pycm1k/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/backup/files/cisco/IZH-KG-P11-RT-1-3.txt
Ахметзянов Рустам Рамилевич af70a6a354 first commit
2025-10-31 08:47:26 +04:00

1448 lines
46 KiB
Plaintext
Raw Blame History

Building configuration...
Current configuration : 47425 bytes
!
! Last configuration change at 13:32:42 IZH Tue Jun 28 2022 by akhmetzyanovrr_adm
! NVRAM config last updated at 01:00:00 IZH Thu Jul 28 2022
!
version 16.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 1000000
!
hostname IZH-KG-P11-RT-1-3
!
boot-start-marker
boot system flash isr4400-universalk9.16.09.04.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition TUN
!
address-family ipv4
exit-address-family
!
security authentication failure rate 3 log
logging buffered 65536
logging rate-limit 100 except warnings
logging console critical
enable secret 5 $1$2V8u$VX2P30n3mf2bTST/jPImc1
!
aaa new-model
!
!
aaa group server radius NPS
server name IZH-RDS002
server name P11-RDS003
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
load-balance method least-outstanding
!
aaa authentication login default group NPS local enable
aaa authentication login CONSOLE local group NPS
aaa authorization exec default group NPS local if-authenticated
!
!
!
!
!
!
aaa session-id common
clock timezone IZH 4 0
clock calendar-valid
no ip source-route
no ip gratuitous-arps
!
ip host tftp 10.4.0.214
no ip domain lookup
ip domain name komos.ru
!
!
!
login on-failure log
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
flow exporter FLOW_EXPORTER_NTOP
destination 10.4.0.215
source GigabitEthernet0/0/1.551
transport udp 9995
export-protocol netflow-v5
!
!
flow exporter FLOW_EXPORTER_CISCO
destination 10.4.0.217
source GigabitEthernet0/0/1.551
transport udp 9995
export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR_INPUT
description input
exporter FLOW_EXPORTER_CISCO
cache timeout inactive 10
cache timeout active 60
record netflow ipv4 original-input
!
!
flow monitor FLOW_MONITOR_OUTPUT
description output
exporter FLOW_EXPORTER_CISCO
cache timeout inactive 10
cache timeout active 60
record netflow ipv4 original-output
!
!
!
!
crypto pki trustpoint TP-self-signed-2031109008
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2031109008
revocation-check none
rsakeypair TP-self-signed-2031109008
!
!
crypto pki certificate chain TP-self-signed-2031109008
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303331 31303930 3038301E 170D3139 30393132 30363530
33325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333131
30393030 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A391 CE6B506A BF534242 0E9D071E E424B790 0AA20C51 736781C1
00C107F1 18B1E072 7719422B 3DF52AD2 5B6AC914 183F7E74 6C126371 9292E1D9
E19244AE 06CDC03D 5C4DE689 FF16BC4A A969CA86 1514C9C7 0021596E 53F1A75D
33288A8E CDF8E834 8F377C67 E33CD7FD E4E6C9B9 4CC9DA27 E79126BB B86430A7
D048D097 4F7E8DA3 C4DF8ED5 AEE24416 4DA92146 00F52341 453C7CB0 9E30DB1C
DDF2820D 145E4ED1 3A37BFEA A7C1198B 663A0830 F5A0D9DD 92E88C18 83BB9061
3A4DEAA5 2EECC0B9 20A45711 49A188B5 20E92DBB 0570B376 919F3D57 EFF1E588
50690875 1B96E923 6EA675D2 0B2F9814 50DD93ED A25EB6B1 D54992EF 88941F72
342CF2C7 D1770203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14E59BE2 B210DC11 02A79CC8 3C8E5AD3 9B81C496
39301D06 03551D0E 04160414 E59BE2B2 10DC1102 A79CC83C 8E5AD39B 81C49639
300D0609 2A864886 F70D0101 05050003 82010100 5C84C9B7 DE92D156 756ACD8B
0B37D5BF CC9B43F1 D1ED4012 6D74876F 58F2A336 A367912B BD323CB4 3CD3B4F4
E4F18566 3EDEBAA4 D22B24B7 4A7EB8D9 8A4340B1 DB1DF23A 9DC0A2AE 31FFF1AE
8FEF66E1 491BA24E 8C560BCB 28E334BC 3DCA425B 082AE31E 21E5B44C 9194198C
4B052178 A6BF012A B893E9B6 16112AC0 02E9F583 273FF029 920EECD8 AF410A54
E665588F 25AC11A5 5B323C74 70111938 13ED8AB8 3D56A1C3 977BB368 28D0E704
AA1D2117 0DE29FE5 4FC42C63 B8E1B0AA 62DE5927 C3B3D0AF 0E2C0756 EBBF52AC
2477607B 03B6F9D6 55A654CE 00994ACC 1AA1CD74 BF3FE785 52ED207B 72FD9BA2
D55255A6 9B765604 C433D276 3955A533 2AAFE6B1
quit
!
license udi pid ISR4431/K9 sn FOC23172U4F
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
archive
log config
logging enable
logging size 900
notify syslog contenttype plaintext
hidekeys
path tftp://tftp/IZH/KG/P11-RT/$H.$T.conf
write-memory
time-period 10080
!
!
!
!
!
object-group network OBJ_BBN_RN_BBN
host 85.140.32.104
host 78.85.13.205
!
object-group network OBJ_IZH_MLK_IZM
host 85.140.32.27
host 78.85.13.42
host 5.227.126.169
host 31.173.105.54
host 217.14.195.253
host 85.175.86.74
!
object-group network OBJ_IZH_KG_P11
91.240.179.0 255.255.255.0
host 5.227.124.143
host 78.85.13.93
host 62.141.96.126
host 84.201.247.190
host 88.80.33.50
host 94.25.46.122
!
object-group network OBJ_IZH_VST_IZM
host 5.227.124.82
host 78.85.13.38
!
object-group network OBJ_IZH_TK_M44
host 212.46.204.74
host 88.80.33.162
!
object-group network OBJ_IZH_TK_M48
host 87.249.237.250
!
object-group network OBJ_IZH_TK_SMR
host 87.249.239.226
host 88.80.33.42
!
object-group network OBJ_MSK_KG_MSK
host 185.62.195.150
host 185.6.175.101
!
object-group network OBJ_GLZ_MLK_GMK
host 31.173.105.62
host 85.140.32.29
!
object-group network OBJ_KZN_MLK_KMK
host 83.69.126.54
host 94.180.253.210
host 78.138.171.82
!
object-group network OBJ_KEZ_MLK_KZS
host 31.173.105.66
host 78.85.13.52
host 85.140.32.30
!
object-group network OBJ_PRM_MLK_PHK
host 178.47.128.18
host 46.146.210.68
!
object-group network OBJ_SAR_MLK_SRM
host 31.173.105.58
host 78.85.13.53
host 85.140.32.28
!
object-group network OBJ_CLB_MLK_CMK
host 37.113.128.241
host 149.255.6.35
!
object-group network OBJ_GLZ_GKZ_GKZ
host 78.85.13.94
host 146.120.104.181
!
object-group network OBJ_KIA_RN_KIA
host 78.85.14.97
!
object-group network OBJ_IZH_TZK_TZK
host 78.25.80.134
host 5.227.124.235
!
object-group network OBJ_IZH_MK_VS17
host 5.227.124.141
!
object-group network OBJ_IZH_KL_KLI
host 78.85.15.85
host 84.201.247.24
host 79.175.36.97
host 84.201.244.235
!
object-group network OBJ_EKB_KG_EKB
host 62.168.232.182
host 176.215.14.11
!
object-group network OBJ_IZH_KEN_VS56
host 83.143.54.246
host 92.55.54.109
!
object-group network OBJ_IZH_VRS_IZM
host 85.140.32.177
host 78.85.14.98
!
object-group network OBJ_GLZ_VRS_UPF
host 95.215.208.234
host 78.85.13.119
!
object-group network OBJ_IZH_VRS_IPF
host 85.140.32.141
host 78.85.13.117
!
object-group network OBJ_IZH_VRS_PFV
host 85.140.32.178
host 94.181.119.90
host 78.85.33.50
!
object-group network OBJ_VOT_VRS_VPF
host 78.85.13.118
host 88.80.33.14
!
object-group network OBJ_PRM_VRS_MPF
host 178.47.130.10
host 5.227.121.127
!
object-group network OBJ_LAI_VRS_DPF
host 178.205.241.114
host 46.232.164.108
!
object-group network OBJ_ITL_VST_ITL
host 5.227.124.130
host 78.85.34.99
host 81.211.13.82
!
object-group network OBJ_MZH_VST_MZH
host 88.80.33.250
host 83.169.220.171
!
object-group network OBJ_KIA_VST_KIA
host 85.140.32.24
host 188.94.168.238
!
object-group network OBJ_KGB_VST_KBB
host 78.85.37.88
host 88.80.33.154
!
object-group network OBJ_SAR_VST_SMK
host 78.85.19.93
host 88.80.33.234
!
object-group network OBJ_KNK_VST_KMK
host 178.161.242.67
!
object-group network OBJ_SHM_TMA_SHM
host 89.232.91.106
host 31.173.182.210
!
object-group network OBJ_MSB_TMA_MSB
host 78.138.182.214
!
object-group network OBJ_EVL_TMA_EVL
host 89.232.102.166
!
object-group network OBJ_KIB_TMA_KIB
host 78.138.182.126
!
object-group network OBJ_IZH_KM_S61
host 84.201.247.32
host 88.80.33.194
!
object-group network OBJ_YAN_GKZ_YEL
host 77.94.97.222
!
object-group network OBJ_KUN_KMK_B2
94.138.150.0 255.255.255.0
!
object-group network OBJ_KUN_KMK_H80
host 178.161.207.26
host 77.43.193.88
!
object-group network OBJ_KUN_KMK_CH9
host 178.47.128.98
host 194.150.90.20
host 194.150.91.170
!
object-group network OBJ_KGB_RN_KGB
host 78.85.13.165
!
object-group network OBJ_NCH_RN_NCH
host 78.85.13.166
!
object-group network OBJ_PRI_RN_PRI
host 78.85.13.167
!
object-group network OBJ_URN_RN_URN
host 78.85.20.49
!
object-group network OBJ_MZH_TK_TKM
host 88.80.32.230
host 78.85.35.34
!
object-group network OBJ_GLZ_TK_TKG
host 95.215.208.240
host 146.120.104.235
host 95.215.208.173
!
object-group network OBJ_IZH_TK_M21
host 84.201.242.133
!
object-group network OBJ_IZH_HLA_PP
host 92.61.17.250
!
object-group network OBJ_IZH_HLA_UHK
host 92.55.7.148
!
object-group network OBJ_IZH_VD_VS17
host 84.201.247.100
!
object-group network OBJ_IZH_KS_H17
85.140.32.64 255.255.255.252
host 85.140.32.63
host 85.140.32.68
!
object-group network OBJ_IZH_VST_VS298
host 91.144.167.3
host 5.227.125.36
host 178.176.100.154
!
object-group network OBJ_SPB_KG_SPB
host 85.140.7.161
host 94.72.27.43
host 62.141.114.190
!
object-group network OBJ_IZH_VRS_AKS
host 5.227.124.50
host 87.249.233.80
!
object-group network OBJ_IZH_KI_VOR158
host 46.147.130.59
host 5.227.125.126
!
object-group network OBJ_BRANCHES
group-object OBJ_IZH_MLK_IZM
group-object OBJ_IZH_KG_P11
group-object OBJ_IZH_VST_IZM
group-object OBJ_IZH_TK_M44
group-object OBJ_IZH_TK_M48
group-object OBJ_IZH_TK_SMR
group-object OBJ_MSK_KG_MSK
group-object OBJ_GLZ_MLK_GMK
group-object OBJ_KZN_MLK_KMK
group-object OBJ_KEZ_MLK_KZS
group-object OBJ_PRM_MLK_PHK
group-object OBJ_SAR_MLK_SRM
group-object OBJ_CLB_MLK_CMK
group-object OBJ_BBN_RN_BBN
group-object OBJ_GLZ_GKZ_GKZ
group-object OBJ_KIA_RN_KIA
group-object OBJ_IZH_TZK_TZK
group-object OBJ_IZH_MK_VS17
group-object OBJ_IZH_KL_KLI
group-object OBJ_EKB_KG_EKB
group-object OBJ_IZH_KEN_VS56
group-object OBJ_IZH_VRS_IZM
group-object OBJ_GLZ_VRS_UPF
group-object OBJ_IZH_VRS_IPF
group-object OBJ_IZH_VRS_PFV
group-object OBJ_VOT_VRS_VPF
group-object OBJ_PRM_VRS_MPF
group-object OBJ_LAI_VRS_DPF
group-object OBJ_ITL_VST_ITL
group-object OBJ_MZH_VST_MZH
group-object OBJ_KIA_VST_KIA
group-object OBJ_KGB_VST_KBB
group-object OBJ_SAR_VST_SMK
group-object OBJ_KNK_VST_KMK
group-object OBJ_SHM_TMA_SHM
group-object OBJ_MSB_TMA_MSB
group-object OBJ_EVL_TMA_EVL
group-object OBJ_KIB_TMA_KIB
group-object OBJ_IZH_KM_S61
group-object OBJ_YAN_GKZ_YEL
group-object OBJ_KUN_KMK_B2
group-object OBJ_KUN_KMK_H80
group-object OBJ_KUN_KMK_CH9
group-object OBJ_KGB_RN_KGB
group-object OBJ_NCH_RN_NCH
group-object OBJ_PRI_RN_PRI
group-object OBJ_URN_RN_URN
group-object OBJ_MZH_TK_TKM
group-object OBJ_GLZ_TK_TKG
group-object OBJ_IZH_TK_M21
group-object OBJ_IZH_HLA_PP
group-object OBJ_IZH_HLA_UHK
group-object OBJ_IZH_VD_VS17
group-object OBJ_IZH_KS_H17
group-object OBJ_IZH_VST_VS298
group-object OBJ_SPB_KG_SPB
group-object OBJ_IZH_VRS_AKS
group-object OBJ_IZH_KI_VOR158
!
object-group network STATIC_ISP_IP
host 84.201.247.190
host 5.227.124.143
!
!
!
username netadmin privilege 15 secret 5 $1$3nmT$Wx1Oexnb10Jzrg/5QRzmN1
!
redundancy
mode none
!
!
!
!
!
!
!
class-map match-any CM_QOS_Q2
match access-group name ACL_QOS_Q2
class-map match-any CM_QOS_Q3
match access-group name ACL_QOS_Q3
class-map match-any CM_QOS_Q1
match access-group name ACL_QOS_Q1
class-map match-any CM_QOS_Q4
match access-group name ACL_QOS_Q4
class-map match-any CM_QOS_Q5
match access-group name ACL_QOS_Q5
class-map type inspect match-any CM-LAN_TO_WAN_KOM
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all CM-WAN_TO_LAN_KOM
match access-group name ACL-WAN_TO_LAN_KOM
class-map type inspect match-all CM-WAN_TO_SELF_KOM
match access-group name ACL-WAN_TO_SELF_KOM
class-map type inspect match-all CM-DMVPN_KOM
match access-group name ACL-DMVPN_TRAFFIC_KOM
!
policy-map type inspect PM-DMVPN_KOM
class type inspect CM-DMVPN_KOM
pass
class class-default
drop
policy-map type inspect PM-SELF_TO_WAN_KOM
description :: ALL TRAFIC FROM ROUTER ALLOWED TO WAN
class class-default
pass
policy-map type inspect PM-ALLPASS_KOM
class class-default
pass
policy-map PM_QOS_IN
class CM_QOS_Q5
set ip dscp cs5
class CM_QOS_Q4
set ip dscp cs4
class CM_QOS_Q3
set ip dscp cs3
class CM_QOS_Q2
set ip dscp cs2
class CM_QOS_Q1
set ip dscp cs1
class class-default
set ip dscp default
policy-map type inspect PM-WAN_TO_SELF_KOM
class type inspect CM-WAN_TO_SELF_KOM
pass
class class-default
drop
policy-map type inspect PM-WAN_TO_LAN_KOM
class class-default
drop
policy-map type inspect PM-LAN_TO_WAN_KOM
class type inspect CM-LAN_TO_WAN_KOM
inspect
class class-default
drop
!
zone security LAN
zone security WAN
zone security DMVPN
zone security MGMT
description Management Network Equipment
zone-pair security ZP-DMVPN_TO_SELF_KOM source DMVPN destination self
service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-LAN_TO_DMVPN_KOM source LAN destination DMVPN
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_SELF_KOM source LAN destination self
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-LAN_to_WAN_KOM source LAN destination WAN
service-policy type inspect PM-LAN_TO_WAN_KOM
zone-pair security ZP-MGMT_TO_SELF source MGMT destination self
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_TO_MGMT source self destination MGMT
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_DMVPN_KOM source self destination DMVPN
service-policy type inspect PM-DMVPN_KOM
zone-pair security ZP-SELF_to_LAN_KOM source self destination LAN
service-policy type inspect PM-ALLPASS_KOM
zone-pair security ZP-SELF_to_WAN_KOM source self destination WAN
service-policy type inspect PM-SELF_TO_WAN_KOM
zone-pair security ZP-WAN_to_LAN_KOM source WAN destination LAN
service-policy type inspect PM-WAN_TO_LAN_KOM
zone-pair security ZP-WAN_to_SELF_KOM source WAN destination self
service-policy type inspect PM-WAN_TO_SELF_KOM
zone-pair security ZP_DMVPN_TO_LAN_KOM source DMVPN destination LAN
service-policy type inspect PM-ALLPASS_KOM
!
crypto keyring TUN vrf TUN
pre-shared-key address 0.0.0.0 0.0.0.0 key fjhJSHpUcnqbpGfI
!
!
!
!
crypto isakmp policy 150
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 160
encr aes 256
authentication pre-share
group 2
crypto isakmp key mlk20kom19 address 0.0.0.0 no-xauth
crypto isakmp keepalive 30
crypto isakmp nat keepalive 10
!
crypto ipsec security-association replay disable
!
crypto ipsec transform-set TS_DMVPN esp-aes esp-sha-hmac
mode transport
crypto ipsec transform-set TS_GREIPSEC esp-aes 256 esp-sha-hmac
mode transport require
!
crypto ipsec profile GRE_IPSEC
set transform-set TS_GREIPSEC
set pfs group2
!
crypto ipsec profile IPSEC_DMVPN
description -==SPOKE to SITE DMVPN IPSec GRE Profile ==-
set transform-set TS_DMVPN
!
!
!
!
!
!
!
!
!
!
interface Tunnel1001
description DMVPN_SPOKE1_Cloud1
bandwidth 100000
ip address 172.30.1.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication M_K.Cl01
ip nhrp map 172.30.1.1 85.140.32.27
ip nhrp map 172.30.1.2 78.85.13.42
ip nhrp map multicast 85.140.32.27
ip nhrp map multicast 78.85.13.42
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp nhs 172.30.1.1
ip nhrp nhs 172.30.1.2
zone-member security DMVPN
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0.3073
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel1002
description DMVPN-HUB1-Cloud2
bandwidth 100000
ip address 172.30.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication M_K.Cl02
ip nhrp network-id 1002
ip nhrp holdtime 300
ip nhrp redirect
zone-member security DMVPN
ip tcp adjust-mss 1360
bfd interval 50 min_rx 50 multiplier 3
tunnel source GigabitEthernet0/0/0.3073
tunnel mode gre multipoint
tunnel key 1002
tunnel protection ipsec profile IPSEC_DMVPN shared
!
interface Tunnel2300
no ip address
shutdown
!
interface Tunnel2301
no ip address
shutdown
!
interface Tunnel2302
description IZH-KLS-P20-RT-1-1
bandwidth 100000
ip address 91.240.179.233 255.255.255.0
ip mtu 1400
zone-member security DMVPN
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/0/1.1113
tunnel destination 5.227.125.114
tunnel vrf TUN
tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel2303
description KGR-KUMK-B2-RT-1-1
bandwidth 100000
ip address 10.1.50.1 255.255.255.252
no ip redirects
ip mtu 1400
ip access-group ACL_KUMK_IN in
zone-member security DMVPN
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/0/1.1113
tunnel destination 94.138.150.1
tunnel vrf TUN
tunnel protection ipsec profile GRE_IPSEC
!
interface Tunnel2304
description PRM-KUMK-CH9-RT-1-1
bandwidth 100000
ip address 10.1.50.13 255.255.255.252
no ip redirects
ip mtu 1400
ip access-group ACL_KUMK_IN in
zone-member security DMVPN
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/0/1.1113
tunnel destination 178.47.128.98
tunnel vrf TUN
tunnel protection ipsec profile GRE_IPSEC
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.3073
description [ISP-100M] MTS_DMVPN
bandwidth 100000
encapsulation dot1Q 3073
ip address 5.227.124.143 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
zone-member security WAN
!
interface GigabitEthernet0/0/1
description [CORE] SW-1-2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
service-policy input PM_QOS_IN
!
interface GigabitEthernet0/0/1.100
description MGM
encapsulation dot1Q 100
ip address 10.1.1.249 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
zone-member security LAN
!
interface GigabitEthernet0/0/1.551
description --TRANSIT_HSRP--
encapsulation dot1Q 551
ip flow monitor FLOW_MONITOR_INPUT input
ip flow monitor FLOW_MONITOR_OUTPUT output
ip address 10.1.239.20 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/1.598
description Transit_Network_to_Core
encapsulation dot1Q 598
ip flow monitor FLOW_MONITOR_INPUT input
ip flow monitor FLOW_MONITOR_OUTPUT output
ip address 172.30.30.41 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
zone-member security LAN
standby version 2
standby 598 ip 172.30.30.43
standby 598 timers 5 15
standby 598 priority 150
standby 598 preempt delay minimum 30
standby 598 authentication BDC_Kom
standby 598 name HSRP-TRANSIT-VLAN_598
!
interface GigabitEthernet0/0/1.1113
description [PI] For Remote tunnels vrf TUN
encapsulation dot1Q 1113
vrf forwarding TUN
ip address 91.240.179.233 255.255.255.0
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.1.254.252 255.255.255.0
zone-member security MGMT
negotiation auto
!
router bgp 64513
bgp router-id 172.30.30.41
bgp log-neighbor-changes
network 10.1.20.131 mask 255.255.255.255
timers bgp 10 30
redistribute connected route-map RM_REDIS_CONN
neighbor TO_RT_PEERS peer-group
neighbor TO_RT_PEERS next-hop-self all
neighbor TO_RT_PEERS soft-reconfiguration inbound
neighbor TO_MTS_PEERS peer-group
neighbor TO_MTS_PEERS next-hop-self all
neighbor TO_MTS_PEERS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA peer-group
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA remote-as 64521
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA next-hop-self all
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TK_SMIRNOVO peer-group
neighbor PG_BGP_SPOKE_TK_SMIRNOVO remote-as 64522
neighbor PG_BGP_SPOKE_TK_SMIRNOVO next-hop-self all
neighbor PG_BGP_SPOKE_TK_SMIRNOVO soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TK_SMIRNOVO route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KMK peer-group
neighbor PG_BGP_SPOKE_KMK remote-as 64516
neighbor PG_BGP_SPOKE_KMK next-hop-self all
neighbor PG_BGP_SPOKE_KMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_VOTKINSK peer-group
neighbor PG_BGP_SPOKE_PF_VOTKINSK remote-as 64527
neighbor PG_BGP_SPOKE_PF_VOTKINSK next-hop-self all
neighbor PG_BGP_SPOKE_PF_VOTKINSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_VOTKINSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_PERM peer-group
neighbor PG_BGP_SPOKE_PF_PERM remote-as 64529
neighbor PG_BGP_SPOKE_PF_PERM next-hop-self all
neighbor PG_BGP_SPOKE_PF_PERM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_PERM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_IZHEVSK peer-group
neighbor PG_BGP_SPOKE_PF_IZHEVSK remote-as 64526
neighbor PG_BGP_SPOKE_PF_IZHEVSK next-hop-self all
neighbor PG_BGP_SPOKE_PF_IZHEVSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_IZHEVSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_KAZAN peer-group
neighbor PG_BGP_SPOKE_PF_KAZAN remote-as 64528
neighbor PG_BGP_SPOKE_PF_KAZAN next-hop-self all
neighbor PG_BGP_SPOKE_PF_KAZAN soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_KAZAN route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_VARAKSINO peer-group
neighbor PG_BGP_SPOKE_PF_VARAKSINO remote-as 64525
neighbor PG_BGP_SPOKE_PF_VARAKSINO next-hop-self all
neighbor PG_BGP_SPOKE_PF_VARAKSINO soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_VARAKSINO route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_GLAZOV peer-group
neighbor PG_BGP_SPOKE_PF_GLAZOV remote-as 64524
neighbor PG_BGP_SPOKE_PF_GLAZOV next-hop-self all
neighbor PG_BGP_SPOKE_PF_GLAZOV soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_GLAZOV route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_DC peer-group
neighbor PG_BGP_SPOKE_PF_DC remote-as 64523
neighbor PG_BGP_SPOKE_PF_DC next-hop-self all
neighbor PG_BGP_SPOKE_PF_DC soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_DC route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_MOSCOW peer-group
neighbor PG_BGP_SPOKE_KG_MOSCOW remote-as 64530
neighbor PG_BGP_SPOKE_KG_MOSCOW next-hop-self all
neighbor PG_BGP_SPOKE_KG_MOSCOW soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_MOSCOW route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_LOGISTIKA peer-group
neighbor PG_BGP_SPOKE_KG_LOGISTIKA remote-as 64531
neighbor PG_BGP_SPOKE_KG_LOGISTIKA next-hop-self all
neighbor PG_BGP_SPOKE_KG_LOGISTIKA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_LOGISTIKA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA peer-group
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA remote-as 64533
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA next-hop-self all
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_EKATERINBURG peer-group
neighbor PG_BGP_SPOKE_KG_EKATERINBURG remote-as 64534
neighbor PG_BGP_SPOKE_KG_EKATERINBURG next-hop-self all
neighbor PG_BGP_SPOKE_KG_EKATERINBURG soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_EKATERINBURG route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_GKZ peer-group
neighbor PG_BGP_SPOKE_KG_GKZ remote-as 64535
neighbor PG_BGP_SPOKE_KG_GKZ next-hop-self all
neighbor PG_BGP_SPOKE_KG_GKZ soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_GKZ route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA peer-group
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA remote-as 64536
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA next-hop-self all
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_RUSSIAN_NIVA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY peer-group
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY remote-as 64537
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY next-hop-self all
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TZK_KRYLATSKIY route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK peer-group
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK remote-as 64532
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK next-hop-self all
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_MLK_CHELYABINSK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_KIB peer-group
neighbor PG_BGP_SPOKE_TMA_KIB remote-as 64548
neighbor PG_BGP_SPOKE_TMA_KIB next-hop-self all
neighbor PG_BGP_SPOKE_TMA_KIB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_KIB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_EVL peer-group
neighbor PG_BGP_SPOKE_TMA_EVL remote-as 64547
neighbor PG_BGP_SPOKE_TMA_EVL next-hop-self all
neighbor PG_BGP_SPOKE_TMA_EVL soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_EVL route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_MSB peer-group
neighbor PG_BGP_SPOKE_TMA_MSB remote-as 64549
neighbor PG_BGP_SPOKE_TMA_MSB next-hop-self all
neighbor PG_BGP_SPOKE_TMA_MSB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_MSB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_TMA_SHM peer-group
neighbor PG_BGP_SPOKE_TMA_SHM remote-as 64546
neighbor PG_BGP_SPOKE_TMA_SHM next-hop-self all
neighbor PG_BGP_SPOKE_TMA_SHM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_TMA_SHM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KOMOS_ENERGY peer-group
neighbor PG_BGP_SPOKE_KOMOS_ENERGY remote-as 64550
neighbor PG_BGP_SPOKE_KOMOS_ENERGY next-hop-self all
neighbor PG_BGP_SPOKE_KOMOS_ENERGY soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KOMOS_ENERGY route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_BBN peer-group
neighbor PG_BGP_SPOKE_VST_BBN remote-as 64541
neighbor PG_BGP_SPOKE_VST_BBN next-hop-self all
neighbor PG_BGP_SPOKE_VST_BBN soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_BBN route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_IZM peer-group
neighbor PG_BGP_SPOKE_VST_IZM remote-as 64539
neighbor PG_BGP_SPOKE_VST_IZM next-hop-self all
neighbor PG_BGP_SPOKE_VST_IZM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_IZM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_SMK peer-group
neighbor PG_BGP_SPOKE_VST_SMK remote-as 64543
neighbor PG_BGP_SPOKE_VST_SMK next-hop-self all
neighbor PG_BGP_SPOKE_VST_SMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_SMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KIA peer-group
neighbor PG_BGP_SPOKE_VST_KIA remote-as 64540
neighbor PG_BGP_SPOKE_VST_KIA next-hop-self all
neighbor PG_BGP_SPOKE_VST_KIA soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KIA route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KGB peer-group
neighbor PG_BGP_SPOKE_VST_KGB remote-as 64544
neighbor PG_BGP_SPOKE_VST_KGB next-hop-self all
neighbor PG_BGP_SPOKE_VST_KGB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KGB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_KNK peer-group
neighbor PG_BGP_SPOKE_VST_KNK remote-as 64545
neighbor PG_BGP_SPOKE_VST_KNK next-hop-self all
neighbor PG_BGP_SPOKE_VST_KNK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_KNK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_ITL peer-group
neighbor PG_BGP_SPOKE_VST_ITL remote-as 64538
neighbor PG_BGP_SPOKE_VST_ITL next-hop-self all
neighbor PG_BGP_SPOKE_VST_ITL soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_ITL route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KG_SPB peer-group
neighbor PG_BGP_SPOKE_KG_SPB remote-as 64552
neighbor PG_BGP_SPOKE_KG_SPB next-hop-self
neighbor PG_BGP_SPOKE_KG_SPB soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KG_SPB route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PF_AKS peer-group
neighbor PG_BGP_SPOKE_PF_AKS remote-as 64553
neighbor PG_BGP_SPOKE_PF_AKS next-hop-self
neighbor PG_BGP_SPOKE_PF_AKS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PF_AKS route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_VST_MZH peer-group
neighbor PG_BGP_SPOKE_VST_MZH remote-as 64542
neighbor PG_BGP_SPOKE_VST_MZH soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_VST_MZH route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KM peer-group
neighbor PG_BGP_SPOKE_KM remote-as 64519
neighbor PG_BGP_SPOKE_KM next-hop-self all
neighbor PG_BGP_SPOKE_KM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KM route-map RM_KOMOS_MEDIA_IN in
neighbor PG_BGP_SPOKE_KM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_MK peer-group
neighbor PG_BGP_SPOKE_MK remote-as 64520
neighbor PG_BGP_SPOKE_MK next-hop-self all
neighbor PG_BGP_SPOKE_MK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_MK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_PHK peer-group
neighbor PG_BGP_SPOKE_PHK remote-as 64517
neighbor PG_BGP_SPOKE_PHK next-hop-self all
neighbor PG_BGP_SPOKE_PHK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_PHK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_SRM peer-group
neighbor PG_BGP_SPOKE_SRM remote-as 64518
neighbor PG_BGP_SPOKE_SRM next-hop-self all
neighbor PG_BGP_SPOKE_SRM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_SRM route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_GMK peer-group
neighbor PG_BGP_SPOKE_GMK remote-as 64514
neighbor PG_BGP_SPOKE_GMK next-hop-self all
neighbor PG_BGP_SPOKE_GMK soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_GMK route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_KZS peer-group
neighbor PG_BGP_SPOKE_KZS remote-as 64515
neighbor PG_BGP_SPOKE_KZS next-hop-self all
neighbor PG_BGP_SPOKE_KZS soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_KZS route-map RM_SPOKE_OUT out
neighbor PG_BGP_SPOKE_IZM peer-group
neighbor PG_BGP_SPOKE_IZM remote-as 64512
neighbor PG_BGP_SPOKE_IZM soft-reconfiguration inbound
neighbor PG_BGP_SPOKE_IZM weight 500
neighbor PG_BGP_SPOKE_IZM route-map RM_TO_MILKON_MAIN_OUT out
neighbor PG_BGP_KLS peer-group
neighbor PG_BGP_KLS remote-as 65506
neighbor PG_BGP_KLS next-hop-self all
neighbor PG_BGP_KLS soft-reconfiguration inbound
neighbor PG_BGP_KLS route-map RM_SPOKE_OUT out
neighbor PG_BGP_KUMK peer-group
neighbor PG_BGP_KUMK remote-as 65504
neighbor PG_BGP_KUMK next-hop-self all
neighbor PG_BGP_KUMK soft-reconfiguration inbound
neighbor PG_BGP_KUMK route-map RM_BGP_KUMK_IN in
neighbor PG_BGP_KUMK route-map RM_SPOKE_OUT out
neighbor 10.1.50.2 peer-group PG_BGP_KUMK
neighbor 10.1.50.2 description KGR-KUMK-B12-RT-1-1
neighbor 10.1.50.14 peer-group PG_BGP_KUMK
neighbor 10.1.50.14 description PRM-KUMK-CH9-RT-1-1
neighbor 10.1.50.34 peer-group PG_BGP_KLS
neighbor 172.30.1.1 peer-group PG_BGP_SPOKE_IZM
neighbor 172.30.1.2 peer-group PG_BGP_SPOKE_IZM
neighbor 172.30.2.5 peer-group PG_BGP_SPOKE_GMK
neighbor 172.30.2.6 peer-group PG_BGP_SPOKE_GMK
neighbor 172.30.2.7 peer-group PG_BGP_SPOKE_KZS
neighbor 172.30.2.8 peer-group PG_BGP_SPOKE_KZS
neighbor 172.30.2.9 peer-group PG_BGP_SPOKE_KMK
neighbor 172.30.2.10 peer-group PG_BGP_SPOKE_KMK
neighbor 172.30.2.10 weight 500
neighbor 172.30.2.10 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.11 peer-group PG_BGP_SPOKE_PHK
neighbor 172.30.2.12 peer-group PG_BGP_SPOKE_PHK
neighbor 172.30.2.13 peer-group PG_BGP_SPOKE_SRM
neighbor 172.30.2.14 peer-group PG_BGP_SPOKE_SRM
neighbor 172.30.2.15 peer-group PG_BGP_SPOKE_KM
neighbor 172.30.2.16 peer-group PG_BGP_SPOKE_KM
neighbor 172.30.2.17 peer-group PG_BGP_SPOKE_MK
neighbor 172.30.2.19 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
neighbor 172.30.2.19 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.20 peer-group PG_BGP_SPOKE_TORGOVAYA_KOMPANIYA
neighbor 172.30.2.21 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
neighbor 172.30.2.21 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.22 peer-group PG_BGP_SPOKE_TK_SMIRNOVO
neighbor 172.30.2.23 peer-group PG_BGP_SPOKE_PF_DC
neighbor 172.30.2.24 peer-group PG_BGP_SPOKE_PF_DC
neighbor 172.30.2.25 peer-group PG_BGP_SPOKE_PF_GLAZOV
neighbor 172.30.2.26 peer-group PG_BGP_SPOKE_PF_GLAZOV
neighbor 172.30.2.27 peer-group PG_BGP_SPOKE_PF_VARAKSINO
neighbor 172.30.2.28 peer-group PG_BGP_SPOKE_PF_VARAKSINO
neighbor 172.30.2.29 peer-group PG_BGP_SPOKE_PF_IZHEVSK
neighbor 172.30.2.30 peer-group PG_BGP_SPOKE_PF_IZHEVSK
neighbor 172.30.2.31 peer-group PG_BGP_SPOKE_PF_VOTKINSK
neighbor 172.30.2.31 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.32 peer-group PG_BGP_SPOKE_PF_VOTKINSK
neighbor 172.30.2.33 peer-group PG_BGP_SPOKE_PF_KAZAN
neighbor 172.30.2.34 peer-group PG_BGP_SPOKE_PF_KAZAN
neighbor 172.30.2.35 peer-group PG_BGP_SPOKE_PF_PERM
neighbor 172.30.2.36 peer-group PG_BGP_SPOKE_PF_PERM
neighbor 172.30.2.37 peer-group PG_BGP_SPOKE_KG_MOSCOW
neighbor 172.30.2.37 route-map RM_BGP_FROM_SPOKE in
neighbor 172.30.2.38 peer-group PG_BGP_SPOKE_KG_MOSCOW
neighbor 172.30.2.39 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
neighbor 172.30.2.40 peer-group PG_BGP_SPOKE_KG_LOGISTIKA
neighbor 172.30.2.41 peer-group PG_BGP_SPOKE_MLK_CHELYABINSK
neighbor 172.30.2.43 peer-group PG_BGP_SPOKE_KG_LOGISTIKA_GAGARINA
neighbor 172.30.2.44 peer-group PG_BGP_SPOKE_KG_EKATERINBURG
neighbor 172.30.2.45 peer-group PG_BGP_SPOKE_KG_GKZ
neighbor 172.30.2.46 peer-group PG_BGP_SPOKE_KG_GKZ
neighbor 172.30.2.47 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 172.30.2.48 peer-group PG_BGP_SPOKE_RUSSIAN_NIVA
neighbor 172.30.2.49 peer-group PG_BGP_SPOKE_TZK_KRYLATSKIY
neighbor 172.30.2.50 peer-group PG_BGP_SPOKE_VST_IZM
neighbor 172.30.2.51 peer-group PG_BGP_SPOKE_VST_IZM
neighbor 172.30.2.52 peer-group PG_BGP_SPOKE_VST_ITL
neighbor 172.30.2.53 peer-group PG_BGP_SPOKE_VST_ITL
neighbor 172.30.2.54 peer-group PG_BGP_SPOKE_VST_KIA
neighbor 172.30.2.55 peer-group PG_BGP_SPOKE_VST_KIA
neighbor 172.30.2.55 route-map RM_MTS_LP in
neighbor 172.30.2.56 peer-group PG_BGP_SPOKE_VST_BBN
neighbor 172.30.2.57 peer-group PG_BGP_SPOKE_VST_BBN
neighbor 172.30.2.58 peer-group PG_BGP_SPOKE_VST_MZH
neighbor 172.30.2.59 peer-group PG_BGP_SPOKE_VST_MZH
neighbor 172.30.2.60 peer-group PG_BGP_SPOKE_VST_SMK
neighbor 172.30.2.61 peer-group PG_BGP_SPOKE_VST_SMK
neighbor 172.30.2.61 route-map RM_MTS_LP in
neighbor 172.30.2.62 peer-group PG_BGP_SPOKE_VST_KGB
neighbor 172.30.2.63 peer-group PG_BGP_SPOKE_VST_KGB
neighbor 172.30.2.63 route-map RM_MTS_LP in
neighbor 172.30.2.64 peer-group PG_BGP_SPOKE_VST_KNK
neighbor 172.30.2.65 peer-group PG_BGP_SPOKE_TMA_SHM
neighbor 172.30.2.66 peer-group PG_BGP_SPOKE_TMA_SHM
neighbor 172.30.2.67 peer-group PG_BGP_SPOKE_TMA_EVL
neighbor 172.30.2.68 peer-group PG_BGP_SPOKE_TMA_KIB
neighbor 172.30.2.69 peer-group PG_BGP_SPOKE_TMA_MSB
neighbor 172.30.2.70 peer-group PG_BGP_SPOKE_KOMOS_ENERGY
neighbor 172.30.2.73 peer-group PG_BGP_SPOKE_KG_SPB
neighbor 172.30.2.74 peer-group PG_BGP_SPOKE_PF_AKS
neighbor 172.30.2.75 peer-group PG_BGP_SPOKE_PF_AKS
neighbor 172.30.2.76 remote-as 64556
neighbor 172.30.2.76 next-hop-self all
neighbor 172.30.2.76 soft-reconfiguration inbound
neighbor 172.30.2.76 route-map RM_SPOKE_OUT out
neighbor 172.30.30.42 remote-as 64513
neighbor 172.30.30.42 next-hop-self all
neighbor 172.30.30.42 soft-reconfiguration inbound
neighbor 172.30.30.46 remote-as 64513
neighbor 172.30.30.46 next-hop-self all
neighbor 172.30.30.46 soft-reconfiguration inbound
distance bgp 150 150 150
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
ip route 0.0.0.0 0.0.0.0 5.227.124.1
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.1.254.254 name --Default_Gateway_for_Management--
ip route vrf TUN 0.0.0.0 0.0.0.0 91.240.179.254 100 name GW_VRF
!
ip bgp-community new-format
!
!
ip prefix-list IN_FROM_KOMOS_MEDIA seq 10 permit 10.14.7.0/24
!
ip prefix-list IN_FROM_PS_GLAZOV seq 10 permit 10.2.3.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 20 permit 172.16.3.0/29
ip prefix-list IN_FROM_PS_GLAZOV seq 30 permit 10.5.30.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 40 permit 192.168.31.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 50 permit 192.168.32.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 60 permit 192.168.33.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 70 permit 192.168.34.0/24
ip prefix-list IN_FROM_PS_GLAZOV seq 80 permit 192.168.36.0/25
!
ip prefix-list IN_FROM_PS_KAZAN seq 10 permit 10.2.8.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 20 permit 172.16.8.0/29
ip prefix-list IN_FROM_PS_KAZAN seq 30 permit 10.200.1.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 40 permit 192.168.70.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 50 permit 192.168.72.0/22
ip prefix-list IN_FROM_PS_KAZAN seq 60 permit 192.168.76.0/25
ip prefix-list IN_FROM_PS_KAZAN seq 70 permit 192.168.77.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 80 permit 192.168.78.0/24
ip prefix-list IN_FROM_PS_KAZAN seq 90 permit 10.5.62.0/24
!
ip prefix-list IN_FROM_PS_KEZ seq 10 permit 10.2.10.0/24
ip prefix-list IN_FROM_PS_KEZ seq 20 permit 10.5.95.0/29
ip prefix-list IN_FROM_PS_KEZ seq 30 permit 10.5.94.0/24
ip prefix-list IN_FROM_PS_KEZ seq 40 permit 10.200.3.0/24
ip prefix-list IN_FROM_PS_KEZ seq 50 permit 192.168.20.0/24
ip prefix-list IN_FROM_PS_KEZ seq 60 permit 192.168.22.0/24
ip prefix-list IN_FROM_PS_KEZ seq 70 permit 192.168.23.0/24
ip prefix-list IN_FROM_PS_KEZ seq 80 permit 192.168.25.0/24
ip prefix-list IN_FROM_PS_KEZ seq 90 permit 192.168.26.0/25
!
ip prefix-list IN_FROM_PS_PERM seq 10 permit 10.2.5.0/24
ip prefix-list IN_FROM_PS_PERM seq 20 permit 10.10.250.252/30
ip prefix-list IN_FROM_PS_PERM seq 30 permit 172.16.5.0/29
ip prefix-list IN_FROM_PS_PERM seq 40 permit 192.168.48.0/22
ip prefix-list IN_FROM_PS_PERM seq 50 permit 192.168.53.0/24
ip prefix-list IN_FROM_PS_PERM seq 60 permit 10.5.126.0/24
!
ip prefix-list IN_FROM_PS_SARAPUL seq 10 permit 10.2.4.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 20 permit 172.16.4.0/29
ip prefix-list IN_FROM_PS_SARAPUL seq 30 permit 10.5.158.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 40 permit 192.168.10.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 50 permit 192.168.11.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 60 permit 192.168.12.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 70 permit 192.168.13.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 80 permit 192.168.14.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 90 permit 192.168.15.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 100 permit 192.168.16.0/24
ip prefix-list IN_FROM_PS_SARAPUL seq 110 permit 192.168.19.0/25
ip prefix-list IN_FROM_PS_SARAPUL seq 120 permit 10.5.157.0/24
!
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 10 permit 192.168.8.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 20 permit 192.168.9.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 30 permit 192.168.110.0/24
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 40 permit 10.4.0.0/16
ip prefix-list OUT_TO_ALL_PS_MILKOM seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_KOMOS_MEDIA seq 10 permit 10.1.19.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 20 permit 10.1.15.0/24
ip prefix-list OUT_TO_KOMOS_MEDIA seq 30 permit 10.0.0.0/14
ip prefix-list OUT_TO_KOMOS_MEDIA seq 40 permit 192.168.0.0/22
ip prefix-list OUT_TO_KOMOS_MEDIA seq 50 permit 10.4.24.0/21
ip prefix-list OUT_TO_KOMOS_MEDIA seq 60 permit 0.0.0.0/0 le 32
!
ip prefix-list OUT_TO_MEAT_COMPANY seq 10 permit 192.168.0.0/22
ip prefix-list OUT_TO_MEAT_COMPANY seq 20 permit 10.1.19.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 30 permit 10.1.15.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 40 permit 10.14.7.0/24
ip prefix-list OUT_TO_MEAT_COMPANY seq 50 permit 0.0.0.0/0 le 32
!
ip prefix-list PFL_ROUTE_TO_MLK seq 5 permit 10.1.20.131/32
ip prefix-list PFL_ROUTE_TO_MLK seq 10 permit 10.0.0.0/14 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 20 permit 10.14.24.0/21 le 24
ip prefix-list PFL_ROUTE_TO_MLK seq 30 permit 172.31.2.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 40 permit 192.168.0.0/22
ip prefix-list PFL_ROUTE_TO_MLK seq 50 permit 10.14.17.0/24
ip prefix-list PFL_ROUTE_TO_MLK seq 60 permit 10.14.52.0/22
!
ip prefix-list PL_DF_GW seq 5 permit 0.0.0.0/0
ip prefix-list PL_DF_GW seq 10 permit 91.240.179.0/24 le 32
!
ip prefix-list PL_KUMK_IN seq 5 permit 10.12.252.0/22
ip prefix-list PL_KUMK_IN seq 10 permit 10.12.0.0/17
!
ip prefix-list PL_REDIS_CONN seq 5 permit 10.1.50.0/24 le 30
!
ip access-list extended ACL-DMVPN_TRAFFIC_KOM
permit ip any any
permit tcp any any eq 22
permit icmp any any
permit gre any any
permit udp any any eq isakmp
permit esp any any
permit eigrp any any
ip access-list extended ACL-WAN_TO_SELF_KOM
permit ip object-group OBJ_BRANCHES object-group STATIC_ISP_IP
permit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any administratively-prohibited
permit icmp any any echo
deny ip any any
ip access-list extended ACL_KUMK_IN
deny tcp any any eq 445
permit ip 10.1.50.0 0.0.0.255 10.1.50.0 0.0.0.255
permit ip any 10.12.0.0 0.0.255.255
permit ip host 10.1.50.2 host 10.1.50.1
permit icmp 10.12.1.0 0.0.0.255 any
permit icmp 10.12.0.0 0.0.0.255 any
permit ip 10.12.1.0 0.0.0.255 host 10.1.9.207
permit ip 10.12.1.0 0.0.0.255 host 192.168.8.137
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.43
permit ip 10.12.0.0 0.0.0.255 host 10.4.0.214
permit ip host 10.12.0.254 any
permit ip 10.12.0.0 0.0.127.255 10.12.252.0 0.0.3.255
permit ip 10.12.252.0 0.0.3.255 10.12.0.0 0.0.127.255
permit ip host 172.30.31.2 host 172.30.31.1
permit ip host 10.12.252.254 any
permit tcp any any eq domain
permit udp any any eq domain
permit ip any host 10.1.8.14
permit icmp any any
permit ip any host 10.1.9.207
permit ip any host 10.4.0.214
permit ip 10.12.4.0 0.0.0.255 any
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.14
permit ip 10.12.1.0 0.0.0.255 host 10.4.0.15
permit ip any host 10.4.0.15
permit ip any host 10.4.0.14
permit tcp any any eq 8291
ip access-list extended ACL_QOS_Q1
remark WEB Internet
permit tcp any any eq www 443 8443
permit tcp any eq www 443 8443 any
remark Samba
permit tcp any any eq 445
permit tcp any eq 445 any
ip access-list extended ACL_QOS_Q2
remark 1C
permit tcp any any range 1560 1591
permit tcp any any eq 1540 1541
permit tcp any range 1560 1591 any
permit tcp any eq 1540 1541 any
remark SQL
permit udp any any eq 1433
permit tcp any any eq 1433
permit udp any eq 1433 any
permit tcp any eq 1433 any
remark WEB Local
permit tcp any 10.0.0.0 0.255.255.255 eq www 443 8443
permit tcp any 192.168.0.0 0.0.255.255 eq www 443 8443
permit tcp any 172.16.0.0 0.15.255.255 eq www 443 8443
permit tcp 10.0.0.0 0.255.255.255 eq www 443 8443 any
permit tcp 192.168.0.0 0.0.255.255 eq www 443 8443 any
permit tcp 172.16.0.0 0.15.255.255 eq www 443 8443 any
ip access-list extended ACL_QOS_Q3
remark SIP
permit udp any any eq 5060 5061
permit udp any eq 5060 5061 any
remark RDP
permit tcp any any eq 3389
permit tcp any eq 3389 any
permit udp any any eq 3389
permit udp any eq 3389 any
remark SSH
permit tcp any any eq 22
permit tcp any eq 22 any
remark Winbox
permit tcp any any eq 8291
permit tcp any eq 8291 any
ip access-list extended ACL_QOS_Q4
remark TEAMS + Confirence and other + Telegram
ip access-list extended ACL_QOS_Q5
remark RTP trafic
permit udp any range 10000 20000 host 172.17.100.1 range 10000 20000
permit udp host 172.17.100.1 range 10000 20000 any range 10000 20000
permit udp any range 10000 20000 host 10.4.7.17 range 10000 20000
permit udp host 10.4.7.17 range 10000 20000 any range 10000 20000
remark DNS
permit udp any any eq domain
permit tcp any any eq domain
permit udp any eq domain any
permit tcp any eq domain any
remark NTP
permit udp any any eq ntp
remark LDAP
permit udp any any eq 389 88
permit tcp any any eq 389 88
permit udp any eq 389 88 any
permit tcp any eq 389 88 any
ip access-list extended Access_VTY
permit icmp any any
permit tcp 10.0.0.0 0.255.255.255 eq 22 any
permit tcp 192.168.0.0 0.0.255.255 eq 22 any
permit tcp 172.0.0.0 0.16.255.255 eq 22 any
deny ip any any
kron occurrence EveryDay at 1:00 recurring
policy-list SaveBackup
!
kron policy-list SaveBackup
cli write memory
!
logging origin-id hostname
logging source-interface GigabitEthernet0/0/1.100
logging host 10.4.244.4 transport udp port 515
!
!
route-map RM_KEZ_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_BGP_KUMK_IN permit 10
match ip address prefix-list PL_KUMK_IN
!
route-map RM_KAZAN_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_GLAZOV_IN permit 20
match ip address prefix-list IN_FROM_PS_GLAZOV
!
route-map RM_PERM_IN permit 20
match ip address prefix-list IN_FROM_PS_PERM
!
route-map RM_SPOKE_OUT deny 10
match ip address prefix-list PL_DF_GW
!
route-map RM_SPOKE_OUT permit 20
!
route-map RM_SARAPUL_OUT permit 20
match ip address prefix-list OUT_ALL_PS_MILKOM
!
route-map RM_KOMOS_MEDIA_OUT permit 10
match ip address prefix-list OUT_TO_KOMOS_MEDIA
!
route-map RM_BGP_FROM_SPOKE permit 10
set local-preference 1000
!
route-map RM_TO_MILKON_MAIN_OUT permit 20
match ip address prefix-list PFL_ROUTE_TO_MLK
!
route-map RM_KAZAN_IN permit 20
match ip address prefix-list IN_FROM_PS_KAZAN
!
route-map RM_MTS_LP permit 20
set local-preference 1000
!
route-map RM_KEZ_IN permit 20
match ip address prefix-list IN_FROM_PS_KEZ
!
route-map RM_SARAPUL_IN permit 20
match ip address prefix-list IN_FROM_PS_SARAPUL
!
route-map RM_MEAT_COMPANY_OUT permit 10
match ip address prefix-list OUT_TO_MEAT_COMPANY
!
route-map RM_KOMOS_MEDIA_IN permit 10
match ip address prefix-list IN_FROM_KOMOS_MEDIA
!
route-map RM_GLAZOV_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
route-map RM_REDIS_CONN permit 10
match ip address prefix-list PL_REDIS_CONN
!
route-map RM_PERM_OUT permit 20
match ip address prefix-list OUT_TO_ALL_PS_MILKOM
!
snmp-server community lmTUEsk6Yvlv RO
snmp-server host 10.1.122.227 lmTUEsk6Yvlv
!
!
!
radius server IZH-RDS002
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
radius server P11-RDS003
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
timeout 3
retransmit 2
key 7 000C0A0D227A2A2627261576501F1618193C04513B73332D2976642D064F0F285F4354577C251B14245C4A0461770275094832147240003138367E38204B24661E
!
!
control-plane
!
privilege exec all level 7 show cdp
privilege exec all level 7 show running-config
privilege exec all level 7 show configuration
privilege exec level 7 show
alias exec q exit
alias exec sib sh ip int brief
!
line con 0
login authentication CONSOLE
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
login authentication NPS
length 0
transport input ssh
line vty 5 15
exec-timeout 120 0
login authentication NPS
transport input ssh
!
ntp server 10.1.8.1
ntp server 10.1.8.2
!
!
!
!
!
end
Reference in New Issue View Git Blame Copy Permalink