Building configuration...

Current configuration : 60494 bytes
!
! Last configuration change at 10:47:49 IZH Thu Jul 28 2022 by adm_kapustinal
! NVRAM config last updated at 10:47:57 IZH Thu Jul 28 2022 by adm_kapustinal
!
version 15.5
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname IZH-KG-P11-SW-1-1
!
boot-start-marker
boot system flash bootdisk:/s2t54-adventerprisek9-mz.SPA.155-1.SY3.bin
boot-end-marker
!
!
vrf definition VRF-PI
 rd 100:1
 !
 address-family ipv4
  route-target export 100:1
  route-target import 100:1
 exit-address-family
!
vrf definition VRF-RT_CLOUD
 rd 100:4039
 !
 address-family ipv4
 exit-address-family
!
vrf definition VRF-UZB
 rd 400:400
 !
 address-family ipv4
  import ipv4 unicast map RM_UZB_IMPORT
 exit-address-family
!
vrf definition VRF_WIFI_GUEST
 !
 address-family ipv4
 exit-address-family
!
security authentication failure rate 5 log
logging buffered 32768 informational
enable secret 5 $1$bkfE$/NjXI2VJj62G6IA/cMtlb1
!
username netadmin privilege 15 secret 9 $9$pC1NoOajaeJ5aL$LdWopDmb3JVIzBXaa2ASeE363bZlxkINA5GPl9COIdo
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan100
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
platform ip cef load-sharing ip-only
clock timezone IZH 4 0
!
!
!
!
!
no ip source-route
no ip gratuitous-arps
!
!
no ip bootp server
no ip domain-lookup
ip domain-name komos.ru
ip host VM-KG-NET 10.1.12.70
ip host tftp 10.4.0.214

login on-failure log
login on-success log
vtp mode transparent
no device-tracking logging theft
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/KG/P11-SW_L3/$H.$T.conf
 write-memory
 time-period 10080
object-group ip address OBJ_LOCAL_DNS 
 host-info 192.168.8.200
 host-info 192.168.8.201
 host-info 192.168.1.21
 host-info 192.168.1.100
!
object-group ip address OBJ_LOCAL_TRAFFIC 
 10.0.0.0 255.0.0.0
 172.16.0.0 255.240.0.0
 192.168.0.0 255.255.0.0
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 16384
port-channel load-balance src-dst-mixed-ip-port
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
bfd-template single-hop p2p
 interval min-tx 300 min-rx 300 multiplier 3
!
bfd-template single-hop test
 interval min-tx 50 min-rx 50 multiplier 3
!
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 2
 name KG_LAN-USER
!
vlan 3
 name KG_LAN-RESTRICTED
!
vlan 4
 name KG_LAN-VDI
!
vlan 5
 name KG_LAN-ADMIN
!
vlan 6
 name IMP-LAN
!
vlan 7
 name MK_Users
!
vlan 8
 name KG_VOIP_TEST_USERS
!
vlan 9
 name Kaznach_restrict
!
vlan 11
 name KG_LAN-AS199014
!
vlan 12
 name UNIFI_NETWORK
!
vlan 20
 name DMZ-1
!
vlan 22 
!
vlan 25
 name VoIP
!
vlan 26
 name MGMT_ASA
!
vlan 50
 name MS_DYN_AX_SQL
!
vlan 99
 name Users_KU9
!
vlan 100
 name Inbound_management
!
vlan 101
 name WDS
!
vlan 149
 name -KG-MGMT-INT-10.1.254.0/24-
!
vlan 150
 name KG_WIFI-USER
!
vlan 151
 name KG_KOMOS-CONF
!
vlan 152
 name KG-ARUBA-USERS
!
vlan 153
 name KG-ARUBA-USERS-GUEST
!
vlan 154
 name Eltex_WiFi_Test
!
vlan 200
 name KG_MGMT-SRV
!
vlan 201
 name KG_LAN-SRV
!
vlan 202
 name KG_LAN-SRV-DMZ
!
vlan 204
 name KG_SRV_KAZNACHEYSTVO
!
vlan 205
 name SRV_UZB
!
vlan 249
 name --KG-SRV-BKP-10.1.249.0/26--
!
vlan 253
 name exchange_komos-group
!
vlan 289
 name --OCOD_VLAN_1--
!
vlan 296
 name -MLK-KCOD-SRV-All_10.1.123.0/24-
!
vlan 297
 name -MLK-KCOD-SRV-Exchange_10.1.122.
!
vlan 298
 name -MLK-KCOD-MGM-NET_10.1.121.0/24-
!
vlan 300
 name KG_MGMT-NET
!
vlan 301
 name KG_MGMT-WIFI
!
vlan 302
 name WifI_MGM_Aruba_test
!
vlan 303
 name KG-ARUBA-AP
!
vlan 304
 name WIFI_ARUBA_MGM
!
vlan 307
 name SKUD
!
vlan 310
 name --MGM_UPS--
!
vlan 349
 name MLK_LAN-DATACENTER-2
!
vlan 350
 name IMP-VOIP
!
vlan 351
 name KG_VOIP
!
vlan 352
 name KG_VOIP_TEST
!
vlan 400
 name -Video_UZB-
!
vlan 500
 name KG_WIFI-GUEST
!
vlan 551
 name --TRANSIT_HSRP--
!
vlan 556
 name P2P_iBGP_KOMOS_AS_over_ER_Teleco
!
vlan 557
 name P2P_iBGP_KOMOS_AS_over_MTS
!
vlan 558
 name -L2VPN-PVE_HA_ERTLC-
!
vlan 559
 name -L2VPN-PVE_HA_MTS-
!
vlan 596
 name P2P_RCOD-OCOD_ER_Telecom
!
vlan 598
 name -KG-COD-Transit-Core-
!
vlan 599
 name -MLK-KCOD-Trunk_172.30.30.0/27-
!
vlan 1113
 name PI_RT-1-3
!
vlan 3074
 name --RT_DMVPN--
!
vlan 3088
 name ISP-KG_MTS-IP
!
vlan 3333
 name HUAWEI_WIFI_NETWORK
!
vlan 3334
 name HUAWEI_WIFI_NETWORK_USERS
!
vlan 3915
 name --TEST_ZLOBIN_DENIS_UNTIL_01.07-
!
vlan 4035
 name -MLK-KCOD-Reserv_172.31.35.0/2
!
vlan 4039
 name CLOUD_RT
!
vlan 4040
 name KG_LAN-SZB
!
vlan 4041
 name --VLAN_P11_VS17--
!
vlan 4092
 name ISP-Beeline_Kaznach
!
vlan 4093
 name ISP-IMP_ERTEL
!
track 1 ip sla 1 reachability
 delay down 10 up 5
!
track 11 ip sla 11 reachability
 delay down 10 up 5
!
track 12 ip sla 12 reachability
!
track 13 ip sla 13 reachability
 delay down 10 up 5
!
track 104 ip sla 104 reachability
 delay down 10 up 5
!
track 105 ip sla 105 reachability
 delay down 10 up 5
!
track 107 ip sla 107 reachability
 delay down 10 up 5
!
track 109 ip sla 109 reachability
 delay down 10 up 5
!
track 110 ip sla 110 reachability
 delay down 10 up 5
!
track 111 list boolean and
 object 1
 object 11
!
track 112 ip sla 112 reachability
 delay down 10 up 5
!
track 222 list boolean and
 object 110
 object 112
!
!
class-map match-any class-copp-icmp-redirect-unreachable
class-map match-all class-copp-glean
class-map match-all class-copp-receive
class-map match-all class-copp-options
class-map match-all CM_WEB_LOCAL
 match access-group name WEB_LOCAL
class-map match-any CM_RDP
 match access-group name RDP
class-map match-all class-copp-broadcast
class-map match-all class-copp-mcast-acl-bridged
class-map match-all class-copp-slb
class-map match-all class-copp-mtu-fail
class-map match-all class-copp-ttl-fail
class-map match-all class-copp-arp-snooping
class-map match-any class-copp-mcast-copy
class-map match-any class-copp-ip-connected
class-map match-any class-copp-match-igmp
 match access-group name acl-copp-match-igmp
class-map match-all class-copp-unknown-protocol
class-map match-any class-copp-vacl-log
class-map match-all class-copp-mcast-ipv6-control
class-map match-any class-copp-match-pimv6-data
 match access-group name acl-copp-match-pimv6-data
class-map match-any class-copp-mcast-punt
class-map match-all class-copp-unsupp-rewrite
class-map match-all class-copp-ucast-egress-acl-bridged
class-map match-all class-copp-ip-admission
class-map match-any CM_QoS_CS3
 match dscp cs3  af31  af32  af33 
class-map match-any CM_QoS_CS2
 match dscp cs2  af21  af22  af23 
class-map match-any CM_QoS_CS1
 match dscp cs1  af11  af12  af13 
class-map match-any class-copp-dpss-divert
class-map match-any CM_QoS_CS0
 match dscp default  1  2  3 
class-map match-any CM_QoS_CS7
 match dscp cs7 
class-map match-any CM_QoS_CS6
 match dscp cs6  49 
class-map match-any CM_QoS_CS5
 match dscp cs5  41  42  45  ef  47 
class-map match-any CM_QoS_CS4
 match dscp cs4  af41  af42  af43 
class-map match-all class-copp-service-insertion
class-map match-all class-copp-mac-pbf
class-map match-any class-copp-match-mld
 match access-group name acl-copp-match-mld
class-map match-all class-copp-ucast-ingress-acl-bridged
class-map match-all class-copp-dhcp-snooping
class-map match-all class-copp-wccp
class-map match-all class-copp-nd
class-map match-any class-copp-ipv6-connected
class-map match-all class-copp-mcast-rpf-fail
class-map match-any class-copp-match-ndv6hl
 match access-group name acl-copp-match-ndv6hl
class-map match-any class-copp-ucast-rpf-fail
class-map match-all class-copp-mcast-ip-control
class-map match-any class-copp-match-pim-data
 match access-group name acl-copp-match-pim-data
class-map match-any class-copp-match-ndv6
 match access-group name acl-copp-match-ndv6
class-map match-any class-copp-mcast-v4-data-on-routedPort
class-map match-any class-copp-mcast-v6-data-on-routedPort
!
policy-map policy-default-autocopp
 class class-copp-mcast-v4-data-on-routedPort
   police rate 10 pps burst 1 packets    conform-action drop     exceed-action drop 
 class class-copp-mcast-v6-data-on-routedPort
   police rate 10 pps burst 1 packets    conform-action drop     exceed-action drop 
 class class-copp-match-mld
   police rate 10000 pps burst 10000 packets    conform-action set-discard-class-transmit 48    exceed-action transmit 
 class class-copp-match-igmp
   police rate 10000 pps burst 10000 packets    conform-action set-discard-class-transmit 48    exceed-action transmit 
 class class-copp-icmp-redirect-unreachable
   police rate 100 pps burst 10 packets    conform-action transmit     exceed-action drop 
 class class-copp-ucast-rpf-fail
   police rate 100 pps burst 10 packets    conform-action transmit     exceed-action drop 
 class class-copp-vacl-log
   police rate 2000 pps burst 1 packets    conform-action transmit     exceed-action drop 
 class class-copp-mcast-punt
   police rate 1000 pps burst 256 packets    conform-action transmit     exceed-action drop 
 class class-copp-mcast-copy
   police rate 1000 pps burst 256 packets    conform-action transmit     exceed-action drop 
 class class-copp-ip-connected
   police rate 1000 pps burst 256 packets    conform-action transmit     exceed-action drop 
 class class-copp-ipv6-connected
   police rate 1000 pps burst 256 packets    conform-action transmit     exceed-action drop 
 class class-copp-match-pim-data
   police rate 1000 pps burst 1000 packets    conform-action transmit     exceed-action drop 
 class class-copp-match-pimv6-data
   police rate 1000 pps burst 1000 packets    conform-action transmit     exceed-action drop 
 class class-copp-match-ndv6
   police rate 1000 pps burst 1000 packets    conform-action set-discard-class-transmit 48    exceed-action drop 
policy-map PM_QoS_CLASS_IN
 class CM_QoS_CS7
   set dscp cs7
 class CM_QoS_CS6
   set dscp cs6
 class CM_QoS_CS5
   set dscp cs5
 class CM_QoS_CS4
   set dscp cs4
!
! 
!
!
!
!
crypto isakmp policy 20
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key KGp11KuMK2021 address 94.138.150.1   
crypto isakmp key KGp11KuMK2021 address 178.47.128.98  
!
!
crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac 
 mode transport require
crypto ipsec df-bit clear
!
crypto ipsec profile GRE_IPSEC
 set transform-set TS_GREIPSEC 
 set pfs group2
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.1.255.255 255.255.255.255
!
interface Loopback11
 ip address 91.240.179.254 255.255.255.255
!
interface Loopback7777
 description TK5732m - TK5733m
 no ip address
 shutdown
!
interface Port-channel1
 description [KU] SW-1a-1 
 switchport
 switchport mode trunk
!
interface Port-channel2
 description [KU] SW-1c-1 
 switchport
 switchport mode trunk
!
interface Port-channel3
 description [KU] SW-2-3
 switchport
 switchport mode trunk
!
interface Port-channel4
 description [KU] SW-2-4
 switchport
 switchport mode trunk
!
interface Port-channel5
 description [KU] SW-2-2
 switchport
 switchport mode trunk
!
interface Port-channel7
 description [KU] SW-3-1
 switchport
 switchport mode trunk
!
interface Port-channel8
 description [KU] SW-4-1
 switchport
 switchport mode trunk
!
interface Port-channel9
 description [KU] SW-4-2
 switchport
 switchport mode trunk
!
interface Port-channel10
 description [KU] SW-5-1
 switchport
 switchport mode trunk
!
interface Port-channel11
 description [KU] SW-8b-1
 switchport
 switchport mode trunk
!
interface Port-channel12
 no ip address
 shutdown
!
interface Port-channel13
 description Link to SW-2960-DC
 switchport
 switchport mode trunk
!
interface Port-channel14
 description [KU] SW-9-1
 switchport
 switchport mode trunk
!
interface Port-channel15
 description [KU] SW-2-1
 switchport
 switchport mode trunk
!
interface Port-channel16
 description [CORE] SW-1-2
 switchport
 switchport mode trunk
!
interface Port-channel17
 description [KU] SW-10-1
 switchport
 switchport mode trunk
!
interface Port-channel18
 description [KU] SW-6-1
 switchport
 switchport mode trunk
!
interface Port-channel19
 description [KU] SW-7-1
 switchport
 switchport mode trunk
!
interface Port-channel20
 description [KU] SW-9-2
 switchport
 switchport mode trunk
!
interface Tunnel11
 description VPN to ATLANTIS, First channel
 ip address 10.1.50.45 255.255.255.252
 no ip redirects
 ip directed-broadcast
 shutdown
 keepalive 5 5
 tunnel source 91.240.179.254
 tunnel destination 88.80.33.182
!
interface Tunnel22
 description [VPN] GLZ-TK-TKG
 ip address 10.1.50.85 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 91.240.179.254
 tunnel destination 95.215.208.240
!
interface Tunnel23
 description [VPN] GLZ-TK-TKG
 ip address 10.1.50.89 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 91.240.179.254
 tunnel destination 146.120.104.235
!
interface Tunnel24
 description [VPN] MZH-TK-TKM
 ip address 10.1.50.93 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 91.240.179.254
 tunnel destination 88.80.32.230
!
interface Tunnel25
 description [VPN] MZH-TK-TKM
 ip address 10.1.50.97 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip tcp adjust-mss 1360
 shutdown
 tunnel source 91.240.179.254
 tunnel destination 78.85.35.34
!
interface Tunnel31
 description KGR-KUMK-KUMK
 ip address 10.1.50.1 255.255.255.252
 ip access-group ACL_FROM_KUMK in
 no ip redirects
 ip mtu 1426
 shutdown
 keepalive 10 10
 tunnel source 91.240.179.254
 tunnel destination 94.138.150.1
 tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel32
 description KGR-PRM
 ip address 172.30.31.1 255.255.255.252
 no ip redirects
 shutdown
 keepalive 10 10
 tunnel source 91.240.179.254
 tunnel destination 178.47.128.98
 tunnel protection ipsec profile GRE_IPSEC
!
interface GigabitEthernet1/1
 description [KU] Po1 SW-1a-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 1 mode on
!
interface GigabitEthernet1/2
 description [KU] Po2 SW-1c-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 2 mode on
!
interface GigabitEthernet1/3
 description [KU] Po3 SW-2-3
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 3 mode on
!
interface GigabitEthernet1/4
 description [KU] Po4 SW-2-4
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 4 mode on
!
interface GigabitEthernet1/5
 description [KU] Po5 SW-2-2
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 5 mode on
!
interface GigabitEthernet1/6
 description [KU] Po20 SW-9-2
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 20 mode active
!
interface GigabitEthernet1/7
 description [KU] Po7 SW-3-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 7 mode on
!
interface GigabitEthernet1/8
 description [KU] Po8 SW-4-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 8 mode on
!
interface GigabitEthernet1/9
 description [KU] Po9 SW-4-2
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 9 mode on
!
interface GigabitEthernet1/10
 description [KU] Po10 SW-5-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 10 mode on
!
interface GigabitEthernet1/11
 description [KU] Po11 SW-8b-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 11 mode on
!
interface GigabitEthernet1/12
 description [KU] Po14 SW-9-1
 switchport
 switchport mode trunk
 logging event link-status
 channel-group 14 mode on
!
interface GigabitEthernet1/13
 description [KU] Po15 SW-2-1
 switchport
 switchport mode trunk
 logging event link-status
 channel-group 15 mode on
!
interface GigabitEthernet1/14
 description [KU] Po17 SW-10-1
 switchport
 switchport mode trunk
 logging event link-status
 channel-group 17 mode on
!
interface GigabitEthernet1/15
 description [KU] Po18 SW-6-1
 switchport
 switchport mode trunk
 logging event link-status
 channel-group 18 mode on
!
interface GigabitEthernet1/16
 description PC 13 LINK_TO_SW-2960-DC
 switchport
 switchport mode trunk
 logging event link-status
 channel-group 13 mode on
!
interface GigabitEthernet1/17
 description [KU] Po19 SW-7-1
 switchport
 switchport mode trunk
 logging event link-status
 channel-group 19 mode on
!
interface GigabitEthernet1/18
 description [CORE] SW-1-3
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 hold-queue 4096 in
 hold-queue 4096 out
!
interface GigabitEthernet1/19
 description [CORE] Po16 SW-1-2
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 16 mode on
!
interface GigabitEthernet1/20
 description [CORE] Po16 SW-1-2
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 16 mode on
!
interface GigabitEthernet1/21
 description [ISP-500M] L2VPN-to-CLOUD-RT
 switchport
 switchport mode access
 switchport access vlan 4039
 switchport block unicast
 logging event link-status
 logging event trunk-status
 no cdp enable
 no lldp transmit
 no lldp receive
 spanning-tree bpdufilter enable
 spanning-tree guard root
!
interface GigabitEthernet1/22
 description [KU] Po15 SW-2-1
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 15 mode on
!
interface GigabitEthernet1/23
 description FREE
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 599,4030-4035
 logging event link-status
 logging event trunk-status
 shutdown
!
interface GigabitEthernet1/24
 description [CORE] RT-1-2
 switchport
 switchport mode trunk
 logging event link-status
 logging event trunk-status
!
interface GigabitEthernet5/1
 description FREE
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 description admin_vlan
 switchport
 switchport mode access
 switchport access vlan 5
!
interface GigabitEthernet5/3
 no ip address
 shutdown
!
interface TenGigabitEthernet5/4
 description VSS_LINK_SWITCH2_member
 no ip address
 shutdown
!
interface TenGigabitEthernet5/5
 description VSS_LINK_SWITCH2_member
 no ip address
 shutdown
!
interface Vlan1
 description LAN
 ip address 192.168.252.254 255.255.255.0 secondary
 ip address 10.1.17.254 255.255.255.0 secondary
 ip address 192.168.1.254 255.255.252.0
 no ip redirects
 no ip unreachables
 ip policy route-map VLAN1-ROUTING
!
interface Vlan2
 description KG-LOCAL-USERS
 ip dhcp relay information trusted
 ip address 10.1.7.254 255.255.252.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 ip nat inside
 ip policy route-map R2-MTS_R1-BGP
!
interface Vlan3
 description KG_LAN-RESTRICTED
 ip dhcp relay information trusted
 ip address 10.1.18.254 255.255.255.0
 ip access-group VLAN3_OUT in
 ip access-group VLAN3_FIREWALL out
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
 ip policy route-map VLAN3-ROUTING
!
interface Vlan5
 description KG_LAN-ADMIN
 ip dhcp relay information trusted
 ip address 10.1.19.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map RM_TEST_INET
!
interface Vlan6
 description IMP_LOCAL
 ip dhcp relay information trusted
 ip address 10.1.26.254 255.255.255.0
 ip access-group IMP_LOCAL_IN in
 ip access-group IMP_LOCAL_OUT out
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map IMP-ROUTING
!
interface Vlan8
 ip dhcp relay information trusted
 ip address 10.1.46.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan9
 description Kaznach_restrict
 ip dhcp relay information trusted
 ip address 10.1.55.254 255.255.255.0
 ip access-group VLAN9_RESTRICTED in
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan11
 description EXTERNAL_POOL
 ip unnumbered Loopback11
 no ip unreachables
!
interface Vlan12
 description UNIFI_NETWORK
 ip dhcp relay information trusted
 ip address 10.1.12.62 255.255.255.192
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
!
interface Vlan20
 description DMZ-1
 ip address 10.1.12.94 255.255.255.224
 no ip unreachables
!
interface Vlan25
 ip address 10.1.25.254 255.255.255.0
 no ip unreachables
 shutdown
!
interface Vlan99
 description Users_KU9
 ip dhcp relay information trusted
 ip address 10.1.39.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 ip nat inside
 ip policy route-map RM_USERS_KU9
!
interface Vlan100
 description MGMT
 ip address 10.1.1.1 255.255.255.0
 ip access-group ACL_BLOCK_CISCO in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan149
 description -KG-MGMT-INT-10.1.254.0/24-
 ip address 10.1.254.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan150
 description KG_WIFI-USER
 ip dhcp relay information trusted
 ip address 10.1.13.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
 ip nat inside
 ip policy route-map R2-MTS-TV-WIFI
!
interface Vlan151
 description KG_KOMOS-CONF
 ip dhcp relay information trusted
 ip address 10.1.28.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
!
interface Vlan152
 description KG-ARUBA-USERS
 ip dhcp relay information trusted
 ip address 10.1.35.254 255.255.254.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
 ip policy route-map R2-MTS-TV-WIFI
!
interface Vlan154
 description Eltex WiFi
 ip dhcp relay information trusted
 ip address 10.1.154.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
!
interface Vlan200
 description KG_MGMT-SRV
 ip dhcp relay information trusted
 ip address 10.1.3.254 255.255.254.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan201
 description KG_LAN-SRV
 ip dhcp relay information trusted
 ip address 10.1.9.254 255.255.254.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map RM_TEST_INET
!
interface Vlan202
 description --DMZ--
 ip address 10.1.24.254 255.255.255.0
 ip access-group ACL-DMZ_LOCAL_IN in
 ip access-group ACL-DMZ_LOCAL_OUT out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan204
 description --Kaznacheystvo_KG--
 ip dhcp relay information trusted
 ip address 10.1.45.142 255.255.255.240
 ip access-group ACL_FIREWALL_KAZ-OUT out
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
 ip policy route-map RM_FOR_KAZNACH_KG
!
interface Vlan205
 description [SRV] UZB Servers
 ip address 10.1.45.158 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan249
 description --KG-SRV-BKP-10.1.249.0/26--
 ip address 10.1.249.62 255.255.255.192
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan251
 no ip address
 no ip unreachables
 shutdown
!
interface Vlan253
 description Exchange KOMOS-GROUP.RU
 ip address 10.1.44.254 255.255.255.0
 no ip unreachables
!
interface Vlan289
 description --OCOD_VLAN_1--
 ip address 192.168.8.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
!
interface Vlan296
 description -MLK-KCOD-SRV-All_10.1.123.0/24-
 ip address 10.1.123.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan297
 description -MLK-KCOD-SRV-Exchange_10.1.122.0/24-
 ip address 10.1.122.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan298
 description -MLK-KCOD-MGM-SRV_10.1.120.0/24-
 ip address 10.1.120.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan301
 description KG_MGMT-WIFI
 no ip address
 no ip unreachables
 shutdown
!
interface Vlan302
 description Aruba_test_WiFi_MGM
 ip address 10.1.32.254 255.255.255.0
 no ip unreachables
!
interface Vlan303
 description KG-GW-ARUBA-AP
 ip dhcp relay information trusted
 ip address 10.1.33.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
!
interface Vlan304
 description WIFI_ARUBA_MGM
 ip dhcp relay information trusted
 ip address 10.1.38.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip unreachables
!
interface Vlan307
 description SKUD
 ip address 10.1.45.126 255.255.255.128
 no ip redirects
 no ip unreachables
!
interface Vlan310
 description MGM_UPS
 ip address 10.1.37.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan349
 description -MLK-KCOD-MGM-NET_10.1.121.0/24-
 ip address 10.1.121.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan350
 description KG-VoIP_AREA
 ip dhcp relay information trusted
 ip address 10.1.27.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map IMP-ROUTING
!
interface Vlan351
 description KG_VOIP
 ip dhcp relay information trusted
 ip address 10.1.23.254 255.255.252.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map R2-MTS_R1-BGP
!
interface Vlan352
 description KG_VOIP_TEST
 ip dhcp relay information trusted
 ip address 10.1.36.254 255.255.255.0
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan400
 description -Video_UZB-
 vrf forwarding VRF-UZB
 ip address 192.168.248.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
!
interface Vlan500
 description KG_WIFI-GUEST exp 28.08.22
 ip dhcp relay information trusted
 ip address 10.1.14.253 255.255.255.254
 ip access-group ACL_WIFI_GUEST_DHCP in
 ip access-group ACL_WIFI_GUEST_DHCP out
 ip helper-address 10.1.8.229
 ip helper-address 10.1.8.228
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan551
 description --TRANSIT_HSRP--
 ip address 10.1.239.22 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan596
 description L2VPN_DOMRU_IZM-BGP-P11
 ip address 172.30.32.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bfd template p2p
!
interface Vlan598
 description --BGP_KG_COD_TRANSIT--
 ip address 172.30.30.46 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan599
 description L2VPN_MTS_IZM-BGP-P11
 ip address 172.30.30.2 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 bfd template p2p
!
interface Vlan1113
 description [PI] IZH-KG-P11-RT-1-3
 ip unnumbered Loopback11
 no ip redirects
 no ip unreachables
!
interface Vlan4035
 description VCentr_GW-Reserv_172.31.35.0/24-SHUT
 ip address 172.31.35.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4039
 description L2VPN-to-CLOUD-RT
 ip address 10.1.31.252 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan4041
 description --VLAN_P11_VS17--
 ip address 172.31.2.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1360
 ip policy route-map RM_NAT_MK
!
router bgp 64513
 bgp router-id 172.30.30.46
 bgp log-neighbor-changes
 bgp graceful-restart
 neighbor PG_BGP_IZM-P11 peer-group
 neighbor PG_BGP_IZM-P11 remote-as 64512
 neighbor PG_BGP_IZM-P11 description BGP over L2VPN
 neighbor PG_BGP_IZM-P11 fall-over bfd
 neighbor 10.1.1.5 remote-as 64513
 neighbor 10.1.1.5 description Virtual_Mikrotik
 neighbor 10.1.1.5 update-source Vlan100
 neighbor 10.1.1.109 remote-as 64513
 neighbor 10.1.1.109 description --CISCO_ASAv--
 neighbor 10.1.1.110 remote-as 64513
 neighbor 10.1.1.110 description --CISCO_ASA--
 neighbor 10.1.1.111 remote-as 64513
 neighbor 10.1.1.111 description FW-1-3
 neighbor 10.1.1.112 remote-as 64513
 neighbor 10.1.1.112 description description FW-1-4
 neighbor 172.30.30.1 peer-group PG_BGP_IZM-P11
 neighbor 172.30.30.41 remote-as 64513
 neighbor 172.30.30.42 remote-as 64513
 neighbor 172.30.30.44 remote-as 199014
 neighbor 172.30.30.44 description --BGP_WITH_3945-1--
 neighbor 172.30.30.45 remote-as 199014
 neighbor 172.30.30.45 description --BGP_WITH_3945-1--
 neighbor 172.30.32.1 peer-group PG_BGP_IZM-P11
 neighbor 172.31.2.2 remote-as 64520
 neighbor 172.31.2.2 description --MEAT_KOMPANY--
 !
 address-family ipv4
  network 10.0.0.0 mask 255.252.0.0
  network 10.0.24.0 mask 255.255.255.0
  network 10.0.26.0 mask 255.255.255.0
  network 10.1.0.0 mask 255.255.0.0
  network 10.1.4.0 mask 255.255.252.0
  network 10.1.12.64 mask 255.255.255.224
  network 10.1.13.0 mask 255.255.255.0
  network 10.1.14.0 mask 255.255.255.0
  network 10.1.16.0 mask 255.255.255.0
  network 10.1.17.0 mask 255.255.255.0
  network 10.1.18.0 mask 255.255.255.0
  network 10.1.19.0 mask 255.255.255.0
  network 10.1.20.0 mask 255.255.252.0
  network 10.1.26.0 mask 255.255.255.0
  network 10.1.27.0 mask 255.255.255.0
  network 10.1.34.0 mask 255.255.254.0
  network 10.1.39.0 mask 255.255.255.0
  network 10.1.122.0 mask 255.255.255.0
  network 10.1.254.0 mask 255.255.255.0
  network 10.1.255.255 mask 255.255.255.255
  network 172.31.2.0 mask 255.255.255.0
  network 172.31.35.0 mask 255.255.255.0
  network 192.168.0.0 mask 255.255.252.0
  network 192.168.252.0
  redistribute static route-map RM_REDIS_STATIC_PI
  neighbor PG_BGP_IZM-P11 next-hop-self
  neighbor PG_BGP_IZM-P11 soft-reconfiguration inbound
  neighbor PG_BGP_IZM-P11 route-map RM_BGP_IZM-P11_OUT out
  neighbor 10.1.1.5 activate
  neighbor 10.1.1.5 next-hop-self
  neighbor 10.1.1.5 route-map RM_LOCAL_OUT out
  neighbor 10.1.1.109 activate
  neighbor 10.1.1.109 next-hop-self
  neighbor 10.1.1.109 soft-reconfiguration inbound
  neighbor 10.1.1.110 activate
  neighbor 10.1.1.110 route-reflector-client
  neighbor 10.1.1.110 next-hop-self all
  neighbor 10.1.1.110 soft-reconfiguration inbound
  neighbor 10.1.1.111 activate
  neighbor 10.1.1.111 route-reflector-client
  neighbor 10.1.1.111 next-hop-self all
  neighbor 10.1.1.111 soft-reconfiguration inbound
  neighbor 10.1.1.112 activate
  neighbor 10.1.1.112 route-reflector-client
  neighbor 10.1.1.112 next-hop-self all
  neighbor 10.1.1.112 soft-reconfiguration inbound
  neighbor 172.30.30.1 activate
  neighbor 172.30.30.1 route-map RM_BGP_IZM-P11_MTS_IN in
  neighbor 172.30.30.41 activate
  neighbor 172.30.30.41 next-hop-self all
  neighbor 172.30.30.41 soft-reconfiguration inbound
  neighbor 172.30.30.42 activate
  neighbor 172.30.30.42 next-hop-self all
  neighbor 172.30.30.42 soft-reconfiguration inbound
  neighbor 172.30.30.44 activate
  neighbor 172.30.30.44 next-hop-self all
  neighbor 172.30.30.44 soft-reconfiguration inbound
  neighbor 172.30.30.44 route-map RM_KOMOS_PI_IN in
  neighbor 172.30.30.45 activate
  neighbor 172.30.30.45 next-hop-self all
  neighbor 172.30.30.45 soft-reconfiguration inbound
  neighbor 172.30.32.1 activate
  neighbor 172.30.32.1 route-map RM_BGP_IZM-P11_DOMRU_IN in
  neighbor 172.31.2.2 activate
  neighbor 172.31.2.2 next-hop-self all
  neighbor 172.31.2.2 soft-reconfiguration inbound
  neighbor 172.31.2.2 route-map RM_FROM_MK in
  maximum-paths 2
  distance bgp 150 150 150
 exit-address-family
!
no ip nat create flow-entries
ip nat inside source list ACL-NAT-VIDEO-UZB interface Vlan400 vrf VRF-UZB overload
ip forward-protocol nd
ip forward-protocol udp 1947
no ip http server
no ip http secure-server
!
ip as-path access-list 11 permit ^64512$
ip as-path access-list 11 permit ^64512_64539$
ip as-path access-list 11 permit ^64512_64523$
ip tftp source-interface Vlan100
ip route 0.0.0.0 0.0.0.0 10.1.239.18 100 name --DEFAULT_3945_1--
ip route 10.0.0.0 255.252.0.0 Null0 254
ip route 10.0.24.0 255.255.255.0 Tunnel22
ip route 10.0.25.0 255.255.255.0 Tunnel22
ip route 10.0.26.0 255.255.255.0 Tunnel22
ip route 10.0.32.0 255.255.255.0 Tunnel25
ip route 10.0.32.0 255.255.255.0 Tunnel24
ip route 10.0.33.0 255.255.255.0 Tunnel25
ip route 10.0.33.0 255.255.255.0 Tunnel24
ip route 10.1.0.0 255.255.0.0 Null0 254
ip route 10.14.56.0 255.255.255.0 Tunnel11
ip route 88.80.33.49 255.255.255.255 10.1.239.19 100 name --IP_SLA_11--
ip route 91.240.179.11 255.255.255.255 Vlan11 name DNS001
ip route 91.240.179.28 255.255.255.255 Vlan11 name vpn.komos.ru
ip route 91.240.179.29 255.255.255.255 Vlan11 name asa_uzb
ip route 91.240.179.32 255.255.255.255 Vlan11 name vipole.komos.ru
ip route 91.240.179.37 255.255.255.255 Vlan11 name Skype
ip route 91.240.179.38 255.255.255.255 Vlan11 name skype
ip route 91.240.179.39 255.255.255.255 Vlan11 name skype
ip route 91.240.179.62 255.255.255.255 Vlan11 name vpn2.komos.ru_VIP
ip route 91.240.179.63 255.255.255.255 Vlan11 name izh-p11-fw-1-3
ip route 91.240.179.64 255.255.255.255 Vlan11 name izh-p11-fw-1-4
ip route 91.240.179.71 255.255.255.255 Vlan11 name files.komos.ru
ip route 91.240.179.233 255.255.255.255 Vlan1113 name RT-1-3
ip route 192.5.5.241 255.255.255.255 10.1.239.19 100 name --IP_SLA_1--
ip route 192.168.32.0 255.255.255.0 Tunnel11
ip route 192.168.33.0 255.255.255.0 Tunnel11
ip route 192.168.34.128 255.255.255.224 Tunnel11
ip route 192.168.34.160 255.255.255.224 Tunnel11
ip route 192.168.55.0 255.255.255.0 Tunnel11
ip ssh authentication-retries 2
ip ssh source-interface Vlan100
!
ip access-list standard ACL_FOR_NAT_KAZNACH_KG
 permit 10.1.45.128 0.0.0.15
ip access-list standard ACL_FOR_NAT_MK
 permit 10.14.24.0 0.0.7.255
ip access-list standard ACL_FOR_TV_WIFI_2
 permit 10.1.13.203
!
ip access-list extended ACL-DMZ_LOCAL_IN
 permit icmp any any
 permit udp any addrgroup OBJ_LOCAL_DNS eq domain
 permit tcp any addrgroup OBJ_LOCAL_DNS eq domain
 permit ip host 10.1.24.3 any
 remark --INTRONET_FORWARDING--
 evaluate DMZ_LOCAL_REFLECTEDTRAFFIC 
 deny   ip any addrgroup OBJ_LOCAL_TRAFFIC
 permit ip any any
ip access-list extended ACL-DMZ_LOCAL_OUT
 permit icmp any any
 permit udp addrgroup OBJ_LOCAL_DNS eq domain any
 permit tcp addrgroup OBJ_LOCAL_DNS eq domain any
 permit ip any host 10.1.24.3
 permit tcp host 10.1.4.150 host 10.1.24.1 eq 3389 reflect DMZ_LOCAL_REFLECTEDTRAFFIC
 permit tcp host 10.4.0.13 host 10.1.24.1 eq 8530 reflect DMZ_LOCAL_REFLECTEDTRAFFIC
 permit tcp host 10.4.0.61 host 10.1.24.1 eq 443 reflect DMZ_LOCAL_REFLECTEDTRAFFIC
 permit tcp host 10.4.0.194 host 10.1.24.1 eq 443 reflect DMZ_LOCAL_REFLECTEDTRAFFIC
 remark --DENY ALL LOCALAL TRAFIC--
 deny   ip any addrgroup OBJ_LOCAL_TRAFFIC
 permit ip any any reflect DMZ_LOCAL_REFLECTEDTRAFFIC
ip access-list extended ACL-NAT-VIDEO-UZB
 permit ip host 10.1.13.71 192.168.248.0 0.0.0.255
 permit ip host 10.1.13.194 192.168.248.0 0.0.0.255
 remark Suvorov A.
 permit ip host 10.1.5.247 192.168.248.0 0.0.0.255
 remark Luchnikov S.
 permit ip host 10.1.7.150 192.168.248.0 0.0.0.255
 remark Ohrana_KU9
 permit ip host 10.1.39.1 192.168.248.0 0.0.0.255
ip access-list extended ACL_BLOCK_CISCO
 deny   udp host 10.1.1.108 eq domain any
 deny   tcp host 10.1.1.108 eq domain any
 permit ip any any
ip access-list extended ACL_DC_VREM
 permit ip host 192.168.1.21 any
 permit ip host 192.168.1.100 any
ip access-list extended ACL_DMZ
 deny   ip any addrgroup OBJ_LOCAL_TRAFFIC
 permit ip any any
ip access-list extended ACL_FIREWALL_KAZ-OUT
 permit ip host 10.1.4.103 10.1.45.128 0.0.0.15
 permit ip host 10.1.4.105 10.1.45.128 0.0.0.15
 permit ip host 10.1.5.246 10.1.45.128 0.0.0.15
 permit ip host 10.1.5.252 10.1.45.128 0.0.0.15
 permit udp host 10.4.0.1 eq domain 10.1.45.128 0.0.0.15
 permit udp host 10.4.0.2 eq domain 10.1.45.128 0.0.0.15
 permit udp host 10.1.8.228 10.1.45.128 0.0.0.15
 permit udp host 10.1.8.229 10.1.45.128 0.0.0.15
 deny   ip 10.0.0.0 0.255.255.255 10.1.45.128 0.0.0.15
 deny   ip 192.168.0.0 0.0.255.255 10.1.45.128 0.0.0.15
 deny   ip 172.16.0.0 0.15.255.255 10.1.45.128 0.0.0.15
 permit ip any any
ip access-list extended ACL_FOR_INTRONET_KAZNACH_KG
 permit ip 10.1.45.128 0.0.0.15 host 10.1.4.103
 permit ip 10.1.45.128 0.0.0.15 host 10.1.4.105
 permit ip 10.1.45.128 0.0.0.15 host 10.1.5.246
 permit ip 10.1.45.128 0.0.0.15 host 10.1.5.252
 permit udp 10.1.45.128 0.0.0.15 host 10.4.0.1 eq domain
 permit udp 10.1.45.128 0.0.0.15 host 10.4.0.2 eq domain
 permit udp 10.1.45.128 0.0.0.15 host 10.1.8.228
 permit udp 10.1.45.128 0.0.0.15 host 10.1.8.229
 deny   ip 10.1.45.128 0.0.0.15 10.0.0.0 0.255.255.255
 deny   ip 10.1.45.128 0.0.0.15 192.168.0.0 0.0.255.255
 deny   ip 10.1.45.128 0.0.0.15 172.16.0.0 0.15.255.255
ip access-list extended ACL_FOR_TV_WIFI
 permit ip host 10.1.13.203 192.168.0.0 0.0.255.255
 permit ip host 10.1.13.203 10.0.0.0 0.255.255.255
 permit ip host 10.1.13.203 172.16.0.0 0.15.255.255
 permit ip host 10.1.13.203 91.240.179.0 0.0.0.255
ip access-list extended ACL_FROM_KUMK
 permit ip any 10.12.0.0 0.0.255.255
 permit ip host 10.1.50.2 host 10.1.50.1
 permit icmp 10.12.1.0 0.0.0.255 any
 permit icmp 10.12.0.0 0.0.0.255 any
 permit ip 10.12.1.0 0.0.0.255 10.1.9.0 0.0.0.255
 permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207
 permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137
 permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43
 permit ip 10.12.0.0 0.0.0.255 host 10.4.0.214
 permit ip 10.12.0.0 0.0.0.255 10.4.0.0 0.0.0.255
 permit ip host 10.12.0.254 any
ip access-list extended ACL_RM_RT_CLOUD
 permit ip host 192.168.1.253 any
 permit ip 192.168.252.0 0.0.0.255 host 46.61.230.201
 permit ip 10.1.17.0 0.0.0.255 host 46.61.230.201
 permit ip 192.168.0.0 0.0.3.255 host 46.61.230.201
 permit ip 192.168.0.0 0.0.3.255 host 195.19.100.69
 permit ip 10.1.17.0 0.0.0.255 host 195.19.100.69
 permit ip 192.168.252.0 0.0.0.255 host 195.19.100.69
ip access-list extended ACL_WIFI_GUEST_DHCP
 permit udp any any eq bootps bootpc
 deny   ip any any
ip access-list extended IMP_LOCAL_IN
 permit icmp any any
 permit ip 10.1.26.0 0.0.0.255 host 192.168.8.96
 permit ip 10.1.26.0 0.0.0.255 host 10.1.26.255
 permit udp 10.1.26.0 0.0.0.255 host 192.168.2.3 eq 1434
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.3 eq 1433
 permit udp 10.1.26.0 0.0.0.255 host 192.168.2.4 eq 13000 echo bootps tftp 15000 15001
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.4 eq 445 13000 13111 14000 17000 14001
 deny   tcp 10.1.26.0 0.0.0.255 host 192.168.2.3 eq 3389
 permit ip 10.1.26.0 0.0.0.255 host 192.168.2.4
 permit udp 10.1.26.0 0.0.0.255 host 192.168.1.21 eq domain 88 ntp 135 netbios-ns netbios-dgm 389 445 464
 permit udp 10.1.26.0 0.0.0.255 host 192.168.1.100 eq domain 88 ntp 135 netbios-ns netbios-dgm 389 445 464
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.1.21 eq domain 88 135 139 389 445 464 3268 3269
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.1.100 eq domain 88 135 139 389 445 464 3268 3269
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.3.62 eq 32300 32310
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.1.57 eq 32320
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.58 eq 32310 445
 permit ip 10.1.26.0 0.0.0.255 host 192.168.2.128
 permit ip 10.1.26.0 0.0.0.255 host 10.1.122.17
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.1.21
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.1.100
 permit tcp 10.1.26.0 0.0.0.255 10.4.7.0 0.0.0.63 eq 443 www 143 993 pop3 995 587 smtp
 permit tcp 10.1.26.0 0.0.0.255 10.1.123.0 0.0.0.255 eq 443 www 143 993 pop3 995 587 smtp
 permit tcp 10.1.26.0 0.0.0.255 host 5.227.126.169 eq 443 www 143 993 pop3 995 587 smtp
 permit tcp 10.1.26.0 0.0.0.255 host 91.240.179.26 eq smtp 443 www
 permit tcp 10.1.26.0 0.0.0.255 host 91.240.179.27 eq smtp 443 www
 permit tcp 10.1.26.0 0.0.0.255 host 91.240.179.66 eq smtp 443 www
 permit tcp 10.1.26.0 0.0.0.255 host 91.240.179.70 eq smtp 443 www
 permit tcp 10.1.26.0 0.0.0.255 host 10.4.0.184 eq 443 www
 permit tcp 10.1.26.0 0.0.0.255 host 10.4.0.120 eq 443 www
 permit tcp 10.1.26.0 0.0.0.255 any eq 17000
 permit tcp 10.1.26.0 0.0.0.255 any eq 13000
 permit udp 10.1.26.0 0.0.0.255 host 192.168.1.100 eq domain
 permit udp 10.1.26.0 0.0.0.255 host 10.1.8.229
 permit tcp 10.1.26.0 0.0.0.255 host 10.1.8.15
 permit tcp 10.1.26.0 0.0.0.255 host 10.4.0.203
 permit tcp 10.1.26.0 0.0.0.255 host 10.0.1.230
 permit tcp 10.1.26.0 0.0.0.255 host 10.0.16.1
 permit tcp 10.1.26.0 0.0.0.255 host 10.0.4.231
 permit tcp 10.1.26.0 0.0.0.255 host 10.4.0.204
 permit tcp 10.1.26.0 0.0.0.255 host 10.0.16.2
 permit udp 10.1.27.0 0.0.0.255 host 10.1.8.229
 permit udp 10.1.27.0 0.0.0.255 host 10.4.7.17
 permit tcp 10.1.26.0 0.0.0.255 10.1.15.0 0.0.0.255
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.32
 permit tcp 10.1.26.0 0.0.0.255 host 10.1.12.66 eq 443 www
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.100 eq www 443 9554 9654
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.55 eq www 443 9554 9654
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.116 eq www 443 9554 9654
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.3.96 eq 6666
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.3.143 eq 3389
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.106
 permit tcp 10.1.26.0 0.0.0.255 host 192.168.2.91 eq 3389
 permit tcp host 10.1.26.250 host 10.1.7.245
 permit tcp 10.1.26.0 0.0.0.255 host 10.1.9.201
 permit ip 10.1.26.0 0.0.0.255 10.1.27.0 0.0.0.255
 permit ip 10.1.26.0 0.0.0.255 host 10.4.0.17
 permit ip 10.1.26.0 0.0.0.255 host 10.4.0.16
 permit ip 10.1.26.0 0.0.0.255 host 10.4.0.196
 permit ip 10.1.26.0 0.0.0.255 host 10.4.0.45
 evaluate IMP_LOCAL_REFLECTEDTRAFFIC 
 permit tcp host 10.1.26.250 any
 permit tcp host 10.1.26.252 any
 permit tcp host 10.1.26.253 any
 deny   ip 10.1.26.0 0.0.0.255 192.168.0.0 0.0.255.255
 deny   ip 10.1.26.0 0.0.0.255 172.16.0.0 0.0.255.255
 deny   ip 10.1.26.0 0.0.0.255 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended IMP_LOCAL_OUT
 permit icmp any any
 permit ip host 192.168.8.96 10.1.26.0 0.0.0.255
 permit tcp any host 10.1.26.250 eq 3389
 permit tcp any host 10.1.26.251 eq 3389
 permit tcp any host 10.1.26.252 eq 3389
 permit tcp any host 10.1.26.253 eq 3389
 permit tcp host 10.1.7.245 host 10.1.26.250
 permit udp host 192.168.1.21 10.1.26.0 0.0.0.255 eq domain
 permit tcp 10.1.123.0 0.0.0.255 10.1.26.0 0.0.0.255
 permit tcp 10.1.15.0 0.0.0.255 10.1.26.0 0.0.0.255 eq 3389
 permit tcp 10.1.15.0 0.0.0.255 host 10.1.26.250
 permit tcp 10.4.7.0 0.0.0.63 10.1.26.0 0.0.0.255
 permit tcp host 5.227.126.169 10.1.26.0 0.0.0.255
 permit tcp host 91.240.179.26 10.1.26.0 0.0.0.255
 permit tcp host 91.240.179.27 10.1.26.0 0.0.0.255
 permit tcp host 91.240.179.66 10.1.26.0 0.0.0.255
 permit tcp host 91.240.179.70 10.1.26.0 0.0.0.255
 permit tcp host 192.168.2.91 10.1.26.0 0.0.0.255
 permit udp host 192.168.1.100 10.1.26.0 0.0.0.255 eq domain
 permit tcp host 192.168.2.106 10.1.26.0 0.0.0.255
 permit udp host 10.1.8.229 10.1.26.0 0.0.0.255
 permit tcp host 10.1.8.15 10.1.26.0 0.0.0.255
 permit tcp host 10.4.0.203 10.1.26.0 0.0.0.255
 permit tcp host 10.0.1.230 10.1.26.0 0.0.0.255
 permit tcp host 10.0.16.1 10.1.26.0 0.0.0.255
 permit tcp host 10.0.4.231 10.1.26.0 0.0.0.255
 permit tcp host 10.4.0.204 10.1.26.0 0.0.0.255
 permit tcp host 10.4.0.120 10.1.26.0 0.0.0.255
 permit tcp host 10.0.16.2 10.1.26.0 0.0.0.255
 permit udp host 10.1.8.229 10.1.27.0 0.0.0.255
 permit udp host 10.4.7.17 10.1.27.0 0.0.0.255
 permit tcp host 10.4.0.184 10.1.26.0 0.0.0.255
 permit tcp host 192.168.2.32 10.1.26.0 0.0.0.255
 permit ip any any reflect IMP_LOCAL_REFLECTEDTRAFFIC
 permit ip 10.1.27.0 0.0.0.255 10.1.26.0 0.0.0.255
 permit ip 91.240.179.0 0.0.0.255 10.1.26.0 0.0.0.255
 deny   ip 192.168.0.0 0.0.255.255 10.1.26.0 0.0.0.255
 deny   ip 172.16.0.0 0.0.255.255 10.1.26.0 0.0.0.255
 deny   ip 10.0.0.0 0.255.255.255 10.1.26.0 0.0.0.255
 permit ip any any
ip access-list extended LOCAL_TRAFFIC
 permit ip any 192.168.0.0 0.0.255.255
 permit ip any 10.0.0.0 0.255.255.255
 permit ip any 172.16.0.0 0.15.255.255
 permit ip any 91.240.179.0 0.0.0.255
ip access-list extended RDP
 permit tcp any eq 3389 any
 permit tcp any any eq 3389
ip access-list extended ROUTE_VIA_AS
 deny   ip host 192.168.2.202 any
 deny   ip host 192.168.2.131 any
 deny   ip host 192.168.2.61 any
 deny   ip host 192.168.2.11 any
 deny   ip host 192.168.2.102 any
 deny   ip host 192.168.2.100 any
 deny   ip host 192.168.2.97 any
 deny   ip host 192.168.2.96 any
 deny   ip host 192.168.2.101 any
 deny   ip host 192.168.2.72 any
 deny   ip host 192.168.2.71 any
 deny   ip host 192.168.3.64 any
 deny   ip host 192.168.2.68 any
 deny   ip host 192.168.2.45 any
 deny   ip host 192.168.2.90 any
 deny   ip host 192.168.1.81 any
 deny   ip host 192.168.2.126 any
 deny   ip host 192.168.2.80 any
 deny   ip host 192.168.2.47 any
 deny   ip host 192.168.2.34 any
 deny   ip host 192.168.2.35 any
 deny   ip host 192.168.2.38 any
 deny   ip host 192.168.2.88 any
 deny   ip host 192.168.2.56 any
 deny   ip host 192.168.2.48 any
 deny   ip host 192.168.2.54 any
 deny   ip host 192.168.2.55 any
 deny   ip host 192.168.2.52 any
 deny   ip host 192.168.2.53 any
 deny   ip host 192.168.2.9 any
 deny   ip host 192.168.2.15 any
 deny   ip host 192.168.2.13 any
 deny   ip host 192.168.2.27 any
 deny   ip host 192.168.2.25 any
 deny   ip host 192.168.2.31 any
 deny   ip host 192.168.2.19 any
 deny   ip host 192.168.2.21 any
 deny   ip host 192.168.2.209 any
 deny   ip host 192.168.2.185 any
 deny   ip host 192.168.3.143 any
 deny   ip host 192.168.2.91 any
 deny   ip host 192.168.2.183 any
 deny   ip host 192.168.2.94 any
 deny   ip host 192.168.2.33 any
 deny   ip host 192.168.2.39 any
 deny   ip host 192.168.2.218 any
 deny   ip host 192.168.2.46 any
 deny   ip host 192.168.3.232 any
 deny   ip host 192.168.2.116 any
 deny   ip host 192.168.2.108 any
 deny   ip host 192.168.2.191 any
 deny   ip host 192.168.2.192 any
 deny   ip host 192.168.2.193 any
 deny   ip host 192.168.2.194 any
 deny   ip host 192.168.2.225 any
 deny   ip host 192.168.2.226 any
 deny   ip host 192.168.2.227 any
 deny   ip host 192.168.2.124 any
 deny   ip host 192.168.2.144 any
 deny   ip host 192.168.2.195 any
 deny   ip host 192.168.2.221 any
 deny   ip host 192.168.2.103 any
 deny   ip host 192.168.2.3 any
 deny   ip host 192.168.2.201 any
 permit ip any any
ip access-list extended TEST_INET
 permit ip host 10.1.8.63 any
 permit ip host 10.1.19.121 any
ip access-list extended VLAN3_FIREWALL
 permit udp any eq domain any
 permit udp host 10.1.8.229 10.1.18.0 0.0.0.255
 permit tcp 10.1.15.0 0.0.0.255 host 10.1.18.1 eq 3389
 permit tcp 10.1.15.0 0.0.0.255 host 10.1.18.3 eq 3389
 permit tcp host 10.1.19.250 10.1.18.0 0.0.0.255 eq 3389
 evaluate VLAN3_REFLECTEDTRAFFIC 
ip access-list extended VLAN3_OUT
 permit udp any any eq domain
 permit udp 10.1.18.0 0.0.0.255 host 10.1.8.229
 permit tcp host 10.1.18.1 10.1.15.0 0.0.0.255
 permit tcp host 10.1.18.3 10.1.15.0 0.0.0.255
 permit ip any any reflect VLAN3_REFLECTEDTRAFFIC
 permit tcp 10.1.18.0 0.0.0.255 host 10.1.19.250
ip access-list extended VLAN9_RESTRICTED
 permit ip any host 10.1.8.229
 permit ip any host 10.1.8.228
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 172.16.0.0 0.0.255.255
 permit ip any any
ip access-list extended WEB_LOCAL
 permit tcp 0.0.0.0 255.0.0.0 any eq www
 permit tcp 0.0.0.0 255.0.0.0 any eq 443
 permit tcp 0.0.0.0 255.255.0.0 any eq 443
 permit tcp 0.0.0.0 255.255.0.0 any eq www
 permit tcp any 0.0.0.0 255.0.0.0 eq 443
 permit tcp any 0.0.0.0 255.0.0.0 eq www
 permit tcp any 0.0.0.0 255.255.0.0 eq www
 permit tcp any 0.0.0.0 255.255.0.0 eq 443
ip access-list extended acl-copp-match-igmp
 permit igmp any any
ip access-list extended acl-copp-match-pim-data
 deny   pim any host 224.0.0.13
 permit pim any any
!
!
ip prefix-list PL_BGP_IZM-P11 seq 5 permit 10.0.0.0/8 le 32
ip prefix-list PL_BGP_IZM-P11 seq 10 permit 192.168.0.0/16 le 32
ip prefix-list PL_BGP_IZM-P11 seq 15 permit 172.16.0.0/12 le 32
!
ip prefix-list PL_FROM_CLOUD_RT seq 5 permit 10.1.30.0/24
!
ip prefix-list PL_FROM_KUMK seq 5 permit 10.12.0.0/16 le 24
ip prefix-list PL_FROM_KUMK seq 10 permit 10.12.252.0/22
!
ip prefix-list PL_KOMOS_PI seq 5 permit 91.240.179.0/24 ge 32
!
ip prefix-list PL_LOCAL_OUT seq 5 permit 10.0.0.0/8 le 32
ip prefix-list PL_LOCAL_OUT seq 10 permit 192.168.0.0/16 le 32
ip prefix-list PL_LOCAL_OUT seq 15 permit 172.16.0.0/12 le 32
!
ip prefix-list PL_REDIS_STATIC_PI seq 5 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_UZB_USERS seq 5 permit 10.1.13.0/24
ip prefix-list PL_UZB_USERS seq 10 permit 10.1.4.0/22
ip prefix-list PL_UZB_USERS seq 20 permit 10.1.39.0/24
!
ip prefix-list PL_VRS_OLD_IN seq 5 permit 192.168.72.0/24
ip sla 1
 icmp-echo 192.5.5.241 source-ip 10.1.239.22
 threshold 400
 timeout 2000
 frequency 3
ip sla schedule 1 life forever start-time now
ip sla 11
 icmp-echo 88.80.33.49 source-ip 10.1.239.22
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 11 life forever start-time now
ip sla 12
 icmp-echo 10.1.239.18 source-ip 10.1.239.22
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 12 life forever start-time now
ip sla 13
 icmp-echo 84.201.247.254 source-interface Vlan11
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 13 life forever start-time now
ip sla 104
 icmp-echo 87.249.239.226 source-interface Vlan11
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 104 life forever start-time now
ip sla 105
 icmp-echo 5.227.124.82 source-interface Vlan11
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 105 life forever start-time now
ip sla 107
 icmp-echo 84.201.247.32 source-interface Vlan11
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 107 life forever start-time now
ip sla 109
 icmp-echo 95.215.208.240 source-interface Vlan11
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 109 life forever start-time now
ip sla 110
 icmp-echo 88.80.32.230 source-interface Vlan11
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 110 life forever start-time now
ip sla 112
 icmp-echo 10.1.50.94 source-interface Tunnel24
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 112 life forever start-time now
ip sla 9000
 dhcp 10.1.8.228 source-ip 10.1.19.254
 threshold 3000
 timeout 4000
ip sla schedule 9000 life forever start-time now
ip sla 9001
 dhcp 10.1.8.229 source-ip 10.1.19.254
 threshold 3000
 timeout 4000
ip sla schedule 9001 life forever start-time now
kron occurrence EveryDay at 1:00 recurring
 policy-list SaveBackup
!
kron policy-list SaveBackup
 cli write memory
!
logging origin-id hostname
logging facility local6
logging source-interface Vlan100
logging host 192.168.2.25
logging host 10.4.244.4 transport udp port 515
access-list 23 permit any
access-list 23 deny   any log
!
route-map RM_REDIS_STATIC_PI permit 10
 description Redistribute static PI address for unnumbered lo11
 match ip address prefix-list PL_REDIS_STATIC_PI
!
route-map RM_KOMOS_PI_IN permit 10
 match ip address prefix-list PL_KOMOS_PI
 set local-preference 1000
!
route-map RM_KOMOS_PI_IN permit 20
!
route-map RM_FROM_MK permit 10
 set local-preference 1500
!
route-map RM_FROM_KUMK permit 10
 match ip address prefix-list PL_FROM_KUMK
!
route-map RM_DMZ deny 10
 match ip address LOCAL_TRAFFIC
!
route-map RM_DMZ permit 20
!
route-map R2-MTS-TV-WIFI permit 10
 match ip address ACL_FOR_TV_WIFI
!
route-map R2-MTS-TV-WIFI permit 15
 match ip address ACL-NAT-VIDEO-UZB
 set vrf VRF-UZB
!
route-map R2-MTS-TV-WIFI permit 20
 match ip address ACL_FOR_TV_WIFI_2
 set ip next-hop verify-availability 10.1.239.19 10 track 111
 set ip next-hop 10.1.239.18
!
route-map R2-MTS-TV-WIFI permit 30
!
route-map RM_LOCAL_OUT permit 10
 match ip address prefix-list PL_LOCAL_OUT
!
route-map RM_TEST_INET permit 5
 match ip address LOCAL_TRAFFIC
!
route-map RM_TEST_INET permit 10
 description TEST_INET'
 match ip address TEST_INET
!
route-map RM_TEST_INET permit 20
!
route-map RM_BGP_IZM-P11_MTS_IN permit 10
 match as-path 11
 set local-preference 1500
!
route-map RM_BGP_IZM-P11_MTS_IN permit 20
!
route-map IMP-ROUTING permit 10
 match ip address LOCAL_TRAFFIC
!
route-map IMP-ROUTING permit 20
 set ip next-hop verify-availability 10.1.239.19 10 track 13
 set ip next-hop verify-availability 10.1.239.19 20 track 11
 set ip next-hop 10.1.239.18
!
route-map RM_BGP_IZM-P11_DOMRU_IN permit 10
 match as-path 11
 set local-preference 1500
!
route-map RM_BGP_IZM-P11_DOMRU_IN permit 20
!
route-map RM_FROM_OCOD_ER-TELECOM permit 10
 match ip address prefix-list PL_VRS_OLD_IN
 set local-preference 200
!
route-map RM_FROM_OCOD_ER-TELECOM permit 30
!
route-map RM_TO_OCOD_ER-TELECOM permit 30
!
route-map RM_NAT_MK deny 10
 description --BACKUP_INTERNET_FOR_MK--
 match ip address LOCAL_TRAFFIC
!
route-map RM_NAT_MK permit 20
 description --BACKUP_INTERNET_FOR_MK--
 match ip address ACL_FOR_NAT_MK
 set ip next-hop 10.1.239.18
!
route-map R2-MTS_R1-BGP permit 5
 match ip address ACL-NAT-VIDEO-UZB
 set vrf VRF-UZB
!
route-map R2-MTS_R1-BGP permit 10
 match ip address LOCAL_TRAFFIC
!
route-map R2-MTS_R1-BGP permit 20
 set ip next-hop verify-availability 10.1.239.19 10 track 111
 set ip next-hop 10.1.239.18
!
route-map RM_FOR_KAZNACH_KG permit 10
 match ip address ACL_FOR_INTRONET_KAZNACH_KG
!
route-map RM_FOR_KAZNACH_KG permit 30
 match ip address ACL_FOR_NAT_KAZNACH_KG
 set ip next-hop 10.1.239.19
!
route-map RM_UZB_IMPORT permit 10
 match ip address prefix-list PL_UZB_USERS
!
route-map VLAN1-ROUTING permit 5
 match ip address LOCAL_TRAFFIC
!
route-map VLAN1-ROUTING permit 6
 description Vremenno DC
 match ip address ACL_DC_VREM
 set ip next-hop 10.1.239.18
!
route-map VLAN1-ROUTING permit 8
 match ip address ACL_RM_RT_CLOUD
 set ip next-hop 172.30.30.42
!
route-map VLAN1-ROUTING permit 9
 match ip address ROUTE_VIA_AS
 set ip next-hop verify-availability 10.1.239.19 10 track 111
 set ip next-hop 10.1.239.18
!
route-map VLAN1-ROUTING permit 20
 set ip next-hop 10.1.239.18
!
route-map VLAN3-ROUTING permit 10
 match ip address LOCAL_TRAFFIC
!
route-map VLAN3-ROUTING permit 15
 set ip next-hop verify-availability 10.1.239.19 10 track 111
 set ip next-hop 10.1.239.18
!
route-map RM_BGP_IZM-P11_OUT permit 10
 match ip address prefix-list PL_BGP_IZM-P11
!
route-map RM_USERS_KU9 permit 10
 match ip address ACL-NAT-VIDEO-UZB
 set vrf VRF-UZB
!
route-map RM_USERS_KU9 permit 20
!
route-map VLAN-500-ROUTING permit 5
 match ip address LOCAL_TRAFFIC
!
route-map VLAN-500-ROUTING permit 10
 set ip next-hop 10.1.239.19
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv 
snmp-server host 10.1.1.253 public 
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 07073847682838253F1552345D2C382B23043D77025F01061B151F66520D022A110C555C7F784A59660E4955357D00251115304821110B03727C2C2A235317215C
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key 7 060E162A6A6F28392D104B33550239242F1F3B60334B101319421067590A58270A021A5D707C4B5E6751190834220F7606003217711C022D1F7E6B3A3F4112385B
!
!
!
ipv6 access-list acl-copp-match-mld
 permit icmp any any mld-report
 permit icmp any any mld-query
 permit icmp any any mld-reduction
 permit icmp any any 143
!
ipv6 access-list acl-copp-match-ndv6
 permit icmp any any nd-na
 permit icmp any any nd-ns
 permit icmp any any router-advertisement
 permit icmp any any router-solicitation
 permit icmp any any redirect
!
ipv6 access-list acl-copp-match-ndv6hl
 permit icmp any any nd-na hoplimit
 permit icmp any any nd-ns hoplimit
 permit icmp any any router-advertisement hoplimit
 permit icmp any any router-solicitation hoplimit
 permit icmp any any redirect hoplimit
!
ipv6 access-list acl-copp-match-pimv6-data
 deny 103 any host FF02::D
 permit 103 any any
!
control-plane
 service-policy input policy-default-autocopp
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
banner login ^C

*****************************************************************************
*                                                                           *
*                            OOO "KOMOS GROUP"                              *
*                              Pesochnaya 11                                *
*                                1st FLOOR                                  *
*                                DATACENTR                                  *
*                                   VSS                                     *
*                    UNAUTHORIZED ACCESS IS PROHIBITED                      *
*                                                                           *
*                     You have accessed network equipment.                  *
*  You must have authorized permission to access or configure this device.  *
*     All activities performed on this device are logged and monitored.     *
*                                                                           *
*****************************************************************************^C
alias exec sib sh ip int brief
!
line con 0
 logging synchronous
 login authentication CONSOLE
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 length 0
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
!
!
monitor session 1 type rspan-destination
!
!
scheduler allocate 3000 1000
ntp source Vlan100
ntp server 10.1.8.1 prefer source Vlan100
ntp server 10.1.1.2
!
diagnostic bootup level minimal
no event manager policy Mandatory.go_switchbus.tcl type system
event manager applet Mozhga-VPN-ISP1-DOWN
 event track 222 state down
 action 0.9 cli command "enable"
 action 1.1 cli command "conf t"
 action 1.2 cli command "no ip route 10.0.32.0 255.255.255.0 Tunnel24"
 action 1.3 cli command "no ip route 10.0.33.0 255.255.255.0 Tunnel24"
 action 1.4 cli command "ip route 10.0.32.0 255.255.255.0 Tunnel25"
 action 1.5 cli command "ip route 10.0.33.0 255.255.255.0 Tunnel25"
event manager applet Mozhga-VPN-ISP1-UP
 event track 222 state up
 action 0.9 cli command "enable"
 action 1.1 cli command "conf t"
 action 1.2 cli command "no ip route 10.0.32.0 255.255.255.0 Tunnel25"
 action 1.3 cli command "no ip route 10.0.33.0 255.255.255.0 Tunnel25"
 action 1.4 cli command "ip route 10.0.32.0 255.255.255.0 Tunnel24"
 action 1.5 cli command "ip route 10.0.33.0 255.255.255.0 Tunnel24"
event manager applet Glazov-VPN-ISP1-DOWN
 event track 109 state down
 action 0.9 cli command "enable"
 action 1.1 cli command "conf t"
 action 1.2 cli command "no ip route 10.0.24.0 255.255.255.0 Tunnel22"
 action 1.3 cli command "no ip route 10.0.25.0 255.255.255.0 Tunnel22"
 action 1.4 cli command "no ip route 10.0.26.0 255.255.255.0 Tunnel22"
 action 1.5 cli command "ip route 10.0.24.0 255.255.255.0 Tunnel23"
 action 1.6 cli command "ip route 10.0.25.0 255.255.255.0 Tunnel23"
 action 1.7 cli command "ip route 10.0.26.0 255.255.255.0 Tunnel23"
event manager applet Glazov-VPN-ISP1-UP
 event track 109 state up
 action 0.9 cli command "enable"
 action 1.1 cli command "conf t"
 action 1.2 cli command "no ip route 10.0.24.0 255.255.255.0 Tunnel23"
 action 1.3 cli command "no ip route 10.0.25.0 255.255.255.0 Tunnel23"
 action 1.4 cli command "no ip route 10.0.26.0 255.255.255.0 Tunnel23"
 action 1.5 cli command "ip route 10.0.24.0 255.255.255.0 Tunnel22"
 action 1.6 cli command "ip route 10.0.25.0 255.255.255.0 Tunnel22"
 action 1.7 cli command "ip route 10.0.26.0 255.255.255.0 Tunnel22"
!
end