Building configuration...

Current configuration : 25928 bytes
!
! Last configuration change at 08:55:11 MSK Fri Jul 15 2022 by adm_kapustinal
! NVRAM config last updated at 09:15:50 MSK Thu Jul 14 2022 by adm_kapustinal
!
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname KZN-MLK-KMK-SW-1-1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator STACKPOW mnemonics drops STACKPOWER 
logging userinfo
logging buffered discriminator STACKPOW
enable secret 5 $1$Znuf$/iXVXut/jj7ATYdr9GcxJ0
!
username netadmin privilege 15 secret 5 $1$KndH$cfO8bwEDMOTsETRnuOM4/.
username akhmetzyanovrr privilege 15 password 7 0322601D1201315657031D5445
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone MSK 3 0
switch 1 provision ws-c3750x-24s
switch 2 provision ws-c3750x-24s
system mtu routing 1500
!
!
!
!
ip routing
no ip cef optimize neighbor resolution
!
!
!
no ip domain-lookup
ip domain-name milkom-komos.ru
ip host tftp 10.4.0.214
!
stack-power stack Powerstack-1
 mode redundant
!
vtp mode transparent
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1328648448
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1328648448
 revocation-check none
 rsakeypair TP-self-signed-1328648448
!
crypto pki trustpoint TP-self-signed-1335665536
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1335665536
 revocation-check none
 rsakeypair TP-self-signed-1335665536
!
!
crypto pki certificate chain TP-self-signed-1328648448
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31333238 36343834 3438301E 170D3036 30313032 30303034 
  35345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33323836 
  34383434 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100981C 397F3360 346CC34D 5C76C071 C53D2CB5 7DEC80DF 9F1AE196 6E25B900 
  5B17A808 C4463AF7 E39DC80D 0509E836 31231CC3 4CFD4121 0CBABA19 D72FAC65 
  D95B9D05 CCEB1F7E 31CA6499 BEFAFA94 1C4EC89C 09427E3B 07088ABA 054ECD68 
  7E0D1123 E21665F9 A65D145A 24B28B52 79A865D9 C105A08F D090ECB8 658CEFDE 
  02190203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 141C9CC5 AD150A37 024FD74E D172F0DA D6409013 89301D06 
  03551D0E 04160414 1C9CC5AD 150A3702 4FD74ED1 72F0DAD6 40901389 300D0609 
  2A864886 F70D0101 05050003 8181006B 4A373FBE ED031312 7BF684E3 D420B700 
  594C71E1 35C2C38E D6DDB7E0 724E3AB9 1FAD8CCA E9EA4967 810C4176 A1ED8BAF 
  56F2C19A 8C0A4E05 6F39BE8D 19F6F9BC 8241B7DD 35912BAD 6318E7A5 EA51A631 
  33E89821 CF1C688F 3FC95097 5684298E 8AE9C486 1D9ABD18 C16C4D27 4C281C53 
  712B6ECD 2B55F376 06339059 649916
  	quit
crypto pki certificate chain TP-self-signed-1335665536
license boot level ipservices
license boot level ipbase switch 2
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/KZN/MLK/KMK-SW_L3/$H-$T
 write-memory
 time-period 10080
!
!
!
object-group network Pernit_for_ProdVlan550 
 host 192.168.75.200
!
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E 0x1
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
 permit any 0022.bdcd.d200 0000.0000.00ff
 permit 0022.bdcd.d200 0000.0000.00ff any
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 4096
port-channel load-balance src-dst-ip
!
!
!
!
vlan internal allocation policy ascending
!
vlan 13
 name Users KU-13
!
vlan 16
 name --KU16_Users--
!
vlan 101
 name --PRINTERS--
!
vlan 111
 name INTERCONNECT
!
vlan 113
 name --link-to-mikrotik--
!
vlan 150
 name --Wi-Fi_WORK--
!
vlan 200 
!
vlan 201
 name test
!
vlan 220
 name SkladWifi
!
vlan 250
 name --SERVERS_37.0/24--
!
vlan 251
 name --SERVERS_BACKUP--
!
vlan 252
 name --SERVERS_VIDEO--
!
vlan 290
 name -=SrvVmwVMon=-
!
vlan 300
 name --MANAGEMENT--
!
vlan 301
 name --Wi-Fi_MANAGEMENT--
!
vlan 310 
!
vlan 350
 name --VOICE--
!
vlan 450
 name --Wi-Fi_SKLAD--
!
vlan 500
 name --Wi-Fi_GUEST--
!
vlan 550
 name --PRODACTION_TRANSFER--
!
vlan 555
 name --BGP_TRANSIT--
!
vlan 603
 name --CRPT-Mark--
!
vlan 2145
 name Test_BGP
!
vlan 4093
 name DOMRU_FOR_KOMOS_STROY
!
vlan 4094
 name L2VPN_Tattelecom_for_MCHS
!
!
class-map match-any VSL-DATA-PACKETS
 match access-group name VSL-MGMT
class-map match-any VSL-L2-CONTROL-PACKETS
 match access-group name VSL-DOT1x
 match access-group name VSL-BPDU
 match access-group name VSL-CDP
 match access-group name VSL-LLDP
 match access-group name VSL-SSTP
 match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
 match access-group name VSL-IPV4-ROUTING
 match access-group name VSL-BFD
 match access-group name VSL-DHCP-CLIENT-TO-SERVER
 match access-group name VSL-DHCP-SERVER-TO-CLIENT
 match access-group name VSL-DHCP-SERVER-TO-SERVER
 match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
 match ip dscp af41 
 match ip dscp af42 
 match ip dscp af43 
 match ip dscp af31 
 match ip dscp af32 
 match ip dscp af33 
 match ip dscp af21 
 match ip dscp af22 
 match ip dscp af23 
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
 match ip dscp ef 
 match ip dscp cs4 
 match ip dscp cs5 
class-map match-any VSL-SIGNALING-NETWORK-MGMT
 match ip dscp cs2 
 match ip dscp cs3 
 match ip dscp cs6 
 match ip dscp cs7 
!
policy-map VSL-Queuing-Policy
 class VSL-L2-CONTROL-PACKETS
 class VSL-L3-CONTROL-PACKETS
 class VSL-VOICE-VIDEO-TRAFFIC
 class VSL-SIGNALING-NETWORK-MGMT
 class VSL-MULTIMEDIA-TRAFFIC
 class VSL-DATA-PACKETS
 class class-default
!
!
! 
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description [CORE] SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel2
 description [KU] SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel3
 description [KU] SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel4
 description [KU] SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel5
 description [KU] SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 storm-control broadcast level 30.00
!
interface Port-channel6
 description [KU] SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel7
 description [KU] SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel9
 description [KU] SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel10
 description [KU] SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel11
 description [KU] SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel12
 description [KU] SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel13
 description [KU] SW-13-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel14
 description [KU] SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel15
 description [KU] SW-15-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel16
 description [KU] SW-16-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel23
 description [KU] SW-6-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel40
 description [KU] SW-1-7
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description [KU] Po40 SW-1-7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 40 mode active
!
interface GigabitEthernet1/0/2
 description [KU] Po2 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode active
!
interface GigabitEthernet1/0/3
 description [CAM] AT_KU3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 description [KU] Po4 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode active
!
interface GigabitEthernet1/0/5
 description [KU] Po5 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 storm-control broadcast level 30.00
 channel-group 5 mode active
!
interface GigabitEthernet1/0/6
 description [KU] Po6 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode active
!
interface GigabitEthernet1/0/7
 description [KU] Po7 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode active
!
interface GigabitEthernet1/0/8
 description [CAM] AT_KU8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/9
 description [KU] Po9 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode active
!
interface GigabitEthernet1/0/10
 description [KU] Po10 SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode active
!
interface GigabitEthernet1/0/11
 description [KU] Po11 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet1/0/12
 description [KU] Po12 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet1/0/13
 description [KU] Po13 SW-13-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode active
!
interface GigabitEthernet1/0/14
 description [KU] Po14 SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode active
!
interface GigabitEthernet1/0/15
 description [KU] Po15 SW-15-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode active
!
interface GigabitEthernet1/0/16
 description [KU] Po16 SW-16-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode active
!
interface GigabitEthernet1/0/17
 description [CORE] Po1 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet1/0/18
 description [CORE] RT-1-2
 switchport trunk allowed vlan 111,300,555
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/19
 description [CAM] AT_KU15
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/20
 description [KU] Po3 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode active
!
interface GigabitEthernet1/0/21
 description [SRV] vmw004 eth02 int VM_lan
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/22
 description [SRV] vmw005 eth02 int VM_lan
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/23
 description [KU] Po23 SW-6-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode active
!
interface GigabitEthernet1/0/24
 description [SRV] SERV_REZERV
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
 description [KU] Po40 SW-1-7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 40 mode active
!
interface GigabitEthernet2/0/2
 description [KU] Po2 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode active
!
interface GigabitEthernet2/0/3
 description [KU] Po3 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode active
!
interface GigabitEthernet2/0/4
 description [KU] Po4 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode active
!
interface GigabitEthernet2/0/5
 description [KU] Po5 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 storm-control broadcast level 30.00
 channel-group 5 mode active
!
interface GigabitEthernet2/0/6
 description [KU] Po6 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode active
!
interface GigabitEthernet2/0/7
 description [KU] Po7 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode active
!
interface GigabitEthernet2/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/9
 description [KU] Po9 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode active
!
interface GigabitEthernet2/0/10
 description [KU] Po10 SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode active
!
interface GigabitEthernet2/0/11
 description [KU] Po11 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet2/0/12
 description [KU] Po12 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet2/0/13
 description [KU] Po13 SW-13-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode active
!
interface GigabitEthernet2/0/14
 description [KU] Po14 SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode active
!
interface GigabitEthernet2/0/15
 description [KU] Po15 SW-15-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode active
!
interface GigabitEthernet2/0/16
 description [KU] Po16 SW-16-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode active
!
interface GigabitEthernet2/0/17
 description [CORE] Po1 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet2/0/18
 description [CORE] RT-1-1
 switchport trunk allowed vlan 111,300,555
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/19
 description [CAM] AT-SW-6-1_Verhniy
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/20
 description [CAM] AT-SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/21
 description [SRV]  vmw004 eth04 ext VM_lan
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/22
 description [SRV] vmw005 eth04 ext VM_lan
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/23
 description [KU] Po23 SW-6-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode active
!
interface GigabitEthernet2/0/24
 description [SRV] SERV_REZERV
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
 ip dhcp relay information trusted
 ip address 192.168.77.254 255.255.255.0 secondary
 ip address 192.168.76.126 255.255.255.128 secondary
 ip address 10.5.35.254 255.255.252.0 secondary
 ip address 10.5.38.254 255.255.255.0 secondary
 ip address 10.5.63.254 255.255.255.0 secondary
 ip address 10.5.36.254 255.255.255.0 secondary
 ip address 192.168.75.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan13
 description --Users-KU13--
 ip dhcp relay information trusted
 ip address 10.5.43.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan16
 description --Users-KU16--
 ip dhcp relay information trusted
 ip address 10.5.46.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan101
 description --PRINTERS--
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan111
 description INTERCONNECT
 ip address 172.16.8.4 255.255.255.248
!
interface Vlan113
 description --Link-to-mikrotik--
 ip address 10.8.252.253 255.255.255.252
!
interface Vlan150
 description --Wi-Fi_WORK--
 ip dhcp relay information trusted
 ip address 10.5.41.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan200
 description GuestWiFi
 ip address 10.200.1.254 255.255.255.0
 ip access-group No_Local_For_GuestWiFI in
 ip helper-address 10.200.0.230 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan201
 description IMM
 ip address 192.168.70.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan220
 description SkladWifi
 ip dhcp relay information trusted
 ip address 10.220.1.254 255.255.255.0
 ip helper-address 10.220.1.230 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan250
 description --SERVERS_37.0/24--
 ip address 10.5.37.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan251
 description --SERVERS_BACKUP--
 ip address 10.5.61.30 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan252
 description --SERVERS_VIDEO--
 ip address 10.5.61.62 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan290
 description -=SrvVmwVMon=-
 ip address 10.5.61.94 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan300
 description --MANAGEMENT--
 ip address 10.5.62.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan301
 description --Wi-Fi_MANAGEMENT--
 ip dhcp relay information trusted
 ip address 10.5.42.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan310
 description --UPS managment--
 ip address 10.5.47.254 255.255.255.0
!
interface Vlan350
 description --VOICE--
 ip dhcp relay information trusted
 ip address 10.5.44.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan450
 description --Wi-Fi_SKLAD--
 ip dhcp relay information trusted
 ip address 10.5.40.254 255.255.255.0
 ip helper-address 10.5.35.217 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan500
 description --Wi-Fi_GUEST--
 ip dhcp relay information trusted
 ip address 10.5.39.254 255.255.255.0
 ip access-group No_Local_For_GuestWiFI in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan550
 description --PRODACTION_TRANSFER--
 ip address 192.168.78.254 255.255.255.0
 ip access-group ACL-FW_PROD_VLAN550-IN in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map RM_PRODACTION
!
interface Vlan555
 description --BGP_TRANSIT--
 ip address 172.30.30.102 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan603
 description --CRPT-Mark--
 ip dhcp relay information trusted
 ip address 10.5.45.254 255.255.255.0
!
router bgp 64516
 bgp router-id 172.30.30.102
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 network 10.5.32.0 mask 255.255.252.0
 network 10.5.36.0 mask 255.255.255.0
 network 10.5.37.0 mask 255.255.255.0
 network 10.5.38.0 mask 255.255.255.0
 network 10.5.39.0 mask 255.255.255.0
 network 10.5.40.0 mask 255.255.255.0
 network 10.5.42.0 mask 255.255.255.0
 network 10.5.62.0 mask 255.255.255.0
 network 10.5.63.0 mask 255.255.255.0
 network 10.220.1.0 mask 255.255.255.0
 network 192.168.75.0
 network 192.168.76.0 mask 255.255.255.128
 network 192.168.77.0
 network 192.168.78.0
 aggregate-address 10.5.32.0 255.255.224.0
 neighbor 172.30.30.100 remote-as 64516
 neighbor 172.30.30.101 remote-as 64516
 distance bgp 150 150 150
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip tftp source-interface Vlan300
ip route 0.0.0.0 0.0.0.0 172.16.8.3
ip route 192.168.10.0 255.255.255.0 172.16.8.3
ip route 192.168.11.0 255.255.255.0 172.16.8.3
ip route 192.168.31.0 255.255.255.0 172.16.8.3
ip ssh version 2
!
ip access-list extended ACL-FW_PROD_VLAN550-IN
 permit icmp any any
 permit ip 192.168.78.0 0.0.0.255 10.4.192.0 0.0.0.255
 permit ip 192.168.78.0 0.0.0.255 host 10.4.32.33
 permit ip 192.168.78.0 0.0.0.255 host 10.5.155.29
 permit ip 192.168.78.0 0.0.0.255 host 178.209.110.74
 permit ip 192.168.78.0 0.0.0.255 host 91.240.179.50
 remark RDP Server FOR access TO Prolight
 permit ip host 192.168.78.101 host 192.168.75.207
 permit ip host 192.168.78.101 host 192.168.8.164
 permit ip host 192.168.78.101 host 10.5.33.20
 permit ip host 192.168.78.101 host 10.5.33.66
 permit ip host 192.168.78.101 host 10.5.32.81
 permit ip host 192.168.78.101 host 10.5.33.104
 permit ip host 192.168.78.101 host 10.14.113.127
 permit tcp host 192.168.78.101 eq 49674 host 10.4.39.1
 permit tcp host 192.168.78.101 eq 49674 192.168.8.0 0.0.0.255
 permit tcp host 192.168.78.114 eq 5900 host 192.168.75.207
 permit ip host 192.168.78.231 host 10.5.33.66
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
ip access-list extended ACL_FROM_PRODACTION
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 permit ip 192.168.78.0 0.0.0.255 any
ip access-list extended Local_For_SkladWiFI
 remark Deny Guest VLAN220 access to Net and other PP
 permit tcp any host 192.168.75.200 eq domain
 permit udp any host 192.168.75.200 eq domain
 permit tcp any host 192.168.75.201 eq domain
 permit udp any host 192.168.75.201 eq domain
 permit tcp any host 192.168.8.4
 permit tcp any host 192.168.75.199
 permit tcp any host 192.168.8.6
 permit ip any host 192.168.8.254
 permit ip any host 192.168.8.4
 permit ip any host 192.168.8.6
 deny   ip any 10.2.0.0 0.0.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any
ip access-list extended No_Local_For_GuestWiFI
 remark Deny Guest VLAN200 access to other VLANs
 permit tcp any host 192.168.75.200 eq domain
 permit udp any host 192.168.75.200 eq domain
 permit tcp any host 192.168.75.201 eq domain
 permit udp any host 192.168.75.201 eq domain
 permit tcp any host 192.168.8.77 eq 443
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
logging origin-id hostname
logging facility local6
logging source-interface Vlan300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
arp 192.168.75.244 0020.85e1.d1d7 ARPA
!
route-map RM_PRODACTION permit 10
 match ip address ACL_FROM_PRODACTION
 set ip next-hop 172.16.8.2
!
!
snmp-server community lmTUEsk6Yvlv RO 5
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 082955452F3824373A0C553C732D372738022A46164E14044C1A1E6D55570F311F4354537B794D58395E14546A72533204176F182C18256E703B3C3631560E2654
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 094457023F243632230B5D1272223B3C3E151B52075B1653431B156A0F5A143F50425B577A7E4C076903150B6521442706483F152536486C372B2024344F092E7A
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
banner login ^C
*****************************************************************************
*                                                                           *
*                    UNAUTHORIZED ACCESS IS PROHIBITED                      *
*                                                                           *
*                     You have accessed network equipment.                  *
*  You must have authorized permission to access or configure this device.  *
*     All activities performed on this device are logged and monitored.     *
*                                                                           *
*****************************************************************************
^C
!
line con 0
 logging synchronous
 login authentication CONSOLE
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
!
ntp source Vlan300
ntp server 192.168.8.200
ntp server 192.168.8.201
!
end