pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/files/cisco/IZH-MLK-IZM-RT-1-4.txt

1333 lines
43 KiB
Plaintext
Raw Normal View History

first commit
2025-10-31 08:47:26 +04:00
Building configuration...
Current configuration : 44353 bytes
!
! Last configuration change at 10:06:52 IZH Thu Jul 21 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 10:18:26 IZH Thu Jul 21 2022 by akhmetzyanovrr_adm
!
version 16.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 1000000
!
hostname IZH-MLK-IZM-RT-1-4
!
boot-start-marker
boot system flash bootflash:/isr4400-universalk9.16.09.04.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
security authentication failure rate 3 log
logging buffered 65536
logging rate-limit 100 except warnings
enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1
!
aaa new-model
!
!
aaa group server radius NPS
server name IZH-RDS002
server name P11-RDS003
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated
!
!
!
!
!
!
aaa session-id common
clock timezone IZH 4 0
clock calendar-valid
no ip source-route
no ip gratuitous-arps
!
ip vrf AUX
!
ip host tftp 10.4.0.214
no ip domain lookup
ip domain name milkom-komos.ru
!
!
!
login on-failure log
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
flow exporter FLOW_EXPORTER_NTOP
destination 10.4.0.215
source GigabitEthernet0/0/1.551
transport udp 9995
export-protocol netflow-v5
!
!
flow exporter FLOW_EXPORTER_CISCO
destination 10.4.0.217
source GigabitEthernet0/0/1.551
transport udp 9995
export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR_INPUT
description input
exporter FLOW_EXPORTER_CISCO
cache timeout inactive 10
cache timeout active 60
record netflow ipv4 original-input
!
!
flow monitor FLOW_MONITOR_OUTPUT
description output
exporter FLOW_EXPORTER_CISCO
cache timeout inactive 10
cache timeout active 60
record netflow ipv4 original-output
!
!
!
!
crypto pki trustpoint TP-self-signed-2544142937
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2544142937
revocation-check none
rsakeypair TP-self-signed-2544142937
!
!
crypto pki certificate chain TP-self-signed-2544142937
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353434 31343239 3337301E 170D3139 30393132 30383535
35395A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35343431
34323933 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100B334 8BF99114 5259A8A9 1BDD36F8 FC7F4397 3988B72F FCC7F82A
0BD3C405 16BBF4E8 97E6F971 267FB968 1DD632C1 8BC79056 719BBF16 AB7ADFFB
1796D7E8 DD318C08 D16C8F07 A40DBD89 186CECFA 196B3F08 01314EEE 13E8C960
19A1FA28 0EDB3FF6 FD8944F0 00948874 D5A2AE5B 2F70E622 D2CC76A6 4AA9625A
BC24E6E6 8A20DA73 66560371 DCD13DBD AAC5E04E 0185A8BE 6464C8A2 07D5206A
B96D23B9 0FEFCB67 935BCD0B F7B0651F 6B6F09EC 17646F9B CE3A540D 57BB004B
7C95E9BD 219F1E6F 19F9746A 54BE6A4C 2B562AA6 8CB577CE 00DB8F5D 244B2D60
C9831546 01402613 3399C7AF 3074D7DC 125BBD80 FAF0BE60 BEB60AF5 66276206
6254264C 0D9D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 149D9EE2 207087E8 6D2C996E D4838C41 ABDBC30B
01301D06 03551D0E 04160414 9D9EE220 7087E86D 2C996ED4 838C41AB DBC30B01
300D0609 2A864886 F70D0101 05050003 82010100 1E5C2BCA B7DFD853 B8435954
E4F97ACB E91BE418 D15798C2 DA19BB14 5A2EC532 BD9AFDD7 72D0B5A4 6C4FC80F
81D372B0 0CD444A0 05891B2E 0B312249 93F83F13 7CD8C020 E67D4782 19FA3A8B
B6FA09F3 A93C46CA 4272ECED FBF03B51 40E5CCD5 6C075584 69003CEF 03B658DF
1F329E37 3B9FAE7E FA5173B3 975A1DE9 08E0CD44 2AA3973D 6FC2B964 297EB65D
CB1FD500 A3D8F208 EEA3F839 7CDA7551 6C8AA86B 193ACDF4 A9AD5F4C 0BE7B5A0
5347F519 527FE8B0 A02340BD 7966DA77 E3F0596D C56FBD96 87C1E3A3 1AE7FFF2
05FF4119 B4081216 E199C3EA D8DC18D0 98CEC750 0FA1A912 F5407A1A 14932D18
E13837C8 019AC826 8630A8BD BEDF9363 38C83BC5
quit
!
license udi pid ISR4431/K9 sn FOC23172U4P
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
archive
log config
logging enable
logging size 900
notify syslog contenttype plaintext
hidekeys
path tftp://tftp/IZH/4431/$H-$T
write-memory
time-period 10080
!
!
!
!
!
object-group network OBJ_BBN_RN_BBN
host 85.140.32.104
host 78.85.13.205
!
object-group network OBJ_IZH_MLK_IZM
host 85.140.32.27
host 78.85.13.42
host 5.227.126.169
host 31.173.105.54
host 217.14.195.253
host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11
91.240.179.0 255.255.255.0
host 5.227.124.143
host 78.85.13.93
host 62.141.96.126
host 84.201.247.190
host 88.80.33.50
host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM
host 5.227.124.82
host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44
host 212.46.204.74
host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48
host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR
host 87.249.239.226
host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK
host 185.62.195.150
host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK
host 31.173.105.62
host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK
host 83.69.126.54
host 94.180.253.210
host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS
host 31.173.105.66
host 78.85.13.52
host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK
host 178.47.128.18
host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM
host 31.173.105.58
host 78.85.13.53
host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK
host 37.113.128.241
host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ
host 78.85.13.94
host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA
host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK
host 78.25.80.134
host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17
host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI
host 78.85.15.85
host 84.201.247.24
host 79.175.36.97
host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB
host 62.168.232.182
host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56
host 83.143.54.246
host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM
host 85.140.32.177
host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF
host 95.215.208.234
host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF
host 85.140.32.141
host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV
host 85.140.32.178
host 94.181.119.90
host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF
host 78.85.13.118
host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF
host 178.47.130.10
host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF
host 178.205.241.114
host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL
host 5.227.124.130
host 78.85.34.99
host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH
host 88.80.33.250
host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA
host 85.140.32.24
host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB
host 78.85.37.88
host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK
host 78.85.19.93
host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK
host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM
host 89.232.91.106
host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB
host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL
host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB
host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61
host 84.201.247.32
host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL
host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2
94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80
host 178.161.207.26
host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9
host 178.47.128.98
host 194.150.90.20
host 194.150.91.170
!
object-group network OBJ_KGB_RN_KGB
host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH
host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI
host 78.85.13.167
!
object-group network OBJ_URN_RN_URN
host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM
host 88.80.32.230
host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG
host 95.215.208.240
host 146.120.104.235
host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21
host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP
host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK
host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17
host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17
85.140.32.64 255.255.255.252
host 85.140.32.63
host 85.140.32.68
!
object-group network OBJ_IZH_VST_VS298
host 91.144.167.3
host 178.176.100.154
!
object-group network OBJ_SPB_KG_SPB
host 94.72.27.43
host 62.141.114.190
!
object-group network OBJ_IZH_VRS_AKS
host 5.227.124.50
host 87.249.233.80
!
object-group network OBJ_IZH_KI_VOR158
host 46.147.130.59
host 5.227.125.126
!
object-group network OBJ_BRANCHES
group-object OBJ_IZH_MLK_IZM
group-object OBJ_IZH_KG_P11
group-object OBJ_IZH_VST_IZM
group-object OBJ_IZH_TK_M44
group-object OBJ_IZH_TK_M48
group-object OBJ_IZH_TK_SMR
group-object OBJ_MSK_KG_MSK
group-object OBJ_GLZ_MLK_GMK
group-object OBJ_KZN_MLK_KMK
group-object OBJ_KEZ_MLK_KZS
group-object OBJ_PRM_MLK_PHK
group-object OBJ_SAR_MLK_SRM
group-object OBJ_CLB_MLK_CMK
group-object OBJ_BBN_RN_BBN
group-object OBJ_GLZ_GKZ_GKZ
group-object OBJ_KIA_RN_KIA
group-object OBJ_IZH_TZK_TZK
group-object OBJ_IZH_MK_VS17
group-object OBJ_IZH_KL_KLI
group-object OBJ_EKB_KG_EKB
group-object OBJ_IZH_KEN_VS56
group-object OBJ_IZH_VRS_IZM
group-object OBJ_GLZ_VRS_UPF
group-object OBJ_IZH_VRS_IPF
group-object OBJ_IZH_VRS_PFV
group-object OBJ_VOT_VRS_VPF
group-object OBJ_PRM_VRS_MPF
group-object OBJ_LAI_VRS_DPF
group-object OBJ_ITL_VST_ITL
group-object OBJ_MZH_VST_MZH
group-object OBJ_KIA_VST_KIA
group-object OBJ_KGB_VST_KBB
group-object OBJ_SAR_VST_SMK
group-object OBJ_KNK_VST_KMK
group-object OBJ_SHM_TMA_SHM
group-object OBJ_MSB_TMA_MSB
group-object OBJ_EVL_TMA_EVL
group-object OBJ_KIB_TMA_KIB
group-object OBJ_IZH_KM_S61
group-object OBJ_YAN_GKZ_YEL
group-object OBJ_KUN_KMK_B2
group-object OBJ_KUN_KMK_H80
group-object OBJ_KUN_KMK_CH9
group-object OBJ_KGB_RN_KGB
group-object OBJ_NCH_RN_NCH
group-object OBJ_PRI_RN_PRI
group-object OBJ_URN_RN_URN
group-object OBJ_MZH_TK_TKM
group-object OBJ_GLZ_TK_TKG
group-object OBJ_IZH_TK_M21
group-object OBJ_IZH_HLA_PP
group-object OBJ_IZH_HLA_UHK
group-object OBJ_IZH_VD_VS17
group-object OBJ_IZH_KS_H17
group-object OBJ_IZH_VST_VS298
group-object OBJ_SPB_KG_SPB
group-object OBJ_IZH_VRS_AKS
group-object OBJ_IZH_KI_VOR158
!
object-group network STATIC_ISP_IP
host 85.140.32.27
host 78.85.13.42
!
!
!
username netadmin privilege 15 secret 5 $1$Rx9I$AHZTRwyTgkm3OvHdAu/cw0
!
redundancy
mode none
!
!
!
!
!
!
!
class-map match-any CM_QOS_Q2
match access-group name ACL_QOS_Q2
class-map match-any CM_QOS_Q3
match access-group name ACL_QOS_Q3
class-map match-any CM_QOS_Q1
match access-group name ACL_QOS_Q1
class-map match-any CM_QOS_Q4
match access-group name ACL_QOS_Q4
class-map match-any CM_QOS_Q5
match access-group name ACL_QOS_Q5
class-map type inspect match-any CM-LAN_TO_WAN_MLK
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all CM-WAN_TO_LAN_MLK
match access-group name ACL-WAN_TO_LAN_MLK
class-map type inspect match-all CM-WAN_TO_SELF_MLK
match access-group name ACL-WAN_TO_SELF_MLK
class-map type inspect match-all CM-DMVPN_MLK
match access-group name ACL-DMVPN_TRAFFIC_MLK
!
policy-map type inspect PM-WAN_TO_LAN_MLK
class class-default
drop
policy-map type inspect PM-LAN_TO_WAN_MLK
class type inspect CM-LAN_TO_WAN_MLK
inspect
class class-default
drop
policy-map PM_QOS_IN
class CM_QOS_Q5
set ip dscp cs5
class CM_QOS_Q4
set ip dscp cs4
class CM_QOS_Q3
set ip dscp cs3
class CM_QOS_Q2
set ip dscp cs2
class CM_QOS_Q1
set ip dscp cs1
class class-default
set ip dscp default
policy-map type inspect PM-DMVPN_MLK
class type inspect CM-DMVPN_MLK
pass
class class-default
drop
policy-map type inspect PM-SELF_TO_WAN_MLK
description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN
class class-default
pass
policy-map type inspect PM-WAN_TO_SELF_MLK
class type inspect CM-WAN_TO_SELF_MLK
pass
class class-default
drop
policy-map type inspect PM-ALLPASS_MLK
class class-default
pass
!
zone security LAN
zone security WAN
zone security DMVPN
zone security MGMT
description Management Network Equipment
zone-pair security ZP-DMVPN_TO_SELF_MLK source DMVPN destination self
service-policy type inspect PM-DMVPN_MLK
zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN
service-policy type inspect PM-ALLPASS_MLK
zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self
service-policy type inspect PM-ALLPASS_MLK
zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN
service-policy type inspect PM-LAN_TO_WAN_MLK
zone-pair security ZP-MGMT_TO_SELF source MGMT destination self
service-policy type inspect PM-ALLPASS_MLK
zone-pair security ZP-SELF_TO_MGMT source self destination MGMT
service-policy type inspect PM-ALLPASS_MLK
zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN
service-policy type inspect PM-DMVPN_MLK
zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN
service-policy type inspect PM-ALLPASS_MLK
zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN
service-policy type inspect PM-SELF_TO_WAN_MLK
zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN
service-policy type inspect PM-WAN_TO_LAN_MLK
zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self
service-policy type inspect PM-WAN_TO_SELF_MLK
zone-pair security ZP_DMVPN_TO_LAN_MLK source DMVPN destination LAN
service-policy type inspect PM-ALLPASS_MLK
!
!
!
!
!
crypto isakmp policy 150
encr aes
authentication pre-share
group 2
crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
crypto ipsec security-association replay disable
!
crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile IPSEC_DMVPN
description -==SPOKE to SITE DMVPN IPSec GRE Profile ==-
set transform-set TS_DMVPN
!
!
!
!
!
!
!
!
!
!
interface Loopback777
description AUX
ip vrf forwarding AUX
ip address 10.255.255.255 255.255.255.255
!
interface Tunnel1001
description DMVPN-HUB2-Cloud1
bandwidth 100000
ip address 172.30.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication M_K.Cl01
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp redirect
zone-member security DMVPN
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel1002
description DMVPN_SPOKE2_Cloud2
bandwidth 100000
ip address 172.30.2.4 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication M_K.Cl02
ip nhrp map 172.30.2.1 5.227.124.143
ip nhrp map multicast 5.227.124.143
ip nhrp map 172.30.2.2 78.85.13.93
ip nhrp map multicast 78.85.13.93
ip nhrp network-id 1002
ip nhrp holdtime 300
ip nhrp nhs 172.30.2.1
ip nhrp nhs 172.30.2.2
zone-member security DMVPN
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1002
tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface GigabitEthernet0/0/0
description [ISP-100M] Rostelecom
bandwidth 100000
ip address 78.85.13.42 255.255.255.0
ip nat outside
zone-member security WAN
negotiation auto
!
interface GigabitEthernet0/0/1
description [CORE] SW-1-4
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.551
description --TRANSIT_HSRP--
encapsulation dot1Q 551
ip flow monitor FLOW_MONITOR_INPUT input
ip flow monitor FLOW_MONITOR_OUTPUT output
ip address 10.4.239.21 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
zone-member security LAN
!
interface GigabitEthernet0/0/1.597
encapsulation dot1Q 597
ip flow monitor FLOW_MONITOR_INPUT input
ip flow monitor FLOW_MONITOR_OUTPUT output
ip address 172.30.30.58 255.255.255.240
ip nat inside
zone-member security LAN
standby version 2
standby 597 ip 172.30.30.59
standby 597 timers 5 15
standby 597 priority 150
standby 597 preempt delay minimum 30
standby 597 authentication MDC_Kom
standby 597 name HSRP-TRANSIT-VLAN_597
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.4.254.250 255.255.255.0
zone-member security MGMT
negotiation auto
!
router bgp 64512
bgp router-id 172.30.30.58
bgp log-neighbor-changes
bgp graceful-restart
timers bgp 10 30
neighbor TO_RT_PEERS peer-group
neighbor TO_RT_PEERS next-hop-self all
neighbor TO_RT_PEERS soft-reconfiguration inbound
neighbor TO_RT_PEERS route-map RM_RT_LP in
neighbor TO_MTS_PEERS peer-group
neighbor TO_MTS_PEERS next-hop-self all
neighbor TO_MTS_PEERS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group
neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522
neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all
neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KMK peer-group
neighbor PG_BGP_SPOKE_KMK remote-as 64516
neighbor PG_BGP_SPOKE_KMK next-hop-self all
neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group
neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527
neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all
neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_PERM peer-group
neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529
neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all
neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group
neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526
neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all
neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_KAZAN peer-group
neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528
neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all
neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group
neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525
neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all
neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group
neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524
neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all
neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_DC peer-group
neighbor PG_BGP_SPOKE_PF_DC remote-as 64523
neighbor PG_BGP_SPOKE_PF_DC next-hop-self all
neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group
neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530
neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all
neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group
neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531
neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all
neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group
neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534
neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all
neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_GKZ peer-group
neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535
neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all
neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_MILKOM peer-group
neighbor PG_BGP_MILKOM remote-as 64512
neighbor PG_BGP_MILKOM next-hop-self all
neighbor PG_BGP_MILKOM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_KIB peer-group
neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548
neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all
neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_EVL peer-group
neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547
neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all
neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_MSB peer-group
neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549
neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all
neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_SHM peer-group
neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546
neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all
neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group
neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550
neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all
neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_BBN peer-group
neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541
neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all
neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_IZM peer-group
neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539
neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all
neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_SMK peer-group
neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543
neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all
neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KIA peer-group
neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540
neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all
neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KGB peer-group
neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544
neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all
neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KNK peer-group
neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545
neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all
neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_ITL peer-group
neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538
neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all
neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_SPB peer-group
neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552
neighbor PG_BGP_SPOKE_KG_SPB next-hop-self
neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_AKS peer-group
neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553
neighbor PG_BGP_SPOKE_PF_AKS next-hop-self
neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_MZH peer-group
neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542
neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KM peer-group
neighbor PG_BGP_SPOKE_KM remote-as 64519
neighbor PG_BGP_SPOKE_KM next-hop-self all
neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in
neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_MK peer-group
neighbor PG_BGP_SPOKE_MK remote-as 64520
neighbor PG_BGP_SPOKE_MK next-hop-self all
neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_SRM peer-group
neighbor PG_BGP_SPOKE_SRM remote-as 64518
neighbor PG_BGP_SPOKE_SRM next-hop-self all
neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PHK peer-group
neighbor PG_BGP_SPOKE_PHK remote-as 64517
neighbor PG_BGP_SPOKE_PHK next-hop-self all
neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KZS peer-group
neighbor PG_BGP_SPOKE_KZS remote-as 64515
neighbor PG_BGP_SPOKE_KZS next-hop-self all
neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_GMK peer-group
neighbor PG_BGP_SPOKE_GMK remote-as 64514
neighbor PG_BGP_SPOKE_GMK next-hop-self all
neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_P11 peer-group
neighbor PG_BGP_P11 remote-as 64513
neighbor PG_BGP_P11 next-hop-self all
neighbor PG_BGP_P11 soft-reconfiguration inbound
neighbor PG_BGP_P11 route-map RM_TO_KOMOS_MAIN_OUT out
neighbor 172.30.1.3 peer-group PG_BGP_P11
neighbor 172.30.1.4 peer-group PG_BGP_P11
neighbor 172.30.1.5 peer-group PG_BGP_SPOKE_GMK
neighbor 172.30.1.6 peer-group PG_BGP_SPOKE_GMK
neighbor 172.30.1.7 peer-group PG_BGP_SPOKE_KZS
neighbor 172.30.1.8 peer-group PG_BGP_SPOKE_KZS
neighbor 172.30.1.9 peer-group PG_BGP_SPOKE_KMK
neighbor 172.30.1.9 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.1.10 peer-group PG_BGP_SPOKE_KMK
neighbor 172.30.1.10 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.1.11 peer-group PG_BGP_SPOKE_PHK
neighbor 172.30.1.12 peer-group PG_BGP_SPOKE_PHK
neighbor 172.30.1.12 route-map RM_RT_PRIM_IN in
neighbor 172.30.1.13 peer-group PG_BGP_SPOKE_SRM
neighbor 172.30.1.14 peer-group PG_BGP_SPOKE_SRM
neighbor 172.30.1.14 route-map LP_1500 in
neighbor 172.30.1.15 peer-group PG_BGP_SPOKE_KM
neighbor 172.30.1.16 peer-group PG_BGP_SPOKE_KM
neighbor 172.30.1.17 peer-group PG_BGP_SPOKE_MK
neighbor 172.30.1.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
neighbor 172.30.1.19 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.1.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
neighbor 172.30.1.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
neighbor 172.30.1.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
neighbor 172.30.1.23 peer-group PG_BGP_SPOKE_PF_DC
neighbor 172.30.1.24 peer-group PG_BGP_SPOKE_PF_DC
neighbor 172.30.1.25 peer-group PG_BGP_SPOKE_PF_GLAZOV
neighbor 172.30.1.26 peer-group PG_BGP_SPOKE_PF_GLAZOV
neighbor 172.30.1.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO
neighbor 172.30.1.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO
neighbor 172.30.1.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK
neighbor 172.30.1.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK
neighbor 172.30.1.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK
neighbor 172.30.1.31 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.1.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK
neighbor 172.30.1.33 peer-group PG_BGP_SPOKE_PF_KAZAN
neighbor 172.30.1.34 peer-group PG_BGP_SPOKE_PF_KAZAN
neighbor 172.30.1.35 peer-group PG_BGP_SPOKE_PF_PERM
neighbor 172.30.1.36 peer-group PG_BGP_SPOKE_PF_PERM
neighbor 172.30.1.37 peer-group PG_BGP_SPOKE_KG_MOSCOW
neighbor 172.30.1.38 peer-group PG_BGP_SPOKE_KG_MOSCOW
neighbor 172.30.1.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
neighbor 172.30.1.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
neighbor 172.30.1.40 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.1.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK
neighbor 172.30.1.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA
neighbor 172.30.1.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG
neighbor 172.30.1.45 peer-group PG_BGP_SPOKE_KG_GKZ
neighbor 172.30.1.46 peer-group PG_BGP_SPOKE_KG_GKZ
neighbor 172.30.1.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 172.30.1.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 172.30.1.48 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.1.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY
neighbor 172.30.1.50 peer-group PG_BGP_SPOKE_VST_IZM
neighbor 172.30.1.51 peer-group PG_BGP_SPOKE_VST_IZM
neighbor 172.30.1.52 peer-group PG_BGP_SPOKE_VST_ITL
neighbor 172.30.1.53 peer-group PG_BGP_SPOKE_VST_ITL
neighbor 172.30.1.54 peer-group PG_BGP_SPOKE_VST_KIA
neighbor 172.30.1.55 peer-group PG_BGP_SPOKE_VST_KIA
neighbor 172.30.1.56 peer-group PG_BGP_SPOKE_VST_BBN
neighbor 172.30.1.57 peer-group PG_BGP_SPOKE_VST_BBN
neighbor 172.30.1.58 peer-group PG_BGP_SPOKE_VST_MZH
neighbor 172.30.1.59 peer-group PG_BGP_SPOKE_VST_MZH
neighbor 172.30.1.60 peer-group PG_BGP_SPOKE_VST_SMK
neighbor 172.30.1.60 route-map RM_RT_LP in
neighbor 172.30.1.61 peer-group PG_BGP_SPOKE_VST_SMK
neighbor 172.30.1.62 peer-group PG_BGP_SPOKE_VST_KGB
neighbor 172.30.1.62 route-map RM_RT_LP in
neighbor 172.30.1.63 peer-group PG_BGP_SPOKE_VST_KGB
neighbor 172.30.1.64 peer-group PG_BGP_SPOKE_VST_KNK
neighbor 172.30.1.65 peer-group PG_BGP_SPOKE_TMA_SHM
neighbor 172.30.1.66 peer-group PG_BGP_SPOKE_TMA_SHM
neighbor 172.30.1.67 peer-group PG_BGP_SPOKE_TMA_EVL
neighbor 172.30.1.68 peer-group PG_BGP_SPOKE_TMA_KIB
neighbor 172.30.1.69 peer-group PG_BGP_SPOKE_TMA_MSB
neighbor 172.30.1.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY
neighbor 172.30.1.73 peer-group PG_BGP_SPOKE_KG_SPB
neighbor 172.30.1.74 peer-group PG_BGP_SPOKE_PF_AKS
neighbor 172.30.1.75 peer-group PG_BGP_SPOKE_PF_AKS
neighbor 172.30.30.55 peer-group PG_BGP_MILKOM
neighbor 172.30.30.55 description IZH-MLK-SW-1-1_Huawei
neighbor 172.30.30.57 peer-group PG_BGP_MILKOM
neighbor 172.30.30.57 description --IZH-MLK-IZM-RT-1-3--
neighbor 172.30.30.60 peer-group PG_BGP_MILKOM
neighbor 172.30.30.60 description --IZH-MLK-IZM-RT-1-1--
neighbor 172.30.30.61 peer-group PG_BGP_MILKOM
neighbor 172.30.30.61 description --IZH-MLK-IZM-RT-1-2--
neighbor 172.30.30.62 peer-group PG_BGP_MILKOM
neighbor 172.30.30.62 description --IZH-MLK-IZM-SW-1-1--
distance bgp 150 150 150
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip nat inside source route-map ISP_ROSTELECOM interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 78.85.13.1 100 name --ROSTELECOM--
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.4.254.254 name --MANAGEMENT_ROUTE--
!
!
!
ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24
!
ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29
ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25
!
ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29
ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22
ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25
ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24
!
ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24
ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29
ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24
ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24
ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24
ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24
ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24
ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24
ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25
!
ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24
ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30
ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29
ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22
ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24
ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24
!
ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29
ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25
ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24
!
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21
ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22
ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list PFL_ROUTE_TO_KOMOS seq 10 permit 10.4.0.0/14 le 24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 20 permit 172.31.35.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 30 permit 172.17.100.0/29
ip prefix-list PFL_ROUTE_TO_KOMOS seq 40 permit 172.31.31.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 50 permit 192.168.8.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 60 permit 192.168.11.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 70 permit 192.168.20.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 80 permit 192.168.31.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 90 permit 192.168.48.0/22
ip prefix-list PFL_ROUTE_TO_KOMOS seq 100 permit 192.168.60.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 110 permit 192.168.72.0/22
ip prefix-list PFL_ROUTE_TO_KOMOS seq 120 permit 192.168.9.0/24
ip prefix-list PFL_ROUTE_TO_KOMOS seq 200 permit 192.168.0.0/16
ip prefix-list PFL_ROUTE_TO_KOMOS seq 210 permit 10.14.0.0/16 le 24
!
ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0
ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32
!
ip access-list standard ACL_NAT_ASTERISK
permit 172.17.100.2
ip access-list standard ACL_SIP_KG
permit 10.4.7.17
ip access-list standard AUX
permit 10.255.255.255
!
ip access-list extended ACL-DMVPN_TRAFFIC_MLK
permit ip any any
permit tcp any any eq 22
permit icmp any any
permit gre any any
permit udp any any eq isakmp
permit esp any any
permit eigrp any any
ip access-list extended ACL-WAN_TO_SELF_MLK
deny tcp any any eq 22 log
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
permit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any administratively-prohibited
permit icmp any any echo
deny ip any any
ip access-list extended ACL_QOS_Q1
remark WEB Internet
permit tcp any any eq www 443 8443
permit tcp any eq www 443 8443 any
remark Samba
permit tcp any any eq 445
permit tcp any eq 445 any
ip access-list extended ACL_QOS_Q2
remark 1C
permit tcp any any range 1560 1591
permit tcp any any eq 1540 1541
permit tcp any range 1560 1591 any
permit tcp any eq 1540 1541 any
remark SQL
permit udp any any eq 1433
permit tcp any any eq 1433
permit udp any eq 1433 any
permit tcp any eq 1433 any
remark WEB Local
permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443
permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443
permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443
permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any
permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any
permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any
ip access-list extended ACL_QOS_Q3
remark SIP
permit udp any any eq 5060 5061
permit udp any eq 5060 5061 any
remark RDP
permit tcp any any eq 3389
permit tcp any eq 3389 any
permit udp any any eq 3389
permit udp any eq 3389 any
remark SSH
permit tcp any any eq 22
permit tcp any eq 22 any
remark Winbox
permit tcp any any eq 8291
permit tcp any eq 8291 any
ip access-list extended ACL_QOS_Q4
remark TEAMS + Confirence and other + Telegram
ip access-list extended ACL_QOS_Q5
remark RTP trafic
permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000
permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000
permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000
permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000
remark DNS
permit udp any any eq domain
permit tcp any any eq domain
permit udp any eq domain any
permit tcp any eq domain any
remark NTP
permit udp any any eq ntp
remark LDAP
permit udp any any eq 389 88
permit tcp any any eq 389 88
permit udp any eq 389 88 any
permit tcp any eq 389 88 any
ip access-list extended ACL_VTY
permit ip 10.1.0.0 0.0.255.255 any
permit ip 10.4.0.0 0.0.255.255 any
permit ip 10.14.112.0 0.0.15.255 any
deny ip any any log
ip sla 7777
icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0/0
request-data-size 1400
threshold 600
timeout 2000
frequency 30
ip sla schedule 7777 life forever start-time now
logging origin-id hostname
logging host 10.4.244.4 transport udp port 515
access-list 5 permit 192.168.8.99
access-list 5 permit 10.4.0.58
access-list 5 permit 10.4.0.214
access-list 5 permit 10.4.0.215
!
!
route-map ISP_ROSTELECOM permit 10
match ip address ACL_NAT_ASTERISK ACL_SIP_KG
match interface GigabitEthernet0/0/0
!
route-map RM_KEZ_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_RT_LP permit 20
set local-preference 900
!
route-map RM_KAZAN_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_GLAZOV_IN permit 20
match ip address prefix-list IN_FROM_PS_GLAZOV
!
route-map RM_PERM_IN permit 20
match ip address prefix-list IN_FROM_PS_PERM
!
route-map RM_SPOKE_OUT deny 10
match ip address prefix-list PL_DF_GW
!
route-map RM_SPOKE_OUT permit 20
!
route-map RM_TO_KOMOS_MAIN_OUT permit 20
match ip address prefix-list PFL_ROUTE_TO_KOMOS
!
route-map RM_SARAPUL_OUT permit 20
match ip address prefix-list OUT_ALL_PS_MILKOM
!
route-map RM_KOMOS_MEDIA_OUT permit 10
match ip address prefix-list OUT_TO_MEAT_COMPANY
!
route-map RM_BGP_FROM_SPOKE permit 10
set local-preference 900
!
route-map RM_KAZAN_IN permit 20
match ip address prefix-list IN_FROM_PS_KAZAN
!
route-map LP_1500 permit 10
set local-preference 1500
!
route-map RM_RT_PRIM_IN permit 10
set local-preference 500
!
route-map RM_KEZ_IN permit 20
match ip address prefix-list IN_FROM_PS_KEZ
!
route-map RM_SARAPUL_IN permit 20
match ip address prefix-list IN_FROM_PS_SARAPUL
!
route-map RM_MEAT_COMPANY_OUT permit 10
match ip address prefix-list OUT_TO_MEAT_COMPANY
!
route-map RM_KOMOS_MEDIA_IN permit 10
match ip address prefix-list IN_FROM_KOMOS_MEDIA
!
route-map RM_GLAZOV_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_PERM_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
snmp-server community lmTUEsk6Yvlv RO 5
snmp ifmib ifindex persist
!
!
!
radius server IZH-RDS002
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
radius server P11-RDS003
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
!
control-plane
!
alias exec q exit
alias exec AUX telnet 10.255.255.255 2001 /vrf AUX
!
line con 0
login authentication CONSOLE
transport input none
stopbits 1
line aux 0
access-class AUX in vrf-also
privilege level 15
login authentication NPS
rotary 1
transport input telnet
stopbits 1
line vty 0 4
access-class ACL_VTY in vrf-also
exec-timeout 120 0
transport input ssh
line vty 5 15
access-class ACL_VTY in vrf-also
exec-timeout 120 0
transport input ssh
!
ntp server 10.4.0.1
ntp server 10.4.0.2
!
!
!
!
!
end
Reference in New Issue Copy Permalink