Building configuration... Current configuration : 24909 bytes ! ! Last configuration change at 16:17:27 SAMT Wed Jun 15 2022 by adm_ivanovas ! NVRAM config last updated at 16:38:21 SAMT Wed Jun 15 2022 by adm_ivanovas ! version 15.0 no service pad service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year no service password-encryption service unsupported-transceiver ! hostname KEZ-MLK-KZS-SW-1-1 ! boot-start-marker boot-end-marker ! ! logging userinfo enable secret 5 $1$I7ox$/BluRI9AvR9N4XL.Vg5631 ! username netadmin privilege 15 secret 5 $1$P5bL$.E2mZckPMy66s4n34CQYH1 aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface Vlan300 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone SAMT 4 0 switch 1 provision ws-c3750x-24s switch 2 provision ws-c3750x-24s system mtu routing 1500 ip routing no ip cef optimize neighbor resolution ! ! ! no ip domain-lookup ip domain-name milkom-komos.ru ip host tftp 10.4.0.214 login on-failure login on-success ! stack-power stack Power-Stack-1 mode redundant ! stack-power switch 1 stack-power switch 2 ! vtp mode transparent ! ! crypto pki trustpoint TP-self-signed-1840100864 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1840100864 revocation-check none rsakeypair TP-self-signed-1840100864 ! crypto pki trustpoint TP-self-signed-1335665536 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1335665536 revocation-check none rsakeypair TP-self-signed-1335665536 ! ! crypto pki certificate chain TP-self-signed-1840100864 crypto pki certificate chain TP-self-signed-1335665536 license boot level ipservices license boot level ipservices switch 1 archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/KEZ/MLK/KSZ-SW_L3/$H-$T write-memory time-period 10080 ! ! ! ! mac access-list extended VSL-BPDU permit any 0180.c200.0000 0000.0000.0003 mac access-list extended VSL-CDP permit any host 0100.0ccc.cccc mac access-list extended VSL-DOT1x permit any any 0x888E 0x1 mac access-list extended VSL-GARP permit any host 0180.c200.0020 mac access-list extended VSL-LLDP permit any host 0180.c200.000e mac access-list extended VSL-MGMT permit any 0022.bdcd.d200 0000.0000.00ff permit 0022.bdcd.d200 0000.0000.00ff any mac access-list extended VSL-SSTP permit any host 0100.0ccc.cccd spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! ! no errdisable detect cause gbic-invalid no errdisable detect cause sfp-config-mismatch errdisable recovery cause udld errdisable recovery cause bpduguard errdisable recovery cause security-violation errdisable recovery cause channel-misconfig (STP) errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery cause sfp-config-mismatch errdisable recovery cause gbic-invalid errdisable recovery cause l2ptguard errdisable recovery cause psecure-violation errdisable recovery cause port-mode-failure errdisable recovery cause dhcp-rate-limit errdisable recovery cause pppoe-ia-rate-limit errdisable recovery cause mac-limit errdisable recovery cause vmps errdisable recovery cause storm-control errdisable recovery cause inline-power errdisable recovery cause arp-inspection errdisable recovery cause loopback errdisable recovery cause small-frame errdisable recovery cause psp errdisable recovery interval 600 ! ! ! ! vlan internal allocation policy ascending ! vlan 2 name --Users_KU2-- ! vlan 8 name --UserNet_68.0/24-- ! vlan 11 name --ISP-MTS-- ! vlan 12 name --isp2-megafon-- ! vlan 101 name --PRINTERS-- ! vlan 113 name TRANSIT_TO_MIKROTIK ! vlan 122 ! vlan 150 name --Wi-Fi_WORK-- ! vlan 200 name Guest_WiFi ! vlan 201 name --Server_MGM-- ! vlan 250 name --SERVERS_64.0/24-- ! vlan 251 name --SERVERS_BACKUP-- ! vlan 290 name -=SrvVmwVMon=- ! vlan 300 name --MANAGEMENT-- ! vlan 301 name --Wi-Fi_MANAGEMENT-- ! vlan 310 name --UPS_managment-- ! vlan 350 name --VOICE-- ! vlan 450 name --Wi-Fi_SKLAD-- ! vlan 500 name --Wi-Fi_GUEST-- ! vlan 550 name --TRANSIT_HSRP-- ! vlan 555 name --BGP_TRANSIT-- ! vlan 600 name --PRODACTION-- ! vlan 601 name PRD_L2VPN_for_KIP ! vlan 603 name --CRPT-Mark-- ! ip tftp source-interface Vlan300 ip ssh authentication-retries 5 ip ssh logging events ip ssh version 2 ! track 1 ip sla 1 reachability delay down 10 up 5 ! track 2 ip sla 2 reachability delay down 10 up 5 lldp run ! class-map match-any VSL-DATA-PACKETS match access-group name VSL-MGMT class-map match-any VSL-L2-CONTROL-PACKETS match access-group name VSL-DOT1x match access-group name VSL-BPDU match access-group name VSL-CDP match access-group name VSL-LLDP match access-group name VSL-SSTP match access-group name VSL-GARP class-map match-any VSL-L3-CONTROL-PACKETS match access-group name VSL-IPV4-ROUTING match access-group name VSL-BFD match access-group name VSL-DHCP-CLIENT-TO-SERVER match access-group name VSL-DHCP-SERVER-TO-CLIENT match access-group name VSL-DHCP-SERVER-TO-SERVER match access-group name VSL-IPV6-ROUTING class-map match-any VSL-MULTIMEDIA-TRAFFIC match ip dscp af41 match ip dscp af42 match ip dscp af43 match ip dscp af31 match ip dscp af32 match ip dscp af33 match ip dscp af21 match ip dscp af22 match ip dscp af23 class-map match-any VSL-VOICE-VIDEO-TRAFFIC match ip dscp ef match ip dscp cs4 match ip dscp cs5 class-map match-any VSL-SIGNALING-NETWORK-MGMT match ip dscp cs2 match ip dscp cs3 match ip dscp cs6 match ip dscp cs7 ! policy-map VSL-Queuing-Policy class VSL-L2-CONTROL-PACKETS class VSL-L3-CONTROL-PACKETS class VSL-VOICE-VIDEO-TRAFFIC class VSL-SIGNALING-NETWORK-MGMT class VSL-MULTIMEDIA-TRAFFIC class VSL-DATA-PACKETS class class-default ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback100 no ip address ! interface Loopback7777 description 2307018 & 2407018 no ip address shutdown ! interface Port-channel1 description [KU] SW-1-3 switchport trunk encapsulation dot1q switchport mode trunk shutdown ! interface Port-channel2 description [NO] switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel3 description [KU] SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel4 description [KU] SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel5 description [KU] SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel6 description [KU] SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel7 description [KU] SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel8 description [KU] SW-8-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel9 description [KU] SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel10 description [KU] SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel11 description [KU] SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel12 description [KU] SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel13 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel14 description [KU] SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel15 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel16 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel17 description [KU] SW-1-4 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel18 description [KU] SW-1-5 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel19 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel20 description [KU] SW-2-3 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel21 description [KU] SW-2-2 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel22 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel23 description [CORE] SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel24 description [KU] SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0 no ip address no ip route-cache ! interface GigabitEthernet1/0/1 description OLD_Po1_SW-1-3 switchport trunk encapsulation dot1q switchport mode trunk shutdown channel-group 1 mode on ! interface GigabitEthernet1/0/2 description [KU] Po24 SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 24 mode active ! interface GigabitEthernet1/0/3 description [KU] Po3 SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode on ! interface GigabitEthernet1/0/4 description [KU] Po4 SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode on ! interface GigabitEthernet1/0/5 description [KU] Po5 SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet1/0/6 description [KU] Po6 SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet1/0/7 description [KU] Po7 SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 7 mode on ! interface GigabitEthernet1/0/8 description [KU] Po8 SW-8-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 8 mode on ! interface GigabitEthernet1/0/9 description [KU] Po9 SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode on ! interface GigabitEthernet1/0/10 description [KU] Po10 SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode on ! interface GigabitEthernet1/0/11 description [KU] Po11 SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 11 mode active ! interface GigabitEthernet1/0/12 description [KU] Po12 SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 12 mode active ! interface GigabitEthernet1/0/13 switchport trunk encapsulation dot1q switchport mode trunk channel-group 13 mode active ! interface GigabitEthernet1/0/14 description [KU] Po14 SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 14 mode active ! interface GigabitEthernet1/0/15 switchport trunk encapsulation dot1q switchport mode trunk channel-group 15 mode active ! interface GigabitEthernet1/0/16 switchport trunk encapsulation dot1q switchport mode trunk channel-group 16 mode on ! interface GigabitEthernet1/0/17 description [KU] Po17 SW-1-4 switchport trunk encapsulation dot1q switchport mode trunk channel-group 17 mode on ! interface GigabitEthernet1/0/18 description [KU] Po18 SW-1-5 switchport trunk encapsulation dot1q switchport mode trunk channel-group 18 mode on ! interface GigabitEthernet1/0/19 switchport trunk encapsulation dot1q switchport mode trunk channel-group 19 mode active ! interface GigabitEthernet1/0/20 description [KU] Po20 SW-2-3 switchport trunk encapsulation dot1q switchport mode trunk channel-group 20 mode active ! interface GigabitEthernet1/0/21 description [KU] Po21 SW-2-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 21 mode on ! interface GigabitEthernet1/0/22 switchport trunk encapsulation dot1q switchport mode trunk channel-group 22 mode on ! interface GigabitEthernet1/0/23 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet1/0/24 description [CORE] Po23 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface GigabitEthernet2/0/1 description OLD_Po1_SW-1-3 switchport trunk encapsulation dot1q switchport mode trunk shutdown channel-group 1 mode on ! interface GigabitEthernet2/0/2 description [KU] Po24 SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 24 mode active ! interface GigabitEthernet2/0/3 description [KU] Po3 SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode on ! interface GigabitEthernet2/0/4 description [KU] Po4 SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode on ! interface GigabitEthernet2/0/5 description [KU] Po5 SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet2/0/6 description [KU] Po6 SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet2/0/7 description [KU] Po7 SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 7 mode on ! interface GigabitEthernet2/0/8 description [KU] Po8 SW-8-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 8 mode on ! interface GigabitEthernet2/0/9 description [KU] Po9 SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode on ! interface GigabitEthernet2/0/10 description [KU] Po10 SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode on ! interface GigabitEthernet2/0/11 description [KU] Po11 SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 11 mode active ! interface GigabitEthernet2/0/12 description [KU] Po12 SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 12 mode active ! interface GigabitEthernet2/0/13 switchport trunk encapsulation dot1q switchport mode trunk channel-group 13 mode active ! interface GigabitEthernet2/0/14 description [KU] Po14 SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 14 mode active ! interface GigabitEthernet2/0/15 switchport trunk encapsulation dot1q switchport mode trunk channel-group 15 mode active ! interface GigabitEthernet2/0/16 switchport trunk encapsulation dot1q switchport mode trunk channel-group 16 mode on ! interface GigabitEthernet2/0/17 description [KU] Po17 SW-1-4 switchport trunk encapsulation dot1q switchport mode trunk channel-group 17 mode on ! interface GigabitEthernet2/0/18 switchport trunk encapsulation dot1q switchport mode trunk channel-group 18 mode on ! interface GigabitEthernet2/0/19 switchport trunk encapsulation dot1q switchport mode trunk channel-group 19 mode active ! interface GigabitEthernet2/0/20 description [KU] Po20 SW-2-3 switchport trunk encapsulation dot1q switchport mode trunk channel-group 20 mode active ! interface GigabitEthernet2/0/21 description [KU] Po21 SW-2-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 21 mode on ! interface GigabitEthernet2/0/22 switchport trunk encapsulation dot1q switchport mode trunk channel-group 22 mode on ! interface GigabitEthernet2/0/23 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet2/0/24 description [CORE] Po23 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet2/1/1 ! interface GigabitEthernet2/1/2 ! interface GigabitEthernet2/1/3 ! interface GigabitEthernet2/1/4 ! interface TenGigabitEthernet2/1/1 ! interface TenGigabitEthernet2/1/2 ! interface Vlan1 ip dhcp relay information trusted ip address 192.168.25.254 255.255.255.0 secondary ip address 192.168.23.254 255.255.255.0 secondary ip address 192.168.26.126 255.255.255.128 secondary ip address 192.168.20.254 255.255.255.0 ip helper-address 192.168.20.252 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan2 ip dhcp relay information trusted ip address 10.5.65.254 255.255.255.0 ip helper-address 192.168.20.252 ip policy route-map GLOBAL-ROUTING ! interface Vlan8 ip dhcp relay information trusted ip address 10.5.68.254 255.255.255.0 ip helper-address 192.168.20.252 ip policy route-map GLOBAL-ROUTING ! interface Vlan11 description --ISP-MTS-- no ip address ! interface Vlan12 description --ISP2-megafon-- no ip address ! interface Vlan91 no ip address ! interface Vlan113 ip address 10.12.254.254 255.255.255.252 ! interface Vlan122 description TELEPHONIA ip address 192.168.22.254 255.255.255.0 ! interface Vlan150 description --Wi-Fi_WORK-- ip dhcp relay information trusted ip address 10.5.92.254 255.255.255.0 ip helper-address 192.168.20.252 ip policy route-map GLOBAL-ROUTING ! interface Vlan200 description GuestWiFI ip dhcp relay information trusted ip address 10.200.3.254 255.255.255.0 ip access-group No_Local_For_GuestWiFI in ip helper-address 10.200.3.252 ! interface Vlan201 description --Servers_MGM-- ip dhcp relay information trusted ip address 10.5.82.30 255.255.255.224 ! interface Vlan250 description --SERVERS_64.0/24-- ip address 10.5.64.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan300 description --MANAGEMENT-- ip address 10.5.94.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan301 description --Wi-Fi_MANAGEMENT-- ip dhcp relay information trusted ip address 10.5.93.254 255.255.255.0 ip helper-address 192.168.20.252 ip policy route-map GLOBAL-ROUTING ! interface Vlan310 description --UPS managment-- ip address 10.5.69.254 255.255.255.0 ! interface Vlan350 description --VOICE-- ip dhcp relay information trusted ip address 10.5.89.254 255.255.255.0 ip helper-address 192.168.20.252 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan450 description --Wi-Fi_SKLAD-- ip dhcp relay information trusted ip address 10.5.91.254 255.255.255.0 ip helper-address 192.168.20.252 ip policy route-map GLOBAL-ROUTING ! interface Vlan500 description --Wi-Fi_GUEST-- ip dhcp relay information trusted ip address 10.5.90.254 255.255.255.0 ip access-group No_Local_For_GuestWiFI in ip helper-address 192.168.20.252 ! interface Vlan550 description --TRANSIT_HSRP-- ip address 10.5.95.4 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan555 description --BGP_TRANSIT-- ip address 172.30.30.78 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan600 description --PRODACTION-- ip address 10.5.80.254 255.255.255.0 ip access-group ACL_PRODACTION_OUT out no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan603 description --CRPT-Mark-- ip address 10.5.81.254 255.255.255.0 ! interface Vlan3173 no ip address ! router bgp 64515 bgp router-id 172.30.30.78 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart network 10.5.90.0 mask 255.255.255.0 network 10.5.91.0 mask 255.255.255.0 network 10.5.92.0 mask 255.255.255.0 network 10.5.93.0 mask 255.255.255.0 network 10.5.94.0 mask 255.255.255.0 network 10.5.95.0 mask 255.255.255.248 network 10.200.3.0 mask 255.255.255.0 network 192.168.20.0 network 192.168.22.0 network 192.168.23.0 network 192.168.25.0 network 192.168.26.0 mask 255.255.255.128 aggregate-address 10.5.64.0 255.255.224.0 summary-only neighbor 172.30.30.76 remote-as 64515 neighbor 172.30.30.76 next-hop-self neighbor 172.30.30.76 soft-reconfiguration inbound neighbor 172.30.30.77 remote-as 64515 neighbor 172.30.30.77 next-hop-self neighbor 172.30.30.77 soft-reconfiguration inbound distance bgp 150 150 150 ! ip default-gateway 10.5.94.254 ! ip http server ip http authentication local no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.5.95.1 ip route 31.173.105.64 255.255.255.252 10.5.95.2 ip route 31.173.105.65 255.255.255.255 10.5.95.2 ip route 31.173.105.66 255.255.255.255 10.5.95.2 ip route 94.181.95.136 255.255.255.255 10.5.95.2 ! ip access-list extended ACL_PRODACTION_OUT permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.2 eq www permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.2 eq 443 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.3 eq www permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.3 eq 443 permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.4 eq www permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.4 eq 443 permit ip host 192.168.20.10 any permit ip 10.5.64.0 0.0.0.255 any permit icmp any any deny ip any any ip access-list extended LOCAL_TRAFFIC permit ip any 192.168.0.0 0.0.255.255 permit ip any 10.0.0.0 0.255.255.255 permit ip any 172.16.0.0 0.15.255.255 ip access-list extended No_Local_For_GuestWiFI permit ip host 10.200.3.250 any remark Deny Guest VLAN200 access to other VLANs permit tcp any host 192.168.20.220 eq domain permit udp any host 192.168.20.220 eq domain permit tcp any host 192.168.20.150 eq domain permit udp any host 192.168.20.150 eq domain permit tcp any host 192.168.8.77 eq 443 deny ip any 192.168.0.0 0.0.255.255 deny ip any 10.0.0.0 0.255.255.255 permit ip any any ip access-list extended ROUTE_TO_ISP1 permit ip host 192.168.20.251 any ip access-list extended ROUTE_TO_ISP2 permit ip host 192.168.23.251 any ip access-list extended VSL-BFD permit udp any any eq 3784 ip access-list extended VSL-DHCP-CLIENT-TO-SERVER permit udp any eq bootpc any eq bootps ip access-list extended VSL-DHCP-SERVER-TO-CLIENT permit udp any eq bootps any eq bootpc ip access-list extended VSL-DHCP-SERVER-TO-SERVER permit udp any eq bootps any eq bootps ip access-list extended VSL-DHCP-SERVER_AUTH ip access-list extended VSL-IPV4-ROUTING permit ip any 224.0.0.0 0.0.0.255 ! ip sla 1 icmp-echo 31.173.105.65 threshold 50 timeout 2000 frequency 3 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 85.140.32.1 threshold 50 timeout 2000 frequency 3 ip sla schedule 2 life forever start-time now logging origin-id hostname logging source-interface Vlan300 logging host 192.168.8.119 transport udp port 5544 logging host 10.4.244.4 transport udp port 515 access-list 1301 remark kz-vbr001 access-list 1301 permit 192.168.20.251 access-list 101 deny ip any 192.168.0.0 0.0.255.255 access-list 101 deny ip any 10.0.0.0 0.255.255.255 access-list 101 deny ip any 172.17.0.0 0.0.255.255 access-list 101 permit ip host 192.168.20.251 any access-list 101 permit ip host 192.168.20.150 any access-list 110 remark --kz-vbr001-- access-list 110 permit ip host 192.168.20.251 any ! route-map GLOBAL-ROUTING permit 10 match ip address 101 set ip next-hop 10.5.95.2 ! ! snmp-server community lmTUEsk6Yvlv RO 5 ! ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! ! ipv6 access-list VSL-IPV6-ROUTING permit ipv6 any FF02::/124 ! banner login ^C ***************************************************************************** * * * UNAUTHORIZED ACCESS IS PROHIBITED * * * * You have accessed network equipment. * * You must have authorized permission to access or configure this device. * * All activities performed on this device are logged and monitored. * * * ***************************************************************************** ^C ! line con 0 logging synchronous login authentication CONSOLE stopbits 1 line vty 0 4 exec-timeout 120 0 logging synchronous login authentication NPS transport input ssh line vty 5 15 exec-timeout 120 0 logging synchronous login authentication NPS transport input ssh ! ntp source Vlan300 ntp server 192.168.8.200 ntp server 192.168.8.201 mac address-table notification change mac address-table notification mac-move mac address-table aging-time 1800 end