Building configuration... Current configuration : 18739 bytes ! ! Last configuration change at 21:50:15 MSK Mon Jun 6 2022 ! NVRAM config last updated at 01:00:03 MSK Thu Jul 28 2022 ! version 15.2 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers service unsupported-transceiver ! hostname IZH-KG-P11-SW-2-1 ! boot-start-marker boot-end-marker ! logging buffered 512000 informational enable secret 5 $1$j4UP$Wgs2xMeWlYNzcOvcwfmE90 ! username netadmin privilege 15 secret 5 $1$ks1B$fsJBlnRS0VwPSRIaPfaw2. aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone MSK 4 0 switch 1 provision ws-c2960x-48lps-l no ip source-route no ip gratuitous-arps ! ! ip dhcp snooping vlan 150,154,204 no ip dhcp snooping information option ip dhcp snooping no ip domain-lookup ip domain-name komos.ru ip host tftp 10.4.0.214 ip host VM-KG-NET 10.1.12.70 no ip igmp snooping report-suppression ip igmp snooping querier ip igmp snooping vlan 4094 querier version 2 ip igmp snooping vlan 4094 mrouter interface Gi1/0/28 ip igmp snooping vlan 4094 mrouter interface Gi1/0/29 ip igmp snooping vlan 4094 mrouter interface Gi1/0/30 ip igmp snooping vlan 4094 mrouter interface Gi1/0/52 login on-failure log login on-success log vtp mode transparent ! ! ! ! ! ! mvr vlan 15 mvr querytime 10 mvr mode dynamic ! ! archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/IZH/KG/P11-SW_L2/$H.$T.conf write-memory time-period 10080 ! spanning-tree mode rapid-pvst spanning-tree logging spanning-tree portfast edge bpdufilter default no spanning-tree optimize bpdu transmission spanning-tree extend system-id errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause psecure-violation errdisable recovery cause port-mode-failure errdisable recovery cause loopback errdisable recovery interval 600 ! ! ! ! vlan internal allocation policy ascending ! vlan 2 name KG_LAN-USER ! vlan 3 name KG_LAN-RESTRICTED ! vlan 4 name KG_LAN-VDI ! vlan 5 name KG_LAN-ADMIN ! vlan 6 name IMP-LAN ! vlan 9 name Kaznach_restrict ! vlan 11 name KG_LAN-AS199014 ! vlan 12 name UNIFI_WIRELESS ! vlan 20 name DMZ-1 ! vlan 25 name VOICE_VLAN ! vlan 100 name Inbound_management ! vlan 112 name CISCO2911_MGMT ! vlan 150 name KG_WIFI-USER ! vlan 152 name KG_ARUBA_USERS ! vlan 154 name MGMT_ELTEX-WIFI_TEST ! vlan 200 name KG_MGMT-SRV ! vlan 201 name KG_LAN-SRV ! vlan 204 name KAZNACH_KG ! vlan 297 name srvNet_10.1.122.0_24 ! vlan 300 name KG_MGMT-NET ! vlan 301 name KG_MGMT-WIFI ! vlan 303 name KG-ARUBA-AP ! vlan 304 name WIFI_ARUBA_MGM ! vlan 350 name IMP-VOIP ! vlan 351 name KG_VOIP ! vlan 400 name -Video-UZB- ! vlan 500 name KG_WIFI-GUEST ! vlan 3073 name --MTS_DMVPN-- ! vlan 3074 name --RT_DMVPN-- ! vlan 3333 name HUAWEI_WIFI_NETWORK ! vlan 3334 name HUAWEI_WIFI_NETWORK_USERS ! vlan 3915 name --TEST_ZLOBIN_DENIS_UNTIL_01.07. ! vlan 4041 name --VLAN_P11_VS17-- ! vlan 4092 name ISP-Beeline_Kaznach ! vlan 4093 name ISP-IMP_ERTEL ! vlan 4094 name KG_VIDEO-RTK ! ip tcp selective-ack ip tcp path-mtu-discovery lldp run ! policy-map PM_default class class-default ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback7777 description TK7238m no ip address shutdown ! interface Port-channel1 description [CORE] SW-1-1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0 no ip address shutdown ! interface GigabitEthernet1/0/1 description ACCESS switchport access vlan 5 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/2 description --TEST_ZLOBIN_DENIS_UNTIL_01.07-- switchport access vlan 2 switchport mode access switchport voice vlan 351 no snmp trap link-status storm-control broadcast level pps 200 180 storm-control multicast level pps 200 180 no cdp enable no lldp transmit no lldp receive spanning-tree portfast edge spanning-tree bpdufilter enable ! interface GigabitEthernet1/0/3 description ELTEX-WIFI_TEST switchport trunk allowed vlan 150,154 switchport trunk native vlan 154 switchport mode trunk no logging event link-status shutdown no snmp trap link-status no cdp enable ! interface GigabitEthernet1/0/4 description AP_ARUBA switchport access vlan 303 switchport mode access no logging event link-status no snmp trap link-status no cdp enable ! interface GigabitEthernet1/0/5 description ARUBA_AP switchport access vlan 303 switchport mode access no logging event link-status no snmp trap link-status no cdp enable ! interface GigabitEthernet1/0/6 description ARUBA_AP switchport access vlan 303 switchport mode access no logging event link-status no snmp trap link-status no cdp enable ! interface GigabitEthernet1/0/7 description ARUBA_AP switchport access vlan 303 switchport mode access no logging event link-status no snmp trap link-status no cdp enable ! interface GigabitEthernet1/0/8 description ACCESS switchport access vlan 152 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/9 description Semenov_Mihail switchport access vlan 5 switchport mode access switchport voice vlan 351 logging event trunk-status logging event spanning-tree no snmp trap link-status no lldp transmit no lldp receive spanning-tree portfast edge ! interface GigabitEthernet1/0/10 description HUAWEI_WIFI_NETWORK switchport mode trunk no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/11 description [ACC] 220-3-1 switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status no cdp enable no lldp transmit no lldp receive spanning-tree portfast edge ! interface GigabitEthernet1/0/12 description !!KAZNACH_KG!! switchport access vlan 204 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/13 description [ACC] cab_308 switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/14 description [ISP-4M] Beeline KAZNACH KG switchport access vlan 4092 switchport mode access no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree guard root ! interface GigabitEthernet1/0/15 description [ACC] switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/16 description [ACC] 220.3.2 switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/17 description SSN-HP_DL180G7-iLO switchport access vlan 100 switchport mode access no logging event link-status no snmp trap link-status no cdp enable ! interface GigabitEthernet1/0/18 description IMP-WAN-ERT switchport access vlan 4093 switchport mode access no logging event link-status no snmp trap link-status no cdp enable no lldp transmit no lldp receive spanning-tree bpdufilter enable ! interface GigabitEthernet1/0/19 description 206.2.3_Kaznacheistvo_restricted switchport access vlan 9 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable ! interface GigabitEthernet1/0/20 description [PRN] 206.1.2 switchport access vlan 2 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable ! interface GigabitEthernet1/0/21 description KG-SRV-BackupDS-MGMT switchport access vlan 200 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable ! interface GigabitEthernet1/0/22 description KG-SRV-BackupDS-MGMT switchport access vlan 200 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable ! interface GigabitEthernet1/0/23 description [ACC] 217-7 Fokina switchport access vlan 5 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/24 description ACCESS switchport access vlan 2 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable ! interface GigabitEthernet1/0/25 description [WIFI] AP-3-304 switchport access vlan 5 switchport trunk allowed vlan 12,150 switchport trunk native vlan 12 switchport mode trunk no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 hold-queue 4095 out ! interface GigabitEthernet1/0/26 description MALKOV_NETWORK switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 spanning-tree portfast edge ! interface GigabitEthernet1/0/27 switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status power inline port 2x-mode no snmp trap link-status storm-control broadcast level 30.00 spanning-tree portfast edge ! interface GigabitEthernet1/0/28 description IPTV_KAFE switchport access vlan 2 switchport mode access switchport protected switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 spanning-tree portfast edge ! interface GigabitEthernet1/0/29 description IPTV_Source switchport access vlan 4094 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 ! interface GigabitEthernet1/0/30 description IPTV_FOKINA switchport access vlan 2 switchport mode access switchport voice vlan 350 no snmp trap link-status storm-control broadcast level 30.00 spanning-tree portfast edge ! interface GigabitEthernet1/0/31 description MALKOV_NETWORK_214-3-2 switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 spanning-tree portfast edge ! interface GigabitEthernet1/0/32 description GARAZH switchport access vlan 2 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 spanning-tree bpdufilter enable ! interface GigabitEthernet1/0/33 description Seagate-Video-NAS switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 ! interface GigabitEthernet1/0/34 description 3COMM-SW-Video-IZHASSO switchport access vlan 5 switchport mode access no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 ! interface GigabitEthernet1/0/35 description MALKOV_NETWORK_202-4-2 switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status power inline port 2x-mode no snmp trap link-status storm-control broadcast level 30.00 spanning-tree portfast edge ! interface GigabitEthernet1/0/36 description [WIFI] AP-1-106 switchport trunk allowed vlan 12,150,500 switchport trunk native vlan 12 switchport mode trunk no snmp trap link-status storm-control broadcast level 30.00 ! interface GigabitEthernet1/0/37 description [WIFI] AP-2-217-FLV switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status no cdp enable no lldp transmit no lldp receive spanning-tree portfast edge ! interface GigabitEthernet1/0/38 description [WIFI] AP-1-105UPM switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status spanning-tree portfast edge ! interface GigabitEthernet1/0/39 description [WIFI] AP-2-214-PEU switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status no cdp enable no lldp transmit no lldp receive spanning-tree portfast edge ! interface GigabitEthernet1/0/40 description [WIFI] AP-2-203-OKR switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status no cdp enable no lldp transmit no lldp receive spanning-tree portfast edge ! interface GigabitEthernet1/0/41 description [WIFI] AP-2-222-BUH switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status spanning-tree portfast edge ! interface GigabitEthernet1/0/42 description ACCESS switchport access vlan 2 switchport mode access switchport voice vlan 351 no logging event link-status no snmp trap link-status storm-control broadcast level 30.00 no cdp enable spanning-tree portfast edge ! interface GigabitEthernet1/0/43 description [WIFI] AP-2-203-OKR switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status spanning-tree portfast edge ! interface GigabitEthernet1/0/44 description [WIFI] AP-3-310-OFIP switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status no cdp enable no lldp transmit no lldp receive spanning-tree portfast edge ! interface GigabitEthernet1/0/45 description [WIFI] AP-2-201-IT switchport trunk allowed vlan 9,10,12,150,301,500 switchport trunk native vlan 12 switchport mode trunk no logging event link-status power inline port 2x-mode no snmp trap link-status spanning-tree portfast edge ! interface GigabitEthernet1/0/46 description [ACC] -Video-UZB- switchport access vlan 400 switchport mode access storm-control broadcast level 10.00 storm-control multicast level 10.00 no cdp enable no lldp transmit no lldp receive spanning-tree guard root ! interface GigabitEthernet1/0/47 description [ISP-100M] Rostelecom RT-1-4_DMVPN switchport access vlan 3074 switchport mode access no snmp trap link-status storm-control broadcast level 1.00 no cdp enable ! interface GigabitEthernet1/0/48 description [SRV] kg-p11-bkp003 switchport access vlan 297 switchport mode access no logging event link-status no snmp trap link-status spanning-tree portfast edge ! interface GigabitEthernet1/0/49 description [CORE] Po1 SW-1-1 switchport mode trunk logging event trunk-status logging event spanning-tree channel-group 1 mode on ip dhcp snooping trust ! interface GigabitEthernet1/0/50 description [CORE] Po1 SW-1-1 switchport mode trunk logging event trunk-status logging event spanning-tree channel-group 1 mode on ip dhcp snooping trust ! interface GigabitEthernet1/0/51 description [ISP-300M] Rostelecom L2VPN MK_VS17 switchport access vlan 4041 switchport mode access logging event trunk-status logging event spanning-tree speed nonegotiate spanning-tree bpdufilter enable ! interface GigabitEthernet1/0/52 ! interface Vlan1 no ip address shutdown ! interface Vlan4 description KG_LAN-VDI ip address 192.168.248.248 255.255.255.0 ! interface Vlan100 ip address 10.1.1.21 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp no ip route-cache ! ip default-gateway 10.1.1.1 no ip http server no ip http secure-server ! ip tftp source-interface Vlan100 ip ssh authentication-retries 2 ip ssh version 2 ! kron occurrence EveryDay at 1:00 recurring policy-list SaveBackup ! kron policy-list SaveBackup cli write memory ! logging trap debugging logging origin-id hostname logging facility local6 logging source-interface Vlan100 logging host 10.4.244.4 transport udp port 515 access-list 23 permit any access-list 23 deny any log ! snmp-server community lmTUEsk6Yvlv RO snmp-server host 10.1.122.227 lmTUEsk6Yvlv ! radius-server attribute 31 send nas-port-detail ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405 ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 101F3E4B5C19563C160C6C010516751A2D0A0A34321159181C7075222515524D7C7A7C00407B536324307D470117150D7E3A273C2B4443044F2E3C345B39522405 ! privilege exec all level 7 show cdp privilege exec all level 7 show running-config privilege exec all level 7 show configuration privilege exec level 7 show ! line con 0 logging synchronous login authentication CONSOLE line vty 0 4 access-class 23 in exec-timeout 120 0 logging synchronous length 0 transport input ssh line vty 5 15 access-class 23 in exec-timeout 120 0 logging synchronous transport input ssh ! ntp source Vlan100 ntp server 10.1.1.2 mac address-table notification change mac address-table notification mac-move ! end