Building configuration...

Current configuration : 21926 bytes
!
! Last configuration change at 16:48:42 SAMT Thu May 19 2022 by konovalov
! NVRAM config last updated at 16:50:52 SAMT Thu May 19 2022 by konovalov
!
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname GLZ-MLK-GMK-SW-1-1
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
logging buffered 51200
enable secret 5 $1$9Y1b$uAlx93K0.mqJJFhP3eVRk/
!
username netadmin privilege 15 secret 5 $1$XFzk$xFM/cm1yZoZJ7xoOsgFUh0
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone SAMT 4 0
switch 1 provision ws-c3750x-24s
switch 2 provision ws-c3750x-24s
system mtu routing 1500
!
!
!
!
ip routing
no ip cef optimize neighbor resolution
!
!
!
no ip domain-lookup
ip domain-name milkom-komos.ru
ip host tftp 10.4.0.214
!
stack-power stack Power-Stack-1
 mode redundant
!
vtp mode transparent
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1457810816
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1457810816
 revocation-check none
 rsakeypair TP-self-signed-1457810816
!
!
crypto pki certificate chain TP-self-signed-1457810816
license boot level ipservices
license boot level ipservices switch 2
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/GL/3750/$H-$T
 write-memory
 time-period 10080
!
!
!
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E 0x1
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
 permit any 0022.bdcd.d200 0000.0000.00ff
 permit 0022.bdcd.d200 0000.0000.00ff any
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
!
spanning-tree mode pvst
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 4096
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name --UserNet_2.0/24--
!
vlan 8
 name --USERS--
!
vlan 101
 name --PRINTERS--
!
vlan 103
 name -=KPP_Vesi&Cam=-
!
vlan 111
 name -=INTERCONNECT=-
!
vlan 150
 name --Wi-Fi_Users--
!
vlan 151
 name --Wi-Fi_PROD--
!
vlan 200
 name --SERVERS_MGMT--
!
vlan 250
 name --SERVERS_0.0/24--
!
vlan 251
 name --SERVERS_BACKUP--
!
vlan 290
 name -=SrvVmwVMon=-
!
vlan 300
 name --MANAGEMENT--
!
vlan 301
 name --Wi-Fi_MANAGMENT--
!
vlan 350
 name --VOICE--
!
vlan 500
 name --Wi-Fi_GUEST--
!
vlan 555
 name --BGP_TRANSIT--
!
vlan 600
 name --PRODACTION--
!
vlan 601
 name --PROLITE--
!
!
class-map match-any VSL-DATA-PACKETS
 match access-group name VSL-MGMT
class-map match-any VSL-L2-CONTROL-PACKETS
 match access-group name VSL-DOT1x
 match access-group name VSL-BPDU
 match access-group name VSL-CDP
 match access-group name VSL-LLDP
 match access-group name VSL-SSTP
 match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
 match access-group name VSL-IPV4-ROUTING
 match access-group name VSL-BFD
 match access-group name VSL-DHCP-CLIENT-TO-SERVER
 match access-group name VSL-DHCP-SERVER-TO-CLIENT
 match access-group name VSL-DHCP-SERVER-TO-SERVER
 match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
 match ip dscp af41 
 match ip dscp af42 
 match ip dscp af43 
 match ip dscp af31 
 match ip dscp af32 
 match ip dscp af33 
 match ip dscp af21 
 match ip dscp af22 
 match ip dscp af23 
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
 match ip dscp ef 
 match ip dscp cs4 
 match ip dscp cs5 
class-map match-any VSL-SIGNALING-NETWORK-MGMT
 match ip dscp cs2 
 match ip dscp cs3 
 match ip dscp cs6 
 match ip dscp cs7 
!
policy-map VSL-Queuing-Policy
 class VSL-L2-CONTROL-PACKETS
 class VSL-L3-CONTROL-PACKETS
 class VSL-VOICE-VIDEO-TRAFFIC
 class VSL-SIGNALING-NETWORK-MGMT
 class VSL-MULTIMEDIA-TRAFFIC
 class VSL-DATA-PACKETS
 class class-default
!
!
! 
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description [KU] SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel2
 description [KU] SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel3
 description [KU] SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel4
 description [KU] SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel6
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel7
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel9
 description [KU] SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel10
 description [KU] SW-8-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel11
 description [KU] SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel12
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel13
 description [KU] SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel14
 description [KU] SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel15
 description [KU] SW-11-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel16
 description [KU] SW-11-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel17
 description [KU] SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel18
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel19
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel20
 description [KU] SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel21
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel22
 description [KU] SW-1-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel23
 description [CORE] SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description [KU] Po1 SW-7-1 BAD LINK SH
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet1/0/2
 description [KU] Po2 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode active
!
interface GigabitEthernet1/0/3
 description [KU] Po3 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode on
!
interface GigabitEthernet1/0/4
 description [KU] Po4 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode active
!
interface GigabitEthernet1/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 5 mode on
!
interface GigabitEthernet1/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode on
!
interface GigabitEthernet1/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode on
!
interface GigabitEthernet1/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 8 mode on
!
interface GigabitEthernet1/0/9
 description [KU] Po9 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode on
!
interface GigabitEthernet1/0/10
 description [KU] Po10 SW-8-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode on
!
interface GigabitEthernet1/0/11
 description [KU] Po11 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode on
!
interface GigabitEthernet1/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode on
!
interface GigabitEthernet1/0/13
 description [KU] Po13 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode active
!
interface GigabitEthernet1/0/14
 description [KU] Po14 SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode on
!
interface GigabitEthernet1/0/15
 description [KU] Po15 SW-11-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode on
!
interface GigabitEthernet1/0/16
 description [KU] Po16 SW-11-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode on
!
interface GigabitEthernet1/0/17
 description [KU] Po17 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 17 mode on
!
interface GigabitEthernet1/0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 18 mode on
!
interface GigabitEthernet1/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 19 mode on
!
interface GigabitEthernet1/0/20
 description [KU] Po20 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 20 mode active
!
interface GigabitEthernet1/0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 21 mode on
!
interface GigabitEthernet1/0/22
 description [KU] Po22 SW-1-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 22 mode active
!
interface GigabitEthernet1/0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet1/0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
 description [KU] Po1 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet2/0/2
 description [KU] Po2 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode active
!
interface GigabitEthernet2/0/3
 description [KU] Po3 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode on
!
interface GigabitEthernet2/0/4
 description [KU] Po4 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode active
!
interface GigabitEthernet2/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 5 mode on
!
interface GigabitEthernet2/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode on
!
interface GigabitEthernet2/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode on
!
interface GigabitEthernet2/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 8 mode on
!
interface GigabitEthernet2/0/9
 description [KU] Po9 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode on
!
interface GigabitEthernet2/0/10
 description [KU] Po10 SW-8-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode on
!
interface GigabitEthernet2/0/11
 description [KU] Po11 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode on
!
interface GigabitEthernet2/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode on
!
interface GigabitEthernet2/0/13
 description [KU] Po13 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode active
!
interface GigabitEthernet2/0/14
 description [KU] Po14 SW-10-1 BAD LINK SH
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode on
!
interface GigabitEthernet2/0/15
 description [KU] Po15 SW-11-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode on
!
interface GigabitEthernet2/0/16
 description [KU] Po16 SW-11-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode on
!
interface GigabitEthernet2/0/17
 description [KU] Po17 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 17 mode on
!
interface GigabitEthernet2/0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 18 mode on
!
interface GigabitEthernet2/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 19 mode on
!
interface GigabitEthernet2/0/20
 description [KU] Po20 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 20 mode active
!
interface GigabitEthernet2/0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 21 mode on
!
interface GigabitEthernet2/0/22
 description [KU] Po22 SW-1-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 22 mode active
!
interface GigabitEthernet2/0/23
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet2/0/24
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
 description --CAMERA--
 ip address 192.168.34.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map PBR_CAMERA
 hold-queue 2048 in
 hold-queue 2048 out
!
interface Vlan2
 description --USERS--
 ip address 10.5.2.254 255.255.255.0
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan8
 description --USERS--
 ip address 10.5.1.254 255.255.255.0
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan101
 description --PRINTERS--
 ip address 10.5.17.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan103
 description --KPP Vesi&Cam--
 ip address 10.5.18.62 255.255.255.192
!
interface Vlan111
 description -=INTERCONNECT=-
 ip address 172.16.3.4 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan150
 description --Wi-Fi_Users--
 ip address 10.5.27.126 255.255.255.128
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan151
 description --Wi-Fi_PROD--
 ip address 10.5.29.126 255.255.255.128
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan200
 description --SERVERS_MGMT--
 ip address 10.5.26.62 255.255.255.192
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan250
 description --SERVERS_0.0/24--
 ip address 10.5.0.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan251
 description --SERVERS_BACKUP--
 ip address 10.5.26.94 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan290
 description -=SrvVmwVMon=-
 ip address 10.5.26.126 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan300
 description --MANAGEMENT--
 ip address 10.5.30.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan301
 description --Wi-Fi_MANAGMENT--
 ip address 10.5.29.254 255.255.255.128
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan350
 description --VOICE--
 ip address 10.5.28.254 255.255.255.0
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan500
 description --Wi-Fi_GUEST--
 ip address 10.5.27.254 255.255.255.128
 ip access-group No_Local_For_GuestWiFI in
 ip helper-address 10.5.0.3 
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan555
 description --BGP_TRANSIT--
 ip address 172.30.30.86 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan600
 description --PRODACTION--
 ip address 10.5.25.62 255.255.255.192
 ip access-group ACL_PRODACTION in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan601
 description --PROLITE--
 ip address 192.168.32.254 255.255.255.0
 ip access-group ACL_PROLITE in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
router bgp 64514
 bgp router-id 172.30.30.86
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 network 10.5.0.0 mask 255.255.255.0
 network 10.5.29.0 mask 255.255.255.128
 network 10.5.29.128 mask 255.255.255.128
 network 10.5.30.0 mask 255.255.255.0
 network 192.168.34.0
 aggregate-address 10.5.0.0 255.255.224.0
 neighbor 172.30.30.84 remote-as 64514
 neighbor 172.30.30.84 next-hop-self all
 neighbor 172.30.30.84 soft-reconfiguration inbound
 neighbor 172.30.30.84 weight 600
 neighbor 172.30.30.85 remote-as 64514
 neighbor 172.30.30.85 next-hop-self all
 neighbor 172.30.30.85 soft-reconfiguration inbound
 neighbor 172.30.30.85 weight 500
 distance bgp 150 150 150
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip tftp source-interface Vlan300
ip route 0.0.0.0 0.0.0.0 172.16.3.3 50
ip route 0.0.0.0 0.0.0.0 10.14.254.253 100
ip ssh version 2
!
ip access-list extended ACL_PRODACTION
 permit icmp any any
 permit udp any host 10.5.0.1 eq domain
 permit udp any host 10.5.0.2 eq domain
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 permit ip any any
ip access-list extended ACL_PROLITE
 permit icmp any any
 permit tcp host 10.5.0.23 host 192.168.32.222 eq 3389
ip access-list extended LOCAL_TRAFFIC
 permit ip any 192.168.0.0 0.0.255.255
 permit ip any 10.0.0.0 0.255.255.255
 permit ip any 172.16.0.0 0.15.255.255
ip access-list extended No_Local_For_GuestWiFI
 permit tcp any host 192.168.8.200 eq domain
 permit udp any host 192.168.8.200 eq domain
 permit tcp any host 192.168.8.201 eq domain
 permit udp any host 192.168.8.201 eq domain
 permit tcp any host 192.168.31.208 eq domain
 permit udp any host 192.168.31.208 eq domain
 permit tcp any host 192.168.31.219 eq domain
 permit udp any host 192.168.31.219 eq domain
 permit tcp any host 10.4.7.6 eq 443
 permit udp any eq bootpc host 255.255.255.255 eq bootps
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
logging origin-id hostname
logging source-interface Vlan300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
access-list 101 deny   ip any 10.5.0.0 0.0.31.255
access-list 101 permit ip 192.168.34.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 192.168.34.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.34.0 0.0.0.255 172.17.0.0 0.0.255.255
!
route-map PBR_CAMERA permit 10
 match ip address 101
 set ip next-hop 172.30.30.84
!
route-map GLOBAL-ROUTING permit 10
 match ip address LOCAL_TRAFFIC
 set ip next-hop 172.16.4.3 172.16.3.2
!
!
snmp-server community lmTUEsk6Yvlv RO 5
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
!
no vstack
banner login ^C
*****************************************************************************
*                                                                           *
*                    UNAUTHORIZED ACCESS IS PROHIBITED                      *
*                                                                           *
*                     You have accessed network equipment.                  *
*  You must have authorized permission to access or configure this device.  *
*     All activities performed on this device are logged and monitored.     *
*                                                                           *
*****************************************************************************
^C
alias exec ipconfig show ip interface brief | exclude unassigned
!
line con 0
 logging synchronous
 login authentication CONSOLE
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
!
ntp source Vlan300
ntp server 192.168.8.200
ntp server 192.168.8.201
mac address-table notification change
mac address-table notification mac-move
mac address-table aging-time 1800
!
end