Building configuration... Current configuration : 25928 bytes ! ! Last configuration change at 08:55:11 MSK Fri Jul 15 2022 by adm_kapustinal ! NVRAM config last updated at 09:15:50 MSK Thu Jul 14 2022 by adm_kapustinal ! version 15.2 no service pad service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption ! hostname KZN-MLK-KMK-SW-1-1 ! boot-start-marker boot-end-marker ! ! logging discriminator STACKPOW mnemonics drops STACKPOWER logging userinfo logging buffered discriminator STACKPOW enable secret 5 $1$Znuf$/iXVXut/jj7ATYdr9GcxJ0 ! username netadmin privilege 15 secret 5 $1$KndH$cfO8bwEDMOTsETRnuOM4/. username akhmetzyanovrr privilege 15 password 7 0322601D1201315657031D5445 aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface Vlan300 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone MSK 3 0 switch 1 provision ws-c3750x-24s switch 2 provision ws-c3750x-24s system mtu routing 1500 ! ! ! ! ip routing no ip cef optimize neighbor resolution ! ! ! no ip domain-lookup ip domain-name milkom-komos.ru ip host tftp 10.4.0.214 ! stack-power stack Powerstack-1 mode redundant ! vtp mode transparent ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-1328648448 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1328648448 revocation-check none rsakeypair TP-self-signed-1328648448 ! crypto pki trustpoint TP-self-signed-1335665536 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1335665536 revocation-check none rsakeypair TP-self-signed-1335665536 ! ! crypto pki certificate chain TP-self-signed-1328648448 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31333238 36343834 3438301E 170D3036 30313032 30303034 35345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33323836 34383434 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100981C 397F3360 346CC34D 5C76C071 C53D2CB5 7DEC80DF 9F1AE196 6E25B900 5B17A808 C4463AF7 E39DC80D 0509E836 31231CC3 4CFD4121 0CBABA19 D72FAC65 D95B9D05 CCEB1F7E 31CA6499 BEFAFA94 1C4EC89C 09427E3B 07088ABA 054ECD68 7E0D1123 E21665F9 A65D145A 24B28B52 79A865D9 C105A08F D090ECB8 658CEFDE 02190203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 141C9CC5 AD150A37 024FD74E D172F0DA D6409013 89301D06 03551D0E 04160414 1C9CC5AD 150A3702 4FD74ED1 72F0DAD6 40901389 300D0609 2A864886 F70D0101 05050003 8181006B 4A373FBE ED031312 7BF684E3 D420B700 594C71E1 35C2C38E D6DDB7E0 724E3AB9 1FAD8CCA E9EA4967 810C4176 A1ED8BAF 56F2C19A 8C0A4E05 6F39BE8D 19F6F9BC 8241B7DD 35912BAD 6318E7A5 EA51A631 33E89821 CF1C688F 3FC95097 5684298E 8AE9C486 1D9ABD18 C16C4D27 4C281C53 712B6ECD 2B55F376 06339059 649916 quit crypto pki certificate chain TP-self-signed-1335665536 license boot level ipservices license boot level ipbase switch 2 archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/KZN/MLK/KMK-SW_L3/$H-$T write-memory time-period 10080 ! ! ! object-group network Pernit_for_ProdVlan550 host 192.168.75.200 ! ! mac access-list extended VSL-BPDU permit any 0180.c200.0000 0000.0000.0003 mac access-list extended VSL-CDP permit any host 0100.0ccc.cccc mac access-list extended VSL-DOT1x permit any any 0x888E 0x1 mac access-list extended VSL-GARP permit any host 0180.c200.0020 mac access-list extended VSL-LLDP permit any host 0180.c200.000e mac access-list extended VSL-MGMT permit any 0022.bdcd.d200 0000.0000.00ff permit 0022.bdcd.d200 0000.0000.00ff any mac access-list extended VSL-SSTP permit any host 0100.0ccc.cccd ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 1-4094 priority 4096 port-channel load-balance src-dst-ip ! ! ! ! vlan internal allocation policy ascending ! vlan 13 name Users KU-13 ! vlan 16 name --KU16_Users-- ! vlan 101 name --PRINTERS-- ! vlan 111 name INTERCONNECT ! vlan 113 name --link-to-mikrotik-- ! vlan 150 name --Wi-Fi_WORK-- ! vlan 200 ! vlan 201 name test ! vlan 220 name SkladWifi ! vlan 250 name --SERVERS_37.0/24-- ! vlan 251 name --SERVERS_BACKUP-- ! vlan 252 name --SERVERS_VIDEO-- ! vlan 290 name -=SrvVmwVMon=- ! vlan 300 name --MANAGEMENT-- ! vlan 301 name --Wi-Fi_MANAGEMENT-- ! vlan 310 ! vlan 350 name --VOICE-- ! vlan 450 name --Wi-Fi_SKLAD-- ! vlan 500 name --Wi-Fi_GUEST-- ! vlan 550 name --PRODACTION_TRANSFER-- ! vlan 555 name --BGP_TRANSIT-- ! vlan 603 name --CRPT-Mark-- ! vlan 2145 name Test_BGP ! vlan 4093 name DOMRU_FOR_KOMOS_STROY ! vlan 4094 name L2VPN_Tattelecom_for_MCHS ! ! class-map match-any VSL-DATA-PACKETS match access-group name VSL-MGMT class-map match-any VSL-L2-CONTROL-PACKETS match access-group name VSL-DOT1x match access-group name VSL-BPDU match access-group name VSL-CDP match access-group name VSL-LLDP match access-group name VSL-SSTP match access-group name VSL-GARP class-map match-any VSL-L3-CONTROL-PACKETS match access-group name VSL-IPV4-ROUTING match access-group name VSL-BFD match access-group name VSL-DHCP-CLIENT-TO-SERVER match access-group name VSL-DHCP-SERVER-TO-CLIENT match access-group name VSL-DHCP-SERVER-TO-SERVER match access-group name VSL-IPV6-ROUTING class-map match-any VSL-MULTIMEDIA-TRAFFIC match ip dscp af41 match ip dscp af42 match ip dscp af43 match ip dscp af31 match ip dscp af32 match ip dscp af33 match ip dscp af21 match ip dscp af22 match ip dscp af23 class-map match-any VSL-VOICE-VIDEO-TRAFFIC match ip dscp ef match ip dscp cs4 match ip dscp cs5 class-map match-any VSL-SIGNALING-NETWORK-MGMT match ip dscp cs2 match ip dscp cs3 match ip dscp cs6 match ip dscp cs7 ! policy-map VSL-Queuing-Policy class VSL-L2-CONTROL-PACKETS class VSL-L3-CONTROL-PACKETS class VSL-VOICE-VIDEO-TRAFFIC class VSL-SIGNALING-NETWORK-MGMT class VSL-MULTIMEDIA-TRAFFIC class VSL-DATA-PACKETS class class-default ! ! ! ! ! ! ! ! ! ! ! ! ! interface Port-channel1 description [CORE] SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel2 description [KU] SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel3 description [KU] SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel4 description [KU] SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel5 description [KU] SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk storm-control broadcast level 30.00 ! interface Port-channel6 description [KU] SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel7 description [KU] SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel9 description [KU] SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel10 description [KU] SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel11 description [KU] SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel12 description [KU] SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel13 description [KU] SW-13-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel14 description [KU] SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel15 description [KU] SW-15-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel16 description [KU] SW-16-2 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel23 description [KU] SW-6-3 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel40 description [KU] SW-1-7 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0 no ip address no ip route-cache shutdown ! interface GigabitEthernet1/0/1 description [KU] Po40 SW-1-7 switchport trunk encapsulation dot1q switchport mode trunk channel-group 40 mode active ! interface GigabitEthernet1/0/2 description [KU] Po2 SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode active ! interface GigabitEthernet1/0/3 description [CAM] AT_KU3-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/4 description [KU] Po4 SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet1/0/5 description [KU] Po5 SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk storm-control broadcast level 30.00 channel-group 5 mode active ! interface GigabitEthernet1/0/6 description [KU] Po6 SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet1/0/7 description [KU] Po7 SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 7 mode active ! interface GigabitEthernet1/0/8 description [CAM] AT_KU8 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/9 description [KU] Po9 SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode active ! interface GigabitEthernet1/0/10 description [KU] Po10 SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode active ! interface GigabitEthernet1/0/11 description [KU] Po11 SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 11 mode active ! interface GigabitEthernet1/0/12 description [KU] Po12 SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 12 mode active ! interface GigabitEthernet1/0/13 description [KU] Po13 SW-13-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 13 mode active ! interface GigabitEthernet1/0/14 description [KU] Po14 SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 14 mode active ! interface GigabitEthernet1/0/15 description [KU] Po15 SW-15-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 15 mode active ! interface GigabitEthernet1/0/16 description [KU] Po16 SW-16-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 16 mode active ! interface GigabitEthernet1/0/17 description [CORE] Po1 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet1/0/18 description [CORE] RT-1-2 switchport trunk allowed vlan 111,300,555 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/19 description [CAM] AT_KU15 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/20 description [KU] Po3 SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet1/0/21 description [SRV] vmw004 eth02 int VM_lan switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/22 description [SRV] vmw005 eth02 int VM_lan switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/23 description [KU] Po23 SW-6-3 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode active ! interface GigabitEthernet1/0/24 description [SRV] SERV_REZERV switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface GigabitEthernet2/0/1 description [KU] Po40 SW-1-7 switchport trunk encapsulation dot1q switchport mode trunk channel-group 40 mode active ! interface GigabitEthernet2/0/2 description [KU] Po2 SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode active ! interface GigabitEthernet2/0/3 description [KU] Po3 SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet2/0/4 description [KU] Po4 SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet2/0/5 description [KU] Po5 SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk storm-control broadcast level 30.00 channel-group 5 mode active ! interface GigabitEthernet2/0/6 description [KU] Po6 SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet2/0/7 description [KU] Po7 SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 7 mode active ! interface GigabitEthernet2/0/8 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/9 description [KU] Po9 SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode active ! interface GigabitEthernet2/0/10 description [KU] Po10 SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode active ! interface GigabitEthernet2/0/11 description [KU] Po11 SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 11 mode active ! interface GigabitEthernet2/0/12 description [KU] Po12 SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 12 mode active ! interface GigabitEthernet2/0/13 description [KU] Po13 SW-13-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 13 mode active ! interface GigabitEthernet2/0/14 description [KU] Po14 SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 14 mode active ! interface GigabitEthernet2/0/15 description [KU] Po15 SW-15-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 15 mode active ! interface GigabitEthernet2/0/16 description [KU] Po16 SW-16-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 16 mode active ! interface GigabitEthernet2/0/17 description [CORE] Po1 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet2/0/18 description [CORE] RT-1-1 switchport trunk allowed vlan 111,300,555 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/19 description [CAM] AT-SW-6-1_Verhniy switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/20 description [CAM] AT-SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/21 description [SRV] vmw004 eth04 ext VM_lan switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/22 description [SRV] vmw005 eth04 ext VM_lan switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/23 description [KU] Po23 SW-6-3 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode active ! interface GigabitEthernet2/0/24 description [SRV] SERV_REZERV switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/1/1 ! interface GigabitEthernet2/1/2 ! interface GigabitEthernet2/1/3 ! interface GigabitEthernet2/1/4 ! interface TenGigabitEthernet2/1/1 ! interface TenGigabitEthernet2/1/2 ! interface Vlan1 ip dhcp relay information trusted ip address 192.168.77.254 255.255.255.0 secondary ip address 192.168.76.126 255.255.255.128 secondary ip address 10.5.35.254 255.255.252.0 secondary ip address 10.5.38.254 255.255.255.0 secondary ip address 10.5.63.254 255.255.255.0 secondary ip address 10.5.36.254 255.255.255.0 secondary ip address 192.168.75.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan13 description --Users-KU13-- ip dhcp relay information trusted ip address 10.5.43.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan16 description --Users-KU16-- ip dhcp relay information trusted ip address 10.5.46.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan101 description --PRINTERS-- no ip address no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan111 description INTERCONNECT ip address 172.16.8.4 255.255.255.248 ! interface Vlan113 description --Link-to-mikrotik-- ip address 10.8.252.253 255.255.255.252 ! interface Vlan150 description --Wi-Fi_WORK-- ip dhcp relay information trusted ip address 10.5.41.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan200 description GuestWiFi ip address 10.200.1.254 255.255.255.0 ip access-group No_Local_For_GuestWiFI in ip helper-address 10.200.0.230 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan201 description IMM ip address 192.168.70.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan220 description SkladWifi ip dhcp relay information trusted ip address 10.220.1.254 255.255.255.0 ip helper-address 10.220.1.230 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan250 description --SERVERS_37.0/24-- ip address 10.5.37.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan251 description --SERVERS_BACKUP-- ip address 10.5.61.30 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan252 description --SERVERS_VIDEO-- ip address 10.5.61.62 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan290 description -=SrvVmwVMon=- ip address 10.5.61.94 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan300 description --MANAGEMENT-- ip address 10.5.62.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan301 description --Wi-Fi_MANAGEMENT-- ip dhcp relay information trusted ip address 10.5.42.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan310 description --UPS managment-- ip address 10.5.47.254 255.255.255.0 ! interface Vlan350 description --VOICE-- ip dhcp relay information trusted ip address 10.5.44.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan450 description --Wi-Fi_SKLAD-- ip dhcp relay information trusted ip address 10.5.40.254 255.255.255.0 ip helper-address 10.5.35.217 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan500 description --Wi-Fi_GUEST-- ip dhcp relay information trusted ip address 10.5.39.254 255.255.255.0 ip access-group No_Local_For_GuestWiFI in no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan550 description --PRODACTION_TRANSFER-- ip address 192.168.78.254 255.255.255.0 ip access-group ACL-FW_PROD_VLAN550-IN in no ip redirects no ip unreachables no ip proxy-arp ip policy route-map RM_PRODACTION ! interface Vlan555 description --BGP_TRANSIT-- ip address 172.30.30.102 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan603 description --CRPT-Mark-- ip dhcp relay information trusted ip address 10.5.45.254 255.255.255.0 ! router bgp 64516 bgp router-id 172.30.30.102 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart network 10.5.32.0 mask 255.255.252.0 network 10.5.36.0 mask 255.255.255.0 network 10.5.37.0 mask 255.255.255.0 network 10.5.38.0 mask 255.255.255.0 network 10.5.39.0 mask 255.255.255.0 network 10.5.40.0 mask 255.255.255.0 network 10.5.42.0 mask 255.255.255.0 network 10.5.62.0 mask 255.255.255.0 network 10.5.63.0 mask 255.255.255.0 network 10.220.1.0 mask 255.255.255.0 network 192.168.75.0 network 192.168.76.0 mask 255.255.255.128 network 192.168.77.0 network 192.168.78.0 aggregate-address 10.5.32.0 255.255.224.0 neighbor 172.30.30.100 remote-as 64516 neighbor 172.30.30.101 remote-as 64516 distance bgp 150 150 150 ! ip forward-protocol nd ! ! ip http server no ip http secure-server ip tftp source-interface Vlan300 ip route 0.0.0.0 0.0.0.0 172.16.8.3 ip route 192.168.10.0 255.255.255.0 172.16.8.3 ip route 192.168.11.0 255.255.255.0 172.16.8.3 ip route 192.168.31.0 255.255.255.0 172.16.8.3 ip ssh version 2 ! ip access-list extended ACL-FW_PROD_VLAN550-IN permit icmp any any permit ip 192.168.78.0 0.0.0.255 10.4.192.0 0.0.0.255 permit ip 192.168.78.0 0.0.0.255 host 10.4.32.33 permit ip 192.168.78.0 0.0.0.255 host 10.5.155.29 permit ip 192.168.78.0 0.0.0.255 host 178.209.110.74 permit ip 192.168.78.0 0.0.0.255 host 91.240.179.50 remark RDP Server FOR access TO Prolight permit ip host 192.168.78.101 host 192.168.75.207 permit ip host 192.168.78.101 host 192.168.8.164 permit ip host 192.168.78.101 host 10.5.33.20 permit ip host 192.168.78.101 host 10.5.33.66 permit ip host 192.168.78.101 host 10.5.32.81 permit ip host 192.168.78.101 host 10.5.33.104 permit ip host 192.168.78.101 host 10.14.113.127 permit tcp host 192.168.78.101 eq 49674 host 10.4.39.1 permit tcp host 192.168.78.101 eq 49674 192.168.8.0 0.0.0.255 permit tcp host 192.168.78.114 eq 5900 host 192.168.75.207 permit ip host 192.168.78.231 host 10.5.33.66 deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 ip access-list extended ACL_FROM_PRODACTION deny ip any 192.168.0.0 0.0.255.255 deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 permit ip 192.168.78.0 0.0.0.255 any ip access-list extended Local_For_SkladWiFI remark Deny Guest VLAN220 access to Net and other PP permit tcp any host 192.168.75.200 eq domain permit udp any host 192.168.75.200 eq domain permit tcp any host 192.168.75.201 eq domain permit udp any host 192.168.75.201 eq domain permit tcp any host 192.168.8.4 permit tcp any host 192.168.75.199 permit tcp any host 192.168.8.6 permit ip any host 192.168.8.254 permit ip any host 192.168.8.4 permit ip any host 192.168.8.6 deny ip any 10.2.0.0 0.0.255.255 deny ip any 192.168.0.0 0.0.255.255 permit ip any any ip access-list extended No_Local_For_GuestWiFI remark Deny Guest VLAN200 access to other VLANs permit tcp any host 192.168.75.200 eq domain permit udp any host 192.168.75.200 eq domain permit tcp any host 192.168.75.201 eq domain permit udp any host 192.168.75.201 eq domain permit tcp any host 192.168.8.77 eq 443 deny ip any 192.168.0.0 0.0.255.255 deny ip any 10.0.0.0 0.255.255.255 permit ip any any ip access-list extended VSL-BFD permit udp any any eq 3784 ip access-list extended VSL-DHCP-CLIENT-TO-SERVER permit udp any eq bootpc any eq bootps ip access-list extended VSL-DHCP-SERVER-TO-CLIENT permit udp any eq bootps any eq bootpc ip access-list extended VSL-DHCP-SERVER-TO-SERVER permit udp any eq bootps any eq bootps ip access-list extended VSL-IPV4-ROUTING permit ip any 224.0.0.0 0.0.0.255 ! logging origin-id hostname logging facility local6 logging source-interface Vlan300 logging host 192.168.8.119 transport udp port 5544 logging host 10.4.244.4 transport udp port 515 arp 192.168.75.244 0020.85e1.d1d7 ARPA ! route-map RM_PRODACTION permit 10 match ip address ACL_FROM_PRODACTION set ip next-hop 172.16.8.2 ! ! snmp-server community lmTUEsk6Yvlv RO 5 ! ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 082955452F3824373A0C553C732D372738022A46164E14044C1A1E6D55570F311F4354537B794D58395E14546A72533204176F182C18256E703B3C3631560E2654 ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 7 094457023F243632230B5D1272223B3C3E151B52075B1653431B156A0F5A143F50425B577A7E4C076903150B6521442706483F152536486C372B2024344F092E7A ! ! ipv6 access-list VSL-IPV6-ROUTING permit ipv6 any FF02::/124 banner login ^C ***************************************************************************** * * * UNAUTHORIZED ACCESS IS PROHIBITED * * * * You have accessed network equipment. * * You must have authorized permission to access or configure this device. * * All activities performed on this device are logged and monitored. * * * ***************************************************************************** ^C ! line con 0 logging synchronous login authentication CONSOLE stopbits 1 line vty 0 4 exec-timeout 120 0 logging synchronous login authentication NPS transport input ssh line vty 5 15 exec-timeout 120 0 logging synchronous login authentication NPS transport input ssh ! ntp source Vlan300 ntp server 192.168.8.200 ntp server 192.168.8.201 ! end