API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 23rd, 2019
320
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.89 KB | None | 0 0
raw download clone embed print report
  1. !
  2. ! No configuration change since last restart
  3. version 15.1
  4. service nagle
  5. no service pad
  6. service tcp-keepalives-in
  7. service tcp-keepalives-out
  8. service timestamps debug datetime msec localtime
  9. service timestamps log datetime msec localtime
  10. service password-encryption
  11. service sequence-numbers
  12. !
  13. hostname RU-CHEREPOVETS-OF01-R01
  14. !
  15. boot-start-marker
  16. boot-end-marker
  17. !
  18. !
  19. logging buffered 262144
  20. logging rate-limit 10 except warnings
  21. logging console critical
  22. enable secret 4 Wk1jCuYXJ87wHnJIGR3EIN4Y1RUJIuky/ryf5ph7.SE
  23. !
  24. aaa new-model
  25. !
  26. !
  27. aaa group server tacacs+ ACS
  28. server name ACS03
  29. server name ACS04
  30. ip tacacs source-interface FastEthernet0/1.205
  31. !
  32. aaa authentication login default group ACS local
  33. aaa authentication login LOCAL_AUTH local
  34. aaa authentication enable default enable
  35. aaa authorization config-commands
  36. aaa authorization commands 15 ACS local group ACS if-authenticated
  37. aaa accounting commands 15 default start-stop group ACS
  38. aaa accounting connection default start-stop group ACS
  39. !
  40. !
  41. !
  42. !
  43. !
  44. aaa session-id common
  45. !
  46. clock timezone YEKT 5 0
  47. dot11 syslog
  48. !
  49. flow exporter MENFA-EXPORT
  50. description ManageEngine NFA
  51. destination 10.45.17.15
  52. source FastEthernet0/1.205
  53. transport udp 9996
  54. template data timeout 300
  55. !
  56. !
  57. flow monitor NETFLOW-MONITOR
  58. record netflow ipv4 original-input
  59. exporter MENFA-EXPORT
  60. cache timeout active 300
  61. !
  62. no ip source-route
  63. ip icmp rate-limit unreachable 1000
  64. ip icmp rate-limit unreachable DF 1000
  65. !
  66. !
  67. ip nbar custom TCP_RDP tcp 3389
  68. ip nbar custom UDP_RDP udp 3389
  69. ip nbar custom ZABBIX_AGENT tcp 10050
  70. ip nbar custom CALL_AGENT udp range 4000 4006
  71. ip nbar custom TXMXM_PROXY tcp 3131
  72. ip nbar custom SMTPS tcp 465
  73. ip nbar custom RADIUS udp 1645 1646 1812 1813
  74. ip nbar custom NETFLOW udp 9996
  75. !
  76. ip dhcp database nvram:dhcp-binding
  77. no ip dhcp use vrf connected
  78. ip dhcp excluded-address 10.134.1.1 10.134.1.99
  79. ip dhcp excluded-address 10.134.2.1 10.134.2.99
  80. !
  81. ip dhcp pool OF_VOIP
  82. network 10.134.2.0 255.255.255.0
  83. domain-name corp.taximaxim.local
  84. default-router 10.134.2.1
  85. dns-server 10.145.225.12 10.145.225.18
  86. option 119 instance 1 ascii "corp.taximaxim.local"
  87. !
  88. ip dhcp pool OF_USERS
  89. network 10.134.1.0 255.255.255.0
  90. update dns both override
  91. domain-name corp.taximaxim.local
  92. default-router 10.134.1.1
  93. dns-server 10.145.225.12 10.145.225.18
  94. option 119 instance 1 ascii "corp.taximaxim.local"
  95. lease 5
  96. !
  97. !
  98. ip cef
  99. no ip bootp server
  100. no ip domain lookup
  101. ip domain name taxsee.net
  102. ip name-server 10.145.225.12
  103. ip name-server 10.145.225.18
  104. no ipv6 cef
  105. !
  106. multilink bundle-name authenticated
  107. !
  108. crypto pki token default removal timeout 0
  109. !
  110. !
  111. !
  112. !
  113. license udi pid CISCO1841 sn FCZ124192QU
  114. archive
  115. log config
  116. record rc
  117. logging enable
  118. logging size 1000
  119. notify syslog contenttype plaintext
  120. hidekeys
  121. path tftp://10.1.5.16/config/archive/$H-
  122. write-memory
  123. username max privilege 15 secret 5 $1$tBfB$NCj5ytjBSL94IoRi2HvCp/
  124. username bios privilege 15 secret 5 $1$WtfN$BsAyBhjgtHXzyb5DLuKh11
  125. username zman privilege 15 secret 5 $1$PNHH$H0Q.ij2x9Ra47rxSewGgF0
  126. username jayt privilege 15 secret 5 $1$PkcN$ixIOQrllQVFCh9B6pCf9P.
  127. username demiurgos privilege 15 secret 4 O80B0UpjNFiFTAOYdtHMLgSsQKIhWV5rlXPoGBfJ.YQ
  128. username kazantsev_dv privilege 15 secret 5 $1$O1TX$hH/DO3mnvFPlEm/dyqol10
  129. username vik privilege 15 secret 4 BL5bGv6gMjvuuk00xoIdIypSMq0iifS6/8ag1RV8z6I
  130. username orlyanskiy_dv privilege 15 secret 5 $1$iKdw$d3ienkS58pev9ep8hAWxs0
  131. username yorik privilege 15 secret 5 $1$qDuR$5xvo.sFcHhpmXGLgkFSTF1
  132. username kryukov_ee privilege 15 secret 4 sJQkOeK4XnvI1lChBOASUG/VtumKQdEjE7NdFwAZ68g
  133. username tarada_gi privilege 15 secret 4 22AxxmjDGq9y0d9sXbpv.TQA3MiU/F0qvjC8uOSIWYk
  134. !
  135. redundancy
  136. !
  137. !
  138. ip tcp selective-ack
  139. ip tcp timestamp
  140. ip tftp source-interface FastEthernet0/1.205
  141. ip ssh time-out 60
  142. ip ssh authentication-retries 2
  143. ip ssh version 2
  144. !
  145. class-map match-any SCAVENGER-DATA-OUT
  146. match ip dscp cs1
  147. class-map match-any NETWORK-MANAGEMENT-OUT
  148. match ip dscp cs2
  149. class-map match-any VIDEO-CONFERENCING-OUT
  150. match ip dscp af41
  151. class-map match-any WIFI
  152. match protocol icmp
  153. match protocol http
  154. match access-group name WIFI_ACCESS_BAND
  155. match protocol dns
  156. match protocol secure-http
  157. class-map match-any TRANSACTIONAL-DATA-OUT
  158. match ip dscp af21
  159. class-map match-any BULK-DATA
  160. match protocol ftp
  161. match protocol secure-ftp
  162. class-map match-any MISSION-CRITICAL-DATA-OUT
  163. match ip dscp af31
  164. class-map match-any VOICE-OUT
  165. match ip dscp ef
  166. class-map match-any VOICE-CONTROL
  167. match protocol rtcp
  168. match protocol sip
  169. match protocol h323
  170. class-map match-any ROUTING-OUT
  171. match ip dscp cs6
  172. class-map match-any DENY_ALL_WIFI
  173. match access-group name DENY_ALL_WIFI
  174. class-map match-any BULK-DATA-OUT
  175. match ip dscp af11
  176. class-map match-any VOICE
  177. match protocol rtp audio
  178. match protocol CALL_AGENT
  179. class-map match-any MISSION-CRITICAL-DATA
  180. match protocol nfs
  181. match protocol TCP_RDP
  182. match protocol UDP_RDP
  183. match access-group name TECHNOGRAM
  184. match access-group name LOCAL_WEB
  185. class-map match-any ROUTING
  186. match protocol bgp
  187. match protocol eigrp
  188. match protocol ospf
  189. match protocol rip
  190. class-map match-any VOICE-CONTROL-OUT
  191. match ip dscp cs3
  192. class-map match-any NETWORK-MANAGEMENT
  193. match protocol dhcp
  194. match protocol dns
  195. match protocol snmp
  196. match protocol ntp
  197. match protocol syslog
  198. match protocol icmp
  199. match protocol ldap
  200. match protocol kerberos
  201. match protocol tftp
  202. match protocol telnet
  203. match protocol ssh
  204. match protocol ZABBIX_AGENT
  205. match protocol RADIUS
  206. match protocol tacacs
  207. match protocol NETFLOW
  208. class-map match-any SCAVENGER-DATA
  209. match protocol gnutella
  210. match protocol kazaa2
  211. match protocol edonkey
  212. match protocol fasttrack
  213. match protocol http url "\.hash=*"
  214. class-map match-any VIDEO-CONFERENCING
  215. match protocol rtp video
  216. class-map match-any TRANSACTIONAL-DATA
  217. match protocol http
  218. match protocol TXMXM_PROXY
  219. match protocol smtp
  220. match protocol imap
  221. match protocol secure-imap
  222. match protocol secure-http
  223. match protocol SMTPS
  224. !
  225. !
  226. policy-map WIFI
  227. class WIFI
  228. police cir 5000000
  229. exceed-action drop
  230. class DENY_ALL_WIFI
  231. drop
  232. policy-map QOS-OUT
  233. class VOICE-OUT
  234. priority percent 20
  235. class VIDEO-CONFERENCING-OUT
  236. priority percent 20
  237. class ROUTING-OUT
  238. bandwidth percent 3
  239. class MISSION-CRITICAL-DATA-OUT
  240. bandwidth percent 22
  241. random-detect dscp-based
  242. class NETWORK-MANAGEMENT-OUT
  243. bandwidth percent 2
  244. class TRANSACTIONAL-DATA-OUT
  245. bandwidth percent 8
  246. random-detect dscp-based
  247. class BULK-DATA-OUT
  248. bandwidth percent 4
  249. random-detect dscp-based
  250. class SCAVENGER-DATA-OUT
  251. bandwidth percent 1
  252. class VOICE-CONTROL-OUT
  253. bandwidth percent 2
  254. class class-default
  255. bandwidth percent 18
  256. random-detect
  257. policy-map QOS-SHAPE-OUT
  258. class class-default
  259. shape average percent 100
  260. service-policy QOS-OUT
  261. policy-map QOS-MARK-IN
  262. class ROUTING
  263. set ip dscp cs6
  264. class VOICE
  265. set ip dscp ef
  266. class VIDEO-CONFERENCING
  267. set ip dscp af41
  268. class MISSION-CRITICAL-DATA
  269. set ip dscp af31
  270. class TRANSACTIONAL-DATA
  271. set ip dscp af21
  272. class NETWORK-MANAGEMENT
  273. set ip dscp cs2
  274. class BULK-DATA
  275. set ip dscp af11
  276. class SCAVENGER-DATA
  277. set ip dscp cs1
  278. class VOICE-CONTROL
  279. set ip dscp cs3
  280. !
  281. !
  282. !
  283. !
  284. !
  285. !
  286. !
  287. !
  288. interface Tunnel0
  289. description #48_BIZNESKOM
  290. bandwidth 15000
  291. bandwidth qos-reference 15000
  292. ip address 10.254.48.80 255.255.254.0
  293. ip mtu 1400
  294. ip flow monitor NETFLOW-MONITOR input
  295. ip nhrp authentication infonet
  296. ip nhrp group 15M_HUB1
  297. ip nhrp network-id 70
  298. ip nhrp holdtime 600
  299. ip nhrp nhs 10.254.48.1 nbma 195.209.116.10
  300. ip tcp adjust-mss 1360
  301. qos pre-classify
  302. tunnel source FastEthernet0/0.101
  303. tunnel destination 195.209.116.10
  304. tunnel key 701
  305. tunnel path-mtu-discovery
  306. !
  307. interface Tunnel1
  308. description #56_BEELINE
  309. bandwidth 2000
  310. bandwidth qos-reference 2000
  311. ip address 10.254.56.80 255.255.254.0
  312. ip mtu 1400
  313. ip flow monitor NETFLOW-MONITOR input
  314. ip nhrp authentication infonet
  315. ip nhrp group 2M_HUB2
  316. ip nhrp network-id 60
  317. ip nhrp holdtime 600
  318. ip nhrp nhs 10.254.56.1 nbma 195.209.117.10
  319. ip tcp adjust-mss 1360
  320. qos pre-classify
  321. tunnel source FastEthernet0/0.102
  322. tunnel destination 195.209.117.10
  323. tunnel key 601
  324. tunnel path-mtu-discovery
  325. !
  326. interface FastEthernet0/0
  327. mac-address 0012.7fed.da60
  328. no ip address
  329. duplex auto
  330. speed auto
  331. no cdp enable
  332. !
  333. interface FastEthernet0/0.101
  334. description UP1_BIZNESKOM
  335. bandwidth 15000
  336. bandwidth qos-reference 15000
  337. encapsulation dot1Q 101
  338. ip address 178.57.109.34 255.255.255.252
  339. ip access-group DENY_DNS in
  340. no ip redirects
  341. no ip proxy-arp
  342. ip nat outside
  343. ip virtual-reassembly in
  344. ntp disable
  345. no cdp enable
  346. service-policy output QOS-SHAPE-OUT
  347. !
  348. interface FastEthernet0/0.102
  349. description UP2_BEELINE
  350. bandwidth 2000
  351. bandwidth qos-reference 2000
  352. encapsulation dot1Q 102
  353. ip address 195.190.107.122 255.255.255.252
  354. ip access-group DENY_DNS in
  355. no ip redirects
  356. ip flow monitor NETFLOW-MONITOR input
  357. ip nat outside
  358. no ip virtual-reassembly in
  359. ntp disable
  360. no cdp enable
  361. service-policy output QOS-SHAPE-OUT
  362. !
  363. interface FastEthernet0/1
  364. no ip address
  365. duplex auto
  366. speed auto
  367. no cdp enable
  368. !
  369. interface FastEthernet0/1.203
  370. description OF_USERS
  371. encapsulation dot1Q 203
  372. ip address 10.134.1.1 255.255.255.0
  373. no ip proxy-arp
  374. ip flow monitor NETFLOW-MONITOR input
  375. ip nat inside
  376. no ip virtual-reassembly in
  377. no cdp enable
  378. service-policy input QOS-MARK-IN
  379. !
  380. interface FastEthernet0/1.204
  381. description OF_VOIP
  382. encapsulation dot1Q 204
  383. ip address 10.134.2.1 255.255.255.0
  384. no ip proxy-arp
  385. ip flow monitor NETFLOW-MONITOR input
  386. no cdp enable
  387. service-policy input QOS-MARK-IN
  388. !
  389. interface FastEthernet0/1.205
  390. description DEVICE
  391. encapsulation dot1Q 205
  392. ip address 192.168.1.1 255.255.255.0 secondary
  393. ip address 10.134.3.1 255.255.255.0
  394. no ip proxy-arp
  395. ip flow monitor NETFLOW-MONITOR input
  396. no cdp enable
  397. service-policy input QOS-MARK-IN
  398. !
  399. interface FastEthernet0/1.206
  400. description WIFI_DRIVERS
  401. encapsulation dot1Q 206
  402. ip address 10.134.4.1 255.255.255.0
  403. ip access-group WIFI_ACCESS in
  404. no ip proxy-arp
  405. ip flow monitor NETFLOW-MONITOR input
  406. ip nat inside
  407. ip virtual-reassembly in
  408. no cdp enable
  409. service-policy input WIFI
  410. service-policy output WIFI
  411. !
  412. router bgp 57503
  413. bgp log-neighbor-changes
  414. network 10.134.1.0 mask 255.255.255.0
  415. network 10.134.2.0 mask 255.255.255.0
  416. network 10.134.3.0 mask 255.255.255.0
  417. network 10.134.4.0 mask 255.255.255.0
  418. neighbor 10.254.48.1 remote-as 57503
  419. neighbor 10.254.48.1 description TUNNEL0
  420. neighbor 10.254.48.1 next-hop-self
  421. neighbor 10.254.48.1 send-community both
  422. neighbor 10.254.48.1 soft-reconfiguration inbound
  423. neighbor 10.254.48.1 prefix-list REG_OUT out
  424. neighbor 10.254.48.1 route-map LOCALPREF120 in
  425. neighbor 10.254.48.1 route-map SETCOMM120 out
  426. neighbor 10.254.56.1 remote-as 57503
  427. neighbor 10.254.56.1 description TUNNEL1
  428. neighbor 10.254.56.1 next-hop-self
  429. neighbor 10.254.56.1 send-community both
  430. neighbor 10.254.56.1 soft-reconfiguration inbound
  431. neighbor 10.254.56.1 prefix-list REG_OUT out
  432. !
  433. ip forward-protocol nd
  434. no ip http server
  435. no ip http secure-server
  436. !
  437. ip bgp-community new-format
  438. !
  439. ip nat inside source list NAT interface FastEthernet0/0.101 overload
  440. ip nat inside source list WIFI_NAT interface FastEthernet0/0.101 overload
  441. ip route 0.0.0.0 0.0.0.0 178.57.109.33
  442. ip route 8.8.8.8 255.255.255.255 195.190.107.121
  443. ip route 195.209.117.10 255.255.255.255 195.190.107.121
  444. !
  445. ip access-list extended DENY_ALL_WIFI
  446. deny tcp host 10.134.4.101 eq www any
  447. deny ip any host 10.134.4.101
  448. deny tcp any any eq www
  449. deny tcp any any eq domain
  450. deny udp any any eq domain
  451. permit ip any any
  452. ip access-list extended DENY_DNS
  453. deny udp any any eq domain
  454. deny tcp any any eq domain
  455. permit ip any any
  456. ip access-list extended LOCAL_WEB
  457. permit tcp any 10.0.0.0 0.255.255.255 eq www
  458. permit tcp any 10.0.0.0 0.255.255.255 eq 443
  459. ip access-list extended NAT
  460. permit ip host 10.134.1.107 any
  461. ip access-list extended TECHNOGRAM
  462. permit tcp any any eq 11235
  463. ip access-list extended WIFI_ACCESS
  464. permit icmp any any
  465. permit tcp any any eq domain
  466. permit udp any any eq domain
  467. permit tcp host 10.134.4.101 eq www any gt 1024
  468. permit tcp host 10.134.4.101 eq 8080 any gt 1024
  469. deny ip any 10.0.0.0 0.255.255.255
  470. permit tcp any any eq www
  471. permit tcp any any eq 443
  472. ip access-list extended WIFI_ACCESS_BAND
  473. permit tcp host 10.134.4.101 eq www any
  474. permit ip any host 10.134.4.101
  475. ip access-list extended WIFI_NAT
  476. permit ip host 10.134.4.101 any
  477. !
  478. !
  479. ip prefix-list REG_OUT seq 5 permit 10.134.0.0/16 le 24
  480. kron occurrence SELF_DISCOVERY in 10 recurring
  481. policy-list SELF_DISCOVERY
  482. !
  483. kron policy-list SELF_DISCOVERY
  484. cli tclsh tftp://10.145.13.89/post-request.tcl
  485. !
  486. access-list 31 permit 10.1.5.16
  487. access-list 31 permit 127.0.0.1
  488. access-list 31 permit 10.145.0.9
  489. access-list 31 permit 10.45.17.0 0.0.0.255
  490. access-list 32 permit 10.1.5.16
  491. access-list 32 permit 10.145.0.9
  492. access-list 99 permit 89.237.49.94
  493. access-list 99 permit 10.0.0.0 0.255.255.255
  494. access-list 99 permit 195.209.116.0 0.0.1.255
  495. access-list 99 deny any
  496. access-list 110 permit tcp any any eq 3389
  497. access-list 110 permit ip any host 10.145.0.19
  498. access-list 111 permit tcp any any eq 5060
  499. access-list 111 permit tcp any eq 5060 any
  500. access-list 111 permit udp any any eq 5060
  501. access-list 111 permit udp any eq 5060 any
  502. access-list 112 permit tcp any range 5900 5906 any
  503. access-list 112 permit tcp any eq 22 any
  504. access-list 112 permit ip any 10.145.9.0 0.0.0.255
  505. access-list 112 permit tcp any eq bgp any
  506. no cdp run
  507. !
  508. !
  509. !
  510. !
  511. route-map SETCOMM120 permit 10
  512. set community 57503:120
  513. !
  514. route-map LOCALPREF120 permit 10
  515. set local-preference 120
  516. !
  517. snmp-server community NfRcBrJvV RO 31
  518. snmp-server community Ung4ohsi RW 30
  519. snmp-server ifindex persist
  520. snmp-server source-interface informs FastEthernet0/1.203
  521. !
  522. tacacs server ACS03
  523. address ipv4 10.45.145.250
  524. key 7 08314D472E1104121C0C59
  525. timeout 1
  526. tacacs server ACS04
  527. address ipv4 10.45.145.247
  528. key 7 08314D472E1104121C0C59
  529. timeout 1
  530. !
  531. !
  532. !
  533. control-plane
  534. !
  535. !
  536. banner login ^C
  537. UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  538. You must have explicit, authorized permission to access or configure this device.
  539. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties.
  540. All activities performed on this device are logged and monitored
  541. ^C
  542. !
  543. line con 0
  544. login authentication LOCAL_AUTH
  545. history size 256
  546. escape-character 3
  547. line aux 0
  548. line vty 0 4
  549. access-class 99 in
  550. exec-timeout 30 0
  551. authorization commands 15 ACS
  552. length 0
  553. history size 256
  554. transport input ssh
  555. escape-character 3
  556. line vty 5 15
  557. access-class 99 in
  558. exec-timeout 30 0
  559. privilege level 15
  560. authorization commands 15 ACS
  561. history size 256
  562. transport input ssh
  563. escape-character 3
  564. !
  565. scheduler allocate 20000 1000
  566. ntp server 10.1.5.3
  567. ntp server 10.1.5.4
  568. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!