Building configuration... Current configuration : 53612 bytes ! ! Last configuration change at 14:37:31 SAMT Wed Jul 27 2022 by adm_kapustinal ! NVRAM config last updated at 14:39:34 SAMT Thu Jul 21 2022 by akhmetzyanovrr_adm ! version 15.2 no service pad service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year no service password-encryption service compress-config service unsupported-transceiver ! hostname IZH-MLK-IZM-SW-1-1 ! boot-start-marker boot system flash bootflash:cat4500e-universalk9.SPA.03.08.01.E.152-4.E1.bin license boot level entservices boot-end-marker ! ! vrf definition mgmtVrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging userinfo logging buffered 64000 logging event link-status global logging event trunk-status global enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1 ! username netadmin privilege 15 secret 5 $1$TmCf$7DTGwTawupGEcfLxy5c9g/ aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface Vlan300 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone SAMT 4 0 ! switch virtual domain 1 switch mode virtual switch 1 priority 200 switch 2 priority 150 mac-address use-virtual ! ! ! ! ! ! ! ! ! ! ! no ip domain-lookup ip domain-name milkom-komos.ru ip host tftp 10.4.0.214 ip name-server 192.168.8.200 ip name-server 192.168.8.201 ! ! login on-failure log login on-success log vtp domain MILKOM-KOMOS.RU vtp mode off ! ! ! power redundancy-mode redundant ! mac access-list extended VSL-BPDU permit any 0180.c200.0000 0000.0000.0003 mac access-list extended VSL-CDP permit any host 0100.0ccc.cccc mac access-list extended VSL-DOT1x permit any any 0x888E mac access-list extended VSL-GARP permit any host 0180.c200.0020 mac access-list extended VSL-LLDP permit any host 0180.c200.000e mac access-list extended VSL-MGMT permit any 0022.bdcd.d200 0000.0000.00ff permit 0022.bdcd.d200 0000.0000.00ff any mac access-list extended VSL-SSTP permit any host 0100.0ccc.cccd port-channel load-balance src-dst-port archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/IZH/MLK/IZM-SW_L3/$H-$T write-memory time-period 10080 ! spanning-tree mode pvst spanning-tree logging spanning-tree extend system-id spanning-tree vlan 1-4094 priority 4096 ! redundancy mode sso bfd-template single-hop p2p interval min-tx 300 min-rx 300 multiplier 3 ! ! vlan internal allocation policy ascending ! vlan 8 name --UserNet_8.0/24-- ! vlan 9 name --UserNet_9.0/24-- ! vlan 10 name --UserNet_10.0/24-- ! vlan 11 name --UserNet_11.0/24-- ! vlan 12 name --UserNet_12.0/24-- ! vlan 13 name --UserNet_13.0/24-- ! vlan 14 name --UserNet_14.0/24-- ! vlan 15 name --UserNet_15.0/24-- ! vlan 16 name --UserNet_16.0/24-- ! vlan 17 name --UserNet_17.0/24-- ! vlan 18 name --UserNet_18.0/24-- ! vlan 19 name --UserNet_19.0/24-- ! vlan 20 name --UserNet_20.0/24-- ! vlan 22 name Nobel_Users ! vlan 23 name test_Rustam ! vlan 90 name NET_SERVER_150 ! vlan 93 name --LINK_TO_vpn_SSTP-- ! vlan 96 name --ERTELEKOM-- ! vlan 99 name --MARK_ASTERISK-- ! vlan 101 name --PRINTERS-- ! vlan 103 name -=KPP_Vesi&Cam=- ! vlan 110 name --NET_KIP_PRODACTION-- ! vlan 111 name TRANSIT_TO_C3925-1 ! vlan 112 name Intraconnect_ospf_area_1 ! vlan 113 name TRANSIT_TO_MIKROTIK ! vlan 150 name --Wi-Fi_Users_32.0/24-- ! vlan 151 name --Wi-Fi_Prod_33.0/24-- ! vlan 172 name TelephonyNet ! vlan 173 name TelephonyTest ! vlan 201 name --MANUFACTURE_VLAN-- ! vlan 202 name --DMZ-- ! vlan 207 name VCOD_Servers_DMZ_Frontend ! vlan 208 name VCOD_Servers_Backend ! vlan 248 name --SANDBOX_ELAR-- ! vlan 249 name --ServTestC_36.0/24-- ! vlan 250 name --ServerNet_0.0/24-- ! vlan 251 name -=ServMail_7.0/28=- ! vlan 252 name --VOICE_ATS-- ! vlan 253 name exchange_komos-group ! vlan 254 name -Service_SharePoint- ! vlan 255 name --ServerNet_2.0/24-- ! vlan 256 name Server_Mon_1C_3.0/24 ! vlan 257 name KONTUR_DEV_SQL5.0/27 ! vlan 288 name SERVERS_DEV ! vlan 289 name -=SRVBakNet_245.0_24=- ! vlan 290 name -=SrvVmwVMon_242.0/26=- ! vlan 291 name -=SrvVmwVSan_242.64/26=- ! vlan 292 name -=SrvBakNet_243.0/24=- ! vlan 294 name --SRV_iLO_iDrack_etc-- ! vlan 299 name --SrvMng_240.0\24-- ! vlan 300 name --MANAGMENT-- ! vlan 301 name --Wi-Fi_MANAGMENT-- ! vlan 302 name -=Wi-Fi_MANAGMENT=- ! vlan 350 name --VOICE_28.0/23-- ! vlan 448 name -=VideoKomos=- ! vlan 500 name --Wi-Fi_Guest_35.0/24-- ! vlan 550 name --CISCO_ASA-- ! vlan 551 name --TRANSIT_HSRP-- ! vlan 553 name VST-IZM Peering ! vlan 554 name VRS-IZM Peering ! vlan 556 name P2P_iBGP_KOMOS_AS_over_ER_Telecom ! vlan 557 name P2P_iBGP_KOMOS_AS_over_MTS ! vlan 596 name P2P_RCOD-OCOD_ER_Telecom ! vlan 597 name --BGP_TRANSIT_TO_ISR4431-- ! vlan 599 name MLK_TRUNK_TO_DC-MLK ! vlan 600 name --PET_PRODACTION-- ! vlan 601 name --KMK_PRODACTION-- ! vlan 603 name --CRPT-Mark-- ! vlan 650 name --ISCSI-- ! vlan 1000 name --ELAR-TEST-- ! vlan 1100 name TEST_ARR_esr-10 ! vlan 1113 name PI_RT-1-3 ! vlan 1500 name dmz_env_1C_WMS_MLK ! vlan 1501 name safe_env_1C_WMS_MLK ! vlan 1999 name env_1C_Licensing ! vlan 2145 name Test_BGP ! vlan 3915 name IZM_VLAN3915_SPLUNK ! vlan 4030 name MLK_NATIVE_TO_DC-MLK ! vlan 4031 name --MLK-KCOD_VEAMREPL_172.31.31.0/24-- ! vlan 4032 name --MLK-KCOD_SQLREPL_172.31.33.0/24-- ! vlan 4033 name --MLK-KCOD_SRVVCHA_172.31.33.0/24-- ! vlan 4034 name --MLK-KCOD_EXCHREPL_172.31.34.0/24-- ! vlan 4035 name --MLK-KCOD_SRVVCMG_172.31.35.0/24-- lldp run ! track 1 ip sla 1 reachability delay down 10 up 5 ! track 2 ip sla 2 reachability delay down 10 up 5 ! track 3 ip sla 3 reachability delay down 10 up 5 ! track 4 ip sla 4 reachability delay down 10 up 5 ! track 10 list boolean or object 1 object 2 object 3 object 4 delay down 5 up 30 ! ! class-map match-any VSL-MGMT-PACKETS match access-group name VSL-MGMT class-map match-any VSL-DATA-PACKETS match any class-map match-any VSL-L2-CONTROL-PACKETS match access-group name VSL-DOT1x match access-group name VSL-BPDU match access-group name VSL-CDP match access-group name VSL-LLDP match access-group name VSL-SSTP match access-group name VSL-GARP class-map match-any VSL-L3-CONTROL-PACKETS match access-group name VSL-IPV4-ROUTING match access-group name VSL-BFD match access-group name VSL-DHCP-CLIENT-TO-SERVER match access-group name VSL-DHCP-SERVER-TO-CLIENT match access-group name VSL-DHCP-SERVER-TO-SERVER match access-group name VSL-IPV6-ROUTING class-map match-any VSL-MULTIMEDIA-TRAFFIC match dscp af41 match dscp af42 match dscp af43 match dscp af31 match dscp af32 match dscp af33 match dscp af21 match dscp af22 match dscp af23 class-map match-any VSL-VOICE-VIDEO-TRAFFIC match dscp ef match dscp cs4 match dscp cs5 class-map match-any VSL-SIGNALING-NETWORK-MGMT match dscp cs2 match dscp cs3 match dscp cs6 match dscp cs7 ! policy-map VSL-Queuing-Policy class VSL-MGMT-PACKETS bandwidth percent 5 class VSL-L2-CONTROL-PACKETS bandwidth percent 5 class VSL-L3-CONTROL-PACKETS bandwidth percent 5 class VSL-VOICE-VIDEO-TRAFFIC bandwidth percent 30 class VSL-SIGNALING-NETWORK-MGMT bandwidth percent 10 class VSL-MULTIMEDIA-TRAFFIC bandwidth percent 20 class VSL-DATA-PACKETS bandwidth percent 20 class class-default bandwidth percent 5 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Null0 no ip unreachables ! interface Loopback11 description KOMOS PI ip address 91.240.179.254 255.255.255.255 ! interface Port-channel1 description [VSL] Link_1 switchport switchport mode trunk switchport nonegotiate switch virtual link 1 ! interface Port-channel2 description [VSL] Link_2 switchport switchport mode trunk switchport nonegotiate switch virtual link 2 ! interface Port-channel4 description --IZH-KY-04-SW1-- switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel5 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel6 description [KU] SW-18-2 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel7 description [KU] SW-11-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel8 description [KU] SW-2-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel9 description --IZH-KY-04-SW0-- switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel10 description [KU] SW-6-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel11 description [KU] SW-7-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel13 description [KU] SW-8-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel14 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel15 description [KU] SW-14-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel16 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel17 description --IZH-KY-13-1-SW0-- switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel18 description [KU] SW-15-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel19 description [KU] SW-16-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel20 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel21 description [KU] SW-6-2 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel22 description [CORE] SW-1-3 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel23 description [KU] SW-7-2 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel24 description [KU] SW-17-2 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel25 description [KU] SW-18-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel26 description [KU] SW-18-3 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel27 description [KU] SW-5-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel28 description [KU] SW-6-3 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel29 description [KU] SW-19-1 switchport switchport mode trunk ! interface Port-channel31 description [KU] SW-3-1 switchport switchport mode trunk ! interface Port-channel41 description [KU] SW-4-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel100 description [CORE] SW-1-4 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel101 description [CORE] SW-1-2 switchport switchport mode trunk ! interface Port-channel102 description [-CORE] Huawei CE6881 switchport switchport mode trunk ! interface Port-channel110 description [KU] SW-10-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel121 description [KU] SW-12-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface Port-channel131 description [KU] SW-13-1 switchport switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface FastEthernet1 vrf forwarding mgmtVrf no ip address speed auto duplex auto ! interface TenGigabitEthernet1/1/1 description [KU] Po41 SW-4-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 41 mode active ! interface TenGigabitEthernet1/1/2 description [KU] Po131 SW-13-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 131 mode active ! interface TenGigabitEthernet1/1/3 description [KU] Po6 SW-18-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 6 mode on ! interface TenGigabitEthernet1/1/4 description [KU] Po7 SW-11-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 7 mode on ! interface TenGigabitEthernet1/1/5 description [KU] Po8 SW-2-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 8 mode on ! interface TenGigabitEthernet1/1/6 description --IZH-KY-04-SW0-- switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 9 mode on ! interface TenGigabitEthernet1/1/7 description [KU] Po10 SW-6-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 10 mode on ! interface TenGigabitEthernet1/1/8 description [KU] Po11 SW-7-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 11 mode on ! interface TenGigabitEthernet1/1/9 description [KU] SW-3-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet1/1/10 description [KU] Po13 SW-8-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 13 mode on ! interface TenGigabitEthernet1/1/11 description [KU] SW-9-2 switchport mode trunk ! interface TenGigabitEthernet1/1/12 description [KU] Po15 SW-14-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 15 mode on ! interface TenGigabitEthernet1/1/13 description [KU] Po19 SW-16-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 19 mode on ! interface TenGigabitEthernet1/1/14 description [KU] SW-17-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet1/1/15 description [KU] Po18 SW-15-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 18 mode active ! interface TenGigabitEthernet1/1/16 description [KU] SW-9-1 switchport mode trunk ! interface TenGigabitEthernet1/1/17 description [KU] Po121 SW-12-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 121 mode active ! interface TenGigabitEthernet1/1/18 description [KU] Po21 SW-6-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 21 mode on ! interface TenGigabitEthernet1/1/19 description [CORE] Po22 SW-1-3 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 22 mode on ! interface TenGigabitEthernet1/1/20 description [KU] Po23 SW-7-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 23 mode on ! interface TenGigabitEthernet1/1/21 description [KU] Po24 SW-17-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 24 mode on ! interface TenGigabitEthernet1/1/22 description [KU] Po25 SW-18-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 25 mode on ! interface TenGigabitEthernet1/1/23 description [KU] Po26 SW-18-3 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 26 mode on ! interface TenGigabitEthernet1/1/24 description [KU] Po27 SW-5-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 27 mode on ! interface TenGigabitEthernet1/1/25 description [KU] Po28 SW-6-3 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 28 mode on ! interface TenGigabitEthernet1/1/26 description --IZH-MLK-IZM-SW-3-1-- switchport mode trunk channel-group 31 mode on ! interface TenGigabitEthernet1/1/27 description [CORE] RT-1-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet1/1/28 description [CORE] RT-1-1 switchport trunk allowed vlan 100,111,112,300,551,556,557,597 switchport mode trunk ! interface TenGigabitEthernet1/1/29 description [CORE] SW-1-2 switchport mode trunk channel-group 101 mode active ! interface TenGigabitEthernet1/1/30 description [CORE] Po100 SW-1-4 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 100 mode active ! interface TenGigabitEthernet1/1/31 description [VSL] Po1 Link_1 switchport mode trunk switchport nonegotiate no lldp transmit no lldp receive channel-group 1 mode on service-policy output VSL-Queuing-Policy ! interface TenGigabitEthernet1/1/32 description [VSL] Po1 Link_1 switchport mode trunk switchport nonegotiate no lldp transmit no lldp receive channel-group 1 mode on service-policy output VSL-Queuing-Policy ! interface TenGigabitEthernet1/2/1 description [KU] Po31 SW-3-1 switchport mode trunk channel-group 31 mode on ! interface TenGigabitEthernet1/2/2 description [KU] Po110 SW-10-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 110 mode active ! interface TenGigabitEthernet1/2/3 ! interface TenGigabitEthernet1/2/4 ! interface TenGigabitEthernet1/2/5 ! interface TenGigabitEthernet1/2/6 ! interface TenGigabitEthernet1/2/7 ! interface TenGigabitEthernet1/2/8 description [CORE] Huawei ce6881 switchport mode trunk channel-group 102 mode active ! interface TenGigabitEthernet2/1/1 description [KU] Po41 SW-4-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 41 mode active ! interface TenGigabitEthernet2/1/2 description [KU] Po131 SW-13-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 131 mode active ! interface TenGigabitEthernet2/1/3 description [KU] Po6 SW-18-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 6 mode on ! interface TenGigabitEthernet2/1/4 description [KU] Po7 SW-11-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 7 mode on ! interface TenGigabitEthernet2/1/5 description [KU] Po8 SW-2-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 8 mode on ! interface TenGigabitEthernet2/1/6 description --IZH-KY-04-SW0-- switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 9 mode on ! interface TenGigabitEthernet2/1/7 description [KU] Po10 SW-6-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 10 mode on ! interface TenGigabitEthernet2/1/8 description [KU] Po11 SW-7-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 11 mode on ! interface TenGigabitEthernet2/1/9 description FREE switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet2/1/10 description [KU] Po13 SW-8-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 13 mode on ! interface TenGigabitEthernet2/1/11 description [KU] Po29 SW-19-1 switchport mode trunk channel-group 29 mode active ! interface TenGigabitEthernet2/1/12 description [KU] Po15 SW-14-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 15 mode on ! interface TenGigabitEthernet2/1/13 description FREE switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet2/1/14 description --IZH-KY-13-1-SW0-- switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 17 mode on ! interface TenGigabitEthernet2/1/15 description --IZH-KY-15-0-SW0-- switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 18 mode active ! interface TenGigabitEthernet2/1/16 description --IZH-KY-16-0-SW0-- switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 19 mode on ! interface TenGigabitEthernet2/1/17 description [KU] Po121 SW-12-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 121 mode active ! interface TenGigabitEthernet2/1/18 description [KU] Po21 SW-6-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 21 mode on ! interface TenGigabitEthernet2/1/19 description [CORE] Po22 SW-1-3 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 22 mode on ! interface TenGigabitEthernet2/1/20 description [KU] Po23 SW-7-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 23 mode on ! interface TenGigabitEthernet2/1/21 description [KU] Po24 SW-17-2 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 24 mode on ! interface TenGigabitEthernet2/1/22 description [KU] Po25 SW-18-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 25 mode on ! interface TenGigabitEthernet2/1/23 description [KU] Po26 SW-18-3 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 26 mode on ! interface TenGigabitEthernet2/1/24 description [KU] Po27 SW-5-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 27 mode on ! interface TenGigabitEthernet2/1/25 description [KU] Po28 SW-6-3 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 28 mode on ! interface TenGigabitEthernet2/1/26 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet2/1/27 description [KU] SW-20-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet2/1/28 description --IZH-KY-17-4-SW0-- switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk ! interface TenGigabitEthernet2/1/29 description [CORE] SW-1-2 switchport mode trunk channel-group 101 mode active ! interface TenGigabitEthernet2/1/30 description [CORE] Po100 SW-1-4 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 100 mode active ! interface TenGigabitEthernet2/1/31 description [VSL] Po2 Link_2 switchport mode trunk switchport nonegotiate no lldp transmit no lldp receive channel-group 2 mode on service-policy output VSL-Queuing-Policy ! interface TenGigabitEthernet2/1/32 description [VSL] Po2 Link_2 switchport mode trunk switchport nonegotiate no lldp transmit no lldp receive channel-group 2 mode on service-policy output VSL-Queuing-Policy ! interface TenGigabitEthernet2/2/1 description [KU] Po31 SW-3-1 switchport mode trunk channel-group 31 mode on ! interface TenGigabitEthernet2/2/2 description [KU] Po110 SW-10-1 switchport trunk allowed vlan 1-447,449-4094 switchport mode trunk channel-group 110 mode active ! interface TenGigabitEthernet2/2/3 ! interface TenGigabitEthernet2/2/4 ! interface TenGigabitEthernet2/2/5 ! interface TenGigabitEthernet2/2/6 ! interface TenGigabitEthernet2/2/7 ! interface TenGigabitEthernet2/2/8 description [CORE] Huawei ce6881 switchport mode trunk channel-group 102 mode active ! interface Vlan1 description LOCAL ip dhcp relay information trusted ip address 192.168.110.254 255.255.255.0 secondary ip address 192.168.9.254 255.255.255.0 secondary ip address 192.168.8.254 255.255.255.0 secondary ip address 192.168.5.254 255.255.255.0 ip helper-address 192.168.3.230 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map GLOBAL-ROUTING ! interface Vlan8 description --UserNet_8.0/24-- ip address 10.4.8.254 255.255.255.0 ip helper-address 10.4.8.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan9 description --UserNet_9.0/24-- ip address 10.4.9.254 255.255.255.0 ip helper-address 10.4.9.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan10 description --UserNet_10.0/24-- ip address 10.4.10.254 255.255.255.0 ip helper-address 10.4.10.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan11 description --UserNet_11.0/24-- ip address 10.4.11.254 255.255.255.0 ip helper-address 10.4.11.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan12 description --UserNet_12.0/24-- ip address 10.4.12.254 255.255.255.0 ip helper-address 10.4.12.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan13 description --UserNet_13.0/24-- ip address 10.4.13.254 255.255.255.0 ip helper-address 10.4.13.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan14 description --UserNet_14.0/24-- ip address 10.4.14.254 255.255.255.0 ip helper-address 10.4.14.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan15 description --UserNet_15.0/24-- ip address 10.4.15.254 255.255.255.0 ip helper-address 10.4.15.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan16 description --UserNet_16.0/24-- ip address 10.4.16.254 255.255.255.0 ip helper-address 10.4.16.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan17 description --UserNet_17.0/24-- ip address 10.4.17.254 255.255.255.0 ip helper-address 10.4.17.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan18 description --UserNet_18.0/24-- ip address 10.4.18.254 255.255.255.0 ip helper-address 10.4.18.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan19 description --UserNet_19.0/24-- ip address 10.4.19.254 255.255.255.0 ip helper-address 10.4.19.239 ip helper-address 10.4.16.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan20 description --UserNet_20.0/24-- ip address 10.4.20.254 255.255.255.0 ip helper-address 10.4.16.239 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan22 ip address 192.168.255.254 255.255.255.0 ! interface Vlan23 description --MILKOM_Nobel_Users-- ip address 10.5.208.254 255.255.255.0 ip helper-address 10.4.16.239 no ip redirects ! interface Vlan90 description NET_SERVER_150 ip address 192.168.150.254 255.255.255.0 shutdown ! interface Vlan93 description --MIKROTIK_VPN-- ip address 172.30.35.253 255.255.254.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan101 description --Printers-- ip address 10.4.25.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan103 description --KPP Vesi&Cam-- ip address 10.4.41.254 255.255.255.0 ! interface Vlan110 description --NET_KIP_PRODACTION-- no ip address ! interface Vlan111 ip address 172.16.1.4 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan112 description Intraconnect_ospf_area_1 ip address 172.16.254.4 255.255.255.248 shutdown ! interface Vlan113 ip address 10.10.254.254 255.255.255.252 ! interface Vlan150 description --Wi-Fi_Users_32.0/24-- ip address 10.4.32.254 255.255.255.0 ip helper-address 10.4.32.239 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map GLOBAL-ROUTING ! interface Vlan151 description --Wi-Fi_Prod_33.0/24-- ip address 10.4.33.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan172 description TelephoneNet ip address 172.17.100.6 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map SIP-ROUTING ! interface Vlan173 description TelephonyTest ip address 172.17.107.254 255.255.252.0 ! interface Vlan202 description --DMZ-- ip address 10.4.38.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map RM_DMZ ! interface Vlan207 description [SRV] VCOD DMZ Frontend ip address 10.100.0.126 255.255.255.128 ip policy route-map GLOBAL-ROUTING ! interface Vlan208 description [SRV] VCOD Backend ip address 10.100.0.254 255.255.255.128 ! interface Vlan248 description --SANDBOX_ELAR-- ip address 10.4.40.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan249 description --ServTestC_36.0/24-- ip address 10.4.36.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map GLOBAL-ROUTING ! interface Vlan250 description --ServerNet_0.0/24-- ip address 10.4.0.254 255.255.255.0 ip helper-address 10.4.0.239 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map GLOBAL-ROUTING ! interface Vlan251 description -=ServMail_7.0/28=- ip address 10.4.7.14 255.255.255.240 no ip redirects ip policy route-map PBR_MAIL no snmp trap link-status ! interface Vlan252 description --VOICE_ATS-- ip address 10.4.7.30 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map SIP-ROUTING ! interface Vlan253 description Exchange KOMOS-GROUP.RU ip address 10.4.44.254 255.255.255.0 ! interface Vlan254 ip address 10.4.1.126 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan289 description -=SRVBakNet_245.0_24=- ip address 10.4.245.254 255.255.255.0 no ip redirects ! interface Vlan290 description -=SrvVmwVMon_242.0/26=- ip address 10.4.242.62 255.255.255.192 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan291 description -=SrvVmwVSan_242.64/26=- ip address 10.4.242.126 255.255.255.192 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan292 description -=SrvBakNet_243.0/24=- ip address 10.4.243.254 255.255.255.0 no ip redirects ip policy route-map GLOBAL-ROUTING ! interface Vlan294 description --SRV_iLO_iDrack_etc-- ip address 10.4.242.254 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan299 description --ServerMengNet_240.0\24-- ip address 10.4.240.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan300 description --MANAGMENT-- ip address 10.4.254.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan301 description --Wi-Fi_MANAGMENT-- ip address 10.4.255.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan302 description -=Wi-Fi_MANAGMENT=- ip address 10.4.252.254 255.255.255.0 ip helper-address 10.4.16.239 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan350 description --VOICE_28.0/23 ip address 10.4.29.254 255.255.254.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan448 description -=VideoKomos=- no ip address ! interface Vlan450 no ip address shutdown ! interface Vlan500 description --Wi-Fi_Guest_35.0/24-- ip address 10.4.35.254 255.255.255.0 ip access-group No_Local_For_GuestWiFI in no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan550 description --CISCO_ASA-- ip address 10.4.239.2 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan551 description --TRANSIT_HSRP-- ip address 10.4.239.22 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan553 description P2P VST-IZM Peering ip address 172.30.32.5 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp bfd template p2p ! interface Vlan554 description P2P VRS-IZM Peering ip address 172.30.32.9 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan596 description L2VPN_DOMRU_IZM-BGP-P11 ip address 172.30.32.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp bfd template p2p ! interface Vlan597 ip address 172.30.30.62 255.255.255.240 no ip redirects bfd interval 50 min_rx 50 multiplier 3 ! interface Vlan599 description L2VPN_MTS_IZM-BGP-P11 ip address 172.30.30.1 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp bfd template p2p ! interface Vlan600 description --PET_PRODACTION-- ip address 10.4.37.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan601 description --KMK_PRODACTION-- ip address 10.4.39.30 255.255.255.224 ip access-group ACL_KMK_PRODACTION_IN in ip access-group ACL_KMK_PRODACTION_OUT out no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan603 description --CRPT-Mark-- ip address 10.4.39.126 255.255.255.192 ip helper-address 10.4.16.239 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan1000 description --ELAR-TEST- ip address 10.4.160.254 255.255.255.0 ip access-group ACL_ELAR-TEST in no ip redirects no ip unreachables no ip proxy-arp ip policy route-map PBR_ELAR-TEST ! interface Vlan1100 description [PI] TEST_ARR_ESR-10 ip unnumbered Loopback11 ip policy route-map RM_TEST_ARR ! interface Vlan1113 description [PI] RT-1-3 ip unnumbered Loopback11 ip policy route-map RM_TEST_ARR ! interface Vlan3915 description IZM_VLAN3915_SPLUNK ip address 10.4.244.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan4031 description -VeamRepl_172.31.31.0/24- ip address 172.31.31.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan4032 description -SQLRepl_172.31.33.0/24- ip address 172.31.32.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan4033 description -SrvVCHA_172.31.33.0/24- ip address 172.31.33.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan4034 description -ExchRepl_172.31.34.0/24- ip address 172.31.34.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan4035 description -SrvVCMg_172.31.35.0/24- ip address 172.31.35.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp shutdown ! interface Vlan4045 no ip address ! ! router eigrp 254 network 10.4.0.0 0.0.0.255 network 10.4.4.0 0.0.0.255 network 10.4.5.0 0.0.0.255 network 10.4.6.0 0.0.0.255 network 10.4.7.0 0.0.0.15 network 10.4.8.0 0.0.0.255 network 10.4.9.0 0.0.0.255 network 10.4.10.0 0.0.0.255 network 10.4.11.0 0.0.0.255 network 10.4.12.0 0.0.0.255 network 10.4.13.0 0.0.0.255 network 10.4.14.0 0.0.0.255 network 10.4.28.0 0.0.1.255 network 10.4.32.0 0.0.0.255 network 10.4.35.0 0.0.0.255 network 10.4.36.0 0.0.0.255 network 10.4.239.0 0.0.0.15 network 10.4.239.16 0.0.0.15 network 10.4.254.0 0.0.0.255 network 10.4.255.0 0.0.0.255 network 172.17.100.0 0.0.0.7 network 172.30.30.0 0.0.0.31 network 172.31.31.0 0.0.0.255 network 172.31.35.0 0.0.0.255 network 192.168.7.0 network 192.168.8.0 network 192.168.9.0 passive-interface default no passive-interface Vlan599 no passive-interface Vlan550 no passive-interface Vlan551 ! router bgp 64512 bgp router-id 172.30.30.62 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart neighbor PG_BGP_MILKOM peer-group neighbor PG_BGP_MILKOM remote-as 64512 neighbor PG_BGP_IZM-P11 peer-group neighbor PG_BGP_IZM-P11 remote-as 64513 neighbor PG_BGP_IZM-P11 description BGP over L2VPN neighbor PG_BGP_IZM-P11 fall-over bfd neighbor 10.4.239.1 peer-group PG_BGP_MILKOM neighbor 10.4.239.1 description --CISCO_ASA-- neighbor 172.30.30.2 peer-group PG_BGP_IZM-P11 neighbor 172.30.30.55 peer-group PG_BGP_MILKOM neighbor 172.30.30.55 description SW-1-1_Huawei neighbor 172.30.30.57 peer-group PG_BGP_MILKOM neighbor 172.30.30.57 description --IZH-MLK-IZM-RT-1-3-- neighbor 172.30.30.58 peer-group PG_BGP_MILKOM neighbor 172.30.30.58 description --IZH-MLK-IZM-RT-1-4-- neighbor 172.30.30.60 remote-as 199014 neighbor 172.30.30.61 peer-group PG_BGP_MILKOM neighbor 172.30.30.61 description --IZH-MLK-IZM-RT-1-2-- neighbor 172.30.32.2 peer-group PG_BGP_IZM-P11 neighbor 172.30.32.6 remote-as 64539 neighbor 172.30.32.6 description IZH-VST-IZM-SW-1-1 neighbor 172.30.32.10 remote-as 64523 neighbor 172.30.32.10 description IZH-VRS-IZM-SW-1-1 neighbor 172.30.35.254 remote-as 65500 neighbor 172.30.35.254 description --MIKROTIK_VPN-- ! address-family ipv4 network 10.4.0.0 mask 255.255.0.0 network 10.4.0.0 mask 255.255.255.0 network 10.4.8.0 mask 255.255.255.0 network 10.4.32.0 mask 255.255.255.0 network 10.4.192.0 mask 255.255.255.0 network 10.4.239.0 mask 255.255.255.240 network 10.4.239.16 mask 255.255.255.240 network 10.5.208.0 mask 255.255.248.0 network 10.5.208.0 mask 255.255.255.0 network 10.100.0.0 mask 255.255.255.0 network 10.100.0.0 mask 255.255.255.128 network 10.100.0.128 mask 255.255.255.128 network 10.111.0.0 mask 255.255.0.0 network 172.17.100.0 mask 255.255.255.248 network 172.31.31.0 mask 255.255.255.0 network 172.31.35.0 mask 255.255.255.0 network 192.168.8.0 network 192.168.9.0 network 192.168.110.0 redistribute static route-map RM_REDIS_STATIC_PI neighbor PG_BGP_MILKOM next-hop-self all neighbor PG_BGP_MILKOM soft-reconfiguration inbound neighbor PG_BGP_MILKOM route-map RM_LOCAL_OUT out neighbor PG_BGP_IZM-P11 next-hop-self neighbor PG_BGP_IZM-P11 soft-reconfiguration inbound neighbor PG_BGP_IZM-P11 route-map RM_BGP_IZM-P11_OUT out neighbor 10.4.239.1 activate neighbor 172.30.30.2 activate neighbor 172.30.30.2 route-map RM_BGP_IZM-P11_MTS_IN in neighbor 172.30.30.55 activate neighbor 172.30.30.57 activate neighbor 172.30.30.58 activate neighbor 172.30.30.58 route-map RM_LP_PVF_1C in neighbor 172.30.30.60 activate neighbor 172.30.30.60 route-map RM_KOMOS_PI_IN in neighbor 172.30.30.61 activate neighbor 172.30.32.2 activate neighbor 172.30.32.2 route-map RM_BGP_IZM-P11_DOMRU_IN in neighbor 172.30.32.6 activate neighbor 172.30.32.6 next-hop-self neighbor 172.30.32.6 route-map RM_FROM_VST-P2P in neighbor 172.30.32.6 route-map RM_TO_VST-P2P out neighbor 172.30.32.10 activate neighbor 172.30.32.10 next-hop-self neighbor 172.30.32.10 route-map RM_FROM_VRS-P2P in neighbor 172.30.32.10 route-map RM_TO_VRS-P2P out neighbor 172.30.35.254 activate neighbor 172.30.35.254 next-hop-self neighbor 172.30.35.254 soft-reconfiguration inbound neighbor 172.30.35.254 prefix-list PFL_MIKROTIK_VPN_IN in neighbor 172.30.35.254 prefix-list PFL_MIKROTIK_VPN_OUT out maximum-paths 2 distance bgp 150 150 150 exit-address-family ! ip forward-protocol nd ip http server no ip http secure-server ! ip as-path access-list 11 permit ^64513$ ip route 0.0.0.0 0.0.0.0 10.4.239.17 50 name --HSRP_ON_3925-- ip route 1.1.1.1 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON-- ip route 10.4.0.0 255.255.0.0 Null0 254 ip route 10.4.241.0 255.255.255.0 172.30.30.2 100 name --KOMOS-MANAGEMENT-SERVER-- ip route 10.4.253.0 255.255.255.0 172.30.30.2 100 name --KOMOS-MANAGEMENT-SERVER-- ip route 10.10.1.36 255.255.255.255 10.10.254.253 ip route 10.10.11.0 255.255.255.0 10.10.254.253 ip route 10.10.12.0 255.255.255.0 10.10.254.253 ip route 10.15.72.0 255.255.255.0 10.4.239.18 ip route 10.100.0.0 255.255.255.0 Null0 254 ip route 10.111.0.0 255.255.0.0 Null0 254 ip route 31.173.105.53 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON-- ip route 77.88.8.3 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON-- ip route 77.88.8.7 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON-- ip route 91.240.179.240 255.255.255.255 Vlan1100 100 name TEST_ARR_ESR-10 ip route 91.240.179.243 255.255.255.255 Vlan1113 100 name RT-1-3 ip route 193.232.108.67 255.255.255.255 10.4.239.18 name --PARTNER.X5.RU-- ip route 217.14.195.253 255.255.255.255 10.4.239.18 ip route 217.14.195.254 255.255.255.255 10.4.239.18 name --MARK-ITT-- ip ssh pubkey-chain username FTP key-hash ssh-rsa 32D3770B81F9128668142CC5C9BBF20F ftp@izh-asbl001 ! ip access-list standard ACL_CREATIO permit 10.4.0.123 ip access-list standard ACL_DMZ permit 10.4.38.3 ip access-list standard ACL_GUEST_Wi-Fi permit 10.4.35.0 0.0.0.255 ip access-list standard ACL_HELP.KOMOS.RU permit 10.4.0.184 ip access-list standard ACL_HELP_CES_KOMOS permit 10.4.0.120 ip access-list standard ACL_KOMOS_RU permit 10.4.8.8 permit 10.4.0.172 permit 10.4.0.178 ip access-list standard ACL_MAIL_VIA_KG deny 10.4.7.7 permit 10.4.7.0 0.0.0.7 ip access-list standard ACL_ROUTE_TO_P11 permit 10.4.0.45 ip access-list standard ACL_ROZ_MIKR permit 172.30.35.254 ip access-list standard ACL_SIP_GLAZOV permit 172.17.100.2 ip access-list standard ACL_SIP_KOMOS permit 10.4.7.17 ip access-list standard ACL_TRAFFIC_TO_MARK permit 10.4.7.12 permit 192.168.8.81 permit 192.168.2.37 permit 192.168.8.52 permit 192.168.8.54 permit 10.4.8.80 permit 192.168.8.59 permit 192.168.1.9 permit 192.168.1.5 permit 192.168.8.225 permit 192.168.8.226 permit 192.168.8.228 permit 192.168.8.234 permit 192.168.8.163 permit 192.168.8.185 permit 10.4.0.249 ip access-list standard ACL_WAP2 permit 10.4.38.1 permit 10.4.38.2 ip access-list standard ACL_WWW_KOMOS_RU permit 10.4.0.172 ip access-list standard SIP_TRAFFIC permit 172.17.100.1 permit 172.17.100.5 ! ip access-list extended ACL_ELAR-TEST permit tcp host 10.4.160.1 eq 88 10.4.0.0 0.0.255.255 deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 permit ip 10.4.160.0 0.0.0.255 any time-range TIME_ELAR-TEST ip access-list extended ACL_KMK_PRODACTION_IN permit ip any any ip access-list extended ACL_KMK_PRODACTION_OUT permit ip any any ip access-list extended ACL_KSMG permit ip host 10.4.38.21 any permit ip host 10.4.38.22 any ip access-list extended ACL_TEST_ARR permit ip host 91.240.179.243 any permit ip host 91.240.179.240 any ip access-list extended LOCAL_TRAFFIC permit ip any 192.168.0.0 0.0.255.255 permit ip any 10.0.0.0 0.255.255.255 permit ip any 172.16.0.0 0.15.255.255 ip access-list extended No_Local_For_GuestWiFI permit tcp any host 192.168.8.200 eq domain permit udp any host 192.168.8.200 eq domain permit tcp any host 192.168.8.201 eq domain permit udp any host 192.168.8.201 eq domain permit tcp any host 10.4.7.6 eq 443 deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 permit ip any any ip access-list extended ROUTE_TO_ISP4 permit ip any host 192.168.8.4 permit ip any host 192.168.8.6 ip access-list extended VSL-BFD permit udp any any eq 3784 ip access-list extended VSL-DHCP-CLIENT-TO-SERVER permit udp any eq bootpc any eq bootps ip access-list extended VSL-DHCP-SERVER-TO-CLIENT permit udp any eq bootps any eq bootpc ip access-list extended VSL-DHCP-SERVER-TO-SERVER permit udp any eq bootps any eq bootps ip access-list extended VSL-IPV4-ROUTING permit ip any 224.0.0.0 0.0.0.255 ! ! ip prefix-list PFL_MIKROTIK_VPN_IN seq 10 permit 10.73.0.0/16 le 29 ip prefix-list PFL_MIKROTIK_VPN_IN seq 15 permit 10.1.30.0/24 ! ip prefix-list PFL_MIKROTIK_VPN_OUT seq 10 permit 10.4.0.0/16 le 24 ip prefix-list PFL_MIKROTIK_VPN_OUT seq 20 permit 192.168.8.0/24 ip prefix-list PFL_MIKROTIK_VPN_OUT seq 25 permit 10.1.19.0/24 ip prefix-list PFL_MIKROTIK_VPN_OUT seq 30 permit 10.1.15.0/24 ip prefix-list PFL_MIKROTIK_VPN_OUT seq 35 permit 10.1.13.0/24 ip prefix-list PFL_MIKROTIK_VPN_OUT seq 40 permit 10.1.122.0/24 ! ip prefix-list PL_BGP_IZM-P11 seq 5 permit 10.0.0.0/8 le 32 ip prefix-list PL_BGP_IZM-P11 seq 10 permit 192.168.0.0/16 le 32 ip prefix-list PL_BGP_IZM-P11 seq 15 permit 172.16.0.0/12 le 32 ! ip prefix-list PL_FROM_VRS-P2P seq 5 permit 10.8.64.0/21 le 26 ip prefix-list PL_FROM_VRS-P2P seq 10 permit 192.168.72.0/24 ! ip prefix-list PL_FROM_VST-P2P seq 5 permit 10.88.104.0/21 le 24 ! ip prefix-list PL_KOMOS_PI seq 5 permit 91.240.179.0/24 ge 32 ! ip prefix-list PL_LOCAL_OUT seq 5 permit 10.0.0.0/8 le 32 ip prefix-list PL_LOCAL_OUT seq 10 permit 192.168.0.0/16 le 32 ip prefix-list PL_LOCAL_OUT seq 15 permit 172.16.0.0/12 le 32 ! ip prefix-list PL_MILKOM_OUT seq 5 deny 0.0.0.0/0 ip prefix-list PL_MILKOM_OUT seq 10 permit 10.0.0.0/8 le 32 ip prefix-list PL_MILKOM_OUT seq 15 permit 192.168.0.0/16 le 32 ip prefix-list PL_MILKOM_OUT seq 20 permit 172.16.0.0/12 le 32 ! ip prefix-list PL_REDIS_STATIC_PI seq 5 permit 91.240.179.0/24 le 32 ! ip prefix-list pvf_1c seq 4 permit 192.168.72.0/24 le 32 ip prefix-list pvf_1c seq 5 permit 192.168.72.0/24 ip sla 1 icmp-echo 31.173.105.53 source-interface Vlan300 threshold 2000 timeout 3000 frequency 10 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 1.1.1.1 source-interface Vlan300 threshold 2000 timeout 3000 frequency 10 ip sla schedule 2 life forever start-time now ip sla 3 icmp-echo 77.88.8.7 source-interface Vlan300 threshold 2000 timeout 3000 frequency 10 ip sla schedule 3 life forever start-time now ip sla 4 icmp-echo 77.88.8.3 source-interface Vlan300 threshold 2000 timeout 3000 frequency 10 ip sla schedule 4 life forever start-time now logging origin-id hostname logging facility local2 logging source-interface Vlan300 logging host 192.168.8.119 transport udp port 5544 logging host 10.4.244.4 transport udp port 515 access-list 5 permit 192.168.8.99 access-list 5 permit 10.1.19.28 access-list 5 permit 10.4.0.58 access-list 5 permit 10.2.1.245 access-list 8 remark -==domination==- access-list 8 permit 192.168.9.101 access-list 8 permit 192.168.9.100 access-list 8 permit 192.168.9.103 access-list 8 permit 192.168.9.102 access-list 8 permit 192.168.9.105 access-list 8 permit 192.168.9.104 access-list 9 remark -=izh-1cl002_17=- access-list 9 permit 192.168.8.4 access-list 9 permit 192.168.8.6 access-list 9 permit 192.168.8.7 access-list 9 permit 192.168.8.191 access-list 10 permit 192.168.8.229 access-list 10 remark --IZH-TS011-- access-list 10 permit 192.168.8.176 access-list 10 permit 192.168.8.177 access-list 10 remark --IZH-TRM011-- access-list 10 permit 192.168.8.178 access-list 10 remark --IZH-FTP004-- access-list 10 permit 192.168.8.138 access-list 10 remark --IZH-FLS013-- access-list 10 permit 192.168.8.159 access-list 11 remark -=mail_to_komos=- access-list 11 permit 192.168.8.72 access-list 11 permit 192.168.8.73 access-list 11 permit 192.168.8.77 access-list 11 permit 10.4.7.0 0.0.0.15 access-list 12 permit 192.168.8.70 access-list 12 permit 192.168.8.71 access-list 12 permit 192.168.8.95 access-list 12 permit 192.168.8.59 access-list 12 permit 192.168.8.163 access-list 12 permit 192.168.8.165 access-list 12 permit 192.168.8.177 access-list 12 permit 192.168.8.178 access-list 12 permit 192.168.8.187 access-list 12 permit 192.168.8.138 access-list 12 permit 192.168.8.139 access-list 13 remark -=TestNetElar=- access-list 13 permit 10.4.160.0 0.0.0.255 access-list 14 remark -=izh-msx001=- access-list 14 permit 10.4.7.12 ! route-map RM_REDIS_STATIC_PI permit 10 description Redistribute static PI address for unnumbered lo11 match ip address prefix-list PL_REDIS_STATIC_PI ! route-map RM_KOMOS_PI_IN permit 10 match ip address prefix-list PL_KOMOS_PI set local-preference 1000 ! route-map RM_KOMOS_PI_IN permit 20 ! route-map RM_DMZ deny 10 match ip address LOCAL_TRAFFIC ! route-map RM_DMZ permit 20 match ip address ACL_DMZ set ip next-hop 10.4.239.18 ! route-map RM_DMZ permit 30 match ip address ACL_WAP2 set ip next-hop 172.30.30.2 ! route-map RM_DMZ permit 40 match ip address ACL_KSMG set ip next-hop 172.30.30.2 ! route-map PBR_MAIL deny 10 match ip address LOCAL_TRAFFIC ! route-map PBR_MAIL permit 20 match ip address 14 SIP_TRAFFIC set ip next-hop 10.4.239.18 ! route-map PBR_MAIL permit 30 match ip address ACL_MAIL_VIA_KG ! route-map RM_LOCAL_OUT permit 10 match ip address prefix-list PL_LOCAL_OUT ! route-map RM_TO_RCOD_ER-TELECOM permit 30 match ip address prefix-list PL_LOCAL_OUT ! route-map RM_BGP_IZM-P11_MTS_IN permit 10 match as-path 11 set local-preference 1500 ! route-map RM_BGP_IZM-P11_MTS_IN permit 20 ! route-map RM_FROM_RCOD_ER-TELECOM permit 30 ! route-map RM_BGP_IZM-P11_DOMRU_IN permit 10 match as-path 11 set local-preference 1500 ! route-map RM_BGP_IZM-P11_DOMRU_IN permit 20 ! route-map SIP-ROUTING deny 10 match ip address LOCAL_TRAFFIC ! route-map SIP-ROUTING permit 20 match ip address SIP_TRAFFIC set ip next-hop 10.4.239.18 10.4.239.19 ! route-map SIP-ROUTING permit 30 match ip address ACL_SIP_GLAZOV ! route-map SIP-ROUTING permit 40 match ip address ACL_SIP_KOMOS set ip next-hop 10.4.239.19 ! route-map PBR_ELAR-TEST permit 10 set ip next-hop 10.4.239.19 ! route-map RM_FROM_VRS-P2P permit 10 match ip address prefix-list PL_FROM_VRS-P2P set local-preference 1500 ! route-map RM_FROM_VST-P2P permit 10 match ip address prefix-list PL_FROM_VST-P2P set local-preference 1500 ! route-map RM_TEST_ARR permit 10 match ip address ACL_TEST_ARR set ip next-hop 10.4.239.18 ! route-map RM_TO_VST-P2P permit 10 ! route-map RM_TO_VRS-P2P permit 10 ! route-map RM_MILKOM_OUT permit 10 ! route-map RM_RCOD_MTS_OUT permit 30 match ip address prefix-list PL_LOCAL_OUT ! route-map RM_LP_PVF_1C permit 10 match ip address prefix-list pvf_1c set local-preference 150 ! route-map RM_LP_PVF_1C permit 20 ! route-map RM_BGP_IZM-P11_OUT permit 10 match ip address prefix-list PL_BGP_IZM-P11 ! route-map GLOBAL-ROUTING deny 5 match ip address LOCAL_TRAFFIC ! route-map GLOBAL-ROUTING permit 7 description Route to P11 for Publication(NAT) match ip address ACL_ROUTE_TO_P11 set ip next-hop 172.30.30.2 ! route-map GLOBAL-ROUTING permit 8 match ip address ACL_ROZ_MIKR set ip next-hop 10.4.239.18 ! route-map GLOBAL-ROUTING permit 9 match ip address ACL_HELP_CES_KOMOS set ip next-hop 172.30.30.2 ! route-map GLOBAL-ROUTING permit 10 match ip address 9 ROUTE_TO_ISP4 ACL_TRAFFIC_TO_MARK 14 8 ACL_KOMOS_RU set ip next-hop 10.4.239.18 ! route-map GLOBAL-ROUTING permit 20 match ip address 11 12 10 set ip next-hop 10.4.239.19 ! route-map GLOBAL-ROUTING permit 30 description --HELP.KOMOS.RU-- match ip address ACL_HELP.KOMOS.RU set ip next-hop 172.30.30.2 ! snmp-server community lmTUEsk6Yvlv RO snmp ifmib ifindex persist ! ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! ! ! ipv6 access-list VSL-IPV6-ROUTING permit ipv6 any FF02::/124 ! no vstack banner exec ^C Welcome to $(hostname). You are connected on line $(line) on domain $(domain) ^C banner login ^C ***************************************************************************** * * * UNAUTHORIZED ACCESS IS PROHIBITED * * * * You have accessed network equipment. * * You must have authorized permission to access or configure this device. * * All activities performed on this device are logged and monitored. * * * ***************************************************************************** ^C alias exec sib sh ip int brief ! line con 0 logging synchronous login authentication CONSOLE stopbits 1 line vty 0 4 exec-timeout 120 0 logging synchronous length 0 transport input ssh line vty 5 15 exec-timeout 120 0 logging synchronous transport input ssh ! ! module provision switch 1 chassis-type 72 base-mac 64F6.9DBC.B2C0 slot 1 slot-type 402 base-mac 64F6.9DBC.B2C0 slot 2 slot-type 400 base-mac A0EC.87A2.6BA0 ! module provision switch 2 chassis-type 72 base-mac 74A2.E66E.3BC0 slot 1 slot-type 402 base-mac 74A2.E66E.3BC0 slot 2 slot-type 400 base-mac A0EC.1C03.29D0 ! ntp server 192.168.8.200 time-range TIME_ELAR-TEST periodic weekdays 8:00 to 19:00 periodic weekend 8:00 to 19:00 ! mac address-table notification change mac address-table static 02bf.0a04.0706 vlan 251 interface Port-Channel100 event manager applet --MEGAFON_DOWN-- event syslog pattern "10 list boolean or Up -> Down" action 001 cli command "enable" action 002 cli command "conf t" action 003 cli command "route-map PBR_MAIL permit 30" action 004 cli command "set ip next-hop 172.30.30.2" action 005 cli command "route-map GLOBAL-ROUTING permit 20" action 006 cli command "set ip next-hop 10.4.239.18" action 007 cli command "no set ip next-hop 10.4.239.19" action 008 cli command "route-map SIP-ROUTING permit 30" action 009 cli command "set ip next-hop 172.30.30.58" action 010 cli command "end" action 011 syslog msg "--MEGAFON is DOWN--" event manager applet --MEGAFON_UP-- event syslog pattern "10 list boolean or Down -> Up" action 001 cli command "enable" action 002 cli command "conf t" action 003 cli command "route-map PBR_MAIL permit 30" action 004 cli command "no set ip next-hop 172.30.30.2" action 005 cli command "route-map GLOBAL-ROUTING permit 20" action 006 cli command "set ip next-hop 10.4.239.19" action 007 cli command "no set ip next-hop 10.4.239.18" action 008 cli command "route-map SIP-ROUTING permit 30" action 009 cli command "no set ip next-hop 172.30.30.58" action 010 cli command "end" action 011 syslog msg "--MEGAFON is UP--" ! event manager history size events 20 end