli command "conf t"
  action 003 cli command "route-map PBR_MAIL permit 30"
  action 004 cli command "no set ip next-hop 172.30.30.2"
  action 005 cli command "route-map GLOBAL-ROUTING permit 20"
  action 006 cli command "set ip next-hop 10.4.239.19"
  action 007 cli command "no set ip next-hop 10.4.239.18"
  action 008 cli command "route-map SIP-ROUTING permit 30"
  action 009 cli command "no set ip next-hop 172.30.30.58"
  action 010 cli command "end"
  action 011 syslog msg "--MEGAFON is UP--"
 !
 event manager history size events 20
end