!Software Version V200R019C10SPC800 !Last configuration was updated at 2022-09-02 11:14:24+04:00 by akhmetzyanovrr_adm !Last configuration was saved at 2022-08-26 10:43:49+04:00 by akhmetzyanovrr_adm # clock timezone Samara add 04:00:00 # sysname IZH-MLK-IZM-SW-1-1_Huawei # undo ftp server source all-interface undo ftp ipv6 server source all-interface # info-center channel 9 name splunk info-center source ntp channel 4 log level critical info-center source cli channel 4 log level notification info-center source ssh channel 4 log level notification info-center source default channel 9 log level warning info-center loghost 10.4.244.4 source-ip 10.4.254.1 channel 9 port 515 # device board 1 board-type CE6881-48S6CQ device board 2 board-type CE6881-48S6CQ # drop-profile default # dcb pfc # ntp server disable ntp ipv6 server disable ntp server source-interface all disable ntp ipv6 server source-interface all disable ntp unicast-server 10.4.0.1 ntp unicast-server 10.4.0.2 # vlan batch 8 to 20 93 96 99 101 103 110 to 113 150 to 151 172 to 173 201 to 202 vlan batch 207 to 208 248 to 257 288 to 292 294 299 to 302 350 448 500 550 to 551 553 vlan batch 556 to 557 596 to 597 599 to 601 603 650 999 to 1000 1100 to 1102 1113 1500 to 1504 1999 vlan batch 2145 3915 4030 to 4035 # stp mode rstp # as-notation plain # telnet server disable telnet ipv6 server disable undo telnet server-source all-interface undo telnet ipv6 server-source all-interface # radius enable # diffserv domain default # radius server group rad-serv radius server shared-key-cipher %^%#"{4}+Fm|2Gld`[4`u4N%;~No'O%E~JEo^[HJs{Z(+9\cH9D=l-N8W&:h+BP!|a]%'3x>UY,]!nA3gCSH<|UkAWEyaJq9Sj!,b8^C%^%# radius server authentication 10.4.0.248 1645 source Vlanif300 radius server authentication 10.1.122.248 1645 source Vlanif300 secondary radius server retransmit 2 radius server user-name domain-excluded # vlan 8 name --UserNet_8.0/24-- # vlan 9 name --UserNet_9.0/24-- # vlan 10 name --UserNet_10.0/24-- # vlan 11 name --UserNet_11.0/24-- # vlan 12 name --UserNet_12.0/24-- # vlan 13 name --UserNet_13.0/24-- # vlan 14 name --UserNet_14.0/24-- # vlan 15 name --UserNet_15.0/24-- # vlan 16 name --UserNet_16.0/24-- # vlan 17 name --UserNet_17.0/24-- # vlan 18 name --UserNet_18.0/24-- # vlan 19 name --UserNet_19.0/24-- # vlan 20 name --UserNet_20.0/24-- # vlan 93 name --LINK_TO_vpn_SSTP-- # vlan 96 name --ERTELEKOM-- # vlan 99 name --MARK_ASTERISK-- # vlan 101 name --PRINTERS-- # vlan 103 name -=KPP_Vesi&Cam=- # vlan 110 name --NET_KIP_PRODACTION-- # vlan 111 name TRANSIT_TO_C3925-1 # vlan 112 name Intraconnect_ospf_area_1 # vlan 113 name TRANSIT_TO_MIKROTIK # vlan 150 name --Wi-Fi_Users_32.0/24-- # vlan 151 name --Wi-Fi_Prod_33.0/24-- # vlan 172 name TelephonyNet # vlan 173 name TelephonyTest # vlan 201 name --MANUFACTURE_VLAN-- # vlan 202 name --DMZ-- # vlan 207 name VCOD_Servers_DMZ_Frontend # vlan 208 name VCOD_Servers_Backend # vlan 248 name --SANDBOX_ELAR-- # vlan 249 name --ServTestC_36.0/24-- # vlan 250 name --ServerNet_0.0/24-- # vlan 251 name -=ServMail_7.0/28=- # vlan 252 name --VOICE_ATS-- # vlan 253 name exchange_komos-group # vlan 254 name -Service_SharePoint- # vlan 255 name Servers_terminal_farm # vlan 256 name -ServersMonitoring_3.0/24- # vlan 257 name KONTUR_DEV_MSSQL_5.0/27 # vlan 288 name SERVERS_DEV # vlan 289 name -=SRVBakNet_245.0_24=- # vlan 290 name -=SrvVmwVMon_242.0/26=- # vlan 291 name -=SrvVmwVSan_242.64/26=- # vlan 292 name -=SrvBakNet_243.0/24=- # vlan 294 name --SRV_iLO_iDrack_etc-- # vlan 299 name --SrvMng_240.0\24-- # vlan 300 name --MANAGMENT-- # vlan 301 name --Wi-Fi_MANAGMENT-- # vlan 302 name -=Wi-Fi_MANAGMENT=- # vlan 350 name --VOICE_28.0/23-- # vlan 448 name -=VideoKomos=- # vlan 500 name --Wi-Fi_Guest_35.0/24-- # vlan 550 name --CISCO_ASA-- # vlan 551 description TRANSIT_HSRP name --TRANSIT_HSRP-- # vlan 553 name VST-IZM_Peering # vlan 556 name P2P_iBGP_KOMOS_AS_over_DOMRU # vlan 557 name P2P_iBGP_KOMOS_AS_over_MTS # vlan 596 name P2P_RCOD-OCOD_ER_Telecom # vlan 597 name --BGP_TRANSIT_TO_ISR4431-- # vlan 599 name MLK_TRUNK_TO_DC-MLK # vlan 600 name --PET_PRODACTION-- # vlan 601 name --KMK_PRODACTION-- # vlan 603 name --CRPT-Mark-- # vlan 650 name --ISCSI-- # vlan 999 description vm_for_net_control # vlan 1000 description dmz_env_1C_WMS_MLK_test name --ELAR-TEST-- # vlan 1100 description TEST_PI # vlan 1101 description SKYPE_FB # vlan 1102 description WAP # vlan 1113 name PI_RT-1-3 # vlan 1500 description dmz_env_1C_WMS_MLK # vlan 1501 description safe_env_1C_WMS_MLK # vlan 1502 description dmz_env_NOVA_FORECAST name dmz_env_NOVA_FORECAST # vlan 1503 description safe_env_NOVA_FORECAST name safe_env_NOVA_FORECAST # vlan 1504 description dmz_env_viberbot_directum # vlan 1999 description env_1C_Licensing # vlan 2145 name Test_BGP # vlan 3915 name IZM_VLAN3915_SPLUNK # vlan 4030 name MLK_NATIVE_TO_DC-MLK # vlan 4031 name MLK-KCOD_VEAMREP # vlan 4032 name MLK-KCOD_SQLREPL # vlan 4033 name MLK-KCOD_SRVVCHA # vlan 4034 name MLK-KCOD_EXCHREPL # vlan 4035 name MLK-KCOD_SRVVCMG # acl name ACL_LOCAL advance rule 5 permit ip destination 10.0.0.0 0.255.255.255 rule 10 permit ip destination 192.168.0.0 0.0.255.255 rule 15 permit ip destination 172.16.0.0 0.15.255.255 # acl name ACL_ROUTE_PI advance rule 5 permit ip source 91.240.179.0 0.0.0.255 rule 5 description KOMOS PI rule 10 permit ip source 10.105.0.25 0 rule 10 description Directum ViberBot # acl name ACL_ROUTE_RT-1-1 advance # acl name ACL_ROUTE_RT-1-2 advance # acl name ACL_VTY advance rule 5 permit tcp source 10.0.0.0 0.255.255.255 destination-port eq 22 rule 10 permit tcp source 192.168.0.0 0.0.255.255 destination-port eq 22 # traffic classifier TC_ROUTE_LOCAL type or if-match acl ACL_LOCAL # traffic classifier TC_ROUTE_PI type or if-match acl ACL_ROUTE_PI # traffic classifier TC_ROUTE_RT-1-1 type or if-match acl ACL_ROUTE_RT-1-1 # traffic classifier TC_ROUTE_RT-1-2 type or if-match acl ACL_ROUTE_RT-1-2 # traffic behavior TB_ROUTE_LOCAL statistics enable # traffic behavior TB_ROUTE_PI statistics enable redirect nexthop 172.30.30.60 # traffic behavior TB_ROUTE_RT-1-1 statistics enable redirect nexthop 10.4.239.18 # traffic behavior TB_ROUTE_RT-1-2 statistics enable redirect nexthop 10.4.239.19 # traffic policy TP_GRT classifier TC_ROUTE_LOCAL behavior TB_ROUTE_LOCAL precedence 5 classifier TC_ROUTE_PI behavior TB_ROUTE_PI precedence 10 classifier TC_ROUTE_RT-1-1 behavior TB_ROUTE_RT-1-1 precedence 15 classifier TC_ROUTE_RT-1-2 behavior TB_ROUTE_RT-1-2 precedence 20 # aaa local-user netadmin password irreversible-cipher $1c$)U-3A*36GD$!}HqHNa~071:P:Dc*Is<6,Sn%~#$|W.(WQ>*-F0Z$ local-user netadmin service-type ssh local-user netadmin level 3 local-user akhmetzyanovrr password irreversible-cipher $1c$AA4*-PdAXL$KU=8L;9~X()U%2J9Fc&E[Q#eO4ZLX(M=jdImd>rA8QzSAQcz98/A]*TL~~B%SvF#,8/09A@Sp\1rO"96%^%# # snmp-agent sys-info location Izhevsk,V. Shosse,178 snmp-agent sys-info version v2c v3 # snmp-agent protocol source-interface Vlanif300 snmp-agent protocol source-status all-interface undo snmp-agent protocol source-status ipv6 all-interface # undo snmp-agent proxy protocol source-status all-interface undo snmp-agent proxy protocol source-status ipv6 all-interface # lldp enable # stelnet server enable ssh server-source -i Vlanif300 undo ssh server-source all-interface undo ssh ipv6 server-source all-interface ssh authorization-type default aaa # ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh server hmac sha2_512 sha2_256 ssh server key-exchange dh_group_exchange_sha256 # ssh server publickey rsa # ssh server dh-exchange min-len 2048 # ssh client publickey rsa # ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr ssh client hmac sha2_512 sha2_256 ssh client key-exchange dh_group_exchange_sha256 # user-interface con 0 # user-interface vty 0 4 acl ACL_VTY inbound authentication-mode aaa protocol inbound ssh # return