pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/esr-ansible/test/10.111.56.1.txt

594 lines
13 KiB
Plaintext
Raw Permalink Normal View History

first commit
2025-10-31 08:47:26 +04:00
hostname MSK-MLK-NOV2-RT-1-1.ESR-21
ip firewall sessions counters
object-group service OBJ_SVC_SSH
port-range 22
exit
object-group service OBJ_SVC_VPN
port-range 500
port-range 4500
exit
object-group service OBJ_SVC_MGMT
port-range 22
port-range 23
port-range 2001-2003
exit
object-group network OBJ_NET_IZH_KG_P11
description "IZH-KG-P11_nets"
ip prefix 91.240.179.0/24
ip prefix 5.227.124.143/32
ip prefix 78.85.13.93/32
ip prefix 62.141.96.126/32
ip prefix 84.201.247.190/32
ip prefix 88.80.33.50/32
ip prefix 94.25.46.122/32
exit
object-group network OBJ_NET_IZH_MLK_IZM
description "IZH-MLK-IZM_nets"
ip prefix 91.240.179.0/24
ip prefix 85.140.32.27/32
ip prefix 78.85.13.42/32
ip prefix 5.227.126.169/32
ip prefix 31.173.105.54/32
ip prefix 217.14.195.253/32
ip prefix 85.175.86.74/32
exit
object-group network OBJ_NET_ADM_MGMT
description "Admins Net for MGMT and Routing"
ip prefix 10.110.0.0/24
ip prefix 10.4.0.214/32
ip prefix 10.1.19.0/24
ip prefix 10.14.117.0/24
ip prefix 172.30.1.0/24
ip prefix 172.30.2.0/24
exit
object-group network OBJ_NET_NAT_USERS
ip prefix 10.14.104.0/21
exit
object-group network OBJ_NET_SVC
description "Service IP for DHCP and Monitoring"
ip prefix 192.168.8.99/32
ip prefix 10.4.0.58/32
ip prefix 10.1.8.5/32
ip prefix 10.4.0.5/32
exit
syslog max-files 3
syslog file-size 1024
syslog cli-commands
syslog file tmpsys:syslog/syslog
severity info
exit
logging syslog configuration
logging aaa configuration
logging userinfo
syslog monitor crit
alias q root "exit"
username admin
password encrypted $6$pFzbQmya2cYltOhG$4NUtxJ1WkXRaqlhtpjfgSYAqlMsMpUZluPDvVFYQTVlNht8vsUpZgCLv7Xe/VRdD7XfRakVmVzrOWj4ZdtU4V.
privilege 1
exit
username techsupport
password encrypted $6$qQ9DjGu5Ho3PsG1P$kFSYXz6vF15o8dO9siAha7hTiTtA159xVUA9BSVGM3wgsSEKeAyGQK5HZKyIkplOhc3f4eXjUoDrdc.YxlLhn1
exit
username remote
password encrypted $6$pFzbQmya2cYltOhG$4NUtxJ1WkXRaqlhtpjfgSYAqlMsMpUZluPDvVFYQTVlNht8vsUpZgCLv7Xe/VRdD7XfRakVmVzrOWj4ZdtU4V.
exit
username netadmin
password encrypted $6$qQ9DjGu5Ho3PsG1P$kFSYXz6vF15o8dO9siAha7hTiTtA159xVUA9BSVGM3wgsSEKeAyGQK5HZKyIkplOhc3f4eXjUoDrdc.YxlLhn1
privilege 15
exit
enable password encrypted $6$AfOE17s2nl/CyvEy$6iroAkDn996cy.hfE69WQHuCyKZVsrLNff9Zpdtg4j/7GUDnUaNehPe/Ej5hxuJrLTHYe109dqurFYAVni3ue1 privilege 15
aaa authentication mode break
aaa authentication login CONSOLE local radius
aaa authentication login SSH radius local
aaa authentication enable default radius enable
radius-server host 10.1.122.248
key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9
source-interface loopback 1
exit
radius-server host 10.4.0.248
key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9
source-interface loopback 1
exit
line console
login authentication CONSOLE
exit
line ssh
login authentication SSH
exit
line aux 1
description "RT-1-2"
transport telnet port 2001
exit
line aux 2
description "SW-1-1"
speed 9600
transport telnet port 2002
exit
tech-support login enable
system jumbo-frames
system config-confirm timeout 120
no spanning-tree
domain lookup enable
domain name-server 10.4.0.1
domain name-server 10.1.8.1
domain name-server 1.1.1.1
domain name komos-group.ru
security zone LAN
exit
security zone WAN
exit
security zone VPN
exit
route-map RM_BGP_OUT
rule 1
description "Universal_MGMT_Loopback"
match ip address 10.111.0.0/16 ge 32 le 32
exit
rule 10
description "MSK-NOV2_PREFIX"
match ip address 10.14.104.0/21
exit
exit
route-map RM_BGP_IN
rule 10
match as-path end 64512
action set local-preference 1000
exit
exit
router bgp 64556
timers keepalive 10
timers holdtime 30
peer-group PG_BGP_IZM
remote-as 64512
graceful-restart
route-map RM_BGP_OUT out
exit
peer-group PG_BGP_P11
remote-as 64513
graceful-restart
route-map RM_BGP_OUT out
exit
neighbor 172.30.1.1
peer-group PG_BGP_IZM
address-family ipv4 unicast
enable
exit
enable
exit
neighbor 172.30.1.2
peer-group PG_BGP_IZM
address-family ipv4 unicast
route-map RM_BGP_IN in
enable
exit
enable
exit
neighbor 172.30.2.1
peer-group PG_BGP_P11
address-family ipv4 unicast
enable
exit
enable
exit
neighbor 172.30.2.2
peer-group PG_BGP_P11
address-family ipv4 unicast
enable
exit
enable
exit
neighbor 172.31.16.2
remote-as 64556
graceful-restart
address-family ipv4 unicast
route-map RM_BGP_OUT out
next-hop-self
enable
exit
enable
exit
address-family ipv4 unicast
network 10.14.104.0/21
network 10.111.56.1/32
exit
enable
exit
interface port-channel 1
description "[KU]_SW-1-1"
mtu 9100
exit
interface port-channel 1.2
description "Users"
security-zone LAN
ip address 10.14.105.252/24
ip helper-address 10.4.0.5
ip helper-address 10.1.8.5
vrrp id 1
vrrp ip 10.14.105.254/32
vrrp priority 120
vrrp group 1
vrrp version 3
vrrp
exit
interface port-channel 1.150
description "WIFI"
security-zone LAN
ip address 10.14.107.252/24
ip helper-address 10.4.0.5
ip helper-address 10.1.8.5
ip helper-address vrrp-group 1
vrrp id 2
vrrp ip 10.14.107.254/32
vrrp priority 120
vrrp group 1
vrrp version 3
vrrp
exit
interface port-channel 1.300
description "MGM"
security-zone LAN
ip address 10.14.104.252/25
vrrp id 30
vrrp ip 10.14.104.254/32
vrrp priority 120
vrrp group 1
vrrp version 3
vrrp
exit
interface port-channel 1.301
description "WIFI_MGM_Ubiquity"
security-zone LAN
ip address 10.14.106.124/25
ip helper-address 10.4.0.5
ip helper-address 10.1.8.5
ip helper-address vrrp-group 1
vrrp id 4
vrrp ip 10.14.106.126/32
vrrp priority 120
vrrp group 1
vrrp version 3
vrrp
exit
interface port-channel 1.305
description "WIFI_MGM_Eltex"
security-zone LAN
ip address 10.14.106.252/25
ip helper-address 10.4.0.5
ip helper-address 10.1.8.5
ip helper-address vrrp-group 1
vrrp id 5
vrrp ip 10.14.106.254/32
vrrp priority 120
vrrp group 1
vrrp version 3
vrrp
exit
interface port-channel 1.350
description "VOIP"
security-zone LAN
ip address 10.14.104.124/25
ip helper-address 10.4.0.5
ip helper-address 10.1.8.5
ip helper-address vrrp-group 1
vrrp id 6
vrrp ip 10.14.104.126/32
vrrp priority 120
vrrp group 1
vrrp version 3
vrrp
exit
interface port-channel 1.555
description "Transit_RT-1-1_RT-1-2"
security-zone LAN
ip address 172.31.16.1/29
exit
interface gigabitethernet 1/0/5
description "[KU]_Po1_SW-1-1"
mode switchport
mtu 9100
channel-group 1 mode auto
lldp transmit
lldp receive
exit
interface gigabitethernet 1/0/6
description "[KU]_Po1_SW-1-1"
mode switchport
mtu 9100
channel-group 1 mode auto
lldp transmit
lldp receive
exit
interface gigabitethernet 1/0/7
description "[ISP-100M]_Rosfon_ISP_A"
security-zone WAN
ip address 89.17.51.253/26
exit
interface gigabitethernet 1/0/8
description "[-ISP-xxM]_WAN_ISP_B"
mtu 9100
security-zone WAN
exit
interface loopback 1
description "MGMT_IP"
ip address 10.111.56.1/32
exit
tunnel gre 101
key 1001
ttl 255
mtu 1400
multipoint
security-zone VPN
local interface gigabitethernet 1/0/7
ip address 172.30.1.76/24
ip tcp adjust-mss 1360
ip nhrp authentication encrypted B18B2823930318AA
ip nhrp holding-time 300
ip nhrp map 172.30.1.2 78.85.13.42
ip nhrp map 172.30.1.1 85.140.32.27
ip nhrp nhs 172.30.1.1/24
ip nhrp nhs 172.30.1.2/24
ip nhrp ipsec IPSEC_VPN_HUB static
ip nhrp ipsec IPSEC_VPN_SPOKE dynamic
ip nhrp multicast nhs
ip nhrp enable
enable
exit
tunnel gre 102
key 1002
ttl 255
mtu 1400
multipoint
security-zone VPN
local interface gigabitethernet 1/0/7
ip address 172.30.2.76/24
ip tcp adjust-mss 1360
ip nhrp authentication encrypted B18B2823930318A9
ip nhrp holding-time 300
ip nhrp map 172.30.2.1 5.227.124.143
ip nhrp map 172.30.2.2 78.85.13.93
ip nhrp nhs 172.30.2.1/24
ip nhrp nhs 172.30.2.2/24
ip nhrp ipsec IPSEC_VPN_HUB static
ip nhrp ipsec IPSEC_VPN_SPOKE dynamic
ip nhrp multicast nhs
ip nhrp enable
enable
exit
snmp-server
snmp-server contact "INVENTAR_NUMBER"
snmp-server location "MSK, Novodmitrovskaya,2 , kor 2, of 0404"
snmp-server community lmTUEsk6Yvlv ro
security zone-pair WAN self
rule 10
description "permit_any_from_P11"
action permit
match source-address OBJ_NET_IZH_KG_P11
enable
exit
rule 20
description "permit_any_from_IZM"
action permit
match source-address OBJ_NET_IZH_MLK_IZM
enable
exit
exit
security zone-pair LAN VPN
rule 10
description "permit_any"
action permit
enable
exit
exit
security zone-pair VPN LAN
rule 10
description "permit_any"
action permit
enable
exit
exit
security zone-pair VPN self
rule 10
description "permit_svc"
action permit
match source-address OBJ_NET_SVC
enable
exit
rule 20
description "permit_icmp"
action permit
match protocol icmp
enable
exit
rule 30
description "permit_admins"
action permit
match source-address OBJ_NET_ADM_MGMT
enable
exit
exit
security zone-pair LAN WAN
rule 10
description "permit_any"
action permit
enable
exit
exit
security zone-pair LAN self
rule 10
description "permit_admins"
action permit
match source-address OBJ_NET_ADM_MGMT
enable
exit
rule 20
description "Deny_MGMT_ports_from_LAN"
action deny
match protocol tcp
match destination-port OBJ_SVC_MGMT
enable
exit
rule 100
description "PERMIT_ANY"
action permit
enable
exit
exit
security zone-pair LAN LAN
rule 10
description "permit_any"
action permit
enable
exit
exit
security zone-pair VPN VPN
rule 10
description "permit_any"
action permit
enable
exit
exit
security ike proposal IKE_PROP
encryption algorithm aes128
dh-group 2
exit
security ike policy IKE_POL
lifetime seconds 86400
pre-shared-key ascii-text encrypted 91B8083FE00447F6D804
proposal IKE_PROP
exit
security ike gateway IKE_GW_HUB
ike-policy IKE_POL
local address 89.17.51.253
local network 89.17.51.253/32 protocol gre
remote address any
remote network 78.85.13.42/32 protocol gre
remote network 85.140.32.27/32 protocol gre
remote network 5.227.124.143/32 protocol gre
remote network 78.85.13.93/32 protocol gre
mode policy-based
exit
security ike gateway IKE_GW_SPOKE
ike-policy IKE_POL
local address 89.17.51.253
local network 89.17.51.253/32 protocol gre
remote address any
remote network any protocol gre
mode policy-based
exit
security ipsec proposal IPSEC_PROP
encryption algorithm aes128
exit
security ipsec policy IPSEC_POL_HUB
proposal IPSEC_PROP
exit
security ipsec vpn IPSEC_VPN_HUB
mode ike
type transport
ike establish-tunnel route
ike gateway IKE_GW_HUB
ike ipsec-policy IPSEC_POL_HUB
enable
exit
security ipsec vpn IPSEC_VPN_SPOKE
mode ike
type transport
ike establish-tunnel route
ike gateway IKE_GW_SPOKE
ike ipsec-policy IPSEC_POL_HUB
enable
exit
security passwords min-length 5
security passwords numeric-count 1
security passwords upper-case 1
security passwords history 0
security passwords default-expired
ip firewall sessions tcp-estabilished-timeout 3600
ip firewall sessions tcp-connect-timeout 120
nat source
ruleset SNAT
to zone WAN
rule 10
description "SNAT for ALL users NOV2"
match source-address OBJ_NET_NAT_USERS
action source-nat interface
enable
exit
exit
exit
ip dhcp-relay
ip route 0.0.0.0/0 89.17.51.193
ip route 10.14.104.0/21 blackhole 254
ip ssh server
ip ssh authentication algorithm md5 disable
ip ssh authentication algorithm md5-96 disable
ip ssh authentication algorithm ripemd160 disable
ip ssh authentication algorithm sha1 disable
ip ssh authentication algorithm sha1-96 disable
ip ssh encryption algorithm aes128 disable
ip ssh encryption algorithm aes128ctr disable
ip ssh encryption algorithm aes192 disable
ip ssh encryption algorithm aes192ctr disable
ip ssh encryption algorithm arcfour disable
ip ssh encryption algorithm arcfour128 disable
ip ssh encryption algorithm arcfour256 disable
ip ssh encryption algorithm blowfish disable
ip ssh encryption algorithm cast128 disable
ip ssh key-exchange algorithm dh-group-exchange-sha1 disable
ip ssh key-exchange algorithm dh-group1-sha1 disable
ip ssh key-exchange algorithm dh-group14-sha1 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp256 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp384 disable
ip ssh key-exchange algorithm ecdh-sha2-nistp521 disable
lldp enable
clock timezone gmt +4
ntp enable
ntp server 91.240.179.254
prefer
minpoll 4
exit
ntp server 10.1.8.1
minpoll 4
exit
ntp server 10.4.0.1
minpoll 4
exit
zabbix-agent
active-server 192.168.8.99
hostname MSK-MLK-NOV2-RT-1-1
remote-commands
server 192.168.8.99
source-address 10.111.56.1
timeout 30
enable
exit
Reference in New Issue Copy Permalink