Building configuration...

Current configuration : 34685 bytes
!
! Last configuration change at 13:13:24 MSK Wed Jul 20 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 13:13:26 MSK Wed Jul 20 2022 by akhmetzyanovrr_adm
!
version 16.3
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no platform punt-keepalive disable-kernel-core
!
hostname IZH-MLK-IZM-SW-1-4
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging userinfo
logging buffered 128000
enable secret 5 $1$8Ye.$2052cyes0PP1QlT7T0Qcu0
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone MSK 4 0
switch 1 provision ws-c3850-48t
switch 2 provision ws-c3850-48t
!
!
!
!
no ip source-route
no ip gratuitous-arps
!
!
!
ip host tftp 10.4.0.214
ip name-server 192.168.8.200 192.168.8.201
no ip domain lookup
ip domain name milkom-komos.ru
!
!
!
login on-failure log
login on-success log
!
!
!
!
!
qos queue-softmax-multiplier 1200
!
!
vtp mode off
!
flow record NETFLOW_IN
 match flow direction
 match interface input
 match ipv4 destination address
 match ipv4 protocol
 match ipv4 source address
 match ipv4 tos
 match transport destination-port
 match transport source-port
 collect counter bytes long
 collect counter packets long
 collect interface output
!
!
flow record NETFLOW_OUT
 match flow direction
 match interface output
 match ipv4 destination address
 match ipv4 protocol
 match ipv4 source address
 match ipv4 tos
 match transport destination-port
 match transport source-port
 collect interface input
 collect counter bytes long
 collect counter packets long
!
!
flow record FLOW-RECORD-INPUT
 description IPv4 NetFlow IN
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match ipv4 protocol
 match interface input
 match ipv4 tos
 match flow direction
 collect interface output
 collect counter bytes long
 collect counter packets long
 collect transport tcp flags
!
!
flow record FLOW-RECORD-OUTPUT
 description IPv4 NetFlow OUT
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match ipv4 protocol
 match interface output
 match ipv4 tos
 match flow direction
 collect interface input
 collect counter bytes long
 collect counter packets long
 collect transport tcp flags
!
!
flow monitor NETFLOW_MONITOR_IN
 cache timeout inactive 10
 cache timeout active 60
 record NETFLOW_IN
!
!
flow monitor NETFLOW_MONITOR_OUT
 cache timeout inactive 10
 cache timeout active 60
 record NETFLOW_OUT
!
!
flow monitor FLOW-MONITOR-INPUT
 description ingress
 cache timeout inactive 10
 cache timeout active 60
 record FLOW-RECORD-INPUT
!
!
flow monitor FLOW-MONITOR-OUTPUT
 description egress
 cache timeout inactive 10
 cache timeout active 60
 record FLOW-RECORD-OUTPUT
!
!
!
!
port-channel load-balance src-dst-mixed-ip-port
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure
errdisable recovery cause loopback
errdisable recovery cause psp
errdisable recovery interval 600
license boot level ipservicesk9
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 12288
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/IZH/MLK/IZM-SW_L3/$H-$T
 write-memory
 time-period 10080
!
!
username netadmin privilege 15 secret 5 $1$CJcs$KdKLEShFyyvUiOSSRtOMs.
!
redundancy
 mode sso
!
!
vlan 8
 name --UserNet_8.0/24--
!
vlan 9
 name --UserNet_9.0/24--
!
vlan 10
 name --UserNet_10.0/24--
!
vlan 11
 name --UserNet_11.0/24--
!
vlan 12
 name --UserNet_12.0/24--
!
vlan 13
 name --UserNet_13.0/24--
!
vlan 14
 name --UserNet_14.0/24--
!
vlan 15
 name --UserNet_15.0/24--
!
vlan 16
 name --UserNet_16.0/24--
!
vlan 17
 name --UserNet_17.0/24--
!
vlan 18
 name --UserNet_18.0/24--
!
vlan 19
 name --UserNet_19.0/24--
!
vlan 20
 name --UserNet_20.0/24--
!
vlan 22
 name MILKOM_Nobel_Users
!
vlan 23 
!
vlan 50
 name RCOD
!
vlan 93
 name VideoNetToStolovaya
!
vlan 96
 name --ERTELEKOM--
!
vlan 99
 name --MARK_ASTERISK--
!
vlan 101
 name --PRINTERS--
!
vlan 113
 name TRANSIT_TO_MIKROTIK
!
vlan 150
 name --Wi-Fi_Users_32.0/24--
!
vlan 151
 name --Wi-Fi_Prod_33.0/24--
!
vlan 172
 name TelephotiNet
!
vlan 173
 name telephonyTest
!
vlan 200-201 
!
vlan 202
 name --DMZ--
!
vlan 207
 name VCOD_Servers_DMZ_Frontend
!
vlan 208
 name VCOD_Servers_Backend
!
vlan 229 
!
vlan 248
 name --SANDBOX_ELAR--
!
vlan 249
 name --ServTestC_36.0/24--
!
vlan 250
 name --ServerNet_0.0/24--
!
vlan 251
 name -=ServMail_7.0/28=-
!
vlan 252
 name --VOICE_ATS--
!
vlan 253
 name exchange_komos-group
!
vlan 254
 name SRV_SharePint_1.0/24
!
vlan 255
 name --ServerNet_2.0/24--
!
vlan 256
 name Server_Mon_1C_3.0/24
!
vlan 257
 name KONTUR_DEV_SQL5.0/27
!
vlan 288
 name SERVERS_DEV
!
vlan 289
 name -=SRVBakNet_245.0_24=-
!
vlan 290
 name -=SrvVmwVMon_242.0/26=-
!
vlan 291
 name -=SrvVmwVSan_242.64/26=-
!
vlan 292
 name -=SrvBakNet_243.0/24=-
!
vlan 294
 name --SRV_iLO_iDrack_etc--
!
vlan 299
 name --SrvMng_240.0\24--
!
vlan 300
 name --MANAGMENT--
!
vlan 301
 name --Wi-Fi_MANAGMENT--
!
vlan 302
 name -=Wi-Fi_MANAGMENT=-
!
vlan 350
 name --VOICE_28.0/24--
!
vlan 500
 name --Wi-Fi_Guest_35.0/24--
!
vlan 550
 name --CISCO_ASA--
!
vlan 551
 name --TRANSIT_HSRP--
!
vlan 556
 name P2P_iBGP_KOMOS_AS_over_ER_Tel
!
vlan 557
 name P2P_iBGP_KOMOS_AS_over_MTS
!
vlan 596
 name P2P_RCOD-OCOD_ER_Telecom
!
vlan 597
 name TRANSIT_TO_ISR4431
!
vlan 599
 name --MTS_KOMOS_599--
!
vlan 601
 name --KMK_PRODACTION--
!
vlan 650
 name --ISCSI--
!
vlan 666
 name NOT_ROUTED
!
vlan 1000
 name --ELAR-TEST--
!
vlan 1100
 name TEST_ARR_ESR-10
!
vlan 1113
 name PI_RT-1-3
!
vlan 1500
 name dmz_env_1C_WMS_MLK
!
vlan 1501
 name safe_env_1C_WMS_MLK
!
vlan 1999
 name env_1C_Licensing
!
vlan 3915
 name IZM_VLAN3915_SPLUNK
!
vlan 4030
 name --MTS_KOMOS_4030--
!
vlan 4031
 name -VeamRepl_172.31.31.0/24-
!
vlan 4032
 name -SQLRepl_172.31.33.0/24-
!
vlan 4033
 name -SrvVCHA_172.31.33.0/24-
!
vlan 4034
 name -ExchRepl_172.31.34.0/24-
!
vlan 4035
 name -SrvVCMg_172.31.35.0/24-
!
!
class-map match-any CM_QoS_Q2
 match qos-group 2
class-map match-any CM_QoS_Q3
 match qos-group 3
class-map match-any CM_QoS_Q0
 match qos-group 0
class-map match-any CM_QoS_Q1
 match qos-group 1
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any CM_QoS_Q6
 match qos-group 6
 match qos-group 7
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any CM_QoS_Q4
 match qos-group 4
class-map match-any CM_QoS_Q5
 match qos-group 5
class-map match-any system-cpp-default
  description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any CM_RDP
 match access-group name RDP
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any CM_QoS_CS3
 match dscp cs3  af31  af32  af33 
class-map match-any CM_QoS_CS2
 match dscp cs2  af21  af22  af23 
class-map match-any CM_QoS_CS1
 match dscp cs1  af11  af12  af13 
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any CM_QoS_CS0
 match dscp default  1  2  3 
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any CM_QoS_CS7
 match dscp cs7 
class-map match-any CM_QoS_CS6
 match dscp cs6  49 
class-map match-any CM_QoS_CS5
 match dscp cs5  41  42  45  ef  47 
class-map match-any system-cpp-police-data
  description ICMP_GEN and BROADCAST
class-map match-any CM_QoS_CS4
 match dscp cs4  af41  af42  af43 
class-map match-any system-cpp-police-control-low-priority
  description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
  description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
  description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
  description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any CM_COS_1
 match cos  1 
class-map match-any system-cpp-police-routing-control
  description Routing control
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any CM_COS_0
 match cos  0 
class-map match-any CM_COS_3
 match cos  3 
class-map match-any CM_COS_2
 match cos  2 
class-map match-any CM_COS_5
 match cos  5 
class-map match-any CM_COS_4
 match cos  4 
class-map match-any CM_COS_7
 match cos  7 
class-map match-any CM_COS_6
 match cos  6 
!
policy-map port_child_policy
 class non-client-nrt-class
  bandwidth remaining ratio 10
policy-map system-cpp-policy
 class system-cpp-police-data
  police rate 200 pps
 class system-cpp-police-sys-data
  police rate 100 pps
 class system-cpp-police-sw-forward
  police rate 1000 pps
 class system-cpp-police-multicast
  police rate 500 pps
 class system-cpp-police-multicast-end-station
  police rate 2000 pps
 class system-cpp-police-punt-webauth
 class system-cpp-police-l2-control
 class system-cpp-police-routing-control
  police rate 1800 pps
 class system-cpp-police-control-low-priority
 class system-cpp-police-wireless-priority1
 class system-cpp-police-wireless-priority2
 class system-cpp-police-wireless-priority3-4-5
 class system-cpp-police-topology-control
 class system-cpp-police-dot1x-auth
 class system-cpp-police-protocol-snooping
 class system-cpp-police-forus
 class system-cpp-default
policy-map PM_QoS_CLASS_IN
 class CM_QoS_CS7
  set qos-group 7
 class CM_COS_7
  set qos-group 7
 class CM_QoS_CS6
  set qos-group 6
 class CM_COS_6
  set qos-group 6
 class CM_QoS_CS5
  set qos-group 5
 class CM_COS_5
  set qos-group 5
 class CM_QoS_CS4
  set qos-group 4
 class CM_COS_4
  set qos-group 4
 class CM_QoS_CS3
  set qos-group 3
 class CM_COS_3
  set qos-group 3
 class CM_QoS_CS2
  set qos-group 2
 class CM_COS_2
  set qos-group 2
 class CM_QoS_CS1
  set qos-group 1
 class CM_COS_1
  set qos-group 1
 class CM_QoS_CS0
  set qos-group 0
 class CM_COS_0
  set qos-group 0
 class CM_RDP
  set dscp cs4
 class class-default
  set qos-group 0
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description [CORE] SW-1-1
 switchport mode trunk
!
interface Port-channel2
 description [SRV] izh-vmw004_srv
 switchport mode trunk
!
interface Port-channel3
 description [SRV] izh-vmw005_mgt
 switchport mode trunk
!
interface Port-channel4
 description [SRV] izh-vmw005_srv
 switchport mode trunk
!
interface Port-channel5
 description [SRV] izh-vmw006_mgt
 switchport mode trunk
!
interface Port-channel6
 description [SRV] izh-vmw006_srv
 switchport mode trunk
!
interface Port-channel7
 description [SRV] izh-vmw007_mgt
 switchport mode trunk
!
interface Port-channel8
 description [SRV] izh-vmw007_srv
 switchport mode trunk
!
interface Port-channel9
 description [SRV] izh-vmw008_mgt
 switchport mode trunk
!
interface Port-channel10
 description [SRV] izh-vmw008_srv
 switchport mode trunk
!
interface Port-channel11
 description [SRV] izh-vmw011_mgt
 switchport mode trunk
!
interface Port-channel12
 description [SRV] izh-vmw011_srv
 switchport mode trunk
!
interface Port-channel13
 description [SRV] izh-vmw012_mgt
 switchport mode trunk
!
interface Port-channel14
 description [SRV] izh-vmw012_srv
 switchport mode trunk
!
interface Port-channel15
 description [SRV] izh-vmw013_mgt
 switchport mode trunk
!
interface Port-channel16
 description [SRV] izh-vmw013_srv
 switchport mode trunk
!
interface Port-channel17
 description [SRV] izh-vmw016_mgt
 switchport mode trunk
!
interface Port-channel18
 description [SRV] izh-vmw016_srv
 switchport mode trunk
!
interface Port-channel19
 description [SRV] izh-vmw015_mgt
 switchport mode trunk
!
interface Port-channel20
 description [SRV] izh-vmw015_srv
 switchport mode trunk
!
interface Port-channel21
 description [SRV] izh-vmw014_mgt
 switchport mode trunk
!
interface Port-channel22
 description [SRV] izh-vmw014_srv
 switchport mode trunk
!
interface Port-channel23
 description [SRV] izh-vmw020_mgt
 switchport mode trunk
!
interface Port-channel24
 description [SRV] izh-vmw020_srv
 switchport mode trunk
!
interface Port-channel25
 description [SRV] izh-vmw021_mgt
 switchport mode trunk
!
interface Port-channel26
 description [SRV] izh-vmw021_srv
 switchport mode trunk
!
interface Port-channel27
 description NONE
 switchport access vlan 294
 switchport mode access
!
interface Port-channel29
 description izh-vmw017_mgt
 switchport mode trunk
!
interface Port-channel33
 description [SRV] izh-bkp007_p2
 switchport access vlan 292
 switchport mode access
!
interface Port-channel35
 description [SRV] izm-vmw022_mgt
 switchport mode trunk
!
interface Port-channel36
 description [SRV] izm-vmw022_srv
 switchport mode trunk
!
interface Port-channel37
 description [SRV] izm-vmw023_mgt
 switchport mode trunk
!
interface Port-channel38
 description [SRV] izm-vmw023_srv
 switchport mode trunk
!
interface Port-channel39
 description [SRV] izm-vmw025_mgt
 switchport mode trunk
!
interface Port-channel40
 description [SRV] izm-vmw025_srv
 switchport access vlan 8
 switchport mode trunk
!
interface Port-channel41
 description [SRV] izm-vmw024_mgt
 switchport mode trunk
!
interface Port-channel42
 description [SRV] izm-vmw024_srv
 switchport mode trunk
!
interface Port-channel43
 description [SRV] izm-vmw026_mgt
 switchport mode trunk
!
interface Port-channel44
 description [SRV] izm-vmw026_srv
 switchport mode trunk
!
interface Port-channel45
 description [SRV] izm-vmw028_srv
 switchport mode trunk
!
interface Port-channel46
 description [SRV] izm-vmw027_srv
 switchport access vlan 294
 switchport mode trunk
!
interface Port-channel101
 description [SRV] izh-vmw004_mgt
 switchport mode trunk
!
interface Port-channel102
 description izh-vmw017_srv
 switchport mode trunk
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 description [SRV] Po101 izh-vmw004-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 101 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet1/0/2
 description [SRV] Po2 izh-vmw004-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 2 mode active
!
interface GigabitEthernet1/0/3
 description [SRV] Po3 izh-vmw005-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 3 mode active
!
interface GigabitEthernet1/0/4
 description [SRV] Po4 izh-vmw005-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 4 mode active
!
interface GigabitEthernet1/0/5
 description [SRV] Po5 izh-vmw006-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 5 mode active
!
interface GigabitEthernet1/0/6
 description [SRV] Po6 izh-vmw006-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 6 mode active
!
interface GigabitEthernet1/0/7
 description [SRV] Po7 izh-vmw007-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 7 mode active
!
interface GigabitEthernet1/0/8
 description [SRV] Po8 izh-vmw007-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 8 mode active
!
interface GigabitEthernet1/0/9
 description [SRV] Po9 izh-vmw008-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 9 mode active
!
interface GigabitEthernet1/0/10
 description [SRV] Po10 izh-vmw008-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 10 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet1/0/11
 description [SRV] Po11 izh-vmw011-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 11 mode active
!
interface GigabitEthernet1/0/12
 description [SRV] Po12 izh-vmw011-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 12 mode active
!
interface GigabitEthernet1/0/13
 description [SRV] Po13 izh-vmw012-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 13 mode active
!
interface GigabitEthernet1/0/14
 description [SRV] Po14 izh-vmw012-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 14 mode active
!
interface GigabitEthernet1/0/15
 description [SRV] Po15 izh-vmw013-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 15 mode active
!
interface GigabitEthernet1/0/16
 description [SRV] Po16 izh-vmw013-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 16 mode active
!
interface GigabitEthernet1/0/17
 description [SRV] Po17 izh-vmw016-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 17 mode active
!
interface GigabitEthernet1/0/18
 description [SRV] Po18 izh-vmw016-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 18 mode active
!
interface GigabitEthernet1/0/19
 description [SRV] Po19 izh-vmw015-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 19 mode active
!
interface GigabitEthernet1/0/20
 description [SRV] Po20 izh-vmw015-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 20 mode active
!
interface GigabitEthernet1/0/21
 description [SRV] Po21 izh-vmw014-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 21 mode active
!
interface GigabitEthernet1/0/22
 description [SRV] Po22 izh-vmw014-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 22 mode active
!
interface GigabitEthernet1/0/23
 description [SRV] Po23 izh-vmw020-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 23 mode active
!
interface GigabitEthernet1/0/24
 description [SRV] Po24 izh-vmw020-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 24 mode active
!
interface GigabitEthernet1/0/25
 description [SRV] Po25 izh-vmw021-p00
 switchport mode trunk
 no snmp trap link-status
 channel-group 25 mode active
!
interface GigabitEthernet1/0/26
 description [SRV] Po26 izh-vmw021-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 26 mode active
!
interface GigabitEthernet1/0/27
 description [SRV] izh-vmw027_p0
 switchport access vlan 294
 switchport mode trunk
 no snmp trap link-status
 channel-group 46 mode active
!
interface GigabitEthernet1/0/28
 description NONE
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/29
 description [SRV] izh-vmw028_p0
 switchport mode trunk
 channel-group 45 mode active
!
interface GigabitEthernet1/0/30
 description [SRV] izh-shd002_Qsan
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet1/0/31
 description [SRV] izh-bkp006_p
 switchport access vlan 292
 switchport mode access
 no snmp trap link-status
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet1/0/32
 description [SRV] izh-bkp006_p2
 switchport access vlan 289
 switchport mode access
 no snmp trap link-status
!
interface GigabitEthernet1/0/33
 description [SRV] Po33 izh-bkp007-p01
 switchport access vlan 292
 switchport mode access
 no snmp trap link-status
 no cdp enable
 channel-group 33 mode active
!
interface GigabitEthernet1/0/34
 description [SRV] izh-bkp007_p4
 switchport access vlan 250
 switchport mode access
 no snmp trap link-status
!
interface GigabitEthernet1/0/35
 description [SRV] Po35 kg-izm-vmw022-p00
 switchport mode trunk
 channel-group 35 mode active
!
interface GigabitEthernet1/0/36
 description [SRV] Po36 kg-izm-vmw022-p02
 switchport mode trunk
 channel-group 36 mode active
!
interface GigabitEthernet1/0/37
 description [SRV] Po37 kg-izm-vmw023-p00
 switchport mode trunk
 channel-group 37 mode active
!
interface GigabitEthernet1/0/38
 description [SRV] Po38 kg-izm-vmw023-p02
 switchport mode trunk
 channel-group 38 mode active
!
interface GigabitEthernet1/0/39
 description [SRV] Po39 kg-izm-vmw025-p00
 switchport mode trunk
 channel-group 39 mode active
!
interface GigabitEthernet1/0/40
 description [SRV] Po40 kg-izm-vmw025-p02
 switchport mode trunk
 channel-group 40 mode active
!
interface GigabitEthernet1/0/41
 description [SRV] Po41 kg-izm-vmw024-p00
 switchport mode trunk
 channel-group 41 mode active
!
interface GigabitEthernet1/0/42
 description kg-izm-vmw024-p02
 switchport mode trunk
 channel-group 42 mode active
!
interface GigabitEthernet1/0/43
 description [SRV] Po43 kg-izm-vmw026-p00
 switchport mode trunk
 channel-group 43 mode active
!
interface GigabitEthernet1/0/44
 description [SRV] Po44 kg-izm-vmw026-p02
 switchport mode trunk
 channel-group 44 mode active
!
interface GigabitEthernet1/0/45
 description --TEST_DORADO--
 switchport access vlan 294
 switchport mode access
!
interface GigabitEthernet1/0/46
 description [WIFI] AP-1-2-COD
 switchport trunk native vlan 302
 switchport trunk allowed vlan 150,151,301,302,500
 switchport mode trunk
 switchport voice vlan 350
 load-interval 60
 no snmp trap link-status
 no lldp transmit
 no lldp receive
 spanning-tree portfast
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet1/0/47
 description [CORE] RT-1-3
 switchport mode trunk
 no snmp trap link-status
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet1/0/48
 description [ISP-1G] L2VPN-to-KG-P11_MTS
 switchport trunk native vlan 4030
 switchport trunk allowed vlan 557,599,4030-4035
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 load-interval 60
 no snmp trap link-status
 no lldp transmit
 no lldp receive
 no cdp enable
 service-policy input PM_QoS_CLASS_IN
 hold-queue 240000 in
 hold-queue 240000 out
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
 description [CORE] Po1 SW-1-1
 switchport mode trunk
 channel-group 1 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface TenGigabitEthernet1/1/2
 description -=shd007 10GethP0 B=-
 switchport mode trunk
!
interface TenGigabitEthernet1/1/3
 description =-shd007 10GethP0 A=-
 switchport mode trunk
!
interface TenGigabitEthernet1/1/4
 description -=vmw028 10Geth01=-
 switchport mode trunk
!
interface GigabitEthernet2/0/1
 description [SRV] Po101 izh-vmw004-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 101 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet2/0/2
 description [SRV] Po2 izh-vmw004-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 2 mode active
!
interface GigabitEthernet2/0/3
 description [SRV] Po3 izh-vmw005-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 3 mode active
!
interface GigabitEthernet2/0/4
 description [SRV] Po4 izh-vmw005-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 4 mode active
!
interface GigabitEthernet2/0/5
 description [SRV] Po5 izh-vmw006-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 5 mode active
!
interface GigabitEthernet2/0/6
 description [SRV] Po6 izh-vmw006-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 6 mode active
!
interface GigabitEthernet2/0/7
 description [SRV] Po7 izh-vmw007-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 7 mode active
!
interface GigabitEthernet2/0/8
 description [SRV] Po8 izh-vmw007-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 8 mode active
!
interface GigabitEthernet2/0/9
 description [SRV] Po9 izh-vmw008-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 9 mode active
!
interface GigabitEthernet2/0/10
 description [SRV] Po10 izh-vmw008-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 10 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet2/0/11
 description [SRV] Po11 izh-vmw011-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 11 mode active
!
interface GigabitEthernet2/0/12
 description [SRV] Po12 izh-vmw011-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 12 mode active
!
interface GigabitEthernet2/0/13
 description [SRV] Po13 izh-vmw012-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 13 mode active
!
interface GigabitEthernet2/0/14
 description [SRV] Po14 izh-vmw012-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 14 mode active
!
interface GigabitEthernet2/0/15
 description [SRV] Po15 izh-vmw013-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 15 mode active
!
interface GigabitEthernet2/0/16
 description [SRV] Po16 izh-vmw013-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 16 mode active
!
interface GigabitEthernet2/0/17
 description [SRV] Po17 izh-vmw016-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 17 mode active
!
interface GigabitEthernet2/0/18
 description [SRV] Po18 izh-vmw016-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 18 mode active
!
interface GigabitEthernet2/0/19
 description [SRV] Po19 izh-vmw015-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 19 mode active
!
interface GigabitEthernet2/0/20
 description [SRV] Po20 izh-vmw015-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 20 mode active
!
interface GigabitEthernet2/0/21
 description [SRV] Po21 izh-vmw014-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 21 mode active
!
interface GigabitEthernet2/0/22
 description [SRV] Po22 izh-vmw014-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 22 mode active
!
interface GigabitEthernet2/0/23
 description [SRV] Po23 izh-vmw020-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 23 mode active
!
interface GigabitEthernet2/0/24
 description [SRV] Po24 izh-vmw020-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 24 mode active
!
interface GigabitEthernet2/0/25
 description [SRV] Po25 izh-vmw021-p02
 switchport mode trunk
 no snmp trap link-status
 channel-group 25 mode active
!
interface GigabitEthernet2/0/26
 description [SRV] Po26 izh-vmw021-p03
 switchport mode trunk
 no snmp trap link-status
 channel-group 26 mode active
!
interface GigabitEthernet2/0/27
 description [SRV] izh-vmw027_p1
 switchport access vlan 294
 switchport mode trunk
 no snmp trap link-status
 channel-group 46 mode active
!
interface GigabitEthernet2/0/28
 description [SRV] Po35 kg-izm-vmw022-p01
 switchport mode trunk
 no snmp trap link-status
 channel-group 35 mode active
!
interface GigabitEthernet2/0/29
 description [SRV] izh-vmw028_p1
 switchport mode trunk
 no snmp trap link-status
 channel-group 45 mode active
!
interface GigabitEthernet2/0/30
 description [SRV] Po36 kg-izm-vmw022-p03
 switchport mode trunk
 channel-group 36 mode active
!
interface GigabitEthernet2/0/31
 description [SRV] izh-bkp006_p3
 switchport access vlan 250
 switchport mode access
 no snmp trap link-status
!
interface GigabitEthernet2/0/32
 description [SRV] Po37 kg-izm-vmw023-p01
 switchport mode trunk
 channel-group 37 mode active
!
interface GigabitEthernet2/0/33
 description [SRV] Po33 izh-bkp007-p02
 switchport access vlan 292
 switchport mode access
 no snmp trap link-status
 channel-group 33 mode active
!
interface GigabitEthernet2/0/34
 description [SRV] Po38 kg-izm-vmw023-p03
 switchport mode trunk
 channel-group 38 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet2/0/35
 description [SRV] Po39 kg-izm-vmw025-p01
 switchport mode trunk
 channel-group 39 mode active
!
interface GigabitEthernet2/0/36
 description [SRV] Po40 kg-izm-vmw025-p03
 switchport access vlan 8
 switchport mode trunk
 no snmp trap link-status
 channel-group 40 mode active
!
interface GigabitEthernet2/0/37
 description [SRV] izh-vsr001
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet2/0/38
 description [SRV] izh-vsr002
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet2/0/39
 description [SRV] izh-vsr003
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet2/0/40
 description [SRV] izh-vsr004
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet2/0/41
 description [SRV] izh-vsr006
 switchport mode trunk
 no snmp trap link-status
!
interface GigabitEthernet2/0/42
 description kg-izm-vmw024-p01
 switchport mode trunk
 channel-group 41 mode active
!
interface GigabitEthernet2/0/43
 description [SRV] Po42 kg-izm-vmw024-p03
 switchport mode trunk
 channel-group 42 mode active
!
interface GigabitEthernet2/0/44
 description [SRV] Po43 kg-izm-vmw026-p01
 switchport mode trunk
 channel-group 43 mode active
!
interface GigabitEthernet2/0/45
 description [SRV] Po44 kg-izm-vmw026-p03
 switchport mode trunk
 channel-group 44 mode active
!
interface GigabitEthernet2/0/46
 switchport access vlan 294
 switchport mode access
!
interface GigabitEthernet2/0/47
 description [CORE] RT-1-4
 switchport mode trunk
 no snmp trap link-status
 service-policy input PM_QoS_CLASS_IN
!
interface GigabitEthernet2/0/48
 description [ISP-1G] L2VPN-to-KG-P11_ER-Telecom
 switchport trunk native vlan 4030
 switchport trunk allowed vlan 556,596
 switchport mode trunk
 logging event trunk-status
 logging event spanning-tree
 no snmp trap link-status
 no lldp transmit
 no lldp receive
 no cdp enable
 spanning-tree bpdufilter enable
 hold-queue 240000 in
 hold-queue 240000 out
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
 description [CORE] Po1 SW-1-1
 switchport mode trunk
 channel-group 1 mode active
 service-policy input PM_QoS_CLASS_IN
!
interface TenGigabitEthernet2/1/2
 description -=shd007 10GethP1 A=-
 switchport mode trunk
!
interface TenGigabitEthernet2/1/3
 description -=shd007 10GethP1 B=-
 switchport mode trunk
!
interface TenGigabitEthernet2/1/4
 description -=vmw028 10Geth02=-
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan22
 ip address 192.168.255.253 255.255.255.0
!
interface Vlan300
 description --MANAGMENT--
 ip address 10.4.254.248 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
ip default-gateway 10.4.254.254
ip forward-protocol nd
no ip http server
no ip http secure-server
ip ssh version 2
!
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
 permit tcp any any eq 995
 permit tcp any any eq 1914
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any any eq smtp
 permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
 permit udp any any range 16384 32767
 permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 permit tcp any any range 6881 6999
 permit tcp any any range 28800 29100
 permit tcp any any eq 1214
 permit udp any any eq 1214
 permit tcp any any eq 3689
 permit udp any any eq 3689
 permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
 permit tcp any any range 2000 2002
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
 permit tcp any any eq 443
 permit tcp any any eq 1521
 permit udp any any eq 1521
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
 permit udp any any eq 1630
 permit tcp any any eq 1527
 permit tcp any any eq 6200
 permit tcp any any eq 3389
 permit tcp any any eq 5985
 permit tcp any any eq 8080
ip access-list extended RDP
 permit tcp any eq 3389 any
 permit tcp any any eq 3389
!
logging origin-id hostname
logging facility local2
logging source-interface Vlan300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
access-list 5 permit 192.168.8.99
access-list 5 permit 10.4.0.58
access-list 5 permit 10.4.0.214
access-list 5 permit 10.2.1.245
!
snmp-server community lmTUEsk6Yvlv RO 5
snmp ifmib ifindex persist
!
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
control-plane
 service-policy input system-cpp-policy
!
!
no vstack
!
line con 0
 login authentication CONSOLE
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 transport input ssh
!
ntp server 192.168.8.200
ntp server 192.168.8.201
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end