Building configuration... Current configuration : 44353 bytes ! ! Last configuration change at 10:06:52 IZH Thu Jul 21 2022 by akhmetzyanovrr_adm ! NVRAM config last updated at 10:18:26 IZH Thu Jul 21 2022 by akhmetzyanovrr_adm ! version 16.9 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core platform hardware throughput level 1000000 ! hostname IZH-MLK-IZM-RT-1-4 ! boot-start-marker boot system flash bootflash:/isr4400-universalk9.16.09.04.SPA.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! security authentication failure rate 3 log logging buffered 65536 logging rate-limit 100 except warnings enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1 ! aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip vrf forwarding Mgmt-intf ip radius source-interface GigabitEthernet0 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone IZH 4 0 clock calendar-valid no ip source-route no ip gratuitous-arps ! ip vrf AUX ! ip host tftp 10.4.0.214 no ip domain lookup ip domain name milkom-komos.ru ! ! ! login on-failure log login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated ! flow exporter FLOW_EXPORTER_NTOP destination 10.4.0.215 source GigabitEthernet0/0/1.551 transport udp 9995 export-protocol netflow-v5 ! ! flow exporter FLOW_EXPORTER_CISCO destination 10.4.0.217 source GigabitEthernet0/0/1.551 transport udp 9995 export-protocol netflow-v5 ! ! flow monitor FLOW_MONITOR_INPUT description input exporter FLOW_EXPORTER_CISCO cache timeout inactive 10 cache timeout active 60 record netflow ipv4 original-input ! ! flow monitor FLOW_MONITOR_OUTPUT description output exporter FLOW_EXPORTER_CISCO cache timeout inactive 10 cache timeout active 60 record netflow ipv4 original-output ! ! ! ! crypto pki trustpoint TP-self-signed-2544142937 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2544142937 revocation-check none rsakeypair TP-self-signed-2544142937 ! ! crypto pki certificate chain TP-self-signed-2544142937 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32353434 31343239 3337301E 170D3139 30393132 30383535 35395A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35343431 34323933 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100B334 8BF99114 5259A8A9 1BDD36F8 FC7F4397 3988B72F FCC7F82A 0BD3C405 16BBF4E8 97E6F971 267FB968 1DD632C1 8BC79056 719BBF16 AB7ADFFB 1796D7E8 DD318C08 D16C8F07 A40DBD89 186CECFA 196B3F08 01314EEE 13E8C960 19A1FA28 0EDB3FF6 FD8944F0 00948874 D5A2AE5B 2F70E622 D2CC76A6 4AA9625A BC24E6E6 8A20DA73 66560371 DCD13DBD AAC5E04E 0185A8BE 6464C8A2 07D5206A B96D23B9 0FEFCB67 935BCD0B F7B0651F 6B6F09EC 17646F9B CE3A540D 57BB004B 7C95E9BD 219F1E6F 19F9746A 54BE6A4C 2B562AA6 8CB577CE 00DB8F5D 244B2D60 C9831546 01402613 3399C7AF 3074D7DC 125BBD80 FAF0BE60 BEB60AF5 66276206 6254264C 0D9D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 149D9EE2 207087E8 6D2C996E D4838C41 ABDBC30B 01301D06 03551D0E 04160414 9D9EE220 7087E86D 2C996ED4 838C41AB DBC30B01 300D0609 2A864886 F70D0101 05050003 82010100 1E5C2BCA B7DFD853 B8435954 E4F97ACB E91BE418 D15798C2 DA19BB14 5A2EC532 BD9AFDD7 72D0B5A4 6C4FC80F 81D372B0 0CD444A0 05891B2E 0B312249 93F83F13 7CD8C020 E67D4782 19FA3A8B B6FA09F3 A93C46CA 4272ECED FBF03B51 40E5CCD5 6C075584 69003CEF 03B658DF 1F329E37 3B9FAE7E FA5173B3 975A1DE9 08E0CD44 2AA3973D 6FC2B964 297EB65D CB1FD500 A3D8F208 EEA3F839 7CDA7551 6C8AA86B 193ACDF4 A9AD5F4C 0BE7B5A0 5347F519 527FE8B0 A02340BD 7966DA77 E3F0596D C56FBD96 87C1E3A3 1AE7FFF2 05FF4119 B4081216 E199C3EA D8DC18D0 98CEC750 0FA1A912 F5407A1A 14932D18 E13837C8 019AC826 8630A8BD BEDF9363 38C83BC5 quit ! license udi pid ISR4431/K9 sn FOC23172U4P license boot level securityk9 no license smart enable diagnostic bootup level minimal ! spanning-tree extend system-id archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/IZH/4431/$H-$T write-memory time-period 10080 ! ! ! ! ! object-group network OBJ_BBN_RN_BBN host 85.140.32.104 host 78.85.13.205 ! object-group network OBJ_IZH_MLK_IZM host 85.140.32.27 host 78.85.13.42 host 5.227.126.169 host 31.173.105.54 host 217.14.195.253 host 85.175.86.74 ! object-group network OBJ_IZH_KG_P11 91.240.179.0 255.255.255.0 host 5.227.124.143 host 78.85.13.93 host 62.141.96.126 host 84.201.247.190 host 88.80.33.50 host 94.25.46.122 ! object-group network OBJ_IZH_VST_IZM host 5.227.124.82 host 78.85.13.38 ! object-group network OBJ_IZH_TK_M44 host 212.46.204.74 host 88.80.33.162 ! object-group network OBJ_IZH_TK_M48 host 87.249.237.250 ! object-group network OBJ_IZH_TK_SMR host 87.249.239.226 host 88.80.33.42 ! object-group network OBJ_MSK_KG_MSK host 185.62.195.150 host 185.6.175.101 ! object-group network OBJ_GLZ_MLK_GMK host 31.173.105.62 host 85.140.32.29 ! object-group network OBJ_KZN_MLK_KMK host 83.69.126.54 host 94.180.253.210 host 78.138.171.82 ! object-group network OBJ_KEZ_MLK_KZS host 31.173.105.66 host 78.85.13.52 host 85.140.32.30 ! object-group network OBJ_PRM_MLK_PHK host 178.47.128.18 host 46.146.210.68 ! object-group network OBJ_SAR_MLK_SRM host 31.173.105.58 host 78.85.13.53 host 85.140.32.28 ! object-group network OBJ_CLB_MLK_CMK host 37.113.128.241 host 149.255.6.35 ! object-group network OBJ_GLZ_GKZ_GKZ host 78.85.13.94 host 146.120.104.181 ! object-group network OBJ_KIA_RN_KIA host 78.85.14.97 ! object-group network OBJ_IZH_TZK_TZK host 78.25.80.134 host 5.227.124.235 ! object-group network OBJ_IZH_MK_VS17 host 5.227.124.141 ! object-group network OBJ_IZH_KL_KLI host 78.85.15.85 host 84.201.247.24 host 79.175.36.97 host 84.201.244.235 ! object-group network OBJ_EKB_KG_EKB host 62.168.232.182 host 176.215.14.11 ! object-group network OBJ_IZH_KEN_VS56 host 83.143.54.246 host 92.55.54.109 ! object-group network OBJ_IZH_VRS_IZM host 85.140.32.177 host 78.85.14.98 ! object-group network OBJ_GLZ_VRS_UPF host 95.215.208.234 host 78.85.13.119 ! object-group network OBJ_IZH_VRS_IPF host 85.140.32.141 host 78.85.13.117 ! object-group network OBJ_IZH_VRS_PFV host 85.140.32.178 host 94.181.119.90 host 78.85.33.50 ! object-group network OBJ_VOT_VRS_VPF host 78.85.13.118 host 88.80.33.14 ! object-group network OBJ_PRM_VRS_MPF host 178.47.130.10 host 5.227.121.127 ! object-group network OBJ_LAI_VRS_DPF host 178.205.241.114 host 46.232.164.108 ! object-group network OBJ_ITL_VST_ITL host 5.227.124.130 host 78.85.34.99 host 81.211.13.82 ! object-group network OBJ_MZH_VST_MZH host 88.80.33.250 host 83.169.220.171 ! object-group network OBJ_KIA_VST_KIA host 85.140.32.24 host 188.94.168.238 ! object-group network OBJ_KGB_VST_KBB host 78.85.37.88 host 88.80.33.154 ! object-group network OBJ_SAR_VST_SMK host 78.85.19.93 host 88.80.33.234 ! object-group network OBJ_KNK_VST_KMK host 178.161.242.67 ! object-group network OBJ_SHM_TMA_SHM host 89.232.91.106 host 31.173.182.210 ! object-group network OBJ_MSB_TMA_MSB host 78.138.182.214 ! object-group network OBJ_EVL_TMA_EVL host 89.232.102.166 ! object-group network OBJ_KIB_TMA_KIB host 78.138.182.126 ! object-group network OBJ_IZH_KM_S61 host 84.201.247.32 host 88.80.33.194 ! object-group network OBJ_YAN_GKZ_YEL host 77.94.97.222 ! object-group network OBJ_KUN_KMK_B2 94.138.150.0 255.255.255.0 ! object-group network OBJ_KUN_KMK_H80 host 178.161.207.26 host 77.43.193.88 ! object-group network OBJ_KUN_KMK_CH9 host 178.47.128.98 host 194.150.90.20 host 194.150.91.170 ! object-group network OBJ_KGB_RN_KGB host 78.85.13.165 ! object-group network OBJ_NCH_RN_NCH host 78.85.13.166 ! object-group network OBJ_PRI_RN_PRI host 78.85.13.167 ! object-group network OBJ_URN_RN_URN host 78.85.20.49 ! object-group network OBJ_MZH_TK_TKM host 88.80.32.230 host 78.85.35.34 ! object-group network OBJ_GLZ_TK_TKG host 95.215.208.240 host 146.120.104.235 host 95.215.208.173 ! object-group network OBJ_IZH_TK_M21 host 84.201.242.133 ! object-group network OBJ_IZH_HLA_PP host 92.61.17.250 ! object-group network OBJ_IZH_HLA_UHK host 92.55.7.148 ! object-group network OBJ_IZH_VD_VS17 host 84.201.247.100 ! object-group network OBJ_IZH_KS_H17 85.140.32.64 255.255.255.252 host 85.140.32.63 host 85.140.32.68 ! object-group network OBJ_IZH_VST_VS298 host 91.144.167.3 host 178.176.100.154 ! object-group network OBJ_SPB_KG_SPB host 94.72.27.43 host 62.141.114.190 ! object-group network OBJ_IZH_VRS_AKS host 5.227.124.50 host 87.249.233.80 ! object-group network OBJ_IZH_KI_VOR158 host 46.147.130.59 host 5.227.125.126 ! object-group network OBJ_BRANCHES group-object OBJ_IZH_MLK_IZM group-object OBJ_IZH_KG_P11 group-object OBJ_IZH_VST_IZM group-object OBJ_IZH_TK_M44 group-object OBJ_IZH_TK_M48 group-object OBJ_IZH_TK_SMR group-object OBJ_MSK_KG_MSK group-object OBJ_GLZ_MLK_GMK group-object OBJ_KZN_MLK_KMK group-object OBJ_KEZ_MLK_KZS group-object OBJ_PRM_MLK_PHK group-object OBJ_SAR_MLK_SRM group-object OBJ_CLB_MLK_CMK group-object OBJ_BBN_RN_BBN group-object OBJ_GLZ_GKZ_GKZ group-object OBJ_KIA_RN_KIA group-object OBJ_IZH_TZK_TZK group-object OBJ_IZH_MK_VS17 group-object OBJ_IZH_KL_KLI group-object OBJ_EKB_KG_EKB group-object OBJ_IZH_KEN_VS56 group-object OBJ_IZH_VRS_IZM group-object OBJ_GLZ_VRS_UPF group-object OBJ_IZH_VRS_IPF group-object OBJ_IZH_VRS_PFV group-object OBJ_VOT_VRS_VPF group-object OBJ_PRM_VRS_MPF group-object OBJ_LAI_VRS_DPF group-object OBJ_ITL_VST_ITL group-object OBJ_MZH_VST_MZH group-object OBJ_KIA_VST_KIA group-object OBJ_KGB_VST_KBB group-object OBJ_SAR_VST_SMK group-object OBJ_KNK_VST_KMK group-object OBJ_SHM_TMA_SHM group-object OBJ_MSB_TMA_MSB group-object OBJ_EVL_TMA_EVL group-object OBJ_KIB_TMA_KIB group-object OBJ_IZH_KM_S61 group-object OBJ_YAN_GKZ_YEL group-object OBJ_KUN_KMK_B2 group-object OBJ_KUN_KMK_H80 group-object OBJ_KUN_KMK_CH9 group-object OBJ_KGB_RN_KGB group-object OBJ_NCH_RN_NCH group-object OBJ_PRI_RN_PRI group-object OBJ_URN_RN_URN group-object OBJ_MZH_TK_TKM group-object OBJ_GLZ_TK_TKG group-object OBJ_IZH_TK_M21 group-object OBJ_IZH_HLA_PP group-object OBJ_IZH_HLA_UHK group-object OBJ_IZH_VD_VS17 group-object OBJ_IZH_KS_H17 group-object OBJ_IZH_VST_VS298 group-object OBJ_SPB_KG_SPB group-object OBJ_IZH_VRS_AKS group-object OBJ_IZH_KI_VOR158 ! object-group network STATIC_ISP_IP host 85.140.32.27 host 78.85.13.42 ! ! ! username netadmin privilege 15 secret 5 $1$Rx9I$AHZTRwyTgkm3OvHdAu/cw0 ! redundancy mode none ! ! ! ! ! ! ! class-map match-any CM_QOS_Q2 match access-group name ACL_QOS_Q2 class-map match-any CM_QOS_Q3 match access-group name ACL_QOS_Q3 class-map match-any CM_QOS_Q1 match access-group name ACL_QOS_Q1 class-map match-any CM_QOS_Q4 match access-group name ACL_QOS_Q4 class-map match-any CM_QOS_Q5 match access-group name ACL_QOS_Q5 class-map type inspect match-any CM-LAN_TO_WAN_MLK match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all CM-WAN_TO_LAN_MLK match access-group name ACL-WAN_TO_LAN_MLK class-map type inspect match-all CM-WAN_TO_SELF_MLK match access-group name ACL-WAN_TO_SELF_MLK class-map type inspect match-all CM-DMVPN_MLK match access-group name ACL-DMVPN_TRAFFIC_MLK ! policy-map type inspect PM-WAN_TO_LAN_MLK class class-default drop policy-map type inspect PM-LAN_TO_WAN_MLK class type inspect CM-LAN_TO_WAN_MLK inspect class class-default drop policy-map PM_QOS_IN class CM_QOS_Q5 set ip dscp cs5 class CM_QOS_Q4 set ip dscp cs4 class CM_QOS_Q3 set ip dscp cs3 class CM_QOS_Q2 set ip dscp cs2 class CM_QOS_Q1 set ip dscp cs1 class class-default set ip dscp default policy-map type inspect PM-DMVPN_MLK class type inspect CM-DMVPN_MLK pass class class-default drop policy-map type inspect PM-SELF_TO_WAN_MLK description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN class class-default pass policy-map type inspect PM-WAN_TO_SELF_MLK class type inspect CM-WAN_TO_SELF_MLK pass class class-default drop policy-map type inspect PM-ALLPASS_MLK class class-default pass ! zone security LAN zone security WAN zone security DMVPN zone security MGMT description Management Network Equipment zone-pair security ZP-DMVPN_TO_SELF_MLK source DMVPN destination self service-policy type inspect PM-DMVPN_MLK zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN service-policy type inspect PM-ALLPASS_MLK zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self service-policy type inspect PM-ALLPASS_MLK zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN service-policy type inspect PM-LAN_TO_WAN_MLK zone-pair security ZP-MGMT_TO_SELF source MGMT destination self service-policy type inspect PM-ALLPASS_MLK zone-pair security ZP-SELF_TO_MGMT source self destination MGMT service-policy type inspect PM-ALLPASS_MLK zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN service-policy type inspect PM-DMVPN_MLK zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN service-policy type inspect PM-ALLPASS_MLK zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN service-policy type inspect PM-SELF_TO_WAN_MLK zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN service-policy type inspect PM-WAN_TO_LAN_MLK zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self service-policy type inspect PM-WAN_TO_SELF_MLK zone-pair security ZP_DMVPN_TO_LAN_MLK source DMVPN destination LAN service-policy type inspect PM-ALLPASS_MLK ! ! ! ! ! crypto isakmp policy 150 encr aes authentication pre-share group 2 crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth crypto isakmp keepalive 30 crypto isakmp nat keepalive 10 ! crypto ipsec security-association replay disable ! crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac mode transport ! crypto ipsec profile IPSEC_DMVPN description -==SPOKE to SITE DMVPN IPSec GRE Profile ==- set transform-set TS_DMVPN ! ! ! ! ! ! ! ! ! ! interface Loopback777 description AUX ip vrf forwarding AUX ip address 10.255.255.255 255.255.255.255 ! interface Tunnel1001 description DMVPN-HUB2-Cloud1 bandwidth 100000 ip address 172.30.1.2 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication M_K.Cl01 ip nhrp network-id 1001 ip nhrp holdtime 300 ip nhrp redirect zone-member security DMVPN ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0/0 tunnel mode gre multipoint tunnel key 1001 tunnel protection ipsec profile IPSEC_DMVPN shared ! interface Tunnel1002 description DMVPN_SPOKE2_Cloud2 bandwidth 100000 ip address 172.30.2.4 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication M_K.Cl02 ip nhrp map 172.30.2.1 5.227.124.143 ip nhrp map multicast 5.227.124.143 ip nhrp map 172.30.2.2 78.85.13.93 ip nhrp map multicast 78.85.13.93 ip nhrp network-id 1002 ip nhrp holdtime 300 ip nhrp nhs 172.30.2.1 ip nhrp nhs 172.30.2.2 zone-member security DMVPN ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0/0 tunnel mode gre multipoint tunnel key 1002 tunnel protection ipsec profile IPSEC_DMVPN shared ! interface GigabitEthernet0/0/0 description [ISP-100M] Rostelecom bandwidth 100000 ip address 78.85.13.42 255.255.255.0 ip nat outside zone-member security WAN negotiation auto ! interface GigabitEthernet0/0/1 description [CORE] SW-1-4 no ip address negotiation auto ! interface GigabitEthernet0/0/1.551 description --TRANSIT_HSRP-- encapsulation dot1Q 551 ip flow monitor FLOW_MONITOR_INPUT input ip flow monitor FLOW_MONITOR_OUTPUT output ip address 10.4.239.21 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nat inside zone-member security LAN ! interface GigabitEthernet0/0/1.597 encapsulation dot1Q 597 ip flow monitor FLOW_MONITOR_INPUT input ip flow monitor FLOW_MONITOR_OUTPUT output ip address 172.30.30.58 255.255.255.240 ip nat inside zone-member security LAN standby version 2 standby 597 ip 172.30.30.59 standby 597 timers 5 15 standby 597 priority 150 standby 597 preempt delay minimum 30 standby 597 authentication MDC_Kom standby 597 name HSRP-TRANSIT-VLAN_597 ! interface GigabitEthernet0/0/2 no ip address shutdown negotiation auto ! interface GigabitEthernet0/0/3 no ip address shutdown negotiation auto ! interface GigabitEthernet0 vrf forwarding Mgmt-intf ip address 10.4.254.250 255.255.255.0 zone-member security MGMT negotiation auto ! router bgp 64512 bgp router-id 172.30.30.58 bgp log-neighbor-changes bgp graceful-restart timers bgp 10 30 neighbor TO_RT_PEERS peer-group neighbor TO_RT_PEERS next-hop-self all neighbor TO_RT_PEERS soft-reconfiguration inbound neighbor TO_RT_PEERS route-map RM_RT_LP in neighbor TO_MTS_PEERS peer-group neighbor TO_MTS_PEERS next-hop-self all neighbor TO_MTS_PEERS soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521 neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522 neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KMK peer-group neighbor PG_BGP_SPOKE_KMK remote-as 64516 neighbor PG_BGP_SPOKE_KMK next-hop-self all neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527 neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_PERM peer-group neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529 neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526 neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_KAZAN peer-group neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528 neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525 neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524 neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_DC peer-group neighbor PG_BGP_SPOKE_PF_DC remote-as 64523 neighbor PG_BGP_SPOKE_PF_DC next-hop-self all neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530 neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531 neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533 neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534 neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_GKZ peer-group neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535 neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536 neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537 neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532 neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out neighbor PG_BGP_MILKOM peer-group neighbor PG_BGP_MILKOM remote-as 64512 neighbor PG_BGP_MILKOM next-hop-self all neighbor PG_BGP_MILKOM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_KIB peer-group neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548 neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_EVL peer-group neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547 neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_MSB peer-group neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549 neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_TMA_SHM peer-group neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546 neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550 neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_BBN peer-group neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541 neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_IZM peer-group neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539 neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_SMK peer-group neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543 neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_KIA peer-group neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540 neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_KGB peer-group neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544 neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_KNK peer-group neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545 neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_ITL peer-group neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538 neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KG_SPB peer-group neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552 neighbor PG_BGP_SPOKE_KG_SPB next-hop-self neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PF_AKS peer-group neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553 neighbor PG_BGP_SPOKE_PF_AKS next-hop-self neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_VST_MZH peer-group neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542 neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KM peer-group neighbor PG_BGP_SPOKE_KM remote-as 64519 neighbor PG_BGP_SPOKE_KM next-hop-self all neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_MK peer-group neighbor PG_BGP_SPOKE_MK remote-as 64520 neighbor PG_BGP_SPOKE_MK next-hop-self all neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_SRM peer-group neighbor PG_BGP_SPOKE_SRM remote-as 64518 neighbor PG_BGP_SPOKE_SRM next-hop-self all neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_PHK peer-group neighbor PG_BGP_SPOKE_PHK remote-as 64517 neighbor PG_BGP_SPOKE_PHK next-hop-self all neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_KZS peer-group neighbor PG_BGP_SPOKE_KZS remote-as 64515 neighbor PG_BGP_SPOKE_KZS next-hop-self all neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out neighbor PG_BGP_SPOKE_GMK peer-group neighbor PG_BGP_SPOKE_GMK remote-as 64514 neighbor PG_BGP_SPOKE_GMK next-hop-self all neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out neighbor PG_BGP_P11 peer-group neighbor PG_BGP_P11 remote-as 64513 neighbor PG_BGP_P11 next-hop-self all neighbor PG_BGP_P11 soft-reconfiguration inbound neighbor PG_BGP_P11 route-map RM_TO_KOMOS_MAIN_OUT out neighbor 172.30.1.3 peer-group PG_BGP_P11 neighbor 172.30.1.4 peer-group PG_BGP_P11 neighbor 172.30.1.5 peer-group PG_BGP_SPOKE_GMK neighbor 172.30.1.6 peer-group PG_BGP_SPOKE_GMK neighbor 172.30.1.7 peer-group PG_BGP_SPOKE_KZS neighbor 172.30.1.8 peer-group PG_BGP_SPOKE_KZS neighbor 172.30.1.9 peer-group PG_BGP_SPOKE_KMK neighbor 172.30.1.9 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.1.10 peer-group PG_BGP_SPOKE_KMK neighbor 172.30.1.10 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.1.11 peer-group PG_BGP_SPOKE_PHK neighbor 172.30.1.12 peer-group PG_BGP_SPOKE_PHK neighbor 172.30.1.12 route-map RM_RT_PRIM_IN in neighbor 172.30.1.13 peer-group PG_BGP_SPOKE_SRM neighbor 172.30.1.14 peer-group PG_BGP_SPOKE_SRM neighbor 172.30.1.14 route-map LP_1500 in neighbor 172.30.1.15 peer-group PG_BGP_SPOKE_KM neighbor 172.30.1.16 peer-group PG_BGP_SPOKE_KM neighbor 172.30.1.17 peer-group PG_BGP_SPOKE_MK neighbor 172.30.1.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA neighbor 172.30.1.19 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.1.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA neighbor 172.30.1.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO neighbor 172.30.1.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO neighbor 172.30.1.23 peer-group PG_BGP_SPOKE_PF_DC neighbor 172.30.1.24 peer-group PG_BGP_SPOKE_PF_DC neighbor 172.30.1.25 peer-group PG_BGP_SPOKE_PF_GLAZOV neighbor 172.30.1.26 peer-group PG_BGP_SPOKE_PF_GLAZOV neighbor 172.30.1.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO neighbor 172.30.1.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO neighbor 172.30.1.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK neighbor 172.30.1.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK neighbor 172.30.1.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK neighbor 172.30.1.31 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.1.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK neighbor 172.30.1.33 peer-group PG_BGP_SPOKE_PF_KAZAN neighbor 172.30.1.34 peer-group PG_BGP_SPOKE_PF_KAZAN neighbor 172.30.1.35 peer-group PG_BGP_SPOKE_PF_PERM neighbor 172.30.1.36 peer-group PG_BGP_SPOKE_PF_PERM neighbor 172.30.1.37 peer-group PG_BGP_SPOKE_KG_MOSCOW neighbor 172.30.1.38 peer-group PG_BGP_SPOKE_KG_MOSCOW neighbor 172.30.1.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA neighbor 172.30.1.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA neighbor 172.30.1.40 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.1.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK neighbor 172.30.1.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA neighbor 172.30.1.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG neighbor 172.30.1.45 peer-group PG_BGP_SPOKE_KG_GKZ neighbor 172.30.1.46 peer-group PG_BGP_SPOKE_KG_GKZ neighbor 172.30.1.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA neighbor 172.30.1.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA neighbor 172.30.1.48 route-map RM_BGP_FROM_SPOKE in neighbor 172.30.1.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY neighbor 172.30.1.50 peer-group PG_BGP_SPOKE_VST_IZM neighbor 172.30.1.51 peer-group PG_BGP_SPOKE_VST_IZM neighbor 172.30.1.52 peer-group PG_BGP_SPOKE_VST_ITL neighbor 172.30.1.53 peer-group PG_BGP_SPOKE_VST_ITL neighbor 172.30.1.54 peer-group PG_BGP_SPOKE_VST_KIA neighbor 172.30.1.55 peer-group PG_BGP_SPOKE_VST_KIA neighbor 172.30.1.56 peer-group PG_BGP_SPOKE_VST_BBN neighbor 172.30.1.57 peer-group PG_BGP_SPOKE_VST_BBN neighbor 172.30.1.58 peer-group PG_BGP_SPOKE_VST_MZH neighbor 172.30.1.59 peer-group PG_BGP_SPOKE_VST_MZH neighbor 172.30.1.60 peer-group PG_BGP_SPOKE_VST_SMK neighbor 172.30.1.60 route-map RM_RT_LP in neighbor 172.30.1.61 peer-group PG_BGP_SPOKE_VST_SMK neighbor 172.30.1.62 peer-group PG_BGP_SPOKE_VST_KGB neighbor 172.30.1.62 route-map RM_RT_LP in neighbor 172.30.1.63 peer-group PG_BGP_SPOKE_VST_KGB neighbor 172.30.1.64 peer-group PG_BGP_SPOKE_VST_KNK neighbor 172.30.1.65 peer-group PG_BGP_SPOKE_TMA_SHM neighbor 172.30.1.66 peer-group PG_BGP_SPOKE_TMA_SHM neighbor 172.30.1.67 peer-group PG_BGP_SPOKE_TMA_EVL neighbor 172.30.1.68 peer-group PG_BGP_SPOKE_TMA_KIB neighbor 172.30.1.69 peer-group PG_BGP_SPOKE_TMA_MSB neighbor 172.30.1.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY neighbor 172.30.1.73 peer-group PG_BGP_SPOKE_KG_SPB neighbor 172.30.1.74 peer-group PG_BGP_SPOKE_PF_AKS neighbor 172.30.1.75 peer-group PG_BGP_SPOKE_PF_AKS neighbor 172.30.30.55 peer-group PG_BGP_MILKOM neighbor 172.30.30.55 description IZH-MLK-SW-1-1_Huawei neighbor 172.30.30.57 peer-group PG_BGP_MILKOM neighbor 172.30.30.57 description --IZH-MLK-IZM-RT-1-3-- neighbor 172.30.30.60 peer-group PG_BGP_MILKOM neighbor 172.30.30.60 description --IZH-MLK-IZM-RT-1-1-- neighbor 172.30.30.61 peer-group PG_BGP_MILKOM neighbor 172.30.30.61 description --IZH-MLK-IZM-RT-1-2-- neighbor 172.30.30.62 peer-group PG_BGP_MILKOM neighbor 172.30.30.62 description --IZH-MLK-IZM-SW-1-1-- distance bgp 150 150 150 ! ip forward-protocol nd no ip http server ip http authentication local no ip http secure-server ip tftp source-interface GigabitEthernet0 ip nat inside source route-map ISP_ROSTELECOM interface GigabitEthernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 78.85.13.1 100 name --ROSTELECOM-- ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.4.254.254 name --MANAGEMENT_ROUTE-- ! ! ! ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24 ! ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29 ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24 ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25 ! ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29 ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22 ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25 ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24 ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24 ! ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24 ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29 ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24 ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24 ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24 ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24 ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24 ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24 ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25 ! ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24 ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30 ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29 ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22 ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24 ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24 ! ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29 ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24 ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25 ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24 ! ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16 ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32 ! ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24 ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24 ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21 ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32 ! ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22 ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24 ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24 ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24 ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32 ! ip prefix-list PFL_ROUTE_TO_KOMOS seq 10 permit 10.4.0.0/14 le 24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 20 permit 172.31.35.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 30 permit 172.17.100.0/29 ip prefix-list PFL_ROUTE_TO_KOMOS seq 40 permit 172.31.31.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 50 permit 192.168.8.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 60 permit 192.168.11.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 70 permit 192.168.20.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 80 permit 192.168.31.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 90 permit 192.168.48.0/22 ip prefix-list PFL_ROUTE_TO_KOMOS seq 100 permit 192.168.60.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 110 permit 192.168.72.0/22 ip prefix-list PFL_ROUTE_TO_KOMOS seq 120 permit 192.168.9.0/24 ip prefix-list PFL_ROUTE_TO_KOMOS seq 200 permit 192.168.0.0/16 ip prefix-list PFL_ROUTE_TO_KOMOS seq 210 permit 10.14.0.0/16 le 24 ! ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0 ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32 ! ip access-list standard ACL_NAT_ASTERISK permit 172.17.100.2 ip access-list standard ACL_SIP_KG permit 10.4.7.17 ip access-list standard AUX permit 10.255.255.255 ! ip access-list extended ACL-DMVPN_TRAFFIC_MLK permit ip any any permit tcp any any eq 22 permit icmp any any permit gre any any permit udp any any eq isakmp permit esp any any permit eigrp any any ip access-list extended ACL-WAN_TO_SELF_MLK deny tcp any any eq 22 log permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP permit icmp any any unreachable permit icmp any any echo-reply permit icmp any any packet-too-big permit icmp any any time-exceeded permit icmp any any traceroute permit icmp any any administratively-prohibited permit icmp any any echo deny ip any any ip access-list extended ACL_QOS_Q1 remark WEB Internet permit tcp any any eq www 443 8443 permit tcp any eq www 443 8443 any remark Samba permit tcp any any eq 445 permit tcp any eq 445 any ip access-list extended ACL_QOS_Q2 remark 1C permit tcp any any range 1560 1591 permit tcp any any eq 1540 1541 permit tcp any range 1560 1591 any permit tcp any eq 1540 1541 any remark SQL permit udp any any eq 1433 permit tcp any any eq 1433 permit udp any eq 1433 any permit tcp any eq 1433 any remark WEB Local permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443 permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443 permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443 permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any ip access-list extended ACL_QOS_Q3 remark SIP permit udp any any eq 5060 5061 permit udp any eq 5060 5061 any remark RDP permit tcp any any eq 3389 permit tcp any eq 3389 any permit udp any any eq 3389 permit udp any eq 3389 any remark SSH permit tcp any any eq 22 permit tcp any eq 22 any remark Winbox permit tcp any any eq 8291 permit tcp any eq 8291 any ip access-list extended ACL_QOS_Q4 remark TEAMS + Confirence and other + Telegram ip access-list extended ACL_QOS_Q5 remark RTP trafic permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000 permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000 permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000 permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000 remark DNS permit udp any any eq domain permit tcp any any eq domain permit udp any eq domain any permit tcp any eq domain any remark NTP permit udp any any eq ntp remark LDAP permit udp any any eq 389 88 permit tcp any any eq 389 88 permit udp any eq 389 88 any permit tcp any eq 389 88 any ip access-list extended ACL_VTY permit ip 10.1.0.0 0.0.255.255 any permit ip 10.4.0.0 0.0.255.255 any permit ip 10.14.112.0 0.0.15.255 any deny ip any any log ip sla 7777 icmp-echo 78.85.13.1 source-interface GigabitEthernet0/0/0 request-data-size 1400 threshold 600 timeout 2000 frequency 30 ip sla schedule 7777 life forever start-time now logging origin-id hostname logging host 10.4.244.4 transport udp port 515 access-list 5 permit 192.168.8.99 access-list 5 permit 10.4.0.58 access-list 5 permit 10.4.0.214 access-list 5 permit 10.4.0.215 ! ! route-map ISP_ROSTELECOM permit 10 match ip address ACL_NAT_ASTERISK ACL_SIP_KG match interface GigabitEthernet0/0/0 ! route-map RM_KEZ_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! route-map RM_RT_LP permit 20 set local-preference 900 ! route-map RM_KAZAN_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! route-map RM_GLAZOV_IN permit 20 match ip address prefix-list IN_FROM_PS_GLAZOV ! route-map RM_PERM_IN permit 20 match ip address prefix-list IN_FROM_PS_PERM ! route-map RM_SPOKE_OUT deny 10 match ip address prefix-list PL_DF_GW ! route-map RM_SPOKE_OUT permit 20 ! route-map RM_TO_KOMOS_MAIN_OUT permit 20 match ip address prefix-list PFL_ROUTE_TO_KOMOS ! route-map RM_SARAPUL_OUT permit 20 match ip address prefix-list OUT_ALL_PS_MILKOM ! route-map RM_KOMOS_MEDIA_OUT permit 10 match ip address prefix-list OUT_TO_MEAT_COMPANY ! route-map RM_BGP_FROM_SPOKE permit 10 set local-preference 900 ! route-map RM_KAZAN_IN permit 20 match ip address prefix-list IN_FROM_PS_KAZAN ! route-map LP_1500 permit 10 set local-preference 1500 ! route-map RM_RT_PRIM_IN permit 10 set local-preference 500 ! route-map RM_KEZ_IN permit 20 match ip address prefix-list IN_FROM_PS_KEZ ! route-map RM_SARAPUL_IN permit 20 match ip address prefix-list IN_FROM_PS_SARAPUL ! route-map RM_MEAT_COMPANY_OUT permit 10 match ip address prefix-list OUT_TO_MEAT_COMPANY ! route-map RM_KOMOS_MEDIA_IN permit 10 match ip address prefix-list IN_FROM_KOMOS_MEDIA ! route-map RM_GLAZOV_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! route-map RM_PERM_OUT permit 20 match ip address prefix-list OUT_TO_ALL_PS_MILKOM ! snmp-server community lmTUEsk6Yvlv RO 5 snmp ifmib ifindex persist ! ! ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E ! ! control-plane ! alias exec q exit alias exec AUX telnet 10.255.255.255 2001 /vrf AUX ! line con 0 login authentication CONSOLE transport input none stopbits 1 line aux 0 access-class AUX in vrf-also privilege level 15 login authentication NPS rotary 1 transport input telnet stopbits 1 line vty 0 4 access-class ACL_VTY in vrf-also exec-timeout 120 0 transport input ssh line vty 5 15 access-class ACL_VTY in vrf-also exec-timeout 120 0 transport input ssh ! ntp server 10.4.0.1 ntp server 10.4.0.2 ! ! ! ! ! end