1019 lines
24 KiB
Plaintext
1019 lines
24 KiB
Plaintext
Building configuration...
|
|
|
|
Current configuration : 24909 bytes
|
|
!
|
|
! Last configuration change at 16:17:27 SAMT Wed Jun 15 2022 by adm_ivanovas
|
|
! NVRAM config last updated at 16:38:21 SAMT Wed Jun 15 2022 by adm_ivanovas
|
|
!
|
|
version 15.0
|
|
no service pad
|
|
service timestamps debug datetime msec localtime show-timezone year
|
|
service timestamps log datetime msec localtime show-timezone year
|
|
no service password-encryption
|
|
service unsupported-transceiver
|
|
!
|
|
hostname KEZ-MLK-KZS-SW-1-1
|
|
!
|
|
boot-start-marker
|
|
boot-end-marker
|
|
!
|
|
!
|
|
logging userinfo
|
|
enable secret 5 $1$I7ox$/BluRI9AvR9N4XL.Vg5631
|
|
!
|
|
username netadmin privilege 15 secret 5 $1$P5bL$.E2mZckPMy66s4n34CQYH1
|
|
aaa new-model
|
|
!
|
|
!
|
|
aaa group server radius NPS
|
|
server name IZH-RDS002
|
|
server name P11-RDS003
|
|
ip radius source-interface Vlan300
|
|
load-balance method least-outstanding
|
|
!
|
|
aaa authentication login default group NPS local enable
|
|
aaa authentication login CONSOLE local group NPS
|
|
aaa authorization exec default group NPS local if-authenticated
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
aaa session-id common
|
|
clock timezone SAMT 4 0
|
|
switch 1 provision ws-c3750x-24s
|
|
switch 2 provision ws-c3750x-24s
|
|
system mtu routing 1500
|
|
ip routing
|
|
no ip cef optimize neighbor resolution
|
|
!
|
|
!
|
|
!
|
|
no ip domain-lookup
|
|
ip domain-name milkom-komos.ru
|
|
ip host tftp 10.4.0.214
|
|
login on-failure
|
|
login on-success
|
|
!
|
|
stack-power stack Power-Stack-1
|
|
mode redundant
|
|
!
|
|
stack-power switch 1
|
|
stack-power switch 2
|
|
!
|
|
vtp mode transparent
|
|
!
|
|
!
|
|
crypto pki trustpoint TP-self-signed-1840100864
|
|
enrollment selfsigned
|
|
subject-name cn=IOS-Self-Signed-Certificate-1840100864
|
|
revocation-check none
|
|
rsakeypair TP-self-signed-1840100864
|
|
!
|
|
crypto pki trustpoint TP-self-signed-1335665536
|
|
enrollment selfsigned
|
|
subject-name cn=IOS-Self-Signed-Certificate-1335665536
|
|
revocation-check none
|
|
rsakeypair TP-self-signed-1335665536
|
|
!
|
|
!
|
|
crypto pki certificate chain TP-self-signed-1840100864
|
|
crypto pki certificate chain TP-self-signed-1335665536
|
|
license boot level ipservices
|
|
license boot level ipservices switch 1
|
|
archive
|
|
log config
|
|
logging enable
|
|
logging size 900
|
|
notify syslog contenttype plaintext
|
|
hidekeys
|
|
path tftp://tftp/KEZ/MLK/KSZ-SW_L3/$H-$T
|
|
write-memory
|
|
time-period 10080
|
|
!
|
|
!
|
|
!
|
|
!
|
|
mac access-list extended VSL-BPDU
|
|
permit any 0180.c200.0000 0000.0000.0003
|
|
mac access-list extended VSL-CDP
|
|
permit any host 0100.0ccc.cccc
|
|
mac access-list extended VSL-DOT1x
|
|
permit any any 0x888E 0x1
|
|
mac access-list extended VSL-GARP
|
|
permit any host 0180.c200.0020
|
|
mac access-list extended VSL-LLDP
|
|
permit any host 0180.c200.000e
|
|
mac access-list extended VSL-MGMT
|
|
permit any 0022.bdcd.d200 0000.0000.00ff
|
|
permit 0022.bdcd.d200 0000.0000.00ff any
|
|
mac access-list extended VSL-SSTP
|
|
permit any host 0100.0ccc.cccd
|
|
spanning-tree mode pvst
|
|
spanning-tree extend system-id
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
no errdisable detect cause gbic-invalid
|
|
no errdisable detect cause sfp-config-mismatch
|
|
errdisable recovery cause udld
|
|
errdisable recovery cause bpduguard
|
|
errdisable recovery cause security-violation
|
|
errdisable recovery cause channel-misconfig (STP)
|
|
errdisable recovery cause pagp-flap
|
|
errdisable recovery cause dtp-flap
|
|
errdisable recovery cause link-flap
|
|
errdisable recovery cause sfp-config-mismatch
|
|
errdisable recovery cause gbic-invalid
|
|
errdisable recovery cause l2ptguard
|
|
errdisable recovery cause psecure-violation
|
|
errdisable recovery cause port-mode-failure
|
|
errdisable recovery cause dhcp-rate-limit
|
|
errdisable recovery cause pppoe-ia-rate-limit
|
|
errdisable recovery cause mac-limit
|
|
errdisable recovery cause vmps
|
|
errdisable recovery cause storm-control
|
|
errdisable recovery cause inline-power
|
|
errdisable recovery cause arp-inspection
|
|
errdisable recovery cause loopback
|
|
errdisable recovery cause small-frame
|
|
errdisable recovery cause psp
|
|
errdisable recovery interval 600
|
|
!
|
|
!
|
|
!
|
|
!
|
|
vlan internal allocation policy ascending
|
|
!
|
|
vlan 2
|
|
name --Users_KU2--
|
|
!
|
|
vlan 8
|
|
name --UserNet_68.0/24--
|
|
!
|
|
vlan 11
|
|
name --ISP-MTS--
|
|
!
|
|
vlan 12
|
|
name --isp2-megafon--
|
|
!
|
|
vlan 101
|
|
name --PRINTERS--
|
|
!
|
|
vlan 113
|
|
name TRANSIT_TO_MIKROTIK
|
|
!
|
|
vlan 122
|
|
!
|
|
vlan 150
|
|
name --Wi-Fi_WORK--
|
|
!
|
|
vlan 200
|
|
name Guest_WiFi
|
|
!
|
|
vlan 201
|
|
name --Server_MGM--
|
|
!
|
|
vlan 250
|
|
name --SERVERS_64.0/24--
|
|
!
|
|
vlan 251
|
|
name --SERVERS_BACKUP--
|
|
!
|
|
vlan 290
|
|
name -=SrvVmwVMon=-
|
|
!
|
|
vlan 300
|
|
name --MANAGEMENT--
|
|
!
|
|
vlan 301
|
|
name --Wi-Fi_MANAGEMENT--
|
|
!
|
|
vlan 310
|
|
name --UPS_managment--
|
|
!
|
|
vlan 350
|
|
name --VOICE--
|
|
!
|
|
vlan 450
|
|
name --Wi-Fi_SKLAD--
|
|
!
|
|
vlan 500
|
|
name --Wi-Fi_GUEST--
|
|
!
|
|
vlan 550
|
|
name --TRANSIT_HSRP--
|
|
!
|
|
vlan 555
|
|
name --BGP_TRANSIT--
|
|
!
|
|
vlan 600
|
|
name --PRODACTION--
|
|
!
|
|
vlan 601
|
|
name PRD_L2VPN_for_KIP
|
|
!
|
|
vlan 603
|
|
name --CRPT-Mark--
|
|
!
|
|
ip tftp source-interface Vlan300
|
|
ip ssh authentication-retries 5
|
|
ip ssh logging events
|
|
ip ssh version 2
|
|
!
|
|
track 1 ip sla 1 reachability
|
|
delay down 10 up 5
|
|
!
|
|
track 2 ip sla 2 reachability
|
|
delay down 10 up 5
|
|
lldp run
|
|
!
|
|
class-map match-any VSL-DATA-PACKETS
|
|
match access-group name VSL-MGMT
|
|
class-map match-any VSL-L2-CONTROL-PACKETS
|
|
match access-group name VSL-DOT1x
|
|
match access-group name VSL-BPDU
|
|
match access-group name VSL-CDP
|
|
match access-group name VSL-LLDP
|
|
match access-group name VSL-SSTP
|
|
match access-group name VSL-GARP
|
|
class-map match-any VSL-L3-CONTROL-PACKETS
|
|
match access-group name VSL-IPV4-ROUTING
|
|
match access-group name VSL-BFD
|
|
match access-group name VSL-DHCP-CLIENT-TO-SERVER
|
|
match access-group name VSL-DHCP-SERVER-TO-CLIENT
|
|
match access-group name VSL-DHCP-SERVER-TO-SERVER
|
|
match access-group name VSL-IPV6-ROUTING
|
|
class-map match-any VSL-MULTIMEDIA-TRAFFIC
|
|
match ip dscp af41
|
|
match ip dscp af42
|
|
match ip dscp af43
|
|
match ip dscp af31
|
|
match ip dscp af32
|
|
match ip dscp af33
|
|
match ip dscp af21
|
|
match ip dscp af22
|
|
match ip dscp af23
|
|
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
|
|
match ip dscp ef
|
|
match ip dscp cs4
|
|
match ip dscp cs5
|
|
class-map match-any VSL-SIGNALING-NETWORK-MGMT
|
|
match ip dscp cs2
|
|
match ip dscp cs3
|
|
match ip dscp cs6
|
|
match ip dscp cs7
|
|
!
|
|
policy-map VSL-Queuing-Policy
|
|
class VSL-L2-CONTROL-PACKETS
|
|
class VSL-L3-CONTROL-PACKETS
|
|
class VSL-VOICE-VIDEO-TRAFFIC
|
|
class VSL-SIGNALING-NETWORK-MGMT
|
|
class VSL-MULTIMEDIA-TRAFFIC
|
|
class VSL-DATA-PACKETS
|
|
class class-default
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
interface Loopback100
|
|
no ip address
|
|
!
|
|
interface Loopback7777
|
|
description 2307018 & 2407018
|
|
no ip address
|
|
shutdown
|
|
!
|
|
interface Port-channel1
|
|
description [KU] SW-1-3
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
shutdown
|
|
!
|
|
interface Port-channel2
|
|
description [NO]
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel3
|
|
description [KU] SW-3-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel4
|
|
description [KU] SW-4-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel5
|
|
description [KU] SW-5-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel6
|
|
description [KU] SW-6-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel7
|
|
description [KU] SW-7-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel8
|
|
description [KU] SW-8-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel9
|
|
description [KU] SW-9-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel10
|
|
description [KU] SW-10-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel11
|
|
description [KU] SW-11-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel12
|
|
description [KU] SW-12-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel13
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel14
|
|
description [KU] SW-14-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel15
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel16
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel17
|
|
description [KU] SW-1-4
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel18
|
|
description [KU] SW-1-5
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel19
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel20
|
|
description [KU] SW-2-3
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel21
|
|
description [KU] SW-2-2
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel22
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel23
|
|
description [CORE] SW-1-2
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel24
|
|
description [KU] SW-2-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
!
|
|
interface FastEthernet0
|
|
no ip address
|
|
no ip route-cache
|
|
!
|
|
interface GigabitEthernet1/0/1
|
|
description OLD_Po1_SW-1-3
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
shutdown
|
|
channel-group 1 mode on
|
|
!
|
|
interface GigabitEthernet1/0/2
|
|
description [KU] Po24 SW-2-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 24 mode active
|
|
!
|
|
interface GigabitEthernet1/0/3
|
|
description [KU] Po3 SW-3-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 3 mode on
|
|
!
|
|
interface GigabitEthernet1/0/4
|
|
description [KU] Po4 SW-4-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 4 mode on
|
|
!
|
|
interface GigabitEthernet1/0/5
|
|
description [KU] Po5 SW-5-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 5 mode active
|
|
!
|
|
interface GigabitEthernet1/0/6
|
|
description [KU] Po6 SW-6-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 6 mode active
|
|
!
|
|
interface GigabitEthernet1/0/7
|
|
description [KU] Po7 SW-7-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 7 mode on
|
|
!
|
|
interface GigabitEthernet1/0/8
|
|
description [KU] Po8 SW-8-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 8 mode on
|
|
!
|
|
interface GigabitEthernet1/0/9
|
|
description [KU] Po9 SW-9-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 9 mode on
|
|
!
|
|
interface GigabitEthernet1/0/10
|
|
description [KU] Po10 SW-10-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 10 mode on
|
|
!
|
|
interface GigabitEthernet1/0/11
|
|
description [KU] Po11 SW-11-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 11 mode active
|
|
!
|
|
interface GigabitEthernet1/0/12
|
|
description [KU] Po12 SW-12-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 12 mode active
|
|
!
|
|
interface GigabitEthernet1/0/13
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 13 mode active
|
|
!
|
|
interface GigabitEthernet1/0/14
|
|
description [KU] Po14 SW-14-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 14 mode active
|
|
!
|
|
interface GigabitEthernet1/0/15
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 15 mode active
|
|
!
|
|
interface GigabitEthernet1/0/16
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 16 mode on
|
|
!
|
|
interface GigabitEthernet1/0/17
|
|
description [KU] Po17 SW-1-4
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 17 mode on
|
|
!
|
|
interface GigabitEthernet1/0/18
|
|
description [KU] Po18 SW-1-5
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 18 mode on
|
|
!
|
|
interface GigabitEthernet1/0/19
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 19 mode active
|
|
!
|
|
interface GigabitEthernet1/0/20
|
|
description [KU] Po20 SW-2-3
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 20 mode active
|
|
!
|
|
interface GigabitEthernet1/0/21
|
|
description [KU] Po21 SW-2-2
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 21 mode on
|
|
!
|
|
interface GigabitEthernet1/0/22
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 22 mode on
|
|
!
|
|
interface GigabitEthernet1/0/23
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 23 mode on
|
|
!
|
|
interface GigabitEthernet1/0/24
|
|
description [CORE] Po23 SW-1-2
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 23 mode on
|
|
!
|
|
interface GigabitEthernet1/1/1
|
|
!
|
|
interface GigabitEthernet1/1/2
|
|
!
|
|
interface GigabitEthernet1/1/3
|
|
!
|
|
interface GigabitEthernet1/1/4
|
|
!
|
|
interface TenGigabitEthernet1/1/1
|
|
!
|
|
interface TenGigabitEthernet1/1/2
|
|
!
|
|
interface GigabitEthernet2/0/1
|
|
description OLD_Po1_SW-1-3
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
shutdown
|
|
channel-group 1 mode on
|
|
!
|
|
interface GigabitEthernet2/0/2
|
|
description [KU] Po24 SW-2-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 24 mode active
|
|
!
|
|
interface GigabitEthernet2/0/3
|
|
description [KU] Po3 SW-3-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 3 mode on
|
|
!
|
|
interface GigabitEthernet2/0/4
|
|
description [KU] Po4 SW-4-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 4 mode on
|
|
!
|
|
interface GigabitEthernet2/0/5
|
|
description [KU] Po5 SW-5-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 5 mode active
|
|
!
|
|
interface GigabitEthernet2/0/6
|
|
description [KU] Po6 SW-6-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 6 mode active
|
|
!
|
|
interface GigabitEthernet2/0/7
|
|
description [KU] Po7 SW-7-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 7 mode on
|
|
!
|
|
interface GigabitEthernet2/0/8
|
|
description [KU] Po8 SW-8-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 8 mode on
|
|
!
|
|
interface GigabitEthernet2/0/9
|
|
description [KU] Po9 SW-9-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 9 mode on
|
|
!
|
|
interface GigabitEthernet2/0/10
|
|
description [KU] Po10 SW-10-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 10 mode on
|
|
!
|
|
interface GigabitEthernet2/0/11
|
|
description [KU] Po11 SW-11-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 11 mode active
|
|
!
|
|
interface GigabitEthernet2/0/12
|
|
description [KU] Po12 SW-12-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 12 mode active
|
|
!
|
|
interface GigabitEthernet2/0/13
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 13 mode active
|
|
!
|
|
interface GigabitEthernet2/0/14
|
|
description [KU] Po14 SW-14-1
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 14 mode active
|
|
!
|
|
interface GigabitEthernet2/0/15
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 15 mode active
|
|
!
|
|
interface GigabitEthernet2/0/16
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 16 mode on
|
|
!
|
|
interface GigabitEthernet2/0/17
|
|
description [KU] Po17 SW-1-4
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 17 mode on
|
|
!
|
|
interface GigabitEthernet2/0/18
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 18 mode on
|
|
!
|
|
interface GigabitEthernet2/0/19
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 19 mode active
|
|
!
|
|
interface GigabitEthernet2/0/20
|
|
description [KU] Po20 SW-2-3
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 20 mode active
|
|
!
|
|
interface GigabitEthernet2/0/21
|
|
description [KU] Po21 SW-2-2
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 21 mode on
|
|
!
|
|
interface GigabitEthernet2/0/22
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 22 mode on
|
|
!
|
|
interface GigabitEthernet2/0/23
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 23 mode on
|
|
!
|
|
interface GigabitEthernet2/0/24
|
|
description [CORE] Po23 SW-1-2
|
|
switchport trunk encapsulation dot1q
|
|
switchport mode trunk
|
|
channel-group 23 mode on
|
|
!
|
|
interface GigabitEthernet2/1/1
|
|
!
|
|
interface GigabitEthernet2/1/2
|
|
!
|
|
interface GigabitEthernet2/1/3
|
|
!
|
|
interface GigabitEthernet2/1/4
|
|
!
|
|
interface TenGigabitEthernet2/1/1
|
|
!
|
|
interface TenGigabitEthernet2/1/2
|
|
!
|
|
interface Vlan1
|
|
ip dhcp relay information trusted
|
|
ip address 192.168.25.254 255.255.255.0 secondary
|
|
ip address 192.168.23.254 255.255.255.0 secondary
|
|
ip address 192.168.26.126 255.255.255.128 secondary
|
|
ip address 192.168.20.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan2
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.65.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan8
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.68.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan11
|
|
description --ISP-MTS--
|
|
no ip address
|
|
!
|
|
interface Vlan12
|
|
description --ISP2-megafon--
|
|
no ip address
|
|
!
|
|
interface Vlan91
|
|
no ip address
|
|
!
|
|
interface Vlan113
|
|
ip address 10.12.254.254 255.255.255.252
|
|
!
|
|
interface Vlan122
|
|
description TELEPHONIA
|
|
ip address 192.168.22.254 255.255.255.0
|
|
!
|
|
interface Vlan150
|
|
description --Wi-Fi_WORK--
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.92.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan200
|
|
description GuestWiFI
|
|
ip dhcp relay information trusted
|
|
ip address 10.200.3.254 255.255.255.0
|
|
ip access-group No_Local_For_GuestWiFI in
|
|
ip helper-address 10.200.3.252
|
|
!
|
|
interface Vlan201
|
|
description --Servers_MGM--
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.82.30 255.255.255.224
|
|
!
|
|
interface Vlan250
|
|
description --SERVERS_64.0/24--
|
|
ip address 10.5.64.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan300
|
|
description --MANAGEMENT--
|
|
ip address 10.5.94.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan301
|
|
description --Wi-Fi_MANAGEMENT--
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.93.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan310
|
|
description --UPS managment--
|
|
ip address 10.5.69.254 255.255.255.0
|
|
!
|
|
interface Vlan350
|
|
description --VOICE--
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.89.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan450
|
|
description --Wi-Fi_SKLAD--
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.91.254 255.255.255.0
|
|
ip helper-address 192.168.20.252
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan500
|
|
description --Wi-Fi_GUEST--
|
|
ip dhcp relay information trusted
|
|
ip address 10.5.90.254 255.255.255.0
|
|
ip access-group No_Local_For_GuestWiFI in
|
|
ip helper-address 192.168.20.252
|
|
!
|
|
interface Vlan550
|
|
description --TRANSIT_HSRP--
|
|
ip address 10.5.95.4 255.255.255.248
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan555
|
|
description --BGP_TRANSIT--
|
|
ip address 172.30.30.78 255.255.255.248
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan600
|
|
description --PRODACTION--
|
|
ip address 10.5.80.254 255.255.255.0
|
|
ip access-group ACL_PRODACTION_OUT out
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan603
|
|
description --CRPT-Mark--
|
|
ip address 10.5.81.254 255.255.255.0
|
|
!
|
|
interface Vlan3173
|
|
no ip address
|
|
!
|
|
router bgp 64515
|
|
bgp router-id 172.30.30.78
|
|
bgp log-neighbor-changes
|
|
bgp graceful-restart restart-time 120
|
|
bgp graceful-restart stalepath-time 360
|
|
bgp graceful-restart
|
|
network 10.5.90.0 mask 255.255.255.0
|
|
network 10.5.91.0 mask 255.255.255.0
|
|
network 10.5.92.0 mask 255.255.255.0
|
|
network 10.5.93.0 mask 255.255.255.0
|
|
network 10.5.94.0 mask 255.255.255.0
|
|
network 10.5.95.0 mask 255.255.255.248
|
|
network 10.200.3.0 mask 255.255.255.0
|
|
network 192.168.20.0
|
|
network 192.168.22.0
|
|
network 192.168.23.0
|
|
network 192.168.25.0
|
|
network 192.168.26.0 mask 255.255.255.128
|
|
aggregate-address 10.5.64.0 255.255.224.0 summary-only
|
|
neighbor 172.30.30.76 remote-as 64515
|
|
neighbor 172.30.30.76 next-hop-self
|
|
neighbor 172.30.30.76 soft-reconfiguration inbound
|
|
neighbor 172.30.30.77 remote-as 64515
|
|
neighbor 172.30.30.77 next-hop-self
|
|
neighbor 172.30.30.77 soft-reconfiguration inbound
|
|
distance bgp 150 150 150
|
|
!
|
|
ip default-gateway 10.5.94.254
|
|
!
|
|
ip http server
|
|
ip http authentication local
|
|
no ip http secure-server
|
|
!
|
|
ip route 0.0.0.0 0.0.0.0 10.5.95.1
|
|
ip route 31.173.105.64 255.255.255.252 10.5.95.2
|
|
ip route 31.173.105.65 255.255.255.255 10.5.95.2
|
|
ip route 31.173.105.66 255.255.255.255 10.5.95.2
|
|
ip route 94.181.95.136 255.255.255.255 10.5.95.2
|
|
!
|
|
ip access-list extended ACL_PRODACTION_OUT
|
|
permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.2 eq www
|
|
permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.2 eq 443
|
|
permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.3 eq www
|
|
permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.3 eq 443
|
|
permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.4 eq www
|
|
permit tcp 192.168.20.0 0.0.0.255 host 10.5.80.4 eq 443
|
|
permit ip host 192.168.20.10 any
|
|
permit ip 10.5.64.0 0.0.0.255 any
|
|
permit icmp any any
|
|
deny ip any any
|
|
ip access-list extended LOCAL_TRAFFIC
|
|
permit ip any 192.168.0.0 0.0.255.255
|
|
permit ip any 10.0.0.0 0.255.255.255
|
|
permit ip any 172.16.0.0 0.15.255.255
|
|
ip access-list extended No_Local_For_GuestWiFI
|
|
permit ip host 10.200.3.250 any
|
|
remark Deny Guest VLAN200 access to other VLANs
|
|
permit tcp any host 192.168.20.220 eq domain
|
|
permit udp any host 192.168.20.220 eq domain
|
|
permit tcp any host 192.168.20.150 eq domain
|
|
permit udp any host 192.168.20.150 eq domain
|
|
permit tcp any host 192.168.8.77 eq 443
|
|
deny ip any 192.168.0.0 0.0.255.255
|
|
deny ip any 10.0.0.0 0.255.255.255
|
|
permit ip any any
|
|
ip access-list extended ROUTE_TO_ISP1
|
|
permit ip host 192.168.20.251 any
|
|
ip access-list extended ROUTE_TO_ISP2
|
|
permit ip host 192.168.23.251 any
|
|
ip access-list extended VSL-BFD
|
|
permit udp any any eq 3784
|
|
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
|
|
permit udp any eq bootpc any eq bootps
|
|
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
|
|
permit udp any eq bootps any eq bootpc
|
|
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
|
|
permit udp any eq bootps any eq bootps
|
|
ip access-list extended VSL-DHCP-SERVER_AUTH
|
|
ip access-list extended VSL-IPV4-ROUTING
|
|
permit ip any 224.0.0.0 0.0.0.255
|
|
!
|
|
ip sla 1
|
|
icmp-echo 31.173.105.65
|
|
threshold 50
|
|
timeout 2000
|
|
frequency 3
|
|
ip sla schedule 1 life forever start-time now
|
|
ip sla 2
|
|
icmp-echo 85.140.32.1
|
|
threshold 50
|
|
timeout 2000
|
|
frequency 3
|
|
ip sla schedule 2 life forever start-time now
|
|
logging origin-id hostname
|
|
logging source-interface Vlan300
|
|
logging host 192.168.8.119 transport udp port 5544
|
|
logging host 10.4.244.4 transport udp port 515
|
|
access-list 1301 remark kz-vbr001
|
|
access-list 1301 permit 192.168.20.251
|
|
access-list 101 deny ip any 192.168.0.0 0.0.255.255
|
|
access-list 101 deny ip any 10.0.0.0 0.255.255.255
|
|
access-list 101 deny ip any 172.17.0.0 0.0.255.255
|
|
access-list 101 permit ip host 192.168.20.251 any
|
|
access-list 101 permit ip host 192.168.20.150 any
|
|
access-list 110 remark --kz-vbr001--
|
|
access-list 110 permit ip host 192.168.20.251 any
|
|
!
|
|
route-map GLOBAL-ROUTING permit 10
|
|
match ip address 101
|
|
set ip next-hop 10.5.95.2
|
|
!
|
|
!
|
|
snmp-server community lmTUEsk6Yvlv RO 5
|
|
!
|
|
!
|
|
radius server IZH-RDS002
|
|
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
|
|
timeout 3
|
|
retransmit 2
|
|
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
|
|
!
|
|
radius server P11-RDS003
|
|
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
|
|
timeout 3
|
|
retransmit 2
|
|
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
|
|
!
|
|
!
|
|
ipv6 access-list VSL-IPV6-ROUTING
|
|
permit ipv6 any FF02::/124
|
|
!
|
|
banner login ^C
|
|
*****************************************************************************
|
|
* *
|
|
* UNAUTHORIZED ACCESS IS PROHIBITED *
|
|
* *
|
|
* You have accessed network equipment. *
|
|
* You must have authorized permission to access or configure this device. *
|
|
* All activities performed on this device are logged and monitored. *
|
|
* *
|
|
*****************************************************************************
|
|
^C
|
|
!
|
|
line con 0
|
|
logging synchronous
|
|
login authentication CONSOLE
|
|
stopbits 1
|
|
line vty 0 4
|
|
exec-timeout 120 0
|
|
logging synchronous
|
|
login authentication NPS
|
|
transport input ssh
|
|
line vty 5 15
|
|
exec-timeout 120 0
|
|
logging synchronous
|
|
login authentication NPS
|
|
transport input ssh
|
|
!
|
|
ntp source Vlan300
|
|
ntp server 192.168.8.200
|
|
ntp server 192.168.8.201
|
|
mac address-table notification change
|
|
mac address-table notification mac-move
|
|
mac address-table aging-time 1800
|
|
end |