Building configuration...

Current configuration : 23519 bytes
!
! Last configuration change at 13:37:38 SAMT Wed Jul 13 2022 by konovalov
! NVRAM config last updated at 16:51:41 SAMT Thu Jul 21 2022 by konovalov
!
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname SAR-MLK-SRM-SW-1-1
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$xyPV$PLyKmlVuENwtlpdSxJmTm.
!
username netadmin privilege 15 secret 5 $1$zXig$Hp4ZObS11EcAsDwAd0XTt/
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone SAMT 4 0
switch 1 provision ws-c3750x-24s
switch 2 provision ws-c3750x-24s
system mtu routing 1500
ip routing
no ip cef optimize neighbor resolution
!
!
!
no ip domain-lookup
ip domain-name milkom-komos.ru
ip host tftp 10.4.0.214
login on-failure
login on-success
!
stack-power stack Power-Stack-1
 mode redundant
!
stack-power switch 1
stack-power switch 2
!
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-1335665536
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1335665536
 revocation-check none
 rsakeypair TP-self-signed-1335665536
!
!
crypto pki certificate chain TP-self-signed-1335665536
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31333335 36363535 3336301E 170D3036 30313032 30303032 
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33333536 
  36353533 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100BCBB C5A07A23 84ECED52 55A03879 E9E78A55 5559E8D2 9D7BE840 3B3538FD 
  B5DC09BE B9425757 EAAAAF0B E9461073 9770C887 6EB6CF4B 563C8770 072703B6 
  7920A42B 6B393BCE 8892839A 96EC522B 43BC6CD7 5D44486C C34290B6 1ED961AC 
  303CDCF7 96299465 FBACFA46 7C9AE6D3 B0F191AF DC040CD6 1F884309 FA343C73 
  D3BD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 14526623 7A7B3A92 45989181 17C943CA C0BF61B0 05301D06 
  03551D0E 04160414 5266237A 7B3A9245 98918117 C943CAC0 BF61B005 300D0609 
  2A864886 F70D0101 05050003 8181008E B472BCEE CB1900C7 0EE8CF86 FFAC9527 
  07B63D63 03CEC290 97E97A95 EF5EFE32 06949C60 8E3CDCD7 7E795147 2341AFC4 
  3CE89F0E 46624EA0 103377B1 6960B16A 7554C168 73D604D3 F50D3B07 7F466E0D 
  06A65575 9CA9A189 E4BD6BDB EFFD3677 7D7C633F 975552BA 3F562747 B19C6676 
  5B7AC818 D0299815 181BC429 DAE58C
  	quit
license boot level ipservices
license boot level ipservices switch 1
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/SAR/MLK/SRM-SW_L3/$H-$T
 write-memory
 time-period 10080
!
!
!
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E 0x1
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
 permit any 0022.bdcd.d200 0000.0000.00ff
 permit 0022.bdcd.d200 0000.0000.00ff any
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 8
 name --USERS--
!
vlan 101
 name --PRINTERS--
!
vlan 111
 name INTERCONNECT
!
vlan 113
 name --TO-GATE-MIKROTIC--
!
vlan 150
 name --Wi-Fi_Users--
!
vlan 151
 name --Wi-Fi_PROD--
!
vlan 200
 name --SERVERS_MGMT--
!
vlan 250
 name --SERVERS_128.0/24--
!
vlan 251
 name --SERVERS_BACKUP--
!
vlan 290
 name -=SrvVmwVMon=-
!
vlan 300
 name --MANAGEMENT--
!
vlan 301
 name --Wi-Fi_MANAGMENT--
!
vlan 310
 name --UPS_managment--
!
vlan 350
 name --VOICE--
!
vlan 500
 name --Wi-Fi_GUEST--
!
vlan 555
 name --BGP_TRANSIT--
!
vlan 603
 name --CRPT-Mark--
!
ip tftp source-interface Vlan300
!
track 99 ip sla 99 reachability
 delay down 10 up 5
!
class-map match-any VSL-DATA-PACKETS
  match access-group name VSL-MGMT
class-map match-any VSL-L2-CONTROL-PACKETS
  match access-group name VSL-DOT1x
  match access-group name VSL-BPDU
  match access-group name VSL-CDP
  match access-group name VSL-LLDP
  match access-group name VSL-SSTP
  match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
  match access-group name VSL-IPV4-ROUTING
  match access-group name VSL-BFD
  match access-group name VSL-DHCP-CLIENT-TO-SERVER
  match access-group name VSL-DHCP-SERVER-TO-CLIENT
  match access-group name VSL-DHCP-SERVER-TO-SERVER
  match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
  match ip dscp af41 
  match ip dscp af42 
  match ip dscp af43 
  match ip dscp af31 
  match ip dscp af32 
  match ip dscp af33 
  match ip dscp af21 
  match ip dscp af22 
  match ip dscp af23 
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
  match ip dscp ef 
  match ip dscp cs4 
  match ip dscp cs5 
class-map match-any VSL-SIGNALING-NETWORK-MGMT
  match ip dscp cs2 
  match ip dscp cs3 
  match ip dscp cs6 
  match ip dscp cs7 
!
policy-map VSL-Queuing-Policy
 class VSL-L2-CONTROL-PACKETS
 class VSL-L3-CONTROL-PACKETS
 class VSL-VOICE-VIDEO-TRAFFIC
 class VSL-SIGNALING-NETWORK-MGMT
 class VSL-MULTIMEDIA-TRAFFIC
 class VSL-DATA-PACKETS
 class class-default
!
!
! 
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
 lifetime 500
crypto isakmp key fjhJSHpUcnqbpGfI address 0.0.0.0         no-xauth
crypto isakmp keepalive 20
!
!
crypto ipsec transform-set tr-3des esp-3des 
crypto ipsec transform-set ipsec-transform esp-3des esp-md5-hmac 
 mode transport require
crypto ipsec transform-set ipsec-transform-aes esp-aes esp-md5-hmac 
 mode transport require
crypto ipsec df-bit clear
!
!
crypto ipsec profile gre-gre-3des
 set transform-set ipsec-transform 
!
!
!
!
!
!
!
interface Port-channel1
 description [KU] SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel2
 description [KU] SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel3
 description [KU] SW-8a-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
!
interface Port-channel4
 description [KU] SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel5
 description [KU] SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel6
 description [KU] SW-13-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel7
 description [KU] SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel8
 description [KU] SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel9
 description [KU] SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel10
 description [KU] SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel11
 description [KU] SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel12
 description [KU] SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel13
 description [KU] SW-8A-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel14
 description [KU] SW-7-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel15
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel16
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel17
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel18
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel19
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel20
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel21
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel22
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel23
 description [CORE] SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Tunnel99
 description STR-KY-01-SW1
 bandwidth 20000
 ip address 10.70.70.157 255.255.255.252
 ip mtu 1426
 keepalive 5 5
 tunnel source 10.10.30.9
 tunnel destination 10.10.30.10
 tunnel protection ipsec profile gre-gre-3des
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description [KU] Po1 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet1/0/2
 description [KU] Po2 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/3
 description [KU] Po3 SW-8a-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 channel-group 3 mode on
!
interface GigabitEthernet1/0/4
 description [KU] Po4 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode on
!
interface GigabitEthernet1/0/5
 description [KU] Po5 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 5 mode on
!
interface GigabitEthernet1/0/6
 description [KU] Po6 SW-13-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode on
!
interface GigabitEthernet1/0/7
 description [KU] Po7 SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode on
!
interface GigabitEthernet1/0/8
 description [KU] Po8 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 8 mode on
!
interface GigabitEthernet1/0/9
 description [KU] Po9 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode on
!
interface GigabitEthernet1/0/10
 description [KU] Po10 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode on
!
interface GigabitEthernet1/0/11
 description [KU] Po11 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode on
!
interface GigabitEthernet1/0/12
 description [KU] Po12 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode on
!
interface GigabitEthernet1/0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode on
!
interface GigabitEthernet1/0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode active
!
interface GigabitEthernet1/0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode on
!
interface GigabitEthernet1/0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode on
!
interface GigabitEthernet1/0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 17 mode on
!
interface GigabitEthernet1/0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 18 mode on
!
interface GigabitEthernet1/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 19 mode on
!
interface GigabitEthernet1/0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 20 mode on
!
interface GigabitEthernet1/0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 21 mode on
!
interface GigabitEthernet1/0/22
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 22 mode on
!
interface GigabitEthernet1/0/23
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet1/0/24
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
 description [KU] Po1 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet2/0/2
 description [KU] Po2 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet2/0/3
 description [KU] Po3 SW-8a-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 channel-group 3 mode on
!
interface GigabitEthernet2/0/4
 description [KU] Po4 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode on
!
interface GigabitEthernet2/0/5
 description [KU] Po5 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 5 mode on
!
interface GigabitEthernet2/0/6
 description [KU] Po6 SW-13-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode on
!
interface GigabitEthernet2/0/7
 description [KU] SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/8
 description [KU] Po8 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 8 mode on
!
interface GigabitEthernet2/0/9
 description [KU] Po9 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode on
!
interface GigabitEthernet2/0/10
 description [KU] Po10 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode on
!
interface GigabitEthernet2/0/11
 description [KU] Po11 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode on
!
interface GigabitEthernet2/0/12
 description [KU] Po12 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode on
!
interface GigabitEthernet2/0/13
 description [KU] Po13 SW-8A-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode on
!
interface GigabitEthernet2/0/14
 description [KU] Po14 SW-7-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode active
!
interface GigabitEthernet2/0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode on
!
interface GigabitEthernet2/0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode on
!
interface GigabitEthernet2/0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 17 mode on
!
interface GigabitEthernet2/0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 18 mode on
!
interface GigabitEthernet2/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 19 mode on
!
interface GigabitEthernet2/0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 20 mode on
!
interface GigabitEthernet2/0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 21 mode on
!
interface GigabitEthernet2/0/22
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 22 mode on
!
interface GigabitEthernet2/0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet2/0/24
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
 ip dhcp relay information trusted
 ip address 192.168.11.254 255.255.255.0 secondary
 ip address 192.168.12.254 255.255.255.0 secondary
 ip address 192.168.11.201 255.255.255.0 secondary
 ip address 192.168.13.254 255.255.255.0 secondary
 ip address 192.168.14.254 255.255.255.0 secondary
 ip address 192.168.15.254 255.255.255.0 secondary
 ip address 192.168.16.254 255.255.255.0 secondary
 ip address 192.168.17.254 255.255.255.0 secondary
 ip address 192.168.19.254 255.255.255.128 secondary
 ip address 192.168.19.126 255.255.255.128 secondary
 ip address 192.168.10.254 255.255.255.0 secondary
 ip address 192.168.12.201 255.255.255.0 secondary
 ip address 10.10.30.9 255.255.255.252 secondary
 ip address 10.5.151.254 255.255.255.0 secondary
 ip address 192.168.10.201 255.255.255.0
 ip helper-address 192.168.11.159
 no ip redirects
!
interface Vlan8
 description --USERS--
 ip dhcp relay information trusted
 ip address 10.5.129.254 255.255.255.0
 ip helper-address 192.168.11.159
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan101
 description --PRINTERS--
 ip address 10.5.154.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan111
 description INTERCONNECT
 ip address 172.16.4.4 255.255.255.248 secondary
 ip address 172.16.3.4 255.255.255.248
!
interface Vlan113
 ip address 10.10.252.253 255.255.255.252
!
interface Vlan150
 description --Wi-Fi_Users--
 ip address 10.5.155.126 255.255.255.128
 ip helper-address 192.168.11.159
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan151
 description --Wi-Fi_Prod--
 ip dhcp relay information trusted
 ip address 10.5.155.254 255.255.255.128
 ip helper-address 192.168.11.159
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan200
 description --SERVERS_MGMT--
 ip dhcp relay information trusted
 ip address 10.5.153.62 255.255.255.192
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan250
 description --SERVERS_128.0/24--
 ip address 10.5.128.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan251
 description --SERVERS_BACKUP--
 ip address 10.5.153.94 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan290
 description -=SrvVmwVMon=-
 ip address 10.5.153.126 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan300
 description --MANAGEMENT--
 ip dhcp relay information trusted
 ip address 10.5.158.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan301
 description --Wi-Fi_MANAGMENT--
 ip dhcp relay information trusted
 ip address 10.5.157.126 255.255.255.128
 ip helper-address 192.168.11.159
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan310
 description --UPS managment--
 ip address 10.5.159.254 255.255.255.0
!
interface Vlan350
 description --VOICE--
 ip dhcp relay information trusted
 ip address 10.5.156.254 255.255.255.0
 ip helper-address 192.168.11.159
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan500
 description --Wi-Fi_Guest--
 ip dhcp relay information trusted
 ip address 10.5.157.254 255.255.255.128
 ip helper-address 192.168.11.159
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan555
 description --BGP_TRANSIT--
 ip address 172.30.30.70 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan603
 description --CRPT-Mark--
 ip address 10.5.152.126 255.255.255.192
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
router bgp 64518
 bgp router-id 172.30.30.70
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 network 10.5.156.0 mask 255.255.255.0
 network 192.168.10.0
 network 192.168.11.0
 network 192.168.12.0
 network 192.168.13.0
 network 192.168.14.0
 network 192.168.15.0
 network 192.168.16.0
 network 192.168.19.0 mask 255.255.255.128
 aggregate-address 10.5.128.0 255.255.224.0
 redistribute connected route-map RM_BGP_REDISTR_CON
 neighbor 172.30.30.68 remote-as 64518
 neighbor 172.30.30.68 soft-reconfiguration inbound
 neighbor 172.30.30.69 remote-as 64518
 neighbor 172.30.30.69 soft-reconfiguration inbound
 distance bgp 150 150 150
!
ip default-gateway 10.10.252.254
!
ip http server
no ip http secure-server
!
ip route 192.168.18.0 255.255.255.0 10.70.70.158 track 99
ip route 0.0.0.0 0.0.0.0 172.16.3.3
ip route 0.0.0.0 0.0.0.0 172.16.4.3 50
!
ip access-list extended LOCAL_TRAFFIC
 permit ip any 192.168.0.0 0.0.255.255
 permit ip any 10.0.0.0 0.255.255.255
 permit ip any 172.16.0.0 0.15.255.255
ip access-list extended No_Local_For_GuestWiFI
 remark Deny Guest VLAN200 access to other VLANs
 permit tcp any host 192.168.11.152 eq domain
 permit udp any host 192.168.11.155 eq domain
 permit tcp any host 192.168.8.77 eq 443
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
 remark Deny Guest VLAN200 and 500 access to other VLANs
 permit tcp any host 192.168.8.200 eq domain
 permit udp any host 192.168.8.200 eq domain
 permit tcp any host 192.168.8.201 eq domain
 permit udp any host 192.168.8.201 eq domain
 permit udp any host 192.168.11.152 eq domain
 permit tcp any host 192.168.11.155 eq domain
 permit tcp any host 10.4.7.6 eq 443
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
!
ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24
ip sla 99
 icmp-echo 10.70.70.157 source-interface Tunnel99
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 99 life forever start-time now
logging origin-id hostname
logging source-interface Vlan300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
access-list 101 deny   ip any 192.168.0.0 0.0.255.255
access-list 101 deny   ip any 10.0.0.0 0.255.255.255
access-list 101 deny   ip any 172.17.0.0 0.0.255.255
access-list 101 permit ip host 192.168.11.249 any
!
route-map RM_BGP_REDISTR_CON permit 10
 match ip address prefix-list PFL_BGP_REDISTR_CON
!
route-map GLOBAL-ROUTING permit 10
 match ip address LOCAL_TRAFFIC 101
 set ip next-hop 172.16.3.3
!
!
snmp-server community lmTUEsk6Yvlv RO 5
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
!
!
line con 0
 logging synchronous
 login authentication CONSOLE
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login authentication NPS
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
!
ntp source Vlan300
ntp server 192.168.8.200
ntp server 192.168.8.201
end