Building configuration...

Current configuration : 24909 bytes
!
! Last configuration change at 16:17:27 SAMT Wed Jun 15 2022 by adm_ivanovas
! NVRAM config last updated at 16:38:21 SAMT Wed Jun 15 2022 by adm_ivanovas
!
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
service unsupported-transceiver
!
hostname KEZ-MLK-KZS-SW-1-1
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$I7ox$/BluRI9AvR9N4XL.Vg5631
!
username netadmin privilege 15 secret 5 $1$P5bL$.E2mZckPMy66s4n34CQYH1
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface Vlan300
 load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated 
!
!
!
!
!
!
aaa session-id common
clock timezone SAMT 4 0
switch 1 provision ws-c3750x-24s
switch 2 provision ws-c3750x-24s
system mtu routing 1500
ip routing
no ip cef optimize neighbor resolution
!
!
!
no ip domain-lookup
ip domain-name milkom-komos.ru
ip host tftp 10.4.0.214
login on-failure
login on-success
!
stack-power stack Power-Stack-1
 mode redundant
!
stack-power switch 1
stack-power switch 2
!
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-1840100864
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1840100864
 revocation-check none
 rsakeypair TP-self-signed-1840100864
!
crypto pki trustpoint TP-self-signed-1335665536
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1335665536
 revocation-check none
 rsakeypair TP-self-signed-1335665536
!
!
crypto pki certificate chain TP-self-signed-1840100864
crypto pki certificate chain TP-self-signed-1335665536
license boot level ipservices
license boot level ipservices switch 1
archive
 log config
  logging enable
  logging size 900
  notify syslog contenttype plaintext
  hidekeys
 path tftp://tftp/KEZ/MLK/KSZ-SW_L3/$H-$T
 write-memory
 time-period 10080
!
!
!
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E 0x1
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
 permit any 0022.bdcd.d200 0000.0000.00ff
 permit 0022.bdcd.d200 0000.0000.00ff any
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
no errdisable detect cause gbic-invalid
no errdisable detect cause sfp-config-mismatch
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery cause psp
errdisable recovery interval 600
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name --Users_KU2--
!
vlan 8
 name --UserNet_68.0/24--
!
vlan 11
 name --ISP-MTS--
!
vlan 12
 name --isp2-megafon--
!
vlan 101
 name --PRINTERS--
!
vlan 113
 name TRANSIT_TO_MIKROTIK
!
vlan 122 
!
vlan 150
 name --Wi-Fi_WORK--
!
vlan 200
 name Guest_WiFi
!
vlan 201
 name --Server_MGM--
!
vlan 250
 name --SERVERS_64.0/24--
!
vlan 251
 name --SERVERS_BACKUP--
!
vlan 290
 name -=SrvVmwVMon=-
!
vlan 300
 name --MANAGEMENT--
!
vlan 301
 name --Wi-Fi_MANAGEMENT--
!
vlan 310
 name --UPS_managment--
!
vlan 350
 name --VOICE--
!
vlan 450
 name --Wi-Fi_SKLAD--
!
vlan 500
 name --Wi-Fi_GUEST--
!
vlan 550
 name --TRANSIT_HSRP--
!
vlan 555
 name --BGP_TRANSIT--
!
vlan 600
 name --PRODACTION--
!
vlan 601
 name PRD_L2VPN_for_KIP
!
vlan 603
 name --CRPT-Mark--
!
ip tftp source-interface Vlan300
ip ssh authentication-retries 5
ip ssh logging events
ip ssh version 2
!
track 1 ip sla 1 reachability
 delay down 10 up 5
!
track 2 ip sla 2 reachability
 delay down 10 up 5
lldp run
!
class-map match-any VSL-DATA-PACKETS
  match access-group name VSL-MGMT
class-map match-any VSL-L2-CONTROL-PACKETS
  match access-group name VSL-DOT1x
  match access-group name VSL-BPDU
  match access-group name VSL-CDP
  match access-group name VSL-LLDP
  match access-group name VSL-SSTP
  match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
  match access-group name VSL-IPV4-ROUTING
  match access-group name VSL-BFD
  match access-group name VSL-DHCP-CLIENT-TO-SERVER
  match access-group name VSL-DHCP-SERVER-TO-CLIENT
  match access-group name VSL-DHCP-SERVER-TO-SERVER
  match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
  match ip dscp af41 
  match ip dscp af42 
  match ip dscp af43 
  match ip dscp af31 
  match ip dscp af32 
  match ip dscp af33 
  match ip dscp af21 
  match ip dscp af22 
  match ip dscp af23 
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
  match ip dscp ef 
  match ip dscp cs4 
  match ip dscp cs5 
class-map match-any VSL-SIGNALING-NETWORK-MGMT
  match ip dscp cs2 
  match ip dscp cs3 
  match ip dscp cs6 
  match ip dscp cs7 
!
policy-map VSL-Queuing-Policy
 class VSL-L2-CONTROL-PACKETS
 class VSL-L3-CONTROL-PACKETS
 class VSL-VOICE-VIDEO-TRAFFIC
 class VSL-SIGNALING-NETWORK-MGMT
 class VSL-MULTIMEDIA-TRAFFIC
 class VSL-DATA-PACKETS
 class class-default
!
!
! 
!
!
!
!
!
!
!
!
!
interface Loopback100
 no ip address
!
interface Loopback7777
 description 2307018 & 2407018
 no ip address
 shutdown
!
interface Port-channel1
 description [KU] SW-1-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
!
interface Port-channel2
 description [NO]
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel3
 description [KU] SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel4
 description [KU] SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel5
 description [KU] SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel6
 description [KU] SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel7
 description [KU] SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel8
 description [KU] SW-8-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel9
 description [KU] SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel10
 description [KU] SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel11
 description [KU] SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel12
 description [KU] SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel13
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel14
 description [KU] SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel15
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel16
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel17
 description [KU] SW-1-4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel18
 description [KU] SW-1-5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel19
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel20
 description [KU] SW-2-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel21
 description [KU] SW-2-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel22
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel23
 description [CORE] SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel24
 description [KU] SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0
 no ip address
 no ip route-cache
!
interface GigabitEthernet1/0/1
 description OLD_Po1_SW-1-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 channel-group 1 mode on
!
interface GigabitEthernet1/0/2
 description [KU] Po24 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 24 mode active
!
interface GigabitEthernet1/0/3
 description [KU] Po3 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode on
!
interface GigabitEthernet1/0/4
 description [KU] Po4 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode on
!
interface GigabitEthernet1/0/5
 description [KU] Po5 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 5 mode active
!
interface GigabitEthernet1/0/6
 description [KU] Po6 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode active
!
interface GigabitEthernet1/0/7
 description [KU] Po7 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode on
!
interface GigabitEthernet1/0/8
 description [KU] Po8 SW-8-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 8 mode on
!
interface GigabitEthernet1/0/9
 description [KU] Po9 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode on
!
interface GigabitEthernet1/0/10
 description [KU] Po10 SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode on
!
interface GigabitEthernet1/0/11
 description [KU] Po11 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet1/0/12
 description [KU] Po12 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet1/0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode active
!
interface GigabitEthernet1/0/14
 description [KU] Po14 SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode active
!
interface GigabitEthernet1/0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode active
!
interface GigabitEthernet1/0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode on
!
interface GigabitEthernet1/0/17
 description [KU] Po17 SW-1-4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 17 mode on
!
interface GigabitEthernet1/0/18
 description [KU] Po18 SW-1-5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 18 mode on
!
interface GigabitEthernet1/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 19 mode active
!
interface GigabitEthernet1/0/20
 description [KU] Po20 SW-2-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 20 mode active
!
interface GigabitEthernet1/0/21
 description [KU] Po21 SW-2-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 21 mode on
!
interface GigabitEthernet1/0/22
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 22 mode on
!
interface GigabitEthernet1/0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet1/0/24
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
 description OLD_Po1_SW-1-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 channel-group 1 mode on
!
interface GigabitEthernet2/0/2
 description [KU] Po24 SW-2-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 24 mode active
!
interface GigabitEthernet2/0/3
 description [KU] Po3 SW-3-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode on
!
interface GigabitEthernet2/0/4
 description [KU] Po4 SW-4-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 4 mode on
!
interface GigabitEthernet2/0/5
 description [KU] Po5 SW-5-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 5 mode active
!
interface GigabitEthernet2/0/6
 description [KU] Po6 SW-6-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 6 mode active
!
interface GigabitEthernet2/0/7
 description [KU] Po7 SW-7-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 7 mode on
!
interface GigabitEthernet2/0/8
 description [KU] Po8 SW-8-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 8 mode on
!
interface GigabitEthernet2/0/9
 description [KU] Po9 SW-9-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 9 mode on
!
interface GigabitEthernet2/0/10
 description [KU] Po10 SW-10-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 10 mode on
!
interface GigabitEthernet2/0/11
 description [KU] Po11 SW-11-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 11 mode active
!
interface GigabitEthernet2/0/12
 description [KU] Po12 SW-12-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 12 mode active
!
interface GigabitEthernet2/0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 13 mode active
!
interface GigabitEthernet2/0/14
 description [KU] Po14 SW-14-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 14 mode active
!
interface GigabitEthernet2/0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 15 mode active
!
interface GigabitEthernet2/0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 16 mode on
!
interface GigabitEthernet2/0/17
 description [KU] Po17 SW-1-4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 17 mode on
!
interface GigabitEthernet2/0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 18 mode on
!
interface GigabitEthernet2/0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 19 mode active
!
interface GigabitEthernet2/0/20
 description [KU] Po20 SW-2-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 20 mode active
!
interface GigabitEthernet2/0/21
 description [KU] Po21 SW-2-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 21 mode on
!
interface GigabitEthernet2/0/22
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 22 mode on
!
interface GigabitEthernet2/0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet2/0/24
 description [CORE] Po23 SW-1-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 23 mode on
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
 ip dhcp relay information trusted
 ip address 192.168.25.254 255.255.255.0 secondary
 ip address 192.168.23.254 255.255.255.0 secondary
 ip address 192.168.26.126 255.255.255.128 secondary
 ip address 192.168.20.254 255.255.255.0
 ip helper-address 192.168.20.252
 no ip redirects
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan2
 ip dhcp relay information trusted
 ip address 10.5.65.254 255.255.255.0
 ip helper-address 192.168.20.252
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan8
 ip dhcp relay information trusted
 ip address 10.5.68.254 255.255.255.0
 ip helper-address 192.168.20.252
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan11
 description --ISP-MTS--
 no ip address
!
interface Vlan12
 description --ISP2-megafon--
 no ip address
!
interface Vlan91
 no ip address
!
interface Vlan113
 ip address 10.12.254.254 255.255.255.252
!
interface Vlan122
 description TELEPHONIA
 ip address 192.168.22.254 255.255.255.0
!
interface Vlan150
 description --Wi-Fi_WORK--
 ip dhcp relay information trusted
 ip address 10.5.92.254 255.255.255.0
 ip helper-address 192.168.20.252
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan200
 description GuestWiFI
 ip dhcp relay information trusted
 ip address 10.200.3.254 255.255.255.0
 ip access-group No_Local_For_GuestWiFI in
 ip helper-address 10.200.3.252
!
interface Vlan201
 description --Servers_MGM--
 ip dhcp relay information trusted
 ip address 10.5.82.30 255.255.255.224
!
interface Vlan250
 description --SERVERS_64.0/24--
 ip address 10.5.64.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan300
 description --MANAGEMENT--
 ip address 10.5.94.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan301
 description --Wi-Fi_MANAGEMENT--
 ip dhcp relay information trusted
 ip address 10.5.93.254 255.255.255.0
 ip helper-address 192.168.20.252
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan310
 description --UPS managment--
 ip address 10.5.69.254 255.255.255.0
!
interface Vlan350
 description --VOICE--
 ip dhcp relay information trusted
 ip address 10.5.89.254 255.255.255.0
 ip helper-address 192.168.20.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan450
 description --Wi-Fi_SKLAD--
 ip dhcp relay information trusted
 ip address 10.5.91.254 255.255.255.0
 ip helper-address 192.168.20.252
 ip policy route-map GLOBAL-ROUTING
!
interface Vlan500
 description --Wi-Fi_GUEST--
 ip dhcp relay information trusted
 ip address 10.5.90.254 255.255.255.0
 ip access-group No_Local_For_GuestWiFI in
 ip helper-address 192.168.20.252
!
interface Vlan550
 description --TRANSIT_HSRP--
 ip address 10.5.95.4 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan555
 description --BGP_TRANSIT--
 ip address 172.30.30.78 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan600
 description --PRODACTION--
 ip address 10.5.80.254 255.255.255.0
 ip access-group ACL_PRODACTION_OUT out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan603
 description --CRPT-Mark--
 ip address 10.5.81.254 255.255.255.0
!
interface Vlan3173
 no ip address
!
router bgp 64515
 bgp router-id 172.30.30.78
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 network 10.5.90.0 mask 255.255.255.0
 network 10.5.91.0 mask 255.255.255.0
 network 10.5.92.0 mask 255.255.255.0
 network 10.5.93.0 mask 255.255.255.0
 network 10.5.94.0 mask 255.255.255.0
 network 10.5.95.0 mask 255.255.255.248
 network 10.200.3.0 mask 255.255.255.0
 network 192.168.20.0
 network 192.168.22.0
 network 192.168.23.0
 network 192.168.25.0
 network 192.168.26.0 mask 255.255.255.128
 aggregate-address 10.5.64.0 255.255.224.0 summary-only
 neighbor 172.30.30.76 remote-as 64515
 neighbor 172.30.30.76 next-hop-self
 neighbor 172.30.30.76 soft-reconfiguration inbound
 neighbor 172.30.30.77 remote-as 64515
 neighbor 172.30.30.77 next-hop-self
 neighbor 172.30.30.77 soft-reconfiguration inbound
 distance bgp 150 150 150
!
ip default-gateway 10.5.94.254
!
ip http server
ip http authentication local
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.5.95.1
ip route 31.173.105.64 255.255.255.252 10.5.95.2
ip route 31.173.105.65 255.255.255.255 10.5.95.2
ip route 31.173.105.66 255.255.255.255 10.5.95.2
ip route 94.181.95.136 255.255.255.255 10.5.95.2
!
ip access-list extended ACL_PRODACTION_OUT
 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.2 eq www
 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.2 eq 443
 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.3 eq www
 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.3 eq 443
 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.4 eq www
 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.4 eq 443
 permit ip host 192.168.20.10 any
 permit ip 10.5.64.0 0.0.0.255 any
 permit icmp any any
 deny   ip any any
ip access-list extended LOCAL_TRAFFIC
 permit ip any 192.168.0.0 0.0.255.255
 permit ip any 10.0.0.0 0.255.255.255
 permit ip any 172.16.0.0 0.15.255.255
ip access-list extended No_Local_For_GuestWiFI
 permit ip host 10.200.3.250 any
 remark Deny Guest VLAN200 access to other VLANs
 permit tcp any host 192.168.20.220 eq domain
 permit udp any host 192.168.20.220 eq domain
 permit tcp any host 192.168.20.150 eq domain
 permit udp any host 192.168.20.150 eq domain
 permit tcp any host 192.168.8.77 eq 443
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 10.0.0.0 0.255.255.255
 permit ip any any
ip access-list extended ROUTE_TO_ISP1
 permit ip host 192.168.20.251 any
ip access-list extended ROUTE_TO_ISP2
 permit ip host 192.168.23.251 any
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-DHCP-SERVER_AUTH
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
ip sla 1
 icmp-echo 31.173.105.65
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 85.140.32.1
 threshold 50
 timeout 2000
 frequency 3
ip sla schedule 2 life forever start-time now
logging origin-id hostname
logging source-interface Vlan300
logging host 192.168.8.119 transport udp port 5544
logging host 10.4.244.4 transport udp port 515
access-list 1301 remark kz-vbr001
access-list 1301 permit 192.168.20.251
access-list 101 deny   ip any 192.168.0.0 0.0.255.255
access-list 101 deny   ip any 10.0.0.0 0.255.255.255
access-list 101 deny   ip any 172.17.0.0 0.0.255.255
access-list 101 permit ip host 192.168.20.251 any
access-list 101 permit ip host 192.168.20.150 any
access-list 110 remark --kz-vbr001--
access-list 110 permit ip host 192.168.20.251 any
!
route-map GLOBAL-ROUTING permit 10
 match ip address 101
 set ip next-hop 10.5.95.2
!
!
snmp-server community lmTUEsk6Yvlv RO 5
!
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server P11-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
!
banner login ^C
*****************************************************************************
*                                                                           *
*                    UNAUTHORIZED ACCESS IS PROHIBITED                      *
*                                                                           *
*                     You have accessed network equipment.                  *
*  You must have authorized permission to access or configure this device.  *
*     All activities performed on this device are logged and monitored.     *
*                                                                           *
*****************************************************************************
^C
!
line con 0
 logging synchronous
 login authentication CONSOLE
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
line vty 5 15
 exec-timeout 120 0
 logging synchronous
 login authentication NPS
 transport input ssh
!
ntp source Vlan300
ntp server 192.168.8.200
ntp server 192.168.8.201
mac address-table notification change
mac address-table notification mac-move
mac address-table aging-time 1800
end