pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/files/cisco/IZH-KG-P11-RT-1-4.txt

1429 lines
46 KiB
Plaintext
Raw Normal View History

first commit
2025-10-31 08:47:26 +04:00
Building configuration...
Current configuration : 47041 bytes
!
! Last configuration change at 11:03:10 IZH Tue Jul 19 2022 by adm_kapustinal
! NVRAM config last updated at 01:00:00 IZH Thu Jul 28 2022
!
version 16.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
service unsupported-transceiver
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 1000000
!
hostname IZH-KG-P11-RT-1-4
!
boot-start-marker
boot system flash isr4400-universalk9.16.09.04.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 65536
enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1
!
aaa new-model
!
!
aaa group server radius NPS
server name IZH-RDS002
server name P11-RDS003
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated
!
!
!
!
!
!
aaa session-id common
clock timezone IZH 4 0
!
ip host tftp 10.4.0.214
no ip domain lookup
ip domain name komos.ru
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
flow exporter FLOW_EXPORTER_NTOP
destination 10.4.0.215
source GigabitEthernet0/0/1.551
transport udp 9995
export-protocol netflow-v5
!
!
flow exporter FLOW_EXPORTER_CISCO
destination 10.4.0.217
source GigabitEthernet0/0/1.551
transport udp 9995
export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR_INPUT
description input
exporter FLOW_EXPORTER_CISCO
cache timeout inactive 10
cache timeout active 60
record netflow ipv4 original-input
!
!
flow monitor FLOW_MONITOR_OUTPUT
description output
exporter FLOW_EXPORTER_CISCO
cache timeout inactive 10
cache timeout active 60
record netflow ipv4 original-output
!
!
!
!
crypto pki trustpoint TP-self-signed-2363434832
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2363434832
revocation-check none
rsakeypair TP-self-signed-2363434832
!
!
crypto pki certificate chain TP-self-signed-2363434832
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333633 34333438 3332301E 170D3139 30393034 31303437
32385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363334
33343833 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100CE13 360EE118 1FD80BA9 3A3B82FA BFF8353C AA5EC046 1A53D50D
3144AFF4 6A263B2E D519E509 A0979C8F 2CE57BDB CF71B52F 2B2A9674 780128EC
A2035953 4A7AAC91 DE35D974 8B06245E DB302B23 73EF3CD1 EC9B666D BEDBF006
57E3D140 A6E3ACFD 1D1F127A 97588ED0 D8881EBE 4FD78D02 0C512804 8831E31B
96D0987E 8B95B976 532B3FF0 D1BC5D57 B4F72477 AA62F439 7EE8192F E697C9CE
6C1E1569 425AB397 5551B1AC 824523CC 3FFD55F6 068C4A44 C6EB095F CF70FAB1
71FF6633 1247D83E 6A9140EF B9C87E4F 6C5C2A16 10ED10D1 47CEEFD2 507DE555
453E7E56 EA37BB43 68BA1C81 3C693B71 653B8898 1A26385E 0AB6E054 908ED99D
6EF5930A 538B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1438E369 59FC92BA 8DED2B12 C8B1DAD4 C1758151
1F301D06 03551D0E 04160414 38E36959 FC92BA8D ED2B12C8 B1DAD4C1 7581511F
300D0609 2A864886 F70D0101 05050003 82010100 5ABB039B 0150A35A 7A83A051
83BC6BB7 067D491F 3B7196A6 5848F3A5 C321D8C4 AF46F22E 3A1A6216 A1E18FFB
8D91FE67 101605FC DAF618FE C40E954E BDF6CCAF A109E140 364372FF 7C1BF3B6
64EDE796 B7A9CFBC D5BB240F 291F609F FB4A4AF4 081F027A 4C95EF59 1155384D
7F5389D5 02A273BB 17791B34 171DEBB1 ECF3C34F 130E70AB 038DD10C 2280D550
A8156BE5 0B8B0749 2BBF815E 45C9B806 4E522325 80FA3C10 C0CE29EA F9D21591
B3F28070 3D7E4CFE FE213BB0 E5C4D9C3 1181BC0D 64C09068 658F317A 51429A86
126AC059 90B475CB EEF13495 1F8D534A 8769D760 C8A86CCE 59F681F7 FF56BCCD
4B56CF93 8775F5A1 57C725F5 CE5DDCAC BE32F63D
quit
!
license udi pid ISR4431/K9 sn FOC23172U6P
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
archive
log config
logging enable
logging size 900
notify syslog contenttype plaintext
hidekeys
path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf
write-memory
time-period 10080
!
!
!
!
!
object-group network OBJ_BBN_RN_BBN
host 85.140.32.104
host 78.85.13.205
!
object-group network OBJ_BEECLOUD
host 82.142.146.70
!
object-group network OBJ_IZH_MLK_IZM
host 85.140.32.27
host 78.85.13.42
host 5.227.126.169
host 31.173.105.54
host 217.14.195.253
host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11
91.240.179.0 255.255.255.0
host 5.227.124.143
host 78.85.13.93
host 62.141.96.126
host 84.201.247.190
host 88.80.33.50
host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM
host 5.227.124.82
host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44
host 212.46.204.74
host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48
host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR
host 87.249.239.226
host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK
host 185.62.195.150
host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK
host 31.173.105.62
host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK
host 83.69.126.54
host 94.180.253.210
host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS
host 31.173.105.66
host 78.85.13.52
host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK
host 178.47.128.18
host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM
host 31.173.105.58
host 78.85.13.53
host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK
host 37.113.128.241
host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ
host 78.85.13.94
host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA
host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK
host 78.25.80.134
host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17
host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI
host 78.85.15.85
host 84.201.247.24
host 79.175.36.97
host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB
host 62.168.232.182
host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56
host 83.143.54.246
host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM
host 85.140.32.177
host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF
host 95.215.208.234
host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF
host 85.140.32.141
host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV
host 85.140.32.178
host 94.181.119.90
host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF
host 78.85.13.118
host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF
host 178.47.130.10
host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF
host 178.205.241.114
host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL
host 5.227.124.130
host 78.85.34.99
host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH
host 88.80.33.250
host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA
host 85.140.32.24
host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB
host 78.85.37.88
host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK
host 78.85.19.93
host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK
host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM
host 89.232.91.106
host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB
host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL
host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB
host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61
host 84.201.247.32
host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL
host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2
94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80
host 178.161.207.26
host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9
host 178.47.128.98
host 194.150.90.20
host 194.150.91.170
!
object-group network OBJ_KGB_RN_KGB
host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH
host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI
host 78.85.13.167
!
object-group network OBJ_URN_RN_URN
host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM
host 88.80.32.230
host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG
host 95.215.208.240
host 146.120.104.235
host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21
host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP
host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK
host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17
host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17
85.140.32.64 255.255.255.252
host 85.140.32.63
host 85.140.32.68
!
object-group network OBJ_IZH_VST_VS298
host 91.144.167.3
host 178.176.100.154
!
object-group network OBJ_SPB_KG_SPB
host 94.72.27.43
host 62.141.114.190
!
object-group network OBJ_IZH_VRS_AKS
host 5.227.124.50
host 87.249.233.80
!
object-group network OBJ_CLOUD_RT
host 195.19.101.162
!
object-group network OBJ_IZH_KI_VOR158
host 46.147.130.59
host 5.227.125.126
!
object-group network OBJ_BRANCHES
group-object OBJ_IZH_MLK_IZM
group-object OBJ_IZH_KG_P11
group-object OBJ_IZH_VST_IZM
group-object OBJ_IZH_TK_M44
group-object OBJ_IZH_TK_M48
group-object OBJ_IZH_TK_SMR
group-object OBJ_MSK_KG_MSK
group-object OBJ_GLZ_MLK_GMK
group-object OBJ_KZN_MLK_KMK
group-object OBJ_KEZ_MLK_KZS
group-object OBJ_PRM_MLK_PHK
group-object OBJ_SAR_MLK_SRM
group-object OBJ_CLB_MLK_CMK
group-object OBJ_BBN_RN_BBN
group-object OBJ_GLZ_GKZ_GKZ
group-object OBJ_KIA_RN_KIA
group-object OBJ_IZH_TZK_TZK
group-object OBJ_IZH_MK_VS17
group-object OBJ_IZH_KL_KLI
group-object OBJ_EKB_KG_EKB
group-object OBJ_IZH_KEN_VS56
group-object OBJ_IZH_VRS_IZM
group-object OBJ_GLZ_VRS_UPF
group-object OBJ_IZH_VRS_IPF
group-object OBJ_IZH_VRS_PFV
group-object OBJ_VOT_VRS_VPF
group-object OBJ_PRM_VRS_MPF
group-object OBJ_LAI_VRS_DPF
group-object OBJ_ITL_VST_ITL
group-object OBJ_MZH_VST_MZH
group-object OBJ_KIA_VST_KIA
group-object OBJ_KGB_VST_KBB
group-object OBJ_SAR_VST_SMK
group-object OBJ_KNK_VST_KMK
group-object OBJ_SHM_TMA_SHM
group-object OBJ_MSB_TMA_MSB
group-object OBJ_EVL_TMA_EVL
group-object OBJ_KIB_TMA_KIB
group-object OBJ_IZH_KM_S61
group-object OBJ_YAN_GKZ_YEL
group-object OBJ_KUN_KMK_B2
group-object OBJ_KUN_KMK_H80
group-object OBJ_KUN_KMK_CH9
group-object OBJ_KGB_RN_KGB
group-object OBJ_NCH_RN_NCH
group-object OBJ_PRI_RN_PRI
group-object OBJ_URN_RN_URN
group-object OBJ_MZH_TK_TKM
group-object OBJ_GLZ_TK_TKG
group-object OBJ_IZH_TK_M21
group-object OBJ_IZH_HLA_PP
group-object OBJ_IZH_HLA_UHK
group-object OBJ_IZH_VD_VS17
group-object OBJ_IZH_KS_H17
group-object OBJ_IZH_VST_VS298
group-object OBJ_SPB_KG_SPB
group-object OBJ_IZH_VRS_AKS
group-object OBJ_CLOUD_RT
group-object OBJ_IZH_KI_VOR158
!
object-group network STATIC_ISP_IP
host 78.85.13.93
host 195.239.120.225
!
!
!
username netadmin privilege 15 secret 5 $1$Wk4d$y8WZdYo4LIMHBGEMNyDCb0
!
redundancy
mode none
!
!
!
!
!
!
!
class-map match-any CM_QOS_Q2
match access-group name ACL_QOS_Q2
class-map match-any CM_QOS_Q3
match access-group name ACL_QOS_Q3
class-map match-any CM_QOS_Q1
match access-group name ACL_QOS_Q1
class-map match-any CM_QOS_Q4
match access-group name ACL_QOS_Q4
class-map match-any CM_QOS_Q5
match access-group name ACL_QOS_Q5
class-map type inspect match-any CM-LAN_TO_WAN_KOM
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all CM-WAN_TO_LAN_KOM
match access-group name ACL-WAN_TO_LAN_KOM
class-map type inspect match-all CM-WAN_TO_SELF_KOM
match access-group name ACL-WAN_TO_SELF_KOM
class-map type inspect match-all CM-DMVPN_KOM
match access-group name ACL-DMVPN_TRAFFIC_KOM
!
policy-map type inspect PM-DMVPN_KOM
class type inspect CM-DMVPN_KOM
pass
class class-default
drop
policy-map type inspect PM-SELF_TO_WAN_KOM
description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN
class class-default
pass
policy-map type inspect PM-ALLPASS_KOM
class class-default
pass
policy-map PM_QOS_IN
class CM_QOS_Q5
set ip dscp cs5
class CM_QOS_Q4
set ip dscp cs4
class CM_QOS_Q3
set ip dscp cs3
class CM_QOS_Q2
set ip dscp cs2
class CM_QOS_Q1
set ip dscp cs1
class class-default
set ip dscp default
policy-map type inspect PM-WAN_TO_SELF_KOM
class type inspect CM-WAN_TO_SELF_KOM
pass
class class-default
drop
policy-map type inspect PM-WAN_TO_LAN_KOM
class type inspect CM-WAN_TO_LAN_KOM
inspect
class class-default
drop
policy-map type inspect PM-LAN_TO_WAN_KOM
class type inspect CM-LAN_TO_WAN_KOM
inspect
class class-default
drop
!
zone security LAN
zone security WAN
zone security DMVPN
zone security MGMT
description Management Network Equipment
zone-pair security ZP-DMVPN_TO_SELF_KOM source DMVPN destination self
service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN
service-policy type inspect PM-LAN_TO_WAN_KOM
zone-pair security ZP-MGMT_TO_SELF source MGMT destination self
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_TO_MGMT source self destination MGMT
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN
service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN
service-policy type inspect PM-SELF_TO_WAN_KOM
zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN
service-policy type inspect PM-WAN_TO_LAN_KOM
zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self
service-policy type inspect PM-WAN_TO_SELF_KOM
zone-pair security ZP_DMVPN_TO_LAN_KOM source DMVPN destination LAN
service-policy type inspect PM-ALLPASS_KOM
!
!
!
!
!
crypto isakmp policy 150
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 160
encr aes 256
authentication pre-share
group 14
crypto isakmp key F5BfdOazun4M address 82.142.146.70
crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
crypto ipsec security-association replay disable
!
crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac
mode transport
crypto ipsec transform-set TS-BEECLOUD esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile BEECLOUD
set transform-set TS-BEECLOUD
set pfs group14
!
crypto ipsec profile IPSEC_DMVPN
description -==SPOKE to SITE DMVPN IPSec GRE Profile ==-
set transform-set TS_DMVPN
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback9999
ip address 10.1.255.1 255.255.255.0
!
interface Tunnel103
description BeeCLOUD
ip address 10.1.50.13 255.255.255.252
no ip redirects
ip mtu 1400
zone-member security DMVPN
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/2
tunnel mode ipsec ipv4
tunnel destination 82.142.146.70
tunnel protection ipsec profile BEECLOUD
!
interface Tunnel1001
description DMVPN_SPOKE2_Cloud1
bandwidth 100000
ip address 172.30.1.4 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication M_K.Cl01
ip nhrp map 172.30.1.1 85.140.32.27
ip nhrp map 172.30.1.2 78.85.13.42
ip nhrp map multicast 85.140.32.27
ip nhrp map multicast 78.85.13.42
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp nhs 172.30.1.1
ip nhrp nhs 172.30.1.2
zone-member security DMVPN
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0.3074
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel1002
description DMVPN-HUB2-Cloud2
bandwidth 100000
ip address 172.30.2.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication M_K.Cl02
ip nhrp network-id 1002
ip nhrp holdtime 300
ip nhrp redirect
zone-member security DMVPN
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0.3074
tunnel mode gre multipoint
tunnel key 1002
tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface GigabitEthernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
!
interface GigabitEthernet0/0/0.3074
description [ISP-100M] Rostelecom_DMVPN
bandwidth 100000
encapsulation dot1Q 3074
ip address 78.85.13.93 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
zone-member security WAN
!
interface GigabitEthernet0/0/1
description [CORE] SW-1-2
no ip address
negotiation auto
service-policy input PM_QOS_IN
!
interface GigabitEthernet0/0/1.100
description MGM
encapsulation dot1Q 100
ip address 10.1.1.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
zone-member security LAN
!
interface GigabitEthernet0/0/1.551
description --TRANSIT_HSRP--
encapsulation dot1Q 551
ip flow monitor FLOW_MONITOR_INPUT input
ip flow monitor FLOW_MONITOR_OUTPUT output
ip address 10.1.239.21 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface GigabitEthernet0/0/1.598
description Transit_Network_to_Core
encapsulation dot1Q 598
ip flow monitor FLOW_MONITOR_INPUT input
ip flow monitor FLOW_MONITOR_OUTPUT output
ip address 172.30.30.42 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
zone-member security LAN
standby version 2
standby 598 ip 172.30.30.43
standby 598 timers 5 15
standby 598 priority 150
standby 598 preempt delay minimum 30
standby 598 authentication BDC_Kom
standby 598 name HSRP-TRANSIT-VLAN_598
ip policy route-map GLOBAL_ROUTING
!
interface GigabitEthernet0/0/2
description [ISP-1G] BeeLine for BEECLOUD
ip address 195.239.120.225 255.255.255.254
ip nat outside
zone-member security WAN
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.1.254.253 255.255.255.0
zone-member security MGMT
negotiation auto
!
router bgp 64513
bgp router-id 172.30.30.42
bgp log-neighbor-changes
bgp graceful-restart
timers bgp 10 30
neighbor TO_MTS_PEERS peer-group
neighbor TO_MTS_PEERS next-hop-self all
neighbor TO_MTS_PEERS soft-reconfiguration inbound
neighbor TO_RT_PEERS peer-group
neighbor TO_RT_PEERS next-hop-self all
neighbor TO_RT_PEERS soft-reconfiguration inbound
neighbor TO_RT_PEERS route-map RM_RT_LP in
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group
neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522
neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all
neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KMK peer-group
neighbor PG_BGP_SPOKE_KMK remote-as 64516
neighbor PG_BGP_SPOKE_KMK next-hop-self all
neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group
neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527
neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all
neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_PERM peer-group
neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529
neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all
neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group
neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526
neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all
neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_KAZAN peer-group
neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528
neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all
neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group
neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525
neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all
neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group
neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524
neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all
neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_DC peer-group
neighbor PG_BGP_SPOKE_PF_DC remote-as 64523
neighbor PG_BGP_SPOKE_PF_DC next-hop-self all
neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group
neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530
neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all
neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group
neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531
neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all
neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group
neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534
neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all
neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_GKZ peer-group
neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535
neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all
neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_KIB peer-group
neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548
neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all
neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_EVL peer-group
neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547
neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all
neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_MSB peer-group
neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549
neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all
neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_SHM peer-group
neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546
neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all
neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group
neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550
neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all
neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_BBN peer-group
neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541
neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all
neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_IZM peer-group
neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539
neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all
neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_SMK peer-group
neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543
neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all
neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KIA peer-group
neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540
neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all
neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KGB peer-group
neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544
neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all
neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KNK peer-group
neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545
neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all
neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_ITL peer-group
neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538
neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all
neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_SPB peer-group
neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552
neighbor PG_BGP_SPOKE_KG_SPB next-hop-self
neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_AKS peer-group
neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553
neighbor PG_BGP_SPOKE_PF_AKS next-hop-self
neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_MZH peer-group
neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542
neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_MK peer-group
neighbor PG_BGP_SPOKE_MK remote-as 64520
neighbor PG_BGP_SPOKE_MK next-hop-self all
neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KM peer-group
neighbor PG_BGP_SPOKE_KM remote-as 64519
neighbor PG_BGP_SPOKE_KM next-hop-self all
neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in
neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_SRM peer-group
neighbor PG_BGP_SPOKE_SRM remote-as 64518
neighbor PG_BGP_SPOKE_SRM next-hop-self all
neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PHK peer-group
neighbor PG_BGP_SPOKE_PHK remote-as 64517
neighbor PG_BGP_SPOKE_PHK next-hop-self all
neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KZS peer-group
neighbor PG_BGP_SPOKE_KZS remote-as 64515
neighbor PG_BGP_SPOKE_KZS next-hop-self all
neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_GMK peer-group
neighbor PG_BGP_SPOKE_GMK remote-as 64514
neighbor PG_BGP_SPOKE_GMK next-hop-self all
neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_IZM peer-group
neighbor PG_BGP_SPOKE_IZM remote-as 64512
neighbor PG_BGP_SPOKE_IZM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_IZM weight 500
neighbor 10.1.50.14 remote-as 64554
neighbor 10.1.50.14 soft-reconfiguration inbound
neighbor 10.1.50.14 route-map RM_FROM_BEECLOUD in
neighbor 10.1.50.14 route-map RM_SPOKE_OUT out
neighbor 172.30.1.1 peer-group PG_BGP_SPOKE_IZM
neighbor 172.30.1.2 peer-group PG_BGP_SPOKE_IZM
neighbor 172.30.2.5 peer-group PG_BGP_SPOKE_GMK
neighbor 172.30.2.6 peer-group PG_BGP_SPOKE_GMK
neighbor 172.30.2.7 peer-group PG_BGP_SPOKE_KZS
neighbor 172.30.2.8 peer-group PG_BGP_SPOKE_KZS
neighbor 172.30.2.9 peer-group PG_BGP_SPOKE_KMK
neighbor 172.30.2.10 peer-group PG_BGP_SPOKE_KMK
neighbor 172.30.2.11 peer-group PG_BGP_SPOKE_PHK
neighbor 172.30.2.12 peer-group PG_BGP_SPOKE_PHK
neighbor 172.30.2.13 peer-group PG_BGP_SPOKE_SRM
neighbor 172.30.2.14 peer-group PG_BGP_SPOKE_SRM
neighbor 172.30.2.15 peer-group PG_BGP_SPOKE_KM
neighbor 172.30.2.16 peer-group PG_BGP_SPOKE_KM
neighbor 172.30.2.17 peer-group PG_BGP_SPOKE_MK
neighbor 172.30.2.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
neighbor 172.30.2.19 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
neighbor 172.30.2.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
neighbor 172.30.2.21 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
neighbor 172.30.2.23 peer-group PG_BGP_SPOKE_PF_DC
neighbor 172.30.2.24 peer-group PG_BGP_SPOKE_PF_DC
neighbor 172.30.2.25 peer-group PG_BGP_SPOKE_PF_GLAZOV
neighbor 172.30.2.26 peer-group PG_BGP_SPOKE_PF_GLAZOV
neighbor 172.30.2.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO
neighbor 172.30.2.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO
neighbor 172.30.2.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK
neighbor 172.30.2.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK
neighbor 172.30.2.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK
neighbor 172.30.2.31 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK
neighbor 172.30.2.33 peer-group PG_BGP_SPOKE_PF_KAZAN
neighbor 172.30.2.34 peer-group PG_BGP_SPOKE_PF_KAZAN
neighbor 172.30.2.35 peer-group PG_BGP_SPOKE_PF_PERM
neighbor 172.30.2.36 peer-group PG_BGP_SPOKE_PF_PERM
neighbor 172.30.2.37 peer-group PG_BGP_SPOKE_KG_MOSCOW
neighbor 172.30.2.37 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.38 peer-group PG_BGP_SPOKE_KG_MOSCOW
neighbor 172.30.2.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
neighbor 172.30.2.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
neighbor 172.30.2.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK
neighbor 172.30.2.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA
neighbor 172.30.2.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG
neighbor 172.30.2.45 peer-group PG_BGP_SPOKE_KG_GKZ
neighbor 172.30.2.46 peer-group PG_BGP_SPOKE_KG_GKZ
neighbor 172.30.2.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 172.30.2.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 172.30.2.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY
neighbor 172.30.2.50 peer-group PG_BGP_SPOKE_VST_IZM
neighbor 172.30.2.51 peer-group PG_BGP_SPOKE_VST_IZM
neighbor 172.30.2.52 peer-group PG_BGP_SPOKE_VST_ITL
neighbor 172.30.2.53 peer-group PG_BGP_SPOKE_VST_ITL
neighbor 172.30.2.54 peer-group PG_BGP_SPOKE_VST_KIA
neighbor 172.30.2.55 peer-group PG_BGP_SPOKE_VST_KIA
neighbor 172.30.2.56 peer-group PG_BGP_SPOKE_VST_BBN
neighbor 172.30.2.57 peer-group PG_BGP_SPOKE_VST_BBN
neighbor 172.30.2.58 peer-group PG_BGP_SPOKE_VST_MZH
neighbor 172.30.2.59 peer-group PG_BGP_SPOKE_VST_MZH
neighbor 172.30.2.60 peer-group PG_BGP_SPOKE_VST_SMK
neighbor 172.30.2.60 route-map RM_RT_LP in
neighbor 172.30.2.61 peer-group PG_BGP_SPOKE_VST_SMK
neighbor 172.30.2.62 peer-group PG_BGP_SPOKE_VST_KGB
neighbor 172.30.2.62 route-map RM_RT_LP in
neighbor 172.30.2.63 peer-group PG_BGP_SPOKE_VST_KGB
neighbor 172.30.2.64 peer-group PG_BGP_SPOKE_VST_KNK
neighbor 172.30.2.65 peer-group PG_BGP_SPOKE_TMA_SHM
neighbor 172.30.2.66 peer-group PG_BGP_SPOKE_TMA_SHM
neighbor 172.30.2.67 peer-group PG_BGP_SPOKE_TMA_EVL
neighbor 172.30.2.68 peer-group PG_BGP_SPOKE_TMA_KIB
neighbor 172.30.2.69 peer-group PG_BGP_SPOKE_TMA_MSB
neighbor 172.30.2.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY
neighbor 172.30.2.73 peer-group PG_BGP_SPOKE_KG_SPB
neighbor 172.30.2.74 peer-group PG_BGP_SPOKE_PF_AKS
neighbor 172.30.2.75 peer-group PG_BGP_SPOKE_PF_AKS
neighbor 172.30.2.76 remote-as 64556
neighbor 172.30.2.76 next-hop-self all
neighbor 172.30.2.76 soft-reconfiguration inbound
neighbor 172.30.2.76 route-map RM_SPOKE_OUT out
neighbor 172.30.30.41 remote-as 64513
neighbor 172.30.30.41 description To-ISR4431_1
neighbor 172.30.30.41 next-hop-self all
neighbor 172.30.30.41 soft-reconfiguration inbound
neighbor 172.30.30.46 remote-as 64513
neighbor 172.30.30.46 description To-Catalyst6506
neighbor 172.30.30.46 next-hop-self all
neighbor 172.30.30.46 soft-reconfiguration inbound
distance bgp 150 150 150
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
ip nat translation max-entries host 192.168.2.200 1000
ip nat inside source static tcp 10.1.19.121 5001 78.85.13.93 5001 extendable
ip nat inside source static tcp 192.168.1.253 7789 78.85.13.93 7789 extendable
ip nat inside source route-map RM_NAT_BEELINE interface GigabitEthernet0/0/2 overload
ip nat inside source route-map RM_NAT_RT interface GigabitEthernet0/0/0.3074 overload
ip route 0.0.0.0 0.0.0.0 78.85.13.1 100 name --RT_DMVPN--
ip route 10.1.30.0 255.255.255.0 78.85.13.1
ip route 82.142.146.68 255.255.255.252 195.239.120.224 name BeeCLOUD
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.254.254
!
!
!
ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24
!
ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29
ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25
!
ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29
ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22
ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25
ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24
!
ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24
ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29
ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24
ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24
ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24
ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24
ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24
ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24
ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25
!
ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24
ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30
ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29
ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22
ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24
ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24
!
ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29
ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25
ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24
!
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 30 permit 10.0.0.0/14
ip prefix-list OUT_TO_KOMOS_MEDIA seq 40 permit 192.168.0.0/22
ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21
ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22
ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MILKOM_MAIN seq 10 permit 10.0.0.0/14
ip prefix-list OUT_TO_MILKOM_MAIN seq 20 permit 192.168.0.0/22
!
ip prefix-list PFL_ROUTE_TO_MLK seq 10 permit 10.0.0.0/14 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 20 permit 10.14.24.0/21 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 30 permit 172.31.2.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 40 permit 192.168.0.0/22
ip prefix-list PFL_ROUTE_TO_MLK seq 50 permit 10.14.17.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 60 permit 10.14.52.0/22
!
ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0
ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_FROM_BEECLOUD seq 5 permit 10.100.0.0/24 le 25
ip prefix-list PL_FROM_BEECLOUD seq 10 permit 10.101.0.0/20 le 24
!
ip prefix-list PL_TO_BEECLOUD seq 5 permit 10.0.0.0/8 le 24
!
ip access-list extended ACL-DMVPN_TRAFFIC_KOM
permit ip any any
permit tcp any any eq 22
permit icmp any any
permit gre any any
permit udp any any eq isakmp
permit esp any any
permit eigrp any any
ip access-list extended ACL-WAN_TO_LAN_KOM
deny ip any any
permit ip any any
ip access-list extended ACL-WAN_TO_SELF_KOM
permit ip 10.1.30.0 0.0.0.255 any
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
permit esp object-group OBJ_BEECLOUD object-group STATIC_ISP_IP
permit udp object-group OBJ_BEECLOUD object-group STATIC_ISP_IP eq isakmp
permit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any administratively-prohibited
permit icmp any any echo
deny ip any any
ip access-list extended ACL_NAT_BEECLOUD
permit ip host 10.1.19.121 any
ip access-list extended ACL_NAT_RT_CLOUD
deny ip any 10.1.30.0 0.0.0.255
permit ip 192.168.252.0 0.0.0.255 any
permit ip 10.1.17.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.3.255 any
permit ip host 10.1.19.121 any
ip access-list extended ACL_QOS_Q1
remark WEB Internet
permit tcp any any eq www 443 8443
permit tcp any eq www 443 8443 any
remark Samba
permit tcp any any eq 445
permit tcp any eq 445 any
ip access-list extended ACL_QOS_Q2
remark 1C
permit tcp any any range 1560 1591
permit tcp any any eq 1540 1541
permit tcp any range 1560 1591 any
permit tcp any eq 1540 1541 any
remark SQL
permit udp any any eq 1433
permit tcp any any eq 1433
permit udp any eq 1433 any
permit tcp any eq 1433 any
remark WEB Local
permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443
permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443
permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443
permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any
permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any
permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any
ip access-list extended ACL_QOS_Q3
remark SIP
permit udp any any eq 5060 5061
permit udp any eq 5060 5061 any
remark RDP
permit tcp any any eq 3389
permit tcp any eq 3389 any
permit udp any any eq 3389
permit udp any eq 3389 any
remark SSH
permit tcp any any eq 22
permit tcp any eq 22 any
remark Winbox
permit tcp any any eq 8291
permit tcp any eq 8291 any
ip access-list extended ACL_QOS_Q4
remark TEAMS + Confirence and other + Telegram
ip access-list extended ACL_QOS_Q5
remark RTP trafic
permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000
permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000
permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000
permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000
remark DNS
permit udp any any eq domain
permit tcp any any eq domain
permit udp any eq domain any
permit tcp any eq domain any
remark NTP
permit udp any any eq ntp
remark LDAP
permit udp any any eq 389 88
permit tcp any any eq 389 88
permit udp any eq 389 88 any
permit tcp any eq 389 88 any
ip access-list extended ACL_TO_CLOUD_RT
permit ip 10.0.0.0 0.255.255.255 10.1.30.0 0.0.0.255
permit ip 10.1.255.0 0.0.0.255 10.1.30.0 0.0.0.255
permit ip 10.1.0.0 0.0.255.255 10.1.30.0 0.0.0.255
permit ip 10.4.0.0 0.0.255.255 10.1.30.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 10.1.30.0 0.0.0.255
ip access-list extended Access_VTY
permit icmp any any
permit tcp 10.0.0.0 0.255.255.255 eq 22 any
permit tcp 192.168.0.0 0.0.255.255 eq 22 any
permit tcp 172.0.0.0 0.16.255.255 eq 22 any
deny ip any any
ip access-list extended LOCAL_TRAFFIC
permit ip any 192.168.0.0 0.0.255.255
permit ip any 10.0.0.0 0.255.255.255
permit ip any 172.16.0.0 0.15.255.255
ip sla 7777
icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0/0.3074
request-data-size 1400
threshold 600
timeout 2000
frequency 30
ip sla schedule 7777 life forever start-time now
kron occurrence EveryDay at 1:00 recurring
policy-list SaveBackup
!
kron policy-list SaveBackup
cli write memory
!
logging origin-id hostname
logging source-interface GigabitEthernet0/0/1.100
logging host 10.4.244.4 transport udp port 515
!
!
route-map RM_KEZ_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_RT_LP permit 20
set local-preference 900
!
route-map RM_NAT_BEELINE permit 10
match ip address ACL_NAT_BEECLOUD
match interface GigabitEthernet0/0/2
!
route-map GLOBAL_ROUTING permit 5
match ip address LOCAL_TRAFFIC
!
route-map GLOBAL_ROUTING permit 10
match ip address ACL_NAT_BEECLOUD
set ip next-hop 195.239.120.224
!
route-map GLOBAL_ROUTING permit 20
!
route-map RM_KAZAN_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_GLAZOV_IN permit 20
match ip address prefix-list IN_FROM_PS_GLAZOV
!
route-map RM_PERM_IN permit 20
match ip address prefix-list IN_FROM_PS_PERM
!
route-map RM_SPOKE_OUT deny 10
match ip address prefix-list PL_DF_GW
!
route-map RM_SPOKE_OUT permit 20
!
route-map RM_TO_BEECLOUD permit 10
match ip address prefix-list PL_TO_BEECLOUD
set as-path prepend 64513
!
route-map RM_SARAPUL_OUT permit 20
match ip address prefix-list OUT_ALL_PS_MILKOM
!
route-map RM_FROM_BEECLOUD permit 10
match ip address prefix-list PL_FROM_BEECLOUD
set as-path prepend 64554
!
route-map RM_KOMOS_MEDIA_OUT permit 10
match ip address prefix-list OUT_TO_KOMOS_MEDIA
!
route-map RM_BGP_FROM_SPOKE permit 10
set local-preference 900
!
route-map RM_NAT_RT permit 10
match ip address ACL_NAT_RT_CLOUD
match interface GigabitEthernet0/0/0.3074
!
route-map RM_TO_MILKON_MAIN_OUT permit 20
match ip address prefix-list PFL_ROUTE_TO_MLK
!
route-map RM_KAZAN_IN permit 20
match ip address prefix-list IN_FROM_PS_KAZAN
!
route-map RM_KEZ_IN permit 20
match ip address prefix-list IN_FROM_PS_KEZ
!
route-map RM_SARAPUL_IN permit 20
match ip address prefix-list IN_FROM_PS_SARAPUL
!
route-map RM_MEAT_COMPANY_OUT permit 10
match ip address prefix-list OUT_TO_MEAT_COMPANY
!
route-map RM_KOMOS_MEDIA_IN permit 10
match ip address prefix-list IN_FROM_KOMOS_MEDIA
!
route-map RM_GLAZOV_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_PERM_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv
!
!
!
radius server IZH-RDS002
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
radius server P11-RDS003
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
!
control-plane
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
alias exec q exit
alias exec sib sh ip int brief
!
line con 0
login authentication CONSOLE
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
login authentication NPS
length 0
transport input ssh
line vty 5 15
exec-timeout 120 0
login authentication NPS
transport input ssh
!
ntp source GigabitEthernet0/0/1.100
ntp server 10.1.8.1
ntp server 10.1.8.2
!
!
!
!
!
end
Reference in New Issue Copy Permalink