ansible/backup/files/cisco/IZH-VRS-AKS-RT-1-2.txt

Building configuration...


Current configuration : 12403 bytes
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime localtime
no service password-encryption
no service dhcp
!
hostname IZH-VRS-AKS-RT-1-2
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.157-3.M4b.bin
boot-end-marker
!
!
logging console critical
!
aaa new-model
!
!
aaa group server radius NPS
 server name IZH-RDS002
 server name P11-RDS003
 ip radius source-interface GigabitEthernet0/2.300
 load-balance method least-outstanding
!
aaa authentication login default local group NPS enable
aaa authentication login LOCAL_AUTH local
aaa authentication login CONSOLE local group NPS
aaa authorization exec default local group NPS if-authenticated 
!
!
!
!
!
!
aaa session-id common
memory-size iomem 25
clock timezone IZH 4 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip vrf AUX
!
ip dhcp excluded-address 10.8.80.1 10.8.80.30
ip dhcp excluded-address 10.8.80.252 10.8.80.254
!
ip dhcp pool DHCP-AKS-USERS
 network 10.8.80.0 255.255.255.0
 domain-name varaksino.local
 dns-server 192.168.72.59 10.8.17.100 
 default-router 10.8.80.254 
!
ip dhcp pool DHCP-AKS-VOICE
 network 10.8.82.0 255.255.255.128
 default-router 10.8.82.126 
 domain-name varaksino.local
 dns-server 192.168.72.59 10.8.17.100 
!
!
!
ip domain name komos.ru
ip host tftp 10.4.0.214
ip cef
login block-for 60 attempts 3 within 20
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
vxml logging-tag
license udi pid CISCO2911/K9 sn FGL171511YT
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
object-group network NET_KOMOSGROUP 
 host 88.80.33.50
 91.240.179.0 255.255.255.0
 host 62.141.96.126
 host 94.25.46.122
 host 88.80.33.10
 host 5.227.124.143
 host 84.201.247.190
!
object-group network NET_MLK 
 description :: MILKOM_DATACENTER
 host 85.140.32.177
 host 78.85.14.98
 host 213.87.95.1
 host 85.140.32.27
 host 78.85.13.42
!
object-group network NET_PS_PF 
 host 5.227.121.127
 host 46.232.164.108
 host 78.85.13.117
 host 78.85.13.118
 host 78.85.13.119
 host 78.85.14.98
 host 78.85.33.50
 host 85.140.32.141
 host 85.140.32.177
 host 85.140.32.178
 host 88.80.33.14
 host 95.215.208.234
 host 178.47.130.10
 host 178.205.241.114
!
object-group network OBJ_IZH_KG_P11 
 91.240.179.0 255.255.255.0
 host 5.227.124.143
 host 78.85.13.93
 host 62.141.96.126
 host 84.201.247.190
 host 88.80.33.50
 host 94.25.46.122
 range 91.240.179.1 91.240.179.254
 host 213.87.95.1
 host 78.85.33.50
!
object-group network OBJ_IZH_MLK_IZM 
 host 85.140.32.27
 host 78.85.13.42
 host 5.227.126.169
 host 31.173.105.54
 host 217.14.195.253
 host 5.227.124.143
 host 85.175.86.74
!
object-group network OBJ_SPB_KG_SPB 
 host 62.141.114.190
 host 94.72.27.43
!
object-group network OBJ_BRANCHES 
 group-object OBJ_IZH_KG_P11
 group-object OBJ_IZH_MLK_IZM
 group-object NET_PS_PF
 group-object OBJ_SPB_KG_SPB
!
object-group network OBJ_EKB_KG_EKB 
 host 176.215.14.11
!
object-group network STATIC_ISP_IP 
 host 5.227.124.50
 host 87.249.233.80
!
username akhmetzyanovrr privilege 15 secret 5 $1$4ajK$8IhQ.F/zgk6iATjBybsWg/
username menshikov privilege 15 secret 5 $1$jKjV$FRCadPiBRpyUc8/VTp5ks.
username menshikov_vp privilege 15 secret 5 $1$0h9S$JsVS.aqoTho3f6U24P7oP0
username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/
!
redundancy
!
!
!
!
!
track 100 list boolean or
 object 102
 object 103
!
track 101 ip sla 101 reachability
 delay down 10 up 5
!
track 102 ip sla 102 reachability
 delay down 10 up 5
!
track 103 ip sla 103 reachability
 delay down 10 up 5
!
! 
crypto logging session
!
crypto isakmp policy 150
 encr aes
 authentication pre-share
 group 2
crypto isakmp key mlk20kom19 address 0.0.0.0         no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
!
crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac 
 mode transport
!
crypto ipsec profile CRYPTO_IPSEC_DMVPN
 description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE--
 set transform-set CRYPTO_TS_DMVPN 
!
!
!
!
!
!
!
interface Loopback777
 description AUX
 ip vrf forwarding AUX
 ip address 10.255.255.255 255.255.255.255
!
interface Tunnel1001
 description --DMVPN_SPOKE_72_CLOUD_1--
 bandwidth 100000
 ip address 172.30.1.75 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip nhrp authentication M_K.Cl01
 ip nhrp map 172.30.1.1 85.140.32.27
 ip nhrp map 172.30.1.2 78.85.13.42
 ip nhrp map multicast 85.140.32.27
 ip nhrp map multicast 78.85.13.42
 ip nhrp network-id 1001
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.1.1
 ip nhrp nhs 172.30.1.2
 ip tcp adjust-mss 1360
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 1001
 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
!
interface Tunnel1002
 description --DMVPN_SPOKE_72_CLOUD_2--
 bandwidth 100000
 ip address 172.30.2.75 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip nhrp authentication M_K.Cl02
 ip nhrp map 172.30.2.1 5.227.124.143
 ip nhrp map 172.30.2.2 78.85.13.93
 ip nhrp map multicast 5.227.124.143
 ip nhrp map multicast 78.85.13.93
 ip nhrp network-id 1002
 ip nhrp holdtime 300
 ip nhrp nhs 172.30.2.1
 ip nhrp nhs 172.30.2.2
 ip tcp adjust-mss 1360
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 1002
 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description [ISP-100M] Lainer
 no ip address
 duplex auto
 speed auto
 no cdp enable
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no lldp transmit
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.2
 description --Users--
 encapsulation dot1Q 2
 ip dhcp relay information trusted
 ip address 10.8.80.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 standby version 2
 standby 2 ip 10.8.80.254
 standby 2 priority 90
 standby 2 preempt
 standby 2 track 100 decrement 30
!
interface GigabitEthernet0/2.300
 description --MANAGMENT--
 encapsulation dot1Q 300
 ip address 10.8.81.253 255.255.255.0
 standby version 2
 standby 300 ip 10.8.81.254
 standby 300 priority 90
 standby 300 preempt
 standby 300 track 100 decrement 30
!
interface GigabitEthernet0/2.307
 description --SKUD--
 encapsulation dot1Q 307
 ip address 10.8.82.253 255.255.255.128
 standby version 2
 standby 307 ip 10.8.82.254
 standby 307 priority 90
 standby 307 preempt
 standby 307 track 100 decrement 30
!
interface GigabitEthernet0/2.350
 description --VOICE--
 encapsulation dot1Q 350
 ip dhcp relay information trusted
 ip address 10.8.82.125 255.255.255.128
 standby version 2
 standby 350 ip 10.8.82.126
 standby 350 priority 90
 standby 350 preempt
 standby 350 track 100 decrement 30
!
interface GigabitEthernet0/2.400
 description --VIDEO--
 encapsulation dot1Q 400
 ip address 10.8.83.125 255.255.255.128
 standby version 2
 standby 400 ip 10.8.83.126
 standby 400 priority 110
 standby 400 preempt
 standby 400 track 100 decrement 30
!
interface GigabitEthernet0/2.555
 description --BGP_TRANSIT--
 encapsulation dot1Q 555
 ip address 172.30.31.34 255.255.255.248
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip access-group ACL_FIREWALL in
 ip access-group ACL_LAN_TO_WAN out
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname pppoe05061
 ppp chap password 0 DgkYby
 ppp pap sent-username pppoe05061 password 0 DgkYby
!
!
router bgp 64553
 bgp log-neighbor-changes
 bgp graceful-restart
 network 10.8.80.0 mask 255.255.252.0
 neighbor PG_BGP_OCOD peer-group
 neighbor PG_BGP_OCOD remote-as 64512
 neighbor PG_BGP_OCOD soft-reconfiguration inbound
 neighbor PG_BGP_OCOD route-map RM_TO_HUB out
 neighbor PG_BGP_RCOD peer-group
 neighbor PG_BGP_RCOD remote-as 64513
 neighbor PG_BGP_RCOD soft-reconfiguration inbound
 neighbor PG_BGP_RCOD route-map RM_TO_HUB out
 neighbor PG_BGP_PFCOD peer-group
 neighbor PG_BGP_PFCOD remote-as 64523
 neighbor PG_BGP_PFCOD soft-reconfiguration inbound
 neighbor PG_BGP_PFCOD route-map RM_TO_HUB out
 neighbor PG_BGP_VRS_PFV peer-group
 neighbor PG_BGP_VRS_PFV remote-as 64525
 neighbor PG_BGP_VRS_PFV soft-reconfiguration inbound
 neighbor PG_BGP_VRS_PFV route-map RM_TO_HUB out
 neighbor 172.30.1.1 peer-group PG_BGP_OCOD
 neighbor 172.30.1.2 peer-group PG_BGP_OCOD
 neighbor 172.30.1.23 peer-group PG_BGP_PFCOD
 neighbor 172.30.1.24 peer-group PG_BGP_PFCOD
 neighbor 172.30.1.27 peer-group PG_BGP_VRS_PFV
 neighbor 172.30.1.28 peer-group PG_BGP_VRS_PFV
 neighbor 172.30.2.1 peer-group PG_BGP_RCOD
 neighbor 172.30.2.2 peer-group PG_BGP_RCOD
 neighbor 172.30.2.23 peer-group PG_BGP_PFCOD
 neighbor 172.30.2.24 peer-group PG_BGP_PFCOD
 neighbor 172.30.2.27 peer-group PG_BGP_VRS_PFV
 neighbor 172.30.2.28 peer-group PG_BGP_VRS_PFV
 neighbor 172.30.31.33 remote-as 64553
 neighbor 172.30.31.33 next-hop-self
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip tftp source-interface GigabitEthernet0/2.300
ip nat translation timeout 450
ip nat translation tcp-timeout 300
ip nat translation pptp-timeout 1800
ip nat translation udp-timeout 45
ip nat translation dns-timeout 5
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 80 15
ip nat translation port-timeout udp 5060 180
ip nat translation max-entries all-host 400
ip nat inside source route-map RM_NAT_ISP1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 100 name Lainer track 100
ip route 1.1.1.1 255.255.255.255 Dialer1 101 name over_Lainer track 101
ip route 8.8.8.8 255.255.255.255 Dialer1 101 name over_Lainer track 101
ip ssh logging events
ip ssh version 2
!
ip access-list standard AUX
 permit 10.255.255.255
ip access-list standard NAT_POOL
 permit 10.8.80.0 0.0.0.255
!
ip access-list extended ACL_FIREWALL
 permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
 permit udp any eq ntp object-group STATIC_ISP_IP
 permit icmp any any unreachable
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 permit icmp any any administratively-prohibited
 permit icmp any any echo
 evaluate reflectedtraffic 
ip access-list extended ACL_LAN_TO_WAN
 permit ip any any reflect reflectedtraffic timeout 300
!
!
ip prefix-list PL_TO_HUB seq 5 permit 10.8.80.0/22
ip sla 101
 icmp-echo 87.249.224.62 source-interface Dialer1
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 101 life forever start-time now
ip sla 102
 icmp-echo 8.8.8.8 source-interface Dialer1
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 102 life forever start-time now
ip sla 103
 icmp-echo 1.1.1.1 source-interface Dialer1
 threshold 2000
 timeout 3000
 frequency 10
ip sla schedule 103 life forever start-time now
ipv6 ioam timestamp
!
route-map RM_NAT_ISP1 permit 10
 match ip address NAT_POOL
 match interface Dialer1
!
route-map RM_TO_HUB permit 10
 match ip address prefix-list PL_TO_HUB
!
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server community public RO
!
radius server IZH-RDS002
 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
radius server IZH-RDS003
 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
 timeout 3
 retransmit 2
 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
!
!
!
control-plane
!
 !
 !
 !
 !
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
 shutdown
!
alias exec AUX telnet 10.255.255.255 2001 /vrf AUX
alias exec q exit
!
line con 0
 logging synchronous
 login authentication CONSOLE
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 logging synchronous
 transport input ssh
line vty 5 15
 logging synchronous
 transport input ssh
!
scheduler allocate 20000 1000
!
end
first commit 2025-10-31 08:47:26 +04:00			`Building configuration...`



			`Current configuration : 12403 bytes`
			`!`
			`version 15.7`
			`service timestamps debug datetime msec`
			`service timestamps log datetime localtime`
			`no service password-encryption`
			`no service dhcp`
			`!`
			`hostname IZH-VRS-AKS-RT-1-2`
			`!`
			`boot-start-marker`
			`boot system flash:c2900-universalk9-mz.SPA.157-3.M4b.bin`
			`boot-end-marker`
			`!`
			`!`
			`logging console critical`
			`!`
			`aaa new-model`
			`!`
			`!`
			`aaa group server radius NPS`
			`server name IZH-RDS002`
			`server name P11-RDS003`
			`ip radius source-interface GigabitEthernet0/2.300`
			`load-balance method least-outstanding`
			`!`
			`aaa authentication login default local group NPS enable`
			`aaa authentication login LOCAL_AUTH local`
			`aaa authentication login CONSOLE local group NPS`
			`aaa authorization exec default local group NPS if-authenticated`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`aaa session-id common`
			`memory-size iomem 25`
			`clock timezone IZH 4 0`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`


			`!`
			`ip vrf AUX`
			`!`
			`ip dhcp excluded-address 10.8.80.1 10.8.80.30`
			`ip dhcp excluded-address 10.8.80.252 10.8.80.254`
			`!`
			`ip dhcp pool DHCP-AKS-USERS`
			`network 10.8.80.0 255.255.255.0`
			`domain-name varaksino.local`
			`dns-server 192.168.72.59 10.8.17.100`
			`default-router 10.8.80.254`
			`!`
			`ip dhcp pool DHCP-AKS-VOICE`
			`network 10.8.82.0 255.255.255.128`
			`default-router 10.8.82.126`
			`domain-name varaksino.local`
			`dns-server 192.168.72.59 10.8.17.100`
			`!`
			`!`
			`!`
			`ip domain name komos.ru`
			`ip host tftp 10.4.0.214`
			`ip cef`
			`login block-for 60 attempts 3 within 20`
			`login on-failure log`
			`login on-success log`
			`no ipv6 cef`
			`!`
			`multilink bundle-name authenticated`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`voice-card 0`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`vxml logging-tag`
			`license udi pid CISCO2911/K9 sn FGL171511YT`
			`license boot module c2900 technology-package securityk9`
			`license boot module c2900 technology-package uck9`
			`license boot module c2900 technology-package datak9`
			`!`
			`!`
			`object-group network NET_KOMOSGROUP`
			`host 88.80.33.50`
			`91.240.179.0 255.255.255.0`
			`host 62.141.96.126`
			`host 94.25.46.122`
			`host 88.80.33.10`
			`host 5.227.124.143`
			`host 84.201.247.190`
			`!`
			`object-group network NET_MLK`
			`description :: MILKOM_DATACENTER`
			`host 85.140.32.177`
			`host 78.85.14.98`
			`host 213.87.95.1`
			`host 85.140.32.27`
			`host 78.85.13.42`
			`!`
			`object-group network NET_PS_PF`
			`host 5.227.121.127`
			`host 46.232.164.108`
			`host 78.85.13.117`
			`host 78.85.13.118`
			`host 78.85.13.119`
			`host 78.85.14.98`
			`host 78.85.33.50`
			`host 85.140.32.141`
			`host 85.140.32.177`
			`host 85.140.32.178`
			`host 88.80.33.14`
			`host 95.215.208.234`
			`host 178.47.130.10`
			`host 178.205.241.114`
			`!`
			`object-group network OBJ_IZH_KG_P11`
			`91.240.179.0 255.255.255.0`
			`host 5.227.124.143`
			`host 78.85.13.93`
			`host 62.141.96.126`
			`host 84.201.247.190`
			`host 88.80.33.50`
			`host 94.25.46.122`
			`range 91.240.179.1 91.240.179.254`
			`host 213.87.95.1`
			`host 78.85.33.50`
			`!`
			`object-group network OBJ_IZH_MLK_IZM`
			`host 85.140.32.27`
			`host 78.85.13.42`
			`host 5.227.126.169`
			`host 31.173.105.54`
			`host 217.14.195.253`
			`host 5.227.124.143`
			`host 85.175.86.74`
			`!`
			`object-group network OBJ_SPB_KG_SPB`
			`host 62.141.114.190`
			`host 94.72.27.43`
			`!`
			`object-group network OBJ_BRANCHES`
			`group-object OBJ_IZH_KG_P11`
			`group-object OBJ_IZH_MLK_IZM`
			`group-object NET_PS_PF`
			`group-object OBJ_SPB_KG_SPB`
			`!`
			`object-group network OBJ_EKB_KG_EKB`
			`host 176.215.14.11`
			`!`
			`object-group network STATIC_ISP_IP`
			`host 5.227.124.50`
			`host 87.249.233.80`
			`!`
			`username akhmetzyanovrr privilege 15 secret 5 $1$4ajK$8IhQ.F/zgk6iATjBybsWg/`
			`username menshikov privilege 15 secret 5 $1$jKjV$FRCadPiBRpyUc8/VTp5ks.`
			`username menshikov_vp privilege 15 secret 5 $1$0h9S$JsVS.aqoTho3f6U24P7oP0`
			`username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/`
			`!`
			`redundancy`
			`!`
			`!`
			`!`
			`!`
			`!`
			`track 100 list boolean or`
			`object 102`
			`object 103`
			`!`
			`track 101 ip sla 101 reachability`
			`delay down 10 up 5`
			`!`
			`track 102 ip sla 102 reachability`
			`delay down 10 up 5`
			`!`
			`track 103 ip sla 103 reachability`
			`delay down 10 up 5`
			`!`
			`!`
			`crypto logging session`
			`!`
			`crypto isakmp policy 150`
			`encr aes`
			`authentication pre-share`
			`group 2`
			`crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth`
			`crypto isakmp keepalive 30`
			`crypto isakmp nat keepalive 10`
			`!`
			`!`
			`crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac`
			`mode transport`
			`!`
			`crypto ipsec profile CRYPTO_IPSEC_DMVPN`
			`description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE--`
			`set transform-set CRYPTO_TS_DMVPN`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`interface Loopback777`
			`description AUX`
			`ip vrf forwarding AUX`
			`ip address 10.255.255.255 255.255.255.255`
			`!`
			`interface Tunnel1001`
			`description --DMVPN_SPOKE_72_CLOUD_1--`
			`bandwidth 100000`
			`ip address 172.30.1.75 255.255.255.0`
			`no ip redirects`
			`no ip unreachables`
			`no ip proxy-arp`
			`ip mtu 1400`
			`ip nhrp authentication M_K.Cl01`
			`ip nhrp map 172.30.1.1 85.140.32.27`
			`ip nhrp map 172.30.1.2 78.85.13.42`
			`ip nhrp map multicast 85.140.32.27`
			`ip nhrp map multicast 78.85.13.42`
			`ip nhrp network-id 1001`
			`ip nhrp holdtime 300`
			`ip nhrp nhs 172.30.1.1`
			`ip nhrp nhs 172.30.1.2`
			`ip tcp adjust-mss 1360`
			`tunnel source Dialer1`
			`tunnel mode gre multipoint`
			`tunnel key 1001`
			`tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared`
			`!`
			`interface Tunnel1002`
			`description --DMVPN_SPOKE_72_CLOUD_2--`
			`bandwidth 100000`
			`ip address 172.30.2.75 255.255.255.0`
			`no ip redirects`
			`no ip unreachables`
			`no ip proxy-arp`
			`ip mtu 1400`
			`ip nhrp authentication M_K.Cl02`
			`ip nhrp map 172.30.2.1 5.227.124.143`
			`ip nhrp map 172.30.2.2 78.85.13.93`
			`ip nhrp map multicast 5.227.124.143`
			`ip nhrp map multicast 78.85.13.93`
			`ip nhrp network-id 1002`
			`ip nhrp holdtime 300`
			`ip nhrp nhs 172.30.2.1`
			`ip nhrp nhs 172.30.2.2`
			`ip tcp adjust-mss 1360`
			`tunnel source Dialer1`
			`tunnel mode gre multipoint`
			`tunnel key 1002`
			`tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared`
			`!`
			`interface Embedded-Service-Engine0/0`
			`no ip address`
			`shutdown`
			`!`
			`interface GigabitEthernet0/0`
			`description [ISP-100M] Lainer`
			`no ip address`
			`duplex auto`
			`speed auto`
			`no cdp enable`
			`pppoe enable group global`
			`pppoe-client dial-pool-number 1`
			`no lldp transmit`
			`!`
			`interface GigabitEthernet0/1`
			`no ip address`
			`shutdown`
			`duplex auto`
			`speed auto`
			`!`
			`interface GigabitEthernet0/2`
			`no ip address`
			`duplex auto`
			`speed auto`
			`!`
			`interface GigabitEthernet0/2.2`
			`description --Users--`
			`encapsulation dot1Q 2`
			`ip dhcp relay information trusted`
			`ip address 10.8.80.253 255.255.255.0`
			`ip nat inside`
			`ip virtual-reassembly in`
			`standby version 2`
			`standby 2 ip 10.8.80.254`
			`standby 2 priority 90`
			`standby 2 preempt`
			`standby 2 track 100 decrement 30`
			`!`
			`interface GigabitEthernet0/2.300`
			`description --MANAGMENT--`
			`encapsulation dot1Q 300`
			`ip address 10.8.81.253 255.255.255.0`
			`standby version 2`
			`standby 300 ip 10.8.81.254`
			`standby 300 priority 90`
			`standby 300 preempt`
			`standby 300 track 100 decrement 30`
			`!`
			`interface GigabitEthernet0/2.307`
			`description --SKUD--`
			`encapsulation dot1Q 307`
			`ip address 10.8.82.253 255.255.255.128`
			`standby version 2`
			`standby 307 ip 10.8.82.254`
			`standby 307 priority 90`
			`standby 307 preempt`
			`standby 307 track 100 decrement 30`
			`!`
			`interface GigabitEthernet0/2.350`
			`description --VOICE--`
			`encapsulation dot1Q 350`
			`ip dhcp relay information trusted`
			`ip address 10.8.82.125 255.255.255.128`
			`standby version 2`
			`standby 350 ip 10.8.82.126`
			`standby 350 priority 90`
			`standby 350 preempt`
			`standby 350 track 100 decrement 30`
			`!`
			`interface GigabitEthernet0/2.400`
			`description --VIDEO--`
			`encapsulation dot1Q 400`
			`ip address 10.8.83.125 255.255.255.128`
			`standby version 2`
			`standby 400 ip 10.8.83.126`
			`standby 400 priority 110`
			`standby 400 preempt`
			`standby 400 track 100 decrement 30`
			`!`
			`interface GigabitEthernet0/2.555`
			`description --BGP_TRANSIT--`
			`encapsulation dot1Q 555`
			`ip address 172.30.31.34 255.255.255.248`
			`!`
			`interface Dialer1`
			`mtu 1492`
			`ip address negotiated`
			`ip access-group ACL_FIREWALL in`
			`ip access-group ACL_LAN_TO_WAN out`
			`ip nat outside`
			`ip virtual-reassembly in`
			`encapsulation ppp`
			`ip tcp adjust-mss 1452`
			`dialer pool 1`
			`dialer-group 1`
			`ppp authentication chap pap callin`
			`ppp chap hostname pppoe05061`
			`ppp chap password 0 DgkYby`
			`ppp pap sent-username pppoe05061 password 0 DgkYby`
			`!`
			`!`
			`router bgp 64553`
			`bgp log-neighbor-changes`
			`bgp graceful-restart`
			`network 10.8.80.0 mask 255.255.252.0`
			`neighbor PG_BGP_OCOD peer-group`
			`neighbor PG_BGP_OCOD remote-as 64512`
			`neighbor PG_BGP_OCOD soft-reconfiguration inbound`
			`neighbor PG_BGP_OCOD route-map RM_TO_HUB out`
			`neighbor PG_BGP_RCOD peer-group`
			`neighbor PG_BGP_RCOD remote-as 64513`
			`neighbor PG_BGP_RCOD soft-reconfiguration inbound`
			`neighbor PG_BGP_RCOD route-map RM_TO_HUB out`
			`neighbor PG_BGP_PFCOD peer-group`
			`neighbor PG_BGP_PFCOD remote-as 64523`
			`neighbor PG_BGP_PFCOD soft-reconfiguration inbound`
			`neighbor PG_BGP_PFCOD route-map RM_TO_HUB out`
			`neighbor PG_BGP_VRS_PFV peer-group`
			`neighbor PG_BGP_VRS_PFV remote-as 64525`
			`neighbor PG_BGP_VRS_PFV soft-reconfiguration inbound`
			`neighbor PG_BGP_VRS_PFV route-map RM_TO_HUB out`
			`neighbor 172.30.1.1 peer-group PG_BGP_OCOD`
			`neighbor 172.30.1.2 peer-group PG_BGP_OCOD`
			`neighbor 172.30.1.23 peer-group PG_BGP_PFCOD`
			`neighbor 172.30.1.24 peer-group PG_BGP_PFCOD`
			`neighbor 172.30.1.27 peer-group PG_BGP_VRS_PFV`
			`neighbor 172.30.1.28 peer-group PG_BGP_VRS_PFV`
			`neighbor 172.30.2.1 peer-group PG_BGP_RCOD`
			`neighbor 172.30.2.2 peer-group PG_BGP_RCOD`
			`neighbor 172.30.2.23 peer-group PG_BGP_PFCOD`
			`neighbor 172.30.2.24 peer-group PG_BGP_PFCOD`
			`neighbor 172.30.2.27 peer-group PG_BGP_VRS_PFV`
			`neighbor 172.30.2.28 peer-group PG_BGP_VRS_PFV`
			`neighbor 172.30.31.33 remote-as 64553`
			`neighbor 172.30.31.33 next-hop-self`
			`!`
			`ip forward-protocol nd`
			`!`
			`no ip http server`
			`no ip http secure-server`
			`!`
			`ip tftp source-interface GigabitEthernet0/2.300`
			`ip nat translation timeout 450`
			`ip nat translation tcp-timeout 300`
			`ip nat translation pptp-timeout 1800`
			`ip nat translation udp-timeout 45`
			`ip nat translation dns-timeout 5`
			`ip nat translation port-timeout tcp 110 60`
			`ip nat translation port-timeout tcp 25 60`
			`ip nat translation port-timeout tcp 80 15`
			`ip nat translation port-timeout udp 5060 180`
			`ip nat translation max-entries all-host 400`
			`ip nat inside source route-map RM_NAT_ISP1 interface Dialer1 overload`
			`ip route 0.0.0.0 0.0.0.0 Dialer1 100 name Lainer track 100`
			`ip route 1.1.1.1 255.255.255.255 Dialer1 101 name over_Lainer track 101`
			`ip route 8.8.8.8 255.255.255.255 Dialer1 101 name over_Lainer track 101`
			`ip ssh logging events`
			`ip ssh version 2`
			`!`
			`ip access-list standard AUX`
			`permit 10.255.255.255`
			`ip access-list standard NAT_POOL`
			`permit 10.8.80.0 0.0.0.255`
			`!`
			`ip access-list extended ACL_FIREWALL`
			`permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP`
			`permit udp any eq ntp object-group STATIC_ISP_IP`
			`permit icmp any any unreachable`
			`permit icmp any any echo-reply`
			`permit icmp any any packet-too-big`
			`permit icmp any any time-exceeded`
			`permit icmp any any traceroute`
			`permit icmp any any administratively-prohibited`
			`permit icmp any any echo`
			`evaluate reflectedtraffic`
			`ip access-list extended ACL_LAN_TO_WAN`
			`permit ip any any reflect reflectedtraffic timeout 300`
			`!`
			`!`
			`ip prefix-list PL_TO_HUB seq 5 permit 10.8.80.0/22`
			`ip sla 101`
			`icmp-echo 87.249.224.62 source-interface Dialer1`
			`threshold 2000`
			`timeout 3000`
			`frequency 10`
			`ip sla schedule 101 life forever start-time now`
			`ip sla 102`
			`icmp-echo 8.8.8.8 source-interface Dialer1`
			`threshold 2000`
			`timeout 3000`
			`frequency 10`
			`ip sla schedule 102 life forever start-time now`
			`ip sla 103`
			`icmp-echo 1.1.1.1 source-interface Dialer1`
			`threshold 2000`
			`timeout 3000`
			`frequency 10`
			`ip sla schedule 103 life forever start-time now`
			`ipv6 ioam timestamp`
			`!`
			`route-map RM_NAT_ISP1 permit 10`
			`match ip address NAT_POOL`
			`match interface Dialer1`
			`!`
			`route-map RM_TO_HUB permit 10`
			`match ip address prefix-list PL_TO_HUB`
			`!`
			`!`
			`snmp-server community lmTUEsk6Yvlv RO`
			`snmp-server community public RO`
			`!`
			`radius server IZH-RDS002`
			`address ipv4 10.4.0.248 auth-port 1645 acct-port 1646`
			`timeout 3`
			`retransmit 2`
			`key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0`
			`!`
			`radius server IZH-RDS003`
			`address ipv4 10.1.122.248 auth-port 1645 acct-port 1646`
			`timeout 3`
			`retransmit 2`
			`key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0`
			`!`
			`!`
			`!`
			`control-plane`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`mgcp behavior rsip-range tgcp-only`
			`mgcp behavior comedia-role none`
			`mgcp behavior comedia-check-media-src disable`
			`mgcp behavior comedia-sdp-force disable`
			`!`
			`mgcp profile default`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`!`
			`gatekeeper`
			`shutdown`
			`!`
			`alias exec AUX telnet 10.255.255.255 2001 /vrf AUX`
			`alias exec q exit`
			`!`
			`line con 0`
			`logging synchronous`
			`login authentication CONSOLE`
			`line aux 0`
			`line 2`
			`no activation-character`
			`no exec`
			`transport preferred none`
			`transport output pad telnet rlogin lapb-ta mop udptn v120 ssh`
			`stopbits 1`
			`line vty 0 4`
			`logging synchronous`
			`transport input ssh`
			`line vty 5 15`
			`logging synchronous`
			`transport input ssh`
			`!`
			`scheduler allocate 20000 1000`
			`!`
			`end`