2176 lines
52 KiB
Plaintext
2176 lines
52 KiB
Plaintext
Building configuration...
|
|
|
|
Current configuration : 53612 bytes
|
|
!
|
|
! Last configuration change at 14:37:31 SAMT Wed Jul 27 2022 by adm_kapustinal
|
|
! NVRAM config last updated at 14:39:34 SAMT Thu Jul 21 2022 by akhmetzyanovrr_adm
|
|
!
|
|
version 15.2
|
|
no service pad
|
|
service timestamps debug datetime msec localtime show-timezone year
|
|
service timestamps log datetime msec localtime show-timezone year
|
|
no service password-encryption
|
|
service compress-config
|
|
service unsupported-transceiver
|
|
!
|
|
hostname IZH-MLK-IZM-SW-1-1
|
|
!
|
|
boot-start-marker
|
|
boot system flash bootflash:cat4500e-universalk9.SPA.03.08.01.E.152-4.E1.bin
|
|
license boot level entservices
|
|
boot-end-marker
|
|
!
|
|
!
|
|
vrf definition mgmtVrf
|
|
!
|
|
address-family ipv4
|
|
exit-address-family
|
|
!
|
|
address-family ipv6
|
|
exit-address-family
|
|
!
|
|
logging userinfo
|
|
logging buffered 64000
|
|
logging event link-status global
|
|
logging event trunk-status global
|
|
enable secret 5 $1$QW0D$QYciH.O0GY9GW37Ao2khP1
|
|
!
|
|
username netadmin privilege 15 secret 5 $1$TmCf$7DTGwTawupGEcfLxy5c9g/
|
|
aaa new-model
|
|
!
|
|
!
|
|
aaa group server radius NPS
|
|
server name IZH-RDS002
|
|
server name P11-RDS003
|
|
ip radius source-interface Vlan300
|
|
load-balance method least-outstanding
|
|
!
|
|
aaa authentication login default group NPS local enable
|
|
aaa authentication login CONSOLE local group NPS
|
|
aaa authorization exec default group NPS local if-authenticated
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
aaa session-id common
|
|
clock timezone SAMT 4 0
|
|
!
|
|
switch virtual domain 1
|
|
switch mode virtual
|
|
switch 1 priority 200
|
|
switch 2 priority 150
|
|
mac-address use-virtual
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
no ip domain-lookup
|
|
ip domain-name milkom-komos.ru
|
|
ip host tftp 10.4.0.214
|
|
ip name-server 192.168.8.200
|
|
ip name-server 192.168.8.201
|
|
!
|
|
!
|
|
login on-failure log
|
|
login on-success log
|
|
vtp domain MILKOM-KOMOS.RU
|
|
vtp mode off
|
|
!
|
|
!
|
|
!
|
|
power redundancy-mode redundant
|
|
!
|
|
mac access-list extended VSL-BPDU
|
|
permit any 0180.c200.0000 0000.0000.0003
|
|
mac access-list extended VSL-CDP
|
|
permit any host 0100.0ccc.cccc
|
|
mac access-list extended VSL-DOT1x
|
|
permit any any 0x888E
|
|
mac access-list extended VSL-GARP
|
|
permit any host 0180.c200.0020
|
|
mac access-list extended VSL-LLDP
|
|
permit any host 0180.c200.000e
|
|
mac access-list extended VSL-MGMT
|
|
permit any 0022.bdcd.d200 0000.0000.00ff
|
|
permit 0022.bdcd.d200 0000.0000.00ff any
|
|
mac access-list extended VSL-SSTP
|
|
permit any host 0100.0ccc.cccd
|
|
port-channel load-balance src-dst-port
|
|
archive
|
|
log config
|
|
logging enable
|
|
logging size 900
|
|
notify syslog contenttype plaintext
|
|
hidekeys
|
|
path tftp://tftp/IZH/MLK/IZM-SW_L3/$H-$T
|
|
write-memory
|
|
time-period 10080
|
|
!
|
|
spanning-tree mode pvst
|
|
spanning-tree logging
|
|
spanning-tree extend system-id
|
|
spanning-tree vlan 1-4094 priority 4096
|
|
!
|
|
redundancy
|
|
mode sso
|
|
bfd-template single-hop p2p
|
|
interval min-tx 300 min-rx 300 multiplier 3
|
|
!
|
|
!
|
|
vlan internal allocation policy ascending
|
|
!
|
|
vlan 8
|
|
name --UserNet_8.0/24--
|
|
!
|
|
vlan 9
|
|
name --UserNet_9.0/24--
|
|
!
|
|
vlan 10
|
|
name --UserNet_10.0/24--
|
|
!
|
|
vlan 11
|
|
name --UserNet_11.0/24--
|
|
!
|
|
vlan 12
|
|
name --UserNet_12.0/24--
|
|
!
|
|
vlan 13
|
|
name --UserNet_13.0/24--
|
|
!
|
|
vlan 14
|
|
name --UserNet_14.0/24--
|
|
!
|
|
vlan 15
|
|
name --UserNet_15.0/24--
|
|
!
|
|
vlan 16
|
|
name --UserNet_16.0/24--
|
|
!
|
|
vlan 17
|
|
name --UserNet_17.0/24--
|
|
!
|
|
vlan 18
|
|
name --UserNet_18.0/24--
|
|
!
|
|
vlan 19
|
|
name --UserNet_19.0/24--
|
|
!
|
|
vlan 20
|
|
name --UserNet_20.0/24--
|
|
!
|
|
vlan 22
|
|
name Nobel_Users
|
|
!
|
|
vlan 23
|
|
name test_Rustam
|
|
!
|
|
vlan 90
|
|
name NET_SERVER_150
|
|
!
|
|
vlan 93
|
|
name --LINK_TO_vpn_SSTP--
|
|
!
|
|
vlan 96
|
|
name --ERTELEKOM--
|
|
!
|
|
vlan 99
|
|
name --MARK_ASTERISK--
|
|
!
|
|
vlan 101
|
|
name --PRINTERS--
|
|
!
|
|
vlan 103
|
|
name -=KPP_Vesi&Cam=-
|
|
!
|
|
vlan 110
|
|
name --NET_KIP_PRODACTION--
|
|
!
|
|
vlan 111
|
|
name TRANSIT_TO_C3925-1
|
|
!
|
|
vlan 112
|
|
name Intraconnect_ospf_area_1
|
|
!
|
|
vlan 113
|
|
name TRANSIT_TO_MIKROTIK
|
|
!
|
|
vlan 150
|
|
name --Wi-Fi_Users_32.0/24--
|
|
!
|
|
vlan 151
|
|
name --Wi-Fi_Prod_33.0/24--
|
|
!
|
|
vlan 172
|
|
name TelephonyNet
|
|
!
|
|
vlan 173
|
|
name TelephonyTest
|
|
!
|
|
vlan 201
|
|
name --MANUFACTURE_VLAN--
|
|
!
|
|
vlan 202
|
|
name --DMZ--
|
|
!
|
|
vlan 207
|
|
name VCOD_Servers_DMZ_Frontend
|
|
!
|
|
vlan 208
|
|
name VCOD_Servers_Backend
|
|
!
|
|
vlan 248
|
|
name --SANDBOX_ELAR--
|
|
!
|
|
vlan 249
|
|
name --ServTestC_36.0/24--
|
|
!
|
|
vlan 250
|
|
name --ServerNet_0.0/24--
|
|
!
|
|
vlan 251
|
|
name -=ServMail_7.0/28=-
|
|
!
|
|
vlan 252
|
|
name --VOICE_ATS--
|
|
!
|
|
vlan 253
|
|
name exchange_komos-group
|
|
!
|
|
vlan 254
|
|
name -Service_SharePoint-
|
|
!
|
|
vlan 255
|
|
name --ServerNet_2.0/24--
|
|
!
|
|
vlan 256
|
|
name Server_Mon_1C_3.0/24
|
|
!
|
|
vlan 257
|
|
name KONTUR_DEV_SQL5.0/27
|
|
!
|
|
vlan 288
|
|
name SERVERS_DEV
|
|
!
|
|
vlan 289
|
|
name -=SRVBakNet_245.0_24=-
|
|
!
|
|
vlan 290
|
|
name -=SrvVmwVMon_242.0/26=-
|
|
!
|
|
vlan 291
|
|
name -=SrvVmwVSan_242.64/26=-
|
|
!
|
|
vlan 292
|
|
name -=SrvBakNet_243.0/24=-
|
|
!
|
|
vlan 294
|
|
name --SRV_iLO_iDrack_etc--
|
|
!
|
|
vlan 299
|
|
name --SrvMng_240.0\24--
|
|
!
|
|
vlan 300
|
|
name --MANAGMENT--
|
|
!
|
|
vlan 301
|
|
name --Wi-Fi_MANAGMENT--
|
|
!
|
|
vlan 302
|
|
name -=Wi-Fi_MANAGMENT=-
|
|
!
|
|
vlan 350
|
|
name --VOICE_28.0/23--
|
|
!
|
|
vlan 448
|
|
name -=VideoKomos=-
|
|
!
|
|
vlan 500
|
|
name --Wi-Fi_Guest_35.0/24--
|
|
!
|
|
vlan 550
|
|
name --CISCO_ASA--
|
|
!
|
|
vlan 551
|
|
name --TRANSIT_HSRP--
|
|
!
|
|
vlan 553
|
|
name VST-IZM Peering
|
|
!
|
|
vlan 554
|
|
name VRS-IZM Peering
|
|
!
|
|
vlan 556
|
|
name P2P_iBGP_KOMOS_AS_over_ER_Telecom
|
|
!
|
|
vlan 557
|
|
name P2P_iBGP_KOMOS_AS_over_MTS
|
|
!
|
|
vlan 596
|
|
name P2P_RCOD-OCOD_ER_Telecom
|
|
!
|
|
vlan 597
|
|
name --BGP_TRANSIT_TO_ISR4431--
|
|
!
|
|
vlan 599
|
|
name MLK_TRUNK_TO_DC-MLK
|
|
!
|
|
vlan 600
|
|
name --PET_PRODACTION--
|
|
!
|
|
vlan 601
|
|
name --KMK_PRODACTION--
|
|
!
|
|
vlan 603
|
|
name --CRPT-Mark--
|
|
!
|
|
vlan 650
|
|
name --ISCSI--
|
|
!
|
|
vlan 1000
|
|
name --ELAR-TEST--
|
|
!
|
|
vlan 1100
|
|
name TEST_ARR_esr-10
|
|
!
|
|
vlan 1113
|
|
name PI_RT-1-3
|
|
!
|
|
vlan 1500
|
|
name dmz_env_1C_WMS_MLK
|
|
!
|
|
vlan 1501
|
|
name safe_env_1C_WMS_MLK
|
|
!
|
|
vlan 1999
|
|
name env_1C_Licensing
|
|
!
|
|
vlan 2145
|
|
name Test_BGP
|
|
!
|
|
vlan 3915
|
|
name IZM_VLAN3915_SPLUNK
|
|
!
|
|
vlan 4030
|
|
name MLK_NATIVE_TO_DC-MLK
|
|
!
|
|
vlan 4031
|
|
name --MLK-KCOD_VEAMREPL_172.31.31.0/24--
|
|
!
|
|
vlan 4032
|
|
name --MLK-KCOD_SQLREPL_172.31.33.0/24--
|
|
!
|
|
vlan 4033
|
|
name --MLK-KCOD_SRVVCHA_172.31.33.0/24--
|
|
!
|
|
vlan 4034
|
|
name --MLK-KCOD_EXCHREPL_172.31.34.0/24--
|
|
!
|
|
vlan 4035
|
|
name --MLK-KCOD_SRVVCMG_172.31.35.0/24--
|
|
lldp run
|
|
!
|
|
track 1 ip sla 1 reachability
|
|
delay down 10 up 5
|
|
!
|
|
track 2 ip sla 2 reachability
|
|
delay down 10 up 5
|
|
!
|
|
track 3 ip sla 3 reachability
|
|
delay down 10 up 5
|
|
!
|
|
track 4 ip sla 4 reachability
|
|
delay down 10 up 5
|
|
!
|
|
track 10 list boolean or
|
|
object 1
|
|
object 2
|
|
object 3
|
|
object 4
|
|
delay down 5 up 30
|
|
!
|
|
!
|
|
class-map match-any VSL-MGMT-PACKETS
|
|
match access-group name VSL-MGMT
|
|
class-map match-any VSL-DATA-PACKETS
|
|
match any
|
|
class-map match-any VSL-L2-CONTROL-PACKETS
|
|
match access-group name VSL-DOT1x
|
|
match access-group name VSL-BPDU
|
|
match access-group name VSL-CDP
|
|
match access-group name VSL-LLDP
|
|
match access-group name VSL-SSTP
|
|
match access-group name VSL-GARP
|
|
class-map match-any VSL-L3-CONTROL-PACKETS
|
|
match access-group name VSL-IPV4-ROUTING
|
|
match access-group name VSL-BFD
|
|
match access-group name VSL-DHCP-CLIENT-TO-SERVER
|
|
match access-group name VSL-DHCP-SERVER-TO-CLIENT
|
|
match access-group name VSL-DHCP-SERVER-TO-SERVER
|
|
match access-group name VSL-IPV6-ROUTING
|
|
class-map match-any VSL-MULTIMEDIA-TRAFFIC
|
|
match dscp af41
|
|
match dscp af42
|
|
match dscp af43
|
|
match dscp af31
|
|
match dscp af32
|
|
match dscp af33
|
|
match dscp af21
|
|
match dscp af22
|
|
match dscp af23
|
|
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
|
|
match dscp ef
|
|
match dscp cs4
|
|
match dscp cs5
|
|
class-map match-any VSL-SIGNALING-NETWORK-MGMT
|
|
match dscp cs2
|
|
match dscp cs3
|
|
match dscp cs6
|
|
match dscp cs7
|
|
!
|
|
policy-map VSL-Queuing-Policy
|
|
class VSL-MGMT-PACKETS
|
|
bandwidth percent 5
|
|
class VSL-L2-CONTROL-PACKETS
|
|
bandwidth percent 5
|
|
class VSL-L3-CONTROL-PACKETS
|
|
bandwidth percent 5
|
|
class VSL-VOICE-VIDEO-TRAFFIC
|
|
bandwidth percent 30
|
|
class VSL-SIGNALING-NETWORK-MGMT
|
|
bandwidth percent 10
|
|
class VSL-MULTIMEDIA-TRAFFIC
|
|
bandwidth percent 20
|
|
class VSL-DATA-PACKETS
|
|
bandwidth percent 20
|
|
class class-default
|
|
bandwidth percent 5
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
interface Null0
|
|
no ip unreachables
|
|
!
|
|
interface Loopback11
|
|
description KOMOS PI
|
|
ip address 91.240.179.254 255.255.255.255
|
|
!
|
|
interface Port-channel1
|
|
description [VSL] Link_1
|
|
switchport
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
switch virtual link 1
|
|
!
|
|
interface Port-channel2
|
|
description [VSL] Link_2
|
|
switchport
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
switch virtual link 2
|
|
!
|
|
interface Port-channel4
|
|
description --IZH-KY-04-SW1--
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel5
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel6
|
|
description [KU] SW-18-2
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel7
|
|
description [KU] SW-11-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel8
|
|
description [KU] SW-2-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel9
|
|
description --IZH-KY-04-SW0--
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel10
|
|
description [KU] SW-6-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel11
|
|
description [KU] SW-7-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel13
|
|
description [KU] SW-8-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel14
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel15
|
|
description [KU] SW-14-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel16
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel17
|
|
description --IZH-KY-13-1-SW0--
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel18
|
|
description [KU] SW-15-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel19
|
|
description [KU] SW-16-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel20
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel21
|
|
description [KU] SW-6-2
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel22
|
|
description [CORE] SW-1-3
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel23
|
|
description [KU] SW-7-2
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel24
|
|
description [KU] SW-17-2
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel25
|
|
description [KU] SW-18-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel26
|
|
description [KU] SW-18-3
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel27
|
|
description [KU] SW-5-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel28
|
|
description [KU] SW-6-3
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel29
|
|
description [KU] SW-19-1
|
|
switchport
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel31
|
|
description [KU] SW-3-1
|
|
switchport
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel41
|
|
description [KU] SW-4-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel100
|
|
description [CORE] SW-1-4
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel101
|
|
description [CORE] SW-1-2
|
|
switchport
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel102
|
|
description [-CORE] Huawei CE6881
|
|
switchport
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel110
|
|
description [KU] SW-10-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel121
|
|
description [KU] SW-12-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface Port-channel131
|
|
description [KU] SW-13-1
|
|
switchport
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface FastEthernet1
|
|
vrf forwarding mgmtVrf
|
|
no ip address
|
|
speed auto
|
|
duplex auto
|
|
!
|
|
interface TenGigabitEthernet1/1/1
|
|
description [KU] Po41 SW-4-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 41 mode active
|
|
!
|
|
interface TenGigabitEthernet1/1/2
|
|
description [KU] Po131 SW-13-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 131 mode active
|
|
!
|
|
interface TenGigabitEthernet1/1/3
|
|
description [KU] Po6 SW-18-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 6 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/4
|
|
description [KU] Po7 SW-11-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 7 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/5
|
|
description [KU] Po8 SW-2-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 8 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/6
|
|
description --IZH-KY-04-SW0--
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 9 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/7
|
|
description [KU] Po10 SW-6-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 10 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/8
|
|
description [KU] Po11 SW-7-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 11 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/9
|
|
description [KU] SW-3-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet1/1/10
|
|
description [KU] Po13 SW-8-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 13 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/11
|
|
description [KU] SW-9-2
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet1/1/12
|
|
description [KU] Po15 SW-14-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 15 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/13
|
|
description [KU] Po19 SW-16-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 19 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/14
|
|
description [KU] SW-17-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet1/1/15
|
|
description [KU] Po18 SW-15-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 18 mode active
|
|
!
|
|
interface TenGigabitEthernet1/1/16
|
|
description [KU] SW-9-1
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet1/1/17
|
|
description [KU] Po121 SW-12-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 121 mode active
|
|
!
|
|
interface TenGigabitEthernet1/1/18
|
|
description [KU] Po21 SW-6-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 21 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/19
|
|
description [CORE] Po22 SW-1-3
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 22 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/20
|
|
description [KU] Po23 SW-7-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 23 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/21
|
|
description [KU] Po24 SW-17-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 24 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/22
|
|
description [KU] Po25 SW-18-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 25 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/23
|
|
description [KU] Po26 SW-18-3
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 26 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/24
|
|
description [KU] Po27 SW-5-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 27 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/25
|
|
description [KU] Po28 SW-6-3
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 28 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/26
|
|
description --IZH-MLK-IZM-SW-3-1--
|
|
switchport mode trunk
|
|
channel-group 31 mode on
|
|
!
|
|
interface TenGigabitEthernet1/1/27
|
|
description [CORE] RT-1-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet1/1/28
|
|
description [CORE] RT-1-1
|
|
switchport trunk allowed vlan 100,111,112,300,551,556,557,597
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet1/1/29
|
|
description [CORE] SW-1-2
|
|
switchport mode trunk
|
|
channel-group 101 mode active
|
|
!
|
|
interface TenGigabitEthernet1/1/30
|
|
description [CORE] Po100 SW-1-4
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 100 mode active
|
|
!
|
|
interface TenGigabitEthernet1/1/31
|
|
description [VSL] Po1 Link_1
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
no lldp transmit
|
|
no lldp receive
|
|
channel-group 1 mode on
|
|
service-policy output VSL-Queuing-Policy
|
|
!
|
|
interface TenGigabitEthernet1/1/32
|
|
description [VSL] Po1 Link_1
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
no lldp transmit
|
|
no lldp receive
|
|
channel-group 1 mode on
|
|
service-policy output VSL-Queuing-Policy
|
|
!
|
|
interface TenGigabitEthernet1/2/1
|
|
description [KU] Po31 SW-3-1
|
|
switchport mode trunk
|
|
channel-group 31 mode on
|
|
!
|
|
interface TenGigabitEthernet1/2/2
|
|
description [KU] Po110 SW-10-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 110 mode active
|
|
!
|
|
interface TenGigabitEthernet1/2/3
|
|
!
|
|
interface TenGigabitEthernet1/2/4
|
|
!
|
|
interface TenGigabitEthernet1/2/5
|
|
!
|
|
interface TenGigabitEthernet1/2/6
|
|
!
|
|
interface TenGigabitEthernet1/2/7
|
|
!
|
|
interface TenGigabitEthernet1/2/8
|
|
description [CORE] Huawei ce6881
|
|
switchport mode trunk
|
|
channel-group 102 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/1
|
|
description [KU] Po41 SW-4-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 41 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/2
|
|
description [KU] Po131 SW-13-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 131 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/3
|
|
description [KU] Po6 SW-18-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 6 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/4
|
|
description [KU] Po7 SW-11-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 7 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/5
|
|
description [KU] Po8 SW-2-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 8 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/6
|
|
description --IZH-KY-04-SW0--
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 9 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/7
|
|
description [KU] Po10 SW-6-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 10 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/8
|
|
description [KU] Po11 SW-7-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 11 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/9
|
|
description FREE
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet2/1/10
|
|
description [KU] Po13 SW-8-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 13 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/11
|
|
description [KU] Po29 SW-19-1
|
|
switchport mode trunk
|
|
channel-group 29 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/12
|
|
description [KU] Po15 SW-14-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 15 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/13
|
|
description FREE
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet2/1/14
|
|
description --IZH-KY-13-1-SW0--
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 17 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/15
|
|
description --IZH-KY-15-0-SW0--
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 18 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/16
|
|
description --IZH-KY-16-0-SW0--
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 19 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/17
|
|
description [KU] Po121 SW-12-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 121 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/18
|
|
description [KU] Po21 SW-6-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 21 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/19
|
|
description [CORE] Po22 SW-1-3
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 22 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/20
|
|
description [KU] Po23 SW-7-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 23 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/21
|
|
description [KU] Po24 SW-17-2
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 24 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/22
|
|
description [KU] Po25 SW-18-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 25 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/23
|
|
description [KU] Po26 SW-18-3
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 26 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/24
|
|
description [KU] Po27 SW-5-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 27 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/25
|
|
description [KU] Po28 SW-6-3
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 28 mode on
|
|
!
|
|
interface TenGigabitEthernet2/1/26
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet2/1/27
|
|
description [KU] SW-20-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet2/1/28
|
|
description --IZH-KY-17-4-SW0--
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
!
|
|
interface TenGigabitEthernet2/1/29
|
|
description [CORE] SW-1-2
|
|
switchport mode trunk
|
|
channel-group 101 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/30
|
|
description [CORE] Po100 SW-1-4
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 100 mode active
|
|
!
|
|
interface TenGigabitEthernet2/1/31
|
|
description [VSL] Po2 Link_2
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
no lldp transmit
|
|
no lldp receive
|
|
channel-group 2 mode on
|
|
service-policy output VSL-Queuing-Policy
|
|
!
|
|
interface TenGigabitEthernet2/1/32
|
|
description [VSL] Po2 Link_2
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
no lldp transmit
|
|
no lldp receive
|
|
channel-group 2 mode on
|
|
service-policy output VSL-Queuing-Policy
|
|
!
|
|
interface TenGigabitEthernet2/2/1
|
|
description [KU] Po31 SW-3-1
|
|
switchport mode trunk
|
|
channel-group 31 mode on
|
|
!
|
|
interface TenGigabitEthernet2/2/2
|
|
description [KU] Po110 SW-10-1
|
|
switchport trunk allowed vlan 1-447,449-4094
|
|
switchport mode trunk
|
|
channel-group 110 mode active
|
|
!
|
|
interface TenGigabitEthernet2/2/3
|
|
!
|
|
interface TenGigabitEthernet2/2/4
|
|
!
|
|
interface TenGigabitEthernet2/2/5
|
|
!
|
|
interface TenGigabitEthernet2/2/6
|
|
!
|
|
interface TenGigabitEthernet2/2/7
|
|
!
|
|
interface TenGigabitEthernet2/2/8
|
|
description [CORE] Huawei ce6881
|
|
switchport mode trunk
|
|
channel-group 102 mode active
|
|
!
|
|
interface Vlan1
|
|
description LOCAL
|
|
ip dhcp relay information trusted
|
|
ip address 192.168.110.254 255.255.255.0 secondary
|
|
ip address 192.168.9.254 255.255.255.0 secondary
|
|
ip address 192.168.8.254 255.255.255.0 secondary
|
|
ip address 192.168.5.254 255.255.255.0
|
|
ip helper-address 192.168.3.230
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan8
|
|
description --UserNet_8.0/24--
|
|
ip address 10.4.8.254 255.255.255.0
|
|
ip helper-address 10.4.8.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan9
|
|
description --UserNet_9.0/24--
|
|
ip address 10.4.9.254 255.255.255.0
|
|
ip helper-address 10.4.9.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan10
|
|
description --UserNet_10.0/24--
|
|
ip address 10.4.10.254 255.255.255.0
|
|
ip helper-address 10.4.10.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan11
|
|
description --UserNet_11.0/24--
|
|
ip address 10.4.11.254 255.255.255.0
|
|
ip helper-address 10.4.11.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan12
|
|
description --UserNet_12.0/24--
|
|
ip address 10.4.12.254 255.255.255.0
|
|
ip helper-address 10.4.12.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan13
|
|
description --UserNet_13.0/24--
|
|
ip address 10.4.13.254 255.255.255.0
|
|
ip helper-address 10.4.13.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan14
|
|
description --UserNet_14.0/24--
|
|
ip address 10.4.14.254 255.255.255.0
|
|
ip helper-address 10.4.14.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan15
|
|
description --UserNet_15.0/24--
|
|
ip address 10.4.15.254 255.255.255.0
|
|
ip helper-address 10.4.15.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan16
|
|
description --UserNet_16.0/24--
|
|
ip address 10.4.16.254 255.255.255.0
|
|
ip helper-address 10.4.16.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan17
|
|
description --UserNet_17.0/24--
|
|
ip address 10.4.17.254 255.255.255.0
|
|
ip helper-address 10.4.17.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan18
|
|
description --UserNet_18.0/24--
|
|
ip address 10.4.18.254 255.255.255.0
|
|
ip helper-address 10.4.18.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan19
|
|
description --UserNet_19.0/24--
|
|
ip address 10.4.19.254 255.255.255.0
|
|
ip helper-address 10.4.19.239
|
|
ip helper-address 10.4.16.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan20
|
|
description --UserNet_20.0/24--
|
|
ip address 10.4.20.254 255.255.255.0
|
|
ip helper-address 10.4.16.239
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan22
|
|
ip address 192.168.255.254 255.255.255.0
|
|
!
|
|
interface Vlan23
|
|
description --MILKOM_Nobel_Users--
|
|
ip address 10.5.208.254 255.255.255.0
|
|
ip helper-address 10.4.16.239
|
|
no ip redirects
|
|
!
|
|
interface Vlan90
|
|
description NET_SERVER_150
|
|
ip address 192.168.150.254 255.255.255.0
|
|
shutdown
|
|
!
|
|
interface Vlan93
|
|
description --MIKROTIK_VPN--
|
|
ip address 172.30.35.253 255.255.254.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan101
|
|
description --Printers--
|
|
ip address 10.4.25.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan103
|
|
description --KPP Vesi&Cam--
|
|
ip address 10.4.41.254 255.255.255.0
|
|
!
|
|
interface Vlan110
|
|
description --NET_KIP_PRODACTION--
|
|
no ip address
|
|
!
|
|
interface Vlan111
|
|
ip address 172.16.1.4 255.255.255.248
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan112
|
|
description Intraconnect_ospf_area_1
|
|
ip address 172.16.254.4 255.255.255.248
|
|
shutdown
|
|
!
|
|
interface Vlan113
|
|
ip address 10.10.254.254 255.255.255.252
|
|
!
|
|
interface Vlan150
|
|
description --Wi-Fi_Users_32.0/24--
|
|
ip address 10.4.32.254 255.255.255.0
|
|
ip helper-address 10.4.32.239
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan151
|
|
description --Wi-Fi_Prod_33.0/24--
|
|
ip address 10.4.33.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan172
|
|
description TelephoneNet
|
|
ip address 172.17.100.6 255.255.255.248
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map SIP-ROUTING
|
|
!
|
|
interface Vlan173
|
|
description TelephonyTest
|
|
ip address 172.17.107.254 255.255.252.0
|
|
!
|
|
interface Vlan202
|
|
description --DMZ--
|
|
ip address 10.4.38.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map RM_DMZ
|
|
!
|
|
interface Vlan207
|
|
description [SRV] VCOD DMZ Frontend
|
|
ip address 10.100.0.126 255.255.255.128
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan208
|
|
description [SRV] VCOD Backend
|
|
ip address 10.100.0.254 255.255.255.128
|
|
!
|
|
interface Vlan248
|
|
description --SANDBOX_ELAR--
|
|
ip address 10.4.40.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan249
|
|
description --ServTestC_36.0/24--
|
|
ip address 10.4.36.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan250
|
|
description --ServerNet_0.0/24--
|
|
ip address 10.4.0.254 255.255.255.0
|
|
ip helper-address 10.4.0.239
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan251
|
|
description -=ServMail_7.0/28=-
|
|
ip address 10.4.7.14 255.255.255.240
|
|
no ip redirects
|
|
ip policy route-map PBR_MAIL
|
|
no snmp trap link-status
|
|
!
|
|
interface Vlan252
|
|
description --VOICE_ATS--
|
|
ip address 10.4.7.30 255.255.255.240
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map SIP-ROUTING
|
|
!
|
|
interface Vlan253
|
|
description Exchange KOMOS-GROUP.RU
|
|
ip address 10.4.44.254 255.255.255.0
|
|
!
|
|
interface Vlan254
|
|
ip address 10.4.1.126 255.255.255.128
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan289
|
|
description -=SRVBakNet_245.0_24=-
|
|
ip address 10.4.245.254 255.255.255.0
|
|
no ip redirects
|
|
!
|
|
interface Vlan290
|
|
description -=SrvVmwVMon_242.0/26=-
|
|
ip address 10.4.242.62 255.255.255.192
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan291
|
|
description -=SrvVmwVSan_242.64/26=-
|
|
ip address 10.4.242.126 255.255.255.192
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan292
|
|
description -=SrvBakNet_243.0/24=-
|
|
ip address 10.4.243.254 255.255.255.0
|
|
no ip redirects
|
|
ip policy route-map GLOBAL-ROUTING
|
|
!
|
|
interface Vlan294
|
|
description --SRV_iLO_iDrack_etc--
|
|
ip address 10.4.242.254 255.255.255.128
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan299
|
|
description --ServerMengNet_240.0\24--
|
|
ip address 10.4.240.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan300
|
|
description --MANAGMENT--
|
|
ip address 10.4.254.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan301
|
|
description --Wi-Fi_MANAGMENT--
|
|
ip address 10.4.255.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan302
|
|
description -=Wi-Fi_MANAGMENT=-
|
|
ip address 10.4.252.254 255.255.255.0
|
|
ip helper-address 10.4.16.239
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan350
|
|
description --VOICE_28.0/23
|
|
ip address 10.4.29.254 255.255.254.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan448
|
|
description -=VideoKomos=-
|
|
no ip address
|
|
!
|
|
interface Vlan450
|
|
no ip address
|
|
shutdown
|
|
!
|
|
interface Vlan500
|
|
description --Wi-Fi_Guest_35.0/24--
|
|
ip address 10.4.35.254 255.255.255.0
|
|
ip access-group No_Local_For_GuestWiFI in
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan550
|
|
description --CISCO_ASA--
|
|
ip address 10.4.239.2 255.255.255.240
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan551
|
|
description --TRANSIT_HSRP--
|
|
ip address 10.4.239.22 255.255.255.240
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan553
|
|
description P2P VST-IZM Peering
|
|
ip address 172.30.32.5 255.255.255.252
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
bfd template p2p
|
|
!
|
|
interface Vlan554
|
|
description P2P VRS-IZM Peering
|
|
ip address 172.30.32.9 255.255.255.252
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan596
|
|
description L2VPN_DOMRU_IZM-BGP-P11
|
|
ip address 172.30.32.1 255.255.255.252
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
bfd template p2p
|
|
!
|
|
interface Vlan597
|
|
ip address 172.30.30.62 255.255.255.240
|
|
no ip redirects
|
|
bfd interval 50 min_rx 50 multiplier 3
|
|
!
|
|
interface Vlan599
|
|
description L2VPN_MTS_IZM-BGP-P11
|
|
ip address 172.30.30.1 255.255.255.224
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
bfd template p2p
|
|
!
|
|
interface Vlan600
|
|
description --PET_PRODACTION--
|
|
ip address 10.4.37.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan601
|
|
description --KMK_PRODACTION--
|
|
ip address 10.4.39.30 255.255.255.224
|
|
ip access-group ACL_KMK_PRODACTION_IN in
|
|
ip access-group ACL_KMK_PRODACTION_OUT out
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan603
|
|
description --CRPT-Mark--
|
|
ip address 10.4.39.126 255.255.255.192
|
|
ip helper-address 10.4.16.239
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan1000
|
|
description --ELAR-TEST-
|
|
ip address 10.4.160.254 255.255.255.0
|
|
ip access-group ACL_ELAR-TEST in
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
ip policy route-map PBR_ELAR-TEST
|
|
!
|
|
interface Vlan1100
|
|
description [PI] TEST_ARR_ESR-10
|
|
ip unnumbered Loopback11
|
|
ip policy route-map RM_TEST_ARR
|
|
!
|
|
interface Vlan1113
|
|
description [PI] RT-1-3
|
|
ip unnumbered Loopback11
|
|
ip policy route-map RM_TEST_ARR
|
|
!
|
|
interface Vlan3915
|
|
description IZM_VLAN3915_SPLUNK
|
|
ip address 10.4.244.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan4031
|
|
description -VeamRepl_172.31.31.0/24-
|
|
ip address 172.31.31.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan4032
|
|
description -SQLRepl_172.31.33.0/24-
|
|
ip address 172.31.32.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan4033
|
|
description -SrvVCHA_172.31.33.0/24-
|
|
ip address 172.31.33.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan4034
|
|
description -ExchRepl_172.31.34.0/24-
|
|
ip address 172.31.34.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
!
|
|
interface Vlan4035
|
|
description -SrvVCMg_172.31.35.0/24-
|
|
ip address 172.31.35.254 255.255.255.0
|
|
no ip redirects
|
|
no ip unreachables
|
|
no ip proxy-arp
|
|
shutdown
|
|
!
|
|
interface Vlan4045
|
|
no ip address
|
|
!
|
|
!
|
|
router eigrp 254
|
|
network 10.4.0.0 0.0.0.255
|
|
network 10.4.4.0 0.0.0.255
|
|
network 10.4.5.0 0.0.0.255
|
|
network 10.4.6.0 0.0.0.255
|
|
network 10.4.7.0 0.0.0.15
|
|
network 10.4.8.0 0.0.0.255
|
|
network 10.4.9.0 0.0.0.255
|
|
network 10.4.10.0 0.0.0.255
|
|
network 10.4.11.0 0.0.0.255
|
|
network 10.4.12.0 0.0.0.255
|
|
network 10.4.13.0 0.0.0.255
|
|
network 10.4.14.0 0.0.0.255
|
|
network 10.4.28.0 0.0.1.255
|
|
network 10.4.32.0 0.0.0.255
|
|
network 10.4.35.0 0.0.0.255
|
|
network 10.4.36.0 0.0.0.255
|
|
network 10.4.239.0 0.0.0.15
|
|
network 10.4.239.16 0.0.0.15
|
|
network 10.4.254.0 0.0.0.255
|
|
network 10.4.255.0 0.0.0.255
|
|
network 172.17.100.0 0.0.0.7
|
|
network 172.30.30.0 0.0.0.31
|
|
network 172.31.31.0 0.0.0.255
|
|
network 172.31.35.0 0.0.0.255
|
|
network 192.168.7.0
|
|
network 192.168.8.0
|
|
network 192.168.9.0
|
|
passive-interface default
|
|
no passive-interface Vlan599
|
|
no passive-interface Vlan550
|
|
no passive-interface Vlan551
|
|
!
|
|
router bgp 64512
|
|
bgp router-id 172.30.30.62
|
|
bgp log-neighbor-changes
|
|
bgp graceful-restart restart-time 120
|
|
bgp graceful-restart stalepath-time 360
|
|
bgp graceful-restart
|
|
neighbor PG_BGP_MILKOM peer-group
|
|
neighbor PG_BGP_MILKOM remote-as 64512
|
|
neighbor PG_BGP_IZM-P11 peer-group
|
|
neighbor PG_BGP_IZM-P11 remote-as 64513
|
|
neighbor PG_BGP_IZM-P11 description BGP over L2VPN
|
|
neighbor PG_BGP_IZM-P11 fall-over bfd
|
|
neighbor 10.4.239.1 peer-group PG_BGP_MILKOM
|
|
neighbor 10.4.239.1 description --CISCO_ASA--
|
|
neighbor 172.30.30.2 peer-group PG_BGP_IZM-P11
|
|
neighbor 172.30.30.55 peer-group PG_BGP_MILKOM
|
|
neighbor 172.30.30.55 description SW-1-1_Huawei
|
|
neighbor 172.30.30.57 peer-group PG_BGP_MILKOM
|
|
neighbor 172.30.30.57 description --IZH-MLK-IZM-RT-1-3--
|
|
neighbor 172.30.30.58 peer-group PG_BGP_MILKOM
|
|
neighbor 172.30.30.58 description --IZH-MLK-IZM-RT-1-4--
|
|
neighbor 172.30.30.60 remote-as 199014
|
|
neighbor 172.30.30.61 peer-group PG_BGP_MILKOM
|
|
neighbor 172.30.30.61 description --IZH-MLK-IZM-RT-1-2--
|
|
neighbor 172.30.32.2 peer-group PG_BGP_IZM-P11
|
|
neighbor 172.30.32.6 remote-as 64539
|
|
neighbor 172.30.32.6 description IZH-VST-IZM-SW-1-1
|
|
neighbor 172.30.32.10 remote-as 64523
|
|
neighbor 172.30.32.10 description IZH-VRS-IZM-SW-1-1
|
|
neighbor 172.30.35.254 remote-as 65500
|
|
neighbor 172.30.35.254 description --MIKROTIK_VPN--
|
|
!
|
|
address-family ipv4
|
|
network 10.4.0.0 mask 255.255.0.0
|
|
network 10.4.0.0 mask 255.255.255.0
|
|
network 10.4.8.0 mask 255.255.255.0
|
|
network 10.4.32.0 mask 255.255.255.0
|
|
network 10.4.192.0 mask 255.255.255.0
|
|
network 10.4.239.0 mask 255.255.255.240
|
|
network 10.4.239.16 mask 255.255.255.240
|
|
network 10.5.208.0 mask 255.255.248.0
|
|
network 10.5.208.0 mask 255.255.255.0
|
|
network 10.100.0.0 mask 255.255.255.0
|
|
network 10.100.0.0 mask 255.255.255.128
|
|
network 10.100.0.128 mask 255.255.255.128
|
|
network 10.111.0.0 mask 255.255.0.0
|
|
network 172.17.100.0 mask 255.255.255.248
|
|
network 172.31.31.0 mask 255.255.255.0
|
|
network 172.31.35.0 mask 255.255.255.0
|
|
network 192.168.8.0
|
|
network 192.168.9.0
|
|
network 192.168.110.0
|
|
redistribute static route-map RM_REDIS_STATIC_PI
|
|
neighbor PG_BGP_MILKOM next-hop-self all
|
|
neighbor PG_BGP_MILKOM soft-reconfiguration inbound
|
|
neighbor PG_BGP_MILKOM route-map RM_LOCAL_OUT out
|
|
neighbor PG_BGP_IZM-P11 next-hop-self
|
|
neighbor PG_BGP_IZM-P11 soft-reconfiguration inbound
|
|
neighbor PG_BGP_IZM-P11 route-map RM_BGP_IZM-P11_OUT out
|
|
neighbor 10.4.239.1 activate
|
|
neighbor 172.30.30.2 activate
|
|
neighbor 172.30.30.2 route-map RM_BGP_IZM-P11_MTS_IN in
|
|
neighbor 172.30.30.55 activate
|
|
neighbor 172.30.30.57 activate
|
|
neighbor 172.30.30.58 activate
|
|
neighbor 172.30.30.58 route-map RM_LP_PVF_1C in
|
|
neighbor 172.30.30.60 activate
|
|
neighbor 172.30.30.60 route-map RM_KOMOS_PI_IN in
|
|
neighbor 172.30.30.61 activate
|
|
neighbor 172.30.32.2 activate
|
|
neighbor 172.30.32.2 route-map RM_BGP_IZM-P11_DOMRU_IN in
|
|
neighbor 172.30.32.6 activate
|
|
neighbor 172.30.32.6 next-hop-self
|
|
neighbor 172.30.32.6 route-map RM_FROM_VST-P2P in
|
|
neighbor 172.30.32.6 route-map RM_TO_VST-P2P out
|
|
neighbor 172.30.32.10 activate
|
|
neighbor 172.30.32.10 next-hop-self
|
|
neighbor 172.30.32.10 route-map RM_FROM_VRS-P2P in
|
|
neighbor 172.30.32.10 route-map RM_TO_VRS-P2P out
|
|
neighbor 172.30.35.254 activate
|
|
neighbor 172.30.35.254 next-hop-self
|
|
neighbor 172.30.35.254 soft-reconfiguration inbound
|
|
neighbor 172.30.35.254 prefix-list PFL_MIKROTIK_VPN_IN in
|
|
neighbor 172.30.35.254 prefix-list PFL_MIKROTIK_VPN_OUT out
|
|
maximum-paths 2
|
|
distance bgp 150 150 150
|
|
exit-address-family
|
|
!
|
|
ip forward-protocol nd
|
|
ip http server
|
|
no ip http secure-server
|
|
!
|
|
ip as-path access-list 11 permit ^64513$
|
|
ip route 0.0.0.0 0.0.0.0 10.4.239.17 50 name --HSRP_ON_3925--
|
|
ip route 1.1.1.1 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
|
|
ip route 10.4.0.0 255.255.0.0 Null0 254
|
|
ip route 10.4.241.0 255.255.255.0 172.30.30.2 100 name --KOMOS-MANAGEMENT-SERVER--
|
|
ip route 10.4.253.0 255.255.255.0 172.30.30.2 100 name --KOMOS-MANAGEMENT-SERVER--
|
|
ip route 10.10.1.36 255.255.255.255 10.10.254.253
|
|
ip route 10.10.11.0 255.255.255.0 10.10.254.253
|
|
ip route 10.10.12.0 255.255.255.0 10.10.254.253
|
|
ip route 10.15.72.0 255.255.255.0 10.4.239.18
|
|
ip route 10.100.0.0 255.255.255.0 Null0 254
|
|
ip route 10.111.0.0 255.255.0.0 Null0 254
|
|
ip route 31.173.105.53 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
|
|
ip route 77.88.8.3 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
|
|
ip route 77.88.8.7 255.255.255.255 10.4.254.252 100 name --ROUTE_FOR_TRACK_MEGAFON--
|
|
ip route 91.240.179.240 255.255.255.255 Vlan1100 100 name TEST_ARR_ESR-10
|
|
ip route 91.240.179.243 255.255.255.255 Vlan1113 100 name RT-1-3
|
|
ip route 193.232.108.67 255.255.255.255 10.4.239.18 name --PARTNER.X5.RU--
|
|
ip route 217.14.195.253 255.255.255.255 10.4.239.18
|
|
ip route 217.14.195.254 255.255.255.255 10.4.239.18 name --MARK-ITT--
|
|
ip ssh pubkey-chain
|
|
username FTP
|
|
key-hash ssh-rsa 32D3770B81F9128668142CC5C9BBF20F ftp@izh-asbl001
|
|
!
|
|
ip access-list standard ACL_CREATIO
|
|
permit 10.4.0.123
|
|
ip access-list standard ACL_DMZ
|
|
permit 10.4.38.3
|
|
ip access-list standard ACL_GUEST_Wi-Fi
|
|
permit 10.4.35.0 0.0.0.255
|
|
ip access-list standard ACL_HELP.KOMOS.RU
|
|
permit 10.4.0.184
|
|
ip access-list standard ACL_HELP_CES_KOMOS
|
|
permit 10.4.0.120
|
|
ip access-list standard ACL_KOMOS_RU
|
|
permit 10.4.8.8
|
|
permit 10.4.0.172
|
|
permit 10.4.0.178
|
|
ip access-list standard ACL_MAIL_VIA_KG
|
|
deny 10.4.7.7
|
|
permit 10.4.7.0 0.0.0.7
|
|
ip access-list standard ACL_ROUTE_TO_P11
|
|
permit 10.4.0.45
|
|
ip access-list standard ACL_ROZ_MIKR
|
|
permit 172.30.35.254
|
|
ip access-list standard ACL_SIP_GLAZOV
|
|
permit 172.17.100.2
|
|
ip access-list standard ACL_SIP_KOMOS
|
|
permit 10.4.7.17
|
|
ip access-list standard ACL_TRAFFIC_TO_MARK
|
|
permit 10.4.7.12
|
|
permit 192.168.8.81
|
|
permit 192.168.2.37
|
|
permit 192.168.8.52
|
|
permit 192.168.8.54
|
|
permit 10.4.8.80
|
|
permit 192.168.8.59
|
|
permit 192.168.1.9
|
|
permit 192.168.1.5
|
|
permit 192.168.8.225
|
|
permit 192.168.8.226
|
|
permit 192.168.8.228
|
|
permit 192.168.8.234
|
|
permit 192.168.8.163
|
|
permit 192.168.8.185
|
|
permit 10.4.0.249
|
|
ip access-list standard ACL_WAP2
|
|
permit 10.4.38.1
|
|
permit 10.4.38.2
|
|
ip access-list standard ACL_WWW_KOMOS_RU
|
|
permit 10.4.0.172
|
|
ip access-list standard SIP_TRAFFIC
|
|
permit 172.17.100.1
|
|
permit 172.17.100.5
|
|
!
|
|
ip access-list extended ACL_ELAR-TEST
|
|
permit tcp host 10.4.160.1 eq 88 10.4.0.0 0.0.255.255
|
|
deny ip any 10.0.0.0 0.255.255.255
|
|
deny ip any 172.16.0.0 0.15.255.255
|
|
deny ip any 192.168.0.0 0.0.255.255
|
|
permit ip 10.4.160.0 0.0.0.255 any time-range TIME_ELAR-TEST
|
|
ip access-list extended ACL_KMK_PRODACTION_IN
|
|
permit ip any any
|
|
ip access-list extended ACL_KMK_PRODACTION_OUT
|
|
permit ip any any
|
|
ip access-list extended ACL_KSMG
|
|
permit ip host 10.4.38.21 any
|
|
permit ip host 10.4.38.22 any
|
|
ip access-list extended ACL_TEST_ARR
|
|
permit ip host 91.240.179.243 any
|
|
permit ip host 91.240.179.240 any
|
|
ip access-list extended LOCAL_TRAFFIC
|
|
permit ip any 192.168.0.0 0.0.255.255
|
|
permit ip any 10.0.0.0 0.255.255.255
|
|
permit ip any 172.16.0.0 0.15.255.255
|
|
ip access-list extended No_Local_For_GuestWiFI
|
|
permit tcp any host 192.168.8.200 eq domain
|
|
permit udp any host 192.168.8.200 eq domain
|
|
permit tcp any host 192.168.8.201 eq domain
|
|
permit udp any host 192.168.8.201 eq domain
|
|
permit tcp any host 10.4.7.6 eq 443
|
|
deny ip any 10.0.0.0 0.255.255.255
|
|
deny ip any 172.16.0.0 0.15.255.255
|
|
deny ip any 192.168.0.0 0.0.255.255
|
|
permit ip any any
|
|
ip access-list extended ROUTE_TO_ISP4
|
|
permit ip any host 192.168.8.4
|
|
permit ip any host 192.168.8.6
|
|
ip access-list extended VSL-BFD
|
|
permit udp any any eq 3784
|
|
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
|
|
permit udp any eq bootpc any eq bootps
|
|
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
|
|
permit udp any eq bootps any eq bootpc
|
|
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
|
|
permit udp any eq bootps any eq bootps
|
|
ip access-list extended VSL-IPV4-ROUTING
|
|
permit ip any 224.0.0.0 0.0.0.255
|
|
!
|
|
!
|
|
ip prefix-list PFL_MIKROTIK_VPN_IN seq 10 permit 10.73.0.0/16 le 29
|
|
ip prefix-list PFL_MIKROTIK_VPN_IN seq 15 permit 10.1.30.0/24
|
|
!
|
|
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 10 permit 10.4.0.0/16 le 24
|
|
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 20 permit 192.168.8.0/24
|
|
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 25 permit 10.1.19.0/24
|
|
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 30 permit 10.1.15.0/24
|
|
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 35 permit 10.1.13.0/24
|
|
ip prefix-list PFL_MIKROTIK_VPN_OUT seq 40 permit 10.1.122.0/24
|
|
!
|
|
ip prefix-list PL_BGP_IZM-P11 seq 5 permit 10.0.0.0/8 le 32
|
|
ip prefix-list PL_BGP_IZM-P11 seq 10 permit 192.168.0.0/16 le 32
|
|
ip prefix-list PL_BGP_IZM-P11 seq 15 permit 172.16.0.0/12 le 32
|
|
!
|
|
ip prefix-list PL_FROM_VRS-P2P seq 5 permit 10.8.64.0/21 le 26
|
|
ip prefix-list PL_FROM_VRS-P2P seq 10 permit 192.168.72.0/24
|
|
!
|
|
ip prefix-list PL_FROM_VST-P2P seq 5 permit 10.88.104.0/21 le 24
|
|
!
|
|
ip prefix-list PL_KOMOS_PI seq 5 permit 91.240.179.0/24 ge 32
|
|
!
|
|
ip prefix-list PL_LOCAL_OUT seq 5 permit 10.0.0.0/8 le 32
|
|
ip prefix-list PL_LOCAL_OUT seq 10 permit 192.168.0.0/16 le 32
|
|
ip prefix-list PL_LOCAL_OUT seq 15 permit 172.16.0.0/12 le 32
|
|
!
|
|
ip prefix-list PL_MILKOM_OUT seq 5 deny 0.0.0.0/0
|
|
ip prefix-list PL_MILKOM_OUT seq 10 permit 10.0.0.0/8 le 32
|
|
ip prefix-list PL_MILKOM_OUT seq 15 permit 192.168.0.0/16 le 32
|
|
ip prefix-list PL_MILKOM_OUT seq 20 permit 172.16.0.0/12 le 32
|
|
!
|
|
ip prefix-list PL_REDIS_STATIC_PI seq 5 permit 91.240.179.0/24 le 32
|
|
!
|
|
ip prefix-list pvf_1c seq 4 permit 192.168.72.0/24 le 32
|
|
ip prefix-list pvf_1c seq 5 permit 192.168.72.0/24
|
|
ip sla 1
|
|
icmp-echo 31.173.105.53 source-interface Vlan300
|
|
threshold 2000
|
|
timeout 3000
|
|
frequency 10
|
|
ip sla schedule 1 life forever start-time now
|
|
ip sla 2
|
|
icmp-echo 1.1.1.1 source-interface Vlan300
|
|
threshold 2000
|
|
timeout 3000
|
|
frequency 10
|
|
ip sla schedule 2 life forever start-time now
|
|
ip sla 3
|
|
icmp-echo 77.88.8.7 source-interface Vlan300
|
|
threshold 2000
|
|
timeout 3000
|
|
frequency 10
|
|
ip sla schedule 3 life forever start-time now
|
|
ip sla 4
|
|
icmp-echo 77.88.8.3 source-interface Vlan300
|
|
threshold 2000
|
|
timeout 3000
|
|
frequency 10
|
|
ip sla schedule 4 life forever start-time now
|
|
logging origin-id hostname
|
|
logging facility local2
|
|
logging source-interface Vlan300
|
|
logging host 192.168.8.119 transport udp port 5544
|
|
logging host 10.4.244.4 transport udp port 515
|
|
access-list 5 permit 192.168.8.99
|
|
access-list 5 permit 10.1.19.28
|
|
access-list 5 permit 10.4.0.58
|
|
access-list 5 permit 10.2.1.245
|
|
access-list 8 remark -==domination==-
|
|
access-list 8 permit 192.168.9.101
|
|
access-list 8 permit 192.168.9.100
|
|
access-list 8 permit 192.168.9.103
|
|
access-list 8 permit 192.168.9.102
|
|
access-list 8 permit 192.168.9.105
|
|
access-list 8 permit 192.168.9.104
|
|
access-list 9 remark -=izh-1cl002_17=-
|
|
access-list 9 permit 192.168.8.4
|
|
access-list 9 permit 192.168.8.6
|
|
access-list 9 permit 192.168.8.7
|
|
access-list 9 permit 192.168.8.191
|
|
access-list 10 permit 192.168.8.229
|
|
access-list 10 remark --IZH-TS011--
|
|
access-list 10 permit 192.168.8.176
|
|
access-list 10 permit 192.168.8.177
|
|
access-list 10 remark --IZH-TRM011--
|
|
access-list 10 permit 192.168.8.178
|
|
access-list 10 remark --IZH-FTP004--
|
|
access-list 10 permit 192.168.8.138
|
|
access-list 10 remark --IZH-FLS013--
|
|
access-list 10 permit 192.168.8.159
|
|
access-list 11 remark -=mail_to_komos=-
|
|
access-list 11 permit 192.168.8.72
|
|
access-list 11 permit 192.168.8.73
|
|
access-list 11 permit 192.168.8.77
|
|
access-list 11 permit 10.4.7.0 0.0.0.15
|
|
access-list 12 permit 192.168.8.70
|
|
access-list 12 permit 192.168.8.71
|
|
access-list 12 permit 192.168.8.95
|
|
access-list 12 permit 192.168.8.59
|
|
access-list 12 permit 192.168.8.163
|
|
access-list 12 permit 192.168.8.165
|
|
access-list 12 permit 192.168.8.177
|
|
access-list 12 permit 192.168.8.178
|
|
access-list 12 permit 192.168.8.187
|
|
access-list 12 permit 192.168.8.138
|
|
access-list 12 permit 192.168.8.139
|
|
access-list 13 remark -=TestNetElar=-
|
|
access-list 13 permit 10.4.160.0 0.0.0.255
|
|
access-list 14 remark -=izh-msx001=-
|
|
access-list 14 permit 10.4.7.12
|
|
!
|
|
route-map RM_REDIS_STATIC_PI permit 10
|
|
description Redistribute static PI address for unnumbered lo11
|
|
match ip address prefix-list PL_REDIS_STATIC_PI
|
|
!
|
|
route-map RM_KOMOS_PI_IN permit 10
|
|
match ip address prefix-list PL_KOMOS_PI
|
|
set local-preference 1000
|
|
!
|
|
route-map RM_KOMOS_PI_IN permit 20
|
|
!
|
|
route-map RM_DMZ deny 10
|
|
match ip address LOCAL_TRAFFIC
|
|
!
|
|
route-map RM_DMZ permit 20
|
|
match ip address ACL_DMZ
|
|
set ip next-hop 10.4.239.18
|
|
!
|
|
route-map RM_DMZ permit 30
|
|
match ip address ACL_WAP2
|
|
set ip next-hop 172.30.30.2
|
|
!
|
|
route-map RM_DMZ permit 40
|
|
match ip address ACL_KSMG
|
|
set ip next-hop 172.30.30.2
|
|
!
|
|
route-map PBR_MAIL deny 10
|
|
match ip address LOCAL_TRAFFIC
|
|
!
|
|
route-map PBR_MAIL permit 20
|
|
match ip address 14 SIP_TRAFFIC
|
|
set ip next-hop 10.4.239.18
|
|
!
|
|
route-map PBR_MAIL permit 30
|
|
match ip address ACL_MAIL_VIA_KG
|
|
!
|
|
route-map RM_LOCAL_OUT permit 10
|
|
match ip address prefix-list PL_LOCAL_OUT
|
|
!
|
|
route-map RM_TO_RCOD_ER-TELECOM permit 30
|
|
match ip address prefix-list PL_LOCAL_OUT
|
|
!
|
|
route-map RM_BGP_IZM-P11_MTS_IN permit 10
|
|
match as-path 11
|
|
set local-preference 1500
|
|
!
|
|
route-map RM_BGP_IZM-P11_MTS_IN permit 20
|
|
!
|
|
route-map RM_FROM_RCOD_ER-TELECOM permit 30
|
|
!
|
|
route-map RM_BGP_IZM-P11_DOMRU_IN permit 10
|
|
match as-path 11
|
|
set local-preference 1500
|
|
!
|
|
route-map RM_BGP_IZM-P11_DOMRU_IN permit 20
|
|
!
|
|
route-map SIP-ROUTING deny 10
|
|
match ip address LOCAL_TRAFFIC
|
|
!
|
|
route-map SIP-ROUTING permit 20
|
|
match ip address SIP_TRAFFIC
|
|
set ip next-hop 10.4.239.18 10.4.239.19
|
|
!
|
|
route-map SIP-ROUTING permit 30
|
|
match ip address ACL_SIP_GLAZOV
|
|
!
|
|
route-map SIP-ROUTING permit 40
|
|
match ip address ACL_SIP_KOMOS
|
|
set ip next-hop 10.4.239.19
|
|
!
|
|
route-map PBR_ELAR-TEST permit 10
|
|
set ip next-hop 10.4.239.19
|
|
!
|
|
route-map RM_FROM_VRS-P2P permit 10
|
|
match ip address prefix-list PL_FROM_VRS-P2P
|
|
set local-preference 1500
|
|
!
|
|
route-map RM_FROM_VST-P2P permit 10
|
|
match ip address prefix-list PL_FROM_VST-P2P
|
|
set local-preference 1500
|
|
!
|
|
route-map RM_TEST_ARR permit 10
|
|
match ip address ACL_TEST_ARR
|
|
set ip next-hop 10.4.239.18
|
|
!
|
|
route-map RM_TO_VST-P2P permit 10
|
|
!
|
|
route-map RM_TO_VRS-P2P permit 10
|
|
!
|
|
route-map RM_MILKOM_OUT permit 10
|
|
!
|
|
route-map RM_RCOD_MTS_OUT permit 30
|
|
match ip address prefix-list PL_LOCAL_OUT
|
|
!
|
|
route-map RM_LP_PVF_1C permit 10
|
|
match ip address prefix-list pvf_1c
|
|
set local-preference 150
|
|
!
|
|
route-map RM_LP_PVF_1C permit 20
|
|
!
|
|
route-map RM_BGP_IZM-P11_OUT permit 10
|
|
match ip address prefix-list PL_BGP_IZM-P11
|
|
!
|
|
route-map GLOBAL-ROUTING deny 5
|
|
match ip address LOCAL_TRAFFIC
|
|
!
|
|
route-map GLOBAL-ROUTING permit 7
|
|
description Route to P11 for Publication(NAT)
|
|
match ip address ACL_ROUTE_TO_P11
|
|
set ip next-hop 172.30.30.2
|
|
!
|
|
route-map GLOBAL-ROUTING permit 8
|
|
match ip address ACL_ROZ_MIKR
|
|
set ip next-hop 10.4.239.18
|
|
!
|
|
route-map GLOBAL-ROUTING permit 9
|
|
match ip address ACL_HELP_CES_KOMOS
|
|
set ip next-hop 172.30.30.2
|
|
!
|
|
route-map GLOBAL-ROUTING permit 10
|
|
match ip address 9 ROUTE_TO_ISP4 ACL_TRAFFIC_TO_MARK 14 8 ACL_KOMOS_RU
|
|
set ip next-hop 10.4.239.18
|
|
!
|
|
route-map GLOBAL-ROUTING permit 20
|
|
match ip address 11 12 10
|
|
set ip next-hop 10.4.239.19
|
|
!
|
|
route-map GLOBAL-ROUTING permit 30
|
|
description --HELP.KOMOS.RU--
|
|
match ip address ACL_HELP.KOMOS.RU
|
|
set ip next-hop 172.30.30.2
|
|
!
|
|
snmp-server community lmTUEsk6Yvlv RO
|
|
snmp ifmib ifindex persist
|
|
!
|
|
!
|
|
radius server IZH-RDS002
|
|
address ipv4 10.4.0.248 auth-port 1645 acct-port 1646
|
|
timeout 3
|
|
retransmit 2
|
|
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
|
|
!
|
|
radius server P11-RDS003
|
|
address ipv4 10.1.122.248 auth-port 1645 acct-port 1646
|
|
timeout 3
|
|
retransmit 2
|
|
key hykFAA@Hg9X9fsokWh5q8wez#&^a9lIizldHKxlRer3RE7AbsTsJwdB^RESF$eJ0
|
|
!
|
|
!
|
|
!
|
|
ipv6 access-list VSL-IPV6-ROUTING
|
|
permit ipv6 any FF02::/124
|
|
!
|
|
no vstack
|
|
banner exec ^C
|
|
Welcome to $(hostname). You are connected on line $(line) on domain $(domain)
|
|
^C
|
|
banner login ^C
|
|
*****************************************************************************
|
|
* *
|
|
* UNAUTHORIZED ACCESS IS PROHIBITED *
|
|
* *
|
|
* You have accessed network equipment. *
|
|
* You must have authorized permission to access or configure this device. *
|
|
* All activities performed on this device are logged and monitored. *
|
|
* *
|
|
*****************************************************************************
|
|
^C
|
|
alias exec sib sh ip int brief
|
|
!
|
|
line con 0
|
|
logging synchronous
|
|
login authentication CONSOLE
|
|
stopbits 1
|
|
line vty 0 4
|
|
exec-timeout 120 0
|
|
logging synchronous
|
|
length 0
|
|
transport input ssh
|
|
line vty 5 15
|
|
exec-timeout 120 0
|
|
logging synchronous
|
|
transport input ssh
|
|
!
|
|
!
|
|
module provision switch 1
|
|
chassis-type 72 base-mac 64F6.9DBC.B2C0
|
|
slot 1 slot-type 402 base-mac 64F6.9DBC.B2C0
|
|
slot 2 slot-type 400 base-mac A0EC.87A2.6BA0
|
|
!
|
|
module provision switch 2
|
|
chassis-type 72 base-mac 74A2.E66E.3BC0
|
|
slot 1 slot-type 402 base-mac 74A2.E66E.3BC0
|
|
slot 2 slot-type 400 base-mac A0EC.1C03.29D0
|
|
|
|
!
|
|
|
|
ntp server 192.168.8.200
|
|
time-range TIME_ELAR-TEST
|
|
periodic weekdays 8:00 to 19:00
|
|
periodic weekend 8:00 to 19:00
|
|
!
|
|
mac address-table notification change
|
|
mac address-table static 02bf.0a04.0706 vlan 251 interface Port-Channel100
|
|
event manager applet --MEGAFON_DOWN--
|
|
event syslog pattern "10 list boolean or Up -> Down"
|
|
action 001 cli command "enable"
|
|
action 002 cli command "conf t"
|
|
action 003 cli command "route-map PBR_MAIL permit 30"
|
|
action 004 cli command "set ip next-hop 172.30.30.2"
|
|
action 005 cli command "route-map GLOBAL-ROUTING permit 20"
|
|
action 006 cli command "set ip next-hop 10.4.239.18"
|
|
action 007 cli command "no set ip next-hop 10.4.239.19"
|
|
action 008 cli command "route-map SIP-ROUTING permit 30"
|
|
action 009 cli command "set ip next-hop 172.30.30.58"
|
|
action 010 cli command "end"
|
|
action 011 syslog msg "--MEGAFON is DOWN--"
|
|
event manager applet --MEGAFON_UP--
|
|
event syslog pattern "10 list boolean or Down -> Up"
|
|
action 001 cli command "enable"
|
|
action 002 cli command "conf t"
|
|
action 003 cli command "route-map PBR_MAIL permit 30"
|
|
action 004 cli command "no set ip next-hop 172.30.30.2"
|
|
action 005 cli command "route-map GLOBAL-ROUTING permit 20"
|
|
action 006 cli command "set ip next-hop 10.4.239.19"
|
|
action 007 cli command "no set ip next-hop 10.4.239.18"
|
|
action 008 cli command "route-map SIP-ROUTING permit 30"
|
|
action 009 cli command "no set ip next-hop 172.30.30.58"
|
|
action 010 cli command "end"
|
|
action 011 syslog msg "--MEGAFON is UP--"
|
|
!
|
|
event manager history size events 20
|
|
end |