Building configuration... Current configuration : 12403 bytes ! version 15.7 service timestamps debug datetime msec service timestamps log datetime localtime no service password-encryption no service dhcp ! hostname IZH-VRS-AKS-RT-1-2 ! boot-start-marker boot system flash:c2900-universalk9-mz.SPA.157-3.M4b.bin boot-end-marker ! ! logging console critical ! aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface GigabitEthernet0/2.300 load-balance method least-outstanding ! aaa authentication login default local group NPS enable aaa authentication login LOCAL_AUTH local aaa authentication login CONSOLE local group NPS aaa authorization exec default local group NPS if-authenticated ! ! ! ! ! ! aaa session-id common memory-size iomem 25 clock timezone IZH 4 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip vrf AUX ! ip dhcp excluded-address 10.8.80.1 10.8.80.30 ip dhcp excluded-address 10.8.80.252 10.8.80.254 ! ip dhcp pool DHCP-AKS-USERS network 10.8.80.0 255.255.255.0 domain-name varaksino.local dns-server 192.168.72.59 10.8.17.100 default-router 10.8.80.254 ! ip dhcp pool DHCP-AKS-VOICE network 10.8.82.0 255.255.255.128 default-router 10.8.82.126 domain-name varaksino.local dns-server 192.168.72.59 10.8.17.100 ! ! ! ip domain name komos.ru ip host tftp 10.4.0.214 ip cef login block-for 60 attempts 3 within 20 login on-failure log login on-success log no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! voice-card 0 ! ! ! ! ! ! ! ! vxml logging-tag license udi pid CISCO2911/K9 sn FGL171511YT license boot module c2900 technology-package securityk9 license boot module c2900 technology-package uck9 license boot module c2900 technology-package datak9 ! ! object-group network NET_KOMOSGROUP host 88.80.33.50 91.240.179.0 255.255.255.0 host 62.141.96.126 host 94.25.46.122 host 88.80.33.10 host 5.227.124.143 host 84.201.247.190 ! object-group network NET_MLK description :: MILKOM_DATACENTER host 85.140.32.177 host 78.85.14.98 host 213.87.95.1 host 85.140.32.27 host 78.85.13.42 ! object-group network NET_PS_PF host 5.227.121.127 host 46.232.164.108 host 78.85.13.117 host 78.85.13.118 host 78.85.13.119 host 78.85.14.98 host 78.85.33.50 host 85.140.32.141 host 85.140.32.177 host 85.140.32.178 host 88.80.33.14 host 95.215.208.234 host 178.47.130.10 host 178.205.241.114 ! object-group network OBJ_IZH_KG_P11 91.240.179.0 255.255.255.0 host 5.227.124.143 host 78.85.13.93 host 62.141.96.126 host 84.201.247.190 host 88.80.33.50 host 94.25.46.122 range 91.240.179.1 91.240.179.254 host 213.87.95.1 host 78.85.33.50 ! object-group network OBJ_IZH_MLK_IZM host 85.140.32.27 host 78.85.13.42 host 5.227.126.169 host 31.173.105.54 host 217.14.195.253 host 5.227.124.143 host 85.175.86.74 ! object-group network OBJ_SPB_KG_SPB host 62.141.114.190 host 94.72.27.43 ! object-group network OBJ_BRANCHES group-object OBJ_IZH_KG_P11 group-object OBJ_IZH_MLK_IZM group-object NET_PS_PF group-object OBJ_SPB_KG_SPB ! object-group network OBJ_EKB_KG_EKB host 176.215.14.11 ! object-group network STATIC_ISP_IP host 5.227.124.50 host 87.249.233.80 ! username akhmetzyanovrr privilege 15 secret 5 $1$4ajK$8IhQ.F/zgk6iATjBybsWg/ username menshikov privilege 15 secret 5 $1$jKjV$FRCadPiBRpyUc8/VTp5ks. username menshikov_vp privilege 15 secret 5 $1$0h9S$JsVS.aqoTho3f6U24P7oP0 username netadmin privilege 15 secret 5 $1$m/mQ$KqBYDbB13GiR.2/Iu3sru/ ! redundancy ! ! ! ! ! track 100 list boolean or object 102 object 103 ! track 101 ip sla 101 reachability delay down 10 up 5 ! track 102 ip sla 102 reachability delay down 10 up 5 ! track 103 ip sla 103 reachability delay down 10 up 5 ! ! crypto logging session ! crypto isakmp policy 150 encr aes authentication pre-share group 2 crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth crypto isakmp keepalive 30 crypto isakmp nat keepalive 10 ! ! crypto ipsec transform-set CRYPTO_TS_DMVPN esp-aes esp-sha-hmac mode transport ! crypto ipsec profile CRYPTO_IPSEC_DMVPN description --SPOKE_TO_SITE_DMVPN_IPSEC_GRE-- set transform-set CRYPTO_TS_DMVPN ! ! ! ! ! ! ! interface Loopback777 description AUX ip vrf forwarding AUX ip address 10.255.255.255 255.255.255.255 ! interface Tunnel1001 description --DMVPN_SPOKE_72_CLOUD_1-- bandwidth 100000 ip address 172.30.1.75 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip nhrp authentication M_K.Cl01 ip nhrp map 172.30.1.1 85.140.32.27 ip nhrp map 172.30.1.2 78.85.13.42 ip nhrp map multicast 85.140.32.27 ip nhrp map multicast 78.85.13.42 ip nhrp network-id 1001 ip nhrp holdtime 300 ip nhrp nhs 172.30.1.1 ip nhrp nhs 172.30.1.2 ip tcp adjust-mss 1360 tunnel source Dialer1 tunnel mode gre multipoint tunnel key 1001 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared ! interface Tunnel1002 description --DMVPN_SPOKE_72_CLOUD_2-- bandwidth 100000 ip address 172.30.2.75 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1400 ip nhrp authentication M_K.Cl02 ip nhrp map 172.30.2.1 5.227.124.143 ip nhrp map 172.30.2.2 78.85.13.93 ip nhrp map multicast 5.227.124.143 ip nhrp map multicast 78.85.13.93 ip nhrp network-id 1002 ip nhrp holdtime 300 ip nhrp nhs 172.30.2.1 ip nhrp nhs 172.30.2.2 ip tcp adjust-mss 1360 tunnel source Dialer1 tunnel mode gre multipoint tunnel key 1002 tunnel protection ipsec profile CRYPTO_IPSEC_DMVPN shared ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description [ISP-100M] Lainer no ip address duplex auto speed auto no cdp enable pppoe enable group global pppoe-client dial-pool-number 1 no lldp transmit ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/2 no ip address duplex auto speed auto ! interface GigabitEthernet0/2.2 description --Users-- encapsulation dot1Q 2 ip dhcp relay information trusted ip address 10.8.80.253 255.255.255.0 ip nat inside ip virtual-reassembly in standby version 2 standby 2 ip 10.8.80.254 standby 2 priority 90 standby 2 preempt standby 2 track 100 decrement 30 ! interface GigabitEthernet0/2.300 description --MANAGMENT-- encapsulation dot1Q 300 ip address 10.8.81.253 255.255.255.0 standby version 2 standby 300 ip 10.8.81.254 standby 300 priority 90 standby 300 preempt standby 300 track 100 decrement 30 ! interface GigabitEthernet0/2.307 description --SKUD-- encapsulation dot1Q 307 ip address 10.8.82.253 255.255.255.128 standby version 2 standby 307 ip 10.8.82.254 standby 307 priority 90 standby 307 preempt standby 307 track 100 decrement 30 ! interface GigabitEthernet0/2.350 description --VOICE-- encapsulation dot1Q 350 ip dhcp relay information trusted ip address 10.8.82.125 255.255.255.128 standby version 2 standby 350 ip 10.8.82.126 standby 350 priority 90 standby 350 preempt standby 350 track 100 decrement 30 ! interface GigabitEthernet0/2.400 description --VIDEO-- encapsulation dot1Q 400 ip address 10.8.83.125 255.255.255.128 standby version 2 standby 400 ip 10.8.83.126 standby 400 priority 110 standby 400 preempt standby 400 track 100 decrement 30 ! interface GigabitEthernet0/2.555 description --BGP_TRANSIT-- encapsulation dot1Q 555 ip address 172.30.31.34 255.255.255.248 ! interface Dialer1 mtu 1492 ip address negotiated ip access-group ACL_FIREWALL in ip access-group ACL_LAN_TO_WAN out ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname pppoe05061 ppp chap password 0 DgkYby ppp pap sent-username pppoe05061 password 0 DgkYby ! ! router bgp 64553 bgp log-neighbor-changes bgp graceful-restart network 10.8.80.0 mask 255.255.252.0 neighbor PG_BGP_OCOD peer-group neighbor PG_BGP_OCOD remote-as 64512 neighbor PG_BGP_OCOD soft-reconfiguration inbound neighbor PG_BGP_OCOD route-map RM_TO_HUB out neighbor PG_BGP_RCOD peer-group neighbor PG_BGP_RCOD remote-as 64513 neighbor PG_BGP_RCOD soft-reconfiguration inbound neighbor PG_BGP_RCOD route-map RM_TO_HUB out neighbor PG_BGP_PFCOD peer-group neighbor PG_BGP_PFCOD remote-as 64523 neighbor PG_BGP_PFCOD soft-reconfiguration inbound neighbor PG_BGP_PFCOD route-map RM_TO_HUB out neighbor PG_BGP_VRS_PFV peer-group neighbor PG_BGP_VRS_PFV remote-as 64525 neighbor PG_BGP_VRS_PFV soft-reconfiguration inbound neighbor PG_BGP_VRS_PFV route-map RM_TO_HUB out neighbor 172.30.1.1 peer-group PG_BGP_OCOD neighbor 172.30.1.2 peer-group PG_BGP_OCOD neighbor 172.30.1.23 peer-group PG_BGP_PFCOD neighbor 172.30.1.24 peer-group PG_BGP_PFCOD neighbor 172.30.1.27 peer-group PG_BGP_VRS_PFV neighbor 172.30.1.28 peer-group PG_BGP_VRS_PFV neighbor 172.30.2.1 peer-group PG_BGP_RCOD neighbor 172.30.2.2 peer-group PG_BGP_RCOD neighbor 172.30.2.23 peer-group PG_BGP_PFCOD neighbor 172.30.2.24 peer-group PG_BGP_PFCOD neighbor 172.30.2.27 peer-group PG_BGP_VRS_PFV neighbor 172.30.2.28 peer-group PG_BGP_VRS_PFV neighbor 172.30.31.33 remote-as 64553 neighbor 172.30.31.33 next-hop-self ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip tftp source-interface GigabitEthernet0/2.300 ip nat translation timeout 450 ip nat translation tcp-timeout 300 ip nat translation pptp-timeout 1800 ip nat translation udp-timeout 45 ip nat translation dns-timeout 5 ip nat translation port-timeout tcp 110 60 ip nat translation port-timeout tcp 25 60 ip nat translation port-timeout tcp 80 15 ip nat translation port-timeout udp 5060 180 ip nat translation max-entries all-host 400 ip nat inside source route-map RM_NAT_ISP1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 100 name Lainer track 100 ip route 1.1.1.1 255.255.255.255 Dialer1 101 name over_Lainer track 101 ip route 8.8.8.8 255.255.255.255 Dialer1 101 name over_Lainer track 101 ip ssh logging events ip ssh version 2 ! ip access-list standard AUX permit 10.255.255.255 ip access-list standard NAT_POOL permit 10.8.80.0 0.0.0.255 ! ip access-list extended ACL_FIREWALL permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP permit udp any eq ntp object-group STATIC_ISP_IP permit icmp any any unreachable permit icmp any any echo-reply permit icmp any any packet-too-big permit icmp any any time-exceeded permit icmp any any traceroute permit icmp any any administratively-prohibited permit icmp any any echo evaluate reflectedtraffic ip access-list extended ACL_LAN_TO_WAN permit ip any any reflect reflectedtraffic timeout 300 ! ! ip prefix-list PL_TO_HUB seq 5 permit 10.8.80.0/22 ip sla 101 icmp-echo 87.249.224.62 source-interface Dialer1 threshold 2000 timeout 3000 frequency 10 ip sla schedule 101 life forever start-time now ip sla 102 icmp-echo 8.8.8.8 source-interface Dialer1 threshold 2000 timeout 3000 frequency 10 ip sla schedule 102 life forever start-time now ip sla 103 icmp-echo 1.1.1.1 source-interface Dialer1 threshold 2000 timeout 3000 frequency 10 ip sla schedule 103 life forever start-time now ipv6 ioam timestamp ! route-map RM_NAT_ISP1 permit 10 match ip address NAT_POOL match interface Dialer1 ! route-map RM_TO_HUB permit 10 match ip address prefix-list PL_TO_HUB ! ! snmp-server community lmTUEsk6Yvlv RO snmp-server community public RO ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! radius server IZH-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! ! ! control-plane ! ! ! ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! gatekeeper shutdown ! alias exec AUX telnet 10.255.255.255 2001 /vrf AUX alias exec q exit ! line con 0 logging synchronous login authentication CONSOLE line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 logging synchronous transport input ssh line vty 5 15 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ! end