Building configuration...

Current configuration : 15595 bytes
!
! Last configuration change at 09:05:30 MSK Wed Jun 22 2022 by adm_ivanovas
! NVRAM config last updated at 01:00:04 MSK Thu Jul 28 2022
!
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname IZH-TK-SMR-SW-1-1
!
boot-start-marker
boot-end-marker
!
logging buffered 512000 informational
enable secret 5 $1$6MiA$xF7hKzUUzhfnJVEfePTeG0
!
username netadmin privilege 15 secret 5 $1$A/rV$Aslk26c287YBZ6.H0jUvR.
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone MSK 4 0
switch 1 provision ws-c2960s-24ts-l
switch 2 provision ws-c2960s-24ts-l
ip routing
!
!
no ip domain-lookup
ip domain-name komos.ru
ip host tftp 10.4.0.214
ip host VM-KG-NET 10.1.12.70
login on-failure log
login on-success log
vtp mode transparent
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-442670976
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-442670976
 revocation-check none
 rsakeypair TP-self-signed-442670976
!
!
crypto pki certificate chain TP-self-signed-442670976
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 34343236 37303937 36301E17 0D393330 33303130 30323334 
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3434 32363730 
  39373630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  B3F43542 31E3138C 356513B4 ADEAD5AC 373A77D9 6A69FBF8 CC01643C 460D3A85 
  9118AFA8 03EBF74F 9C6115FA 257A1179 11673D9B 6381B685 7AFA3393 D46B1C41 
  61620171 608661DF 68488240 475743A0 C40A39F5 2BE897D2 BC109015 241515CB 
  99B7F0A1 613374D1 5757F582 23AFB42B B04078D0 576D961B 938B254E 3CCE7685 
  02030100 01A37130 6F300F06 03551D13 0101FF04 05300301 01FF301C 0603551D 
  11041530 13821153 4D522D43 4F52452E 6B6F6D6F 732E7275 301F0603 551D2304 
  18301680 14EB000B 22750F34 66019D10 5A4566E1 32409011 6A301D06 03551D0E 
  04160414 EB000B22 750F3466 019D105A 4566E132 4090116A 300D0609 2A864886 
  F70D0101 04050003 818100A9 CDE2578D A06BD427 1F6CE1CF 7F6C86EC C6C68EF3 
  430FFC30 61FE273E 1F2B0824 BAACB57C 5EFFA83F 40BBF2CE 0CADAAB8 2864B581 
  E32F462A 564A055F A52C84D6 0F675E67 0070AE9A 0C7ECA7D 4F719E9F C19CD8C9 
  A85B9C79 564987A5 9B11B096 4A1666B2 55157CAE 677EB3C6 6F4E4F75 09CE3359 
  382FD55C 9FF4BBF1 768120
  	quit
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/TK/SMR-SW_L2/$H.$T.conf
 write-memory
 time-period 10080
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause port-mode-failure
errdisable recovery cause loopback
errdisable recovery interval 600
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name TK-LAN-USERS-AREA
!
vlan 100
 name MANAGEMENT
!
vlan 102
 name Monitoring_Temp
!
vlan 150
 name TK-WIFI-USERS-AREA
!
vlan 200
 name TK-MGM-SRV-AREA
!
vlan 300
 name TK-MGM-NETWORK-AREA
!
vlan 350
 name TK-VOICE-AREA
!
vlan 400
 name TK-VIDEO-SZB-AREA
!
vlan 555
 name --BGP_TRANSIT--
!
!
! 
!
!
!
!
!
!
!
!
interface Loopback7777
 description FTK3513-FTK3514
 no ip address
 shutdown
!
interface FastEthernet0
 no ip address
 no ip route-cache
!
interface GigabitEthernet1/0/1
 description EMC
 switchport access vlan 200
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/2
 description Dell-Port-1
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/3
 description EMC
 switchport access vlan 200
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/4
 description Dell-Port-1
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/5
 description Dell-iDRAC
 switchport access vlan 200
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/6
 description Dell-Port-1
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/7
 description Dell-iDRAC
 switchport access vlan 100
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/8
 description Dell-Port-3
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/9
 description Dell-iDRAC
 switchport access vlan 100
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/10
 description Dell-Port-3
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/11
 description [UPS] APC-1500
 switchport access vlan 111
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/12
 description Dell-Port-3
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/13
 description TKSWMSOPC
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/14
 description NONE
 switchport access vlan 2
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/15
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/16
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/17
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/18
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/19
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/20
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/21
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/22
 description [KU] SW-2-1
 switchport trunk allowed vlan 1,2,10,25,100,150,200,300,350,400
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/23
 description SW-3COMM
 switchport trunk allowed vlan 1,2,10,25,100,150,200,300,350,400
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/24
 description [CORE] RT-1-1
 switchport trunk allowed vlan 1,2,10,25,100,150,200,300,350,400,555
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
!
interface GigabitEthernet1/0/25
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/26
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/27
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet1/0/28
 description NONE
 switchport mode access
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/1
 description EMC
 switchport access vlan 100
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/2
 description Dell-Port-2
 switchport mode trunk
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/3
 description EMC
 switchport access vlan 100
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/4
 description Dell-Port-2
 switchport mode trunk
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/5
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/6
 description Dell-Port-2
 switchport mode trunk
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/7
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/8
 description Dell-Port-4
 switchport mode trunk
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/9
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/10
 description Dell-Port-4
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/11
 description [UPS] APC-3000
 switchport access vlan 100
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/12
 description Dell-Port-4
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/13
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/14
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/15
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/16
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/17
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/18
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/19
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/20
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/21
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/22
 description [CORE] SW-1-2
 switchport trunk allowed vlan 1,2,10,25,100-102,150,200,300,350,400
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
!
interface GigabitEthernet2/0/23
 description ALT_LINK_TO_SW-1
 switchport trunk native vlan 2
 switchport trunk allowed vlan 1,2,10,25,100,150,200,300,350,400
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/24
 description [CORE] RT-1-2
 switchport trunk allowed vlan 1,2,10,25,100,150,200,300,350,400,555
 switchport mode trunk
 no logging event link-status
 no snmp trap link-status
!
interface GigabitEthernet2/0/25
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/26
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/27
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet2/0/28
 description NONE
 switchport mode access
 no snmp trap link-status
 no cdp enable
!
interface Vlan1
 ip dhcp relay information trusted
 ip address 192.168.0.2 255.255.255.0
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan2
 description --TK-LAN-USERS-AREA--
 ip dhcp relay information trusted
 ip address 10.0.16.254 255.255.255.0
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan102
 description Temp Monitoring
 ip dhcp relay information trusted
 ip address 10.0.18.30 255.255.255.224
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan150
 description --TK-WIFI-USERS-AREA--
 ip dhcp relay information trusted
 ip address 10.0.17.254 255.255.255.0
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan200
 description --TK-MGM-SRV-AREA--
 ip dhcp relay information trusted
 ip address 10.0.22.254 255.255.255.0
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan300
 description --TK-MGM-NETWORK-AREA--
 ip dhcp relay information trusted
 ip address 10.0.19.251 255.255.255.0
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan350
 description --TK-VOICE-AREA--
 ip dhcp relay information trusted
 ip address 10.0.20.254 255.255.255.0
 ip helper-address 10.0.16.3
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan400
 description --TK-VIDEO-SZB-AREA--
 ip dhcp relay information trusted
 ip address 10.0.21.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan555
 description --BGP_TRANSIT--
 ip address 172.30.30.123 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
no ip http server
no ip http secure-server
!
ip tftp source-interface Vlan300
ip route 0.0.0.0 0.0.0.0 10.0.16.250 name --DEFAULT_ROUTE--
ip route 10.0.0.0 255.0.0.0 172.30.30.126 name --DMVPN_ROUTE--
ip route 172.17.100.0 255.255.255.240 172.30.30.126 name --DMVPN_ROUTE--
ip route 192.168.0.0 255.255.0.0 172.30.30.126 name --DMVPN_ROUTE--
ip ssh version 2
!
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging trap debugging
logging origin-id hostname
logging facility local6
logging source-interface Vlan300
logging host 10.4.244.4 transport udp port 515
access-list 23 permit any
access-list 23 deny   any log
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
snmp-server host 91.240.179.1 public 
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405
!
!
line con 0
 logging synchronous
 login authentication CONSOLE
line vty 0 4
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
!
ntp source Vlan300
ntp server 10.0.19.254
end