Building configuration... Current configuration : 23519 bytes ! ! Last configuration change at 13:37:38 SAMT Wed Jul 13 2022 by konovalov ! NVRAM config last updated at 16:51:41 SAMT Thu Jul 21 2022 by konovalov ! version 15.0 no service pad service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year no service password-encryption ! hostname SAR-MLK-SRM-SW-1-1 ! boot-start-marker boot-end-marker ! ! logging userinfo enable secret 5 $1$xyPV$PLyKmlVuENwtlpdSxJmTm. ! username netadmin privilege 15 secret 5 $1$zXig$Hp4ZObS11EcAsDwAd0XTt/ aaa new-model ! ! aaa group server radius NPS server name IZH-RDS002 server name P11-RDS003 ip radius source-interface Vlan300 load-balance method least-outstanding ! aaa authentication login default group NPS local enable aaa authentication login CONSOLE local group NPS aaa authorization exec default group NPS local if-authenticated ! ! ! ! ! ! aaa session-id common clock timezone SAMT 4 0 switch 1 provision ws-c3750x-24s switch 2 provision ws-c3750x-24s system mtu routing 1500 ip routing no ip cef optimize neighbor resolution ! ! ! no ip domain-lookup ip domain-name milkom-komos.ru ip host tftp 10.4.0.214 login on-failure login on-success ! stack-power stack Power-Stack-1 mode redundant ! stack-power switch 1 stack-power switch 2 ! vtp mode transparent ! ! crypto pki trustpoint TP-self-signed-1335665536 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1335665536 revocation-check none rsakeypair TP-self-signed-1335665536 ! ! crypto pki certificate chain TP-self-signed-1335665536 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31333335 36363535 3336301E 170D3036 30313032 30303032 35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33333536 36353533 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BCBB C5A07A23 84ECED52 55A03879 E9E78A55 5559E8D2 9D7BE840 3B3538FD B5DC09BE B9425757 EAAAAF0B E9461073 9770C887 6EB6CF4B 563C8770 072703B6 7920A42B 6B393BCE 8892839A 96EC522B 43BC6CD7 5D44486C C34290B6 1ED961AC 303CDCF7 96299465 FBACFA46 7C9AE6D3 B0F191AF DC040CD6 1F884309 FA343C73 D3BD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14526623 7A7B3A92 45989181 17C943CA C0BF61B0 05301D06 03551D0E 04160414 5266237A 7B3A9245 98918117 C943CAC0 BF61B005 300D0609 2A864886 F70D0101 05050003 8181008E B472BCEE CB1900C7 0EE8CF86 FFAC9527 07B63D63 03CEC290 97E97A95 EF5EFE32 06949C60 8E3CDCD7 7E795147 2341AFC4 3CE89F0E 46624EA0 103377B1 6960B16A 7554C168 73D604D3 F50D3B07 7F466E0D 06A65575 9CA9A189 E4BD6BDB EFFD3677 7D7C633F 975552BA 3F562747 B19C6676 5B7AC818 D0299815 181BC429 DAE58C quit license boot level ipservices license boot level ipservices switch 1 archive log config logging enable logging size 900 notify syslog contenttype plaintext hidekeys path tftp://tftp/SAR/MLK/SRM-SW_L3/$H-$T write-memory time-period 10080 ! ! ! ! mac access-list extended VSL-BPDU permit any 0180.c200.0000 0000.0000.0003 mac access-list extended VSL-CDP permit any host 0100.0ccc.cccc mac access-list extended VSL-DOT1x permit any any 0x888E 0x1 mac access-list extended VSL-GARP permit any host 0180.c200.0020 mac access-list extended VSL-LLDP permit any host 0180.c200.000e mac access-list extended VSL-MGMT permit any 0022.bdcd.d200 0000.0000.00ff permit 0022.bdcd.d200 0000.0000.00ff any mac access-list extended VSL-SSTP permit any host 0100.0ccc.cccd spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! ! ! ! ! ! vlan internal allocation policy ascending ! vlan 8 name --USERS-- ! vlan 101 name --PRINTERS-- ! vlan 111 name INTERCONNECT ! vlan 113 name --TO-GATE-MIKROTIC-- ! vlan 150 name --Wi-Fi_Users-- ! vlan 151 name --Wi-Fi_PROD-- ! vlan 200 name --SERVERS_MGMT-- ! vlan 250 name --SERVERS_128.0/24-- ! vlan 251 name --SERVERS_BACKUP-- ! vlan 290 name -=SrvVmwVMon=- ! vlan 300 name --MANAGEMENT-- ! vlan 301 name --Wi-Fi_MANAGMENT-- ! vlan 310 name --UPS_managment-- ! vlan 350 name --VOICE-- ! vlan 500 name --Wi-Fi_GUEST-- ! vlan 555 name --BGP_TRANSIT-- ! vlan 603 name --CRPT-Mark-- ! ip tftp source-interface Vlan300 ! track 99 ip sla 99 reachability delay down 10 up 5 ! class-map match-any VSL-DATA-PACKETS match access-group name VSL-MGMT class-map match-any VSL-L2-CONTROL-PACKETS match access-group name VSL-DOT1x match access-group name VSL-BPDU match access-group name VSL-CDP match access-group name VSL-LLDP match access-group name VSL-SSTP match access-group name VSL-GARP class-map match-any VSL-L3-CONTROL-PACKETS match access-group name VSL-IPV4-ROUTING match access-group name VSL-BFD match access-group name VSL-DHCP-CLIENT-TO-SERVER match access-group name VSL-DHCP-SERVER-TO-CLIENT match access-group name VSL-DHCP-SERVER-TO-SERVER match access-group name VSL-IPV6-ROUTING class-map match-any VSL-MULTIMEDIA-TRAFFIC match ip dscp af41 match ip dscp af42 match ip dscp af43 match ip dscp af31 match ip dscp af32 match ip dscp af33 match ip dscp af21 match ip dscp af22 match ip dscp af23 class-map match-any VSL-VOICE-VIDEO-TRAFFIC match ip dscp ef match ip dscp cs4 match ip dscp cs5 class-map match-any VSL-SIGNALING-NETWORK-MGMT match ip dscp cs2 match ip dscp cs3 match ip dscp cs6 match ip dscp cs7 ! policy-map VSL-Queuing-Policy class VSL-L2-CONTROL-PACKETS class VSL-L3-CONTROL-PACKETS class VSL-VOICE-VIDEO-TRAFFIC class VSL-SIGNALING-NETWORK-MGMT class VSL-MULTIMEDIA-TRAFFIC class VSL-DATA-PACKETS class class-default ! ! ! ! crypto isakmp policy 20 encr 3des authentication pre-share group 2 lifetime 500 crypto isakmp key fjhJSHpUcnqbpGfI address 0.0.0.0 no-xauth crypto isakmp keepalive 20 ! ! crypto ipsec transform-set tr-3des esp-3des crypto ipsec transform-set ipsec-transform esp-3des esp-md5-hmac mode transport require crypto ipsec transform-set ipsec-transform-aes esp-aes esp-md5-hmac mode transport require crypto ipsec df-bit clear ! ! crypto ipsec profile gre-gre-3des set transform-set ipsec-transform ! ! ! ! ! ! ! interface Port-channel1 description [KU] SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel2 description [KU] SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel3 description [KU] SW-8a-1 switchport trunk encapsulation dot1q switchport mode trunk shutdown ! interface Port-channel4 description [KU] SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel5 description [KU] SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel6 description [KU] SW-13-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel7 description [KU] SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel8 description [KU] SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel9 description [KU] SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel10 description [KU] SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel11 description [KU] SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel12 description [KU] SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel13 description [KU] SW-8A-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel14 description [KU] SW-7-2 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel15 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel16 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel17 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel18 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel19 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel20 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel21 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel22 switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel23 description [CORE] SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk ! interface Tunnel99 description STR-KY-01-SW1 bandwidth 20000 ip address 10.70.70.157 255.255.255.252 ip mtu 1426 keepalive 5 5 tunnel source 10.10.30.9 tunnel destination 10.10.30.10 tunnel protection ipsec profile gre-gre-3des ! interface FastEthernet0 no ip address no ip route-cache shutdown ! interface GigabitEthernet1/0/1 description [KU] Po1 SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on ! interface GigabitEthernet1/0/2 description [KU] Po2 SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet1/0/3 description [KU] Po3 SW-8a-1 switchport trunk encapsulation dot1q switchport mode trunk shutdown channel-group 3 mode on ! interface GigabitEthernet1/0/4 description [KU] Po4 SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode on ! interface GigabitEthernet1/0/5 description [KU] Po5 SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode on ! interface GigabitEthernet1/0/6 description [KU] Po6 SW-13-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode on ! interface GigabitEthernet1/0/7 description [KU] Po7 SW-10-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 7 mode on ! interface GigabitEthernet1/0/8 description [KU] Po8 SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 8 mode on ! interface GigabitEthernet1/0/9 description [KU] Po9 SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode on ! interface GigabitEthernet1/0/10 description [KU] Po10 SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode on ! interface GigabitEthernet1/0/11 description [KU] Po11 SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 11 mode on ! interface GigabitEthernet1/0/12 description [KU] Po12 SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 12 mode on ! interface GigabitEthernet1/0/13 switchport trunk encapsulation dot1q switchport mode trunk channel-group 13 mode on ! interface GigabitEthernet1/0/14 switchport trunk encapsulation dot1q switchport mode trunk channel-group 14 mode active ! interface GigabitEthernet1/0/15 switchport trunk encapsulation dot1q switchport mode trunk channel-group 15 mode on ! interface GigabitEthernet1/0/16 switchport trunk encapsulation dot1q switchport mode trunk channel-group 16 mode on ! interface GigabitEthernet1/0/17 switchport trunk encapsulation dot1q switchport mode trunk channel-group 17 mode on ! interface GigabitEthernet1/0/18 switchport trunk encapsulation dot1q switchport mode trunk channel-group 18 mode on ! interface GigabitEthernet1/0/19 switchport trunk encapsulation dot1q switchport mode trunk channel-group 19 mode on ! interface GigabitEthernet1/0/20 switchport trunk encapsulation dot1q switchport mode trunk channel-group 20 mode on ! interface GigabitEthernet1/0/21 switchport trunk encapsulation dot1q switchport mode trunk channel-group 21 mode on ! interface GigabitEthernet1/0/22 switchport trunk encapsulation dot1q switchport mode trunk channel-group 22 mode on ! interface GigabitEthernet1/0/23 description [CORE] Po23 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet1/0/24 description [CORE] Po23 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface GigabitEthernet2/0/1 description [KU] Po1 SW-2-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on ! interface GigabitEthernet2/0/2 description [KU] Po2 SW-3-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet2/0/3 description [KU] Po3 SW-8a-1 switchport trunk encapsulation dot1q switchport mode trunk shutdown channel-group 3 mode on ! interface GigabitEthernet2/0/4 description [KU] Po4 SW-7-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode on ! interface GigabitEthernet2/0/5 description [KU] Po5 SW-9-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode on ! interface GigabitEthernet2/0/6 description [KU] Po6 SW-13-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode on ! interface GigabitEthernet2/0/7 description [KU] SW-14-1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet2/0/8 description [KU] Po8 SW-6-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 8 mode on ! interface GigabitEthernet2/0/9 description [KU] Po9 SW-11-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 9 mode on ! interface GigabitEthernet2/0/10 description [KU] Po10 SW-5-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode on ! interface GigabitEthernet2/0/11 description [KU] Po11 SW-12-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 11 mode on ! interface GigabitEthernet2/0/12 description [KU] Po12 SW-4-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 12 mode on ! interface GigabitEthernet2/0/13 description [KU] Po13 SW-8A-1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 13 mode on ! interface GigabitEthernet2/0/14 description [KU] Po14 SW-7-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 14 mode active ! interface GigabitEthernet2/0/15 switchport trunk encapsulation dot1q switchport mode trunk channel-group 15 mode on ! interface GigabitEthernet2/0/16 switchport trunk encapsulation dot1q switchport mode trunk channel-group 16 mode on ! interface GigabitEthernet2/0/17 switchport trunk encapsulation dot1q switchport mode trunk channel-group 17 mode on ! interface GigabitEthernet2/0/18 switchport trunk encapsulation dot1q switchport mode trunk channel-group 18 mode on ! interface GigabitEthernet2/0/19 switchport trunk encapsulation dot1q switchport mode trunk channel-group 19 mode on ! interface GigabitEthernet2/0/20 switchport trunk encapsulation dot1q switchport mode trunk channel-group 20 mode on ! interface GigabitEthernet2/0/21 switchport trunk encapsulation dot1q switchport mode trunk channel-group 21 mode on ! interface GigabitEthernet2/0/22 switchport trunk encapsulation dot1q switchport mode trunk channel-group 22 mode on ! interface GigabitEthernet2/0/23 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet2/0/24 description [CORE] Po23 SW-1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 23 mode on ! interface GigabitEthernet2/1/1 ! interface GigabitEthernet2/1/2 ! interface GigabitEthernet2/1/3 ! interface GigabitEthernet2/1/4 ! interface TenGigabitEthernet2/1/1 ! interface TenGigabitEthernet2/1/2 ! interface Vlan1 ip dhcp relay information trusted ip address 192.168.11.254 255.255.255.0 secondary ip address 192.168.12.254 255.255.255.0 secondary ip address 192.168.11.201 255.255.255.0 secondary ip address 192.168.13.254 255.255.255.0 secondary ip address 192.168.14.254 255.255.255.0 secondary ip address 192.168.15.254 255.255.255.0 secondary ip address 192.168.16.254 255.255.255.0 secondary ip address 192.168.17.254 255.255.255.0 secondary ip address 192.168.19.254 255.255.255.128 secondary ip address 192.168.19.126 255.255.255.128 secondary ip address 192.168.10.254 255.255.255.0 secondary ip address 192.168.12.201 255.255.255.0 secondary ip address 10.10.30.9 255.255.255.252 secondary ip address 10.5.151.254 255.255.255.0 secondary ip address 192.168.10.201 255.255.255.0 ip helper-address 192.168.11.159 no ip redirects ! interface Vlan8 description --USERS-- ip dhcp relay information trusted ip address 10.5.129.254 255.255.255.0 ip helper-address 192.168.11.159 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan101 description --PRINTERS-- ip address 10.5.154.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan111 description INTERCONNECT ip address 172.16.4.4 255.255.255.248 secondary ip address 172.16.3.4 255.255.255.248 ! interface Vlan113 ip address 10.10.252.253 255.255.255.252 ! interface Vlan150 description --Wi-Fi_Users-- ip address 10.5.155.126 255.255.255.128 ip helper-address 192.168.11.159 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan151 description --Wi-Fi_Prod-- ip dhcp relay information trusted ip address 10.5.155.254 255.255.255.128 ip helper-address 192.168.11.159 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan200 description --SERVERS_MGMT-- ip dhcp relay information trusted ip address 10.5.153.62 255.255.255.192 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan250 description --SERVERS_128.0/24-- ip address 10.5.128.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan251 description --SERVERS_BACKUP-- ip address 10.5.153.94 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan290 description -=SrvVmwVMon=- ip address 10.5.153.126 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan300 description --MANAGEMENT-- ip dhcp relay information trusted ip address 10.5.158.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan301 description --Wi-Fi_MANAGMENT-- ip dhcp relay information trusted ip address 10.5.157.126 255.255.255.128 ip helper-address 192.168.11.159 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan310 description --UPS managment-- ip address 10.5.159.254 255.255.255.0 ! interface Vlan350 description --VOICE-- ip dhcp relay information trusted ip address 10.5.156.254 255.255.255.0 ip helper-address 192.168.11.159 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan500 description --Wi-Fi_Guest-- ip dhcp relay information trusted ip address 10.5.157.254 255.255.255.128 ip helper-address 192.168.11.159 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan555 description --BGP_TRANSIT-- ip address 172.30.30.70 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan603 description --CRPT-Mark-- ip address 10.5.152.126 255.255.255.192 no ip redirects no ip unreachables no ip proxy-arp ! router bgp 64518 bgp router-id 172.30.30.70 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart network 10.5.156.0 mask 255.255.255.0 network 192.168.10.0 network 192.168.11.0 network 192.168.12.0 network 192.168.13.0 network 192.168.14.0 network 192.168.15.0 network 192.168.16.0 network 192.168.19.0 mask 255.255.255.128 aggregate-address 10.5.128.0 255.255.224.0 redistribute connected route-map RM_BGP_REDISTR_CON neighbor 172.30.30.68 remote-as 64518 neighbor 172.30.30.68 soft-reconfiguration inbound neighbor 172.30.30.69 remote-as 64518 neighbor 172.30.30.69 soft-reconfiguration inbound distance bgp 150 150 150 ! ip default-gateway 10.10.252.254 ! ip http server no ip http secure-server ! ip route 192.168.18.0 255.255.255.0 10.70.70.158 track 99 ip route 0.0.0.0 0.0.0.0 172.16.3.3 ip route 0.0.0.0 0.0.0.0 172.16.4.3 50 ! ip access-list extended LOCAL_TRAFFIC permit ip any 192.168.0.0 0.0.255.255 permit ip any 10.0.0.0 0.255.255.255 permit ip any 172.16.0.0 0.15.255.255 ip access-list extended No_Local_For_GuestWiFI remark Deny Guest VLAN200 access to other VLANs permit tcp any host 192.168.11.152 eq domain permit udp any host 192.168.11.155 eq domain permit tcp any host 192.168.8.77 eq 443 deny ip any 192.168.0.0 0.0.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 10.0.0.0 0.255.255.255 permit ip any any remark Deny Guest VLAN200 and 500 access to other VLANs permit tcp any host 192.168.8.200 eq domain permit udp any host 192.168.8.200 eq domain permit tcp any host 192.168.8.201 eq domain permit udp any host 192.168.8.201 eq domain permit udp any host 192.168.11.152 eq domain permit tcp any host 192.168.11.155 eq domain permit tcp any host 10.4.7.6 eq 443 ip access-list extended VSL-BFD permit udp any any eq 3784 ip access-list extended VSL-DHCP-CLIENT-TO-SERVER permit udp any eq bootpc any eq bootps ip access-list extended VSL-DHCP-SERVER-TO-CLIENT permit udp any eq bootps any eq bootpc ip access-list extended VSL-DHCP-SERVER-TO-SERVER permit udp any eq bootps any eq bootps ip access-list extended VSL-IPV4-ROUTING permit ip any 224.0.0.0 0.0.0.255 ! ! ip prefix-list PFL_BGP_REDISTR_CON seq 10 permit 10.0.0.0/8 le 24 ip sla 99 icmp-echo 10.70.70.157 source-interface Tunnel99 threshold 50 timeout 2000 frequency 3 ip sla schedule 99 life forever start-time now logging origin-id hostname logging source-interface Vlan300 logging host 192.168.8.119 transport udp port 5544 logging host 10.4.244.4 transport udp port 515 access-list 101 deny ip any 192.168.0.0 0.0.255.255 access-list 101 deny ip any 10.0.0.0 0.255.255.255 access-list 101 deny ip any 172.17.0.0 0.0.255.255 access-list 101 permit ip host 192.168.11.249 any ! route-map RM_BGP_REDISTR_CON permit 10 match ip address prefix-list PFL_BGP_REDISTR_CON ! route-map GLOBAL-ROUTING permit 10 match ip address LOCAL_TRAFFIC 101 set ip next-hop 172.16.3.3 ! ! snmp-server community lmTUEsk6Yvlv RO 5 ! ! radius server IZH-RDS002 address ipv4 10.4.0.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! radius server P11-RDS003 address ipv4 10.1.122.248 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0 ! ! ipv6 access-list VSL-IPV6-ROUTING permit ipv6 any FF02::/124 ! ! line con 0 logging synchronous login authentication CONSOLE stopbits 1 line vty 0 4 exec-timeout 0 0 logging synchronous login authentication NPS transport input ssh line vty 5 15 exec-timeout 120 0 logging synchronous login authentication NPS transport input ssh ! ntp source Vlan300 ntp server 192.168.8.200 ntp server 192.168.8.201 end