Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- !
- ! No configuration change since last restart
- version 15.1
- service nagle
- no service pad
- service tcp-keepalives-in
- service tcp-keepalives-out
- service timestamps debug datetime msec localtime
- service timestamps log datetime msec localtime
- service password-encryption
- service sequence-numbers
- !
- hostname RU-CHEREPOVETS-OF01-R01
- !
- boot-start-marker
- boot-end-marker
- !
- !
- logging buffered 262144
- logging rate-limit 10 except warnings
- logging console critical
- enable secret 4 Wk1jCuYXJ87wHnJIGR3EIN4Y1RUJIuky/ryf5ph7.SE
- !
- aaa new-model
- !
- !
- aaa group server tacacs+ ACS
- server name ACS03
- server name ACS04
- ip tacacs source-interface FastEthernet0/1.205
- !
- aaa authentication login default group ACS local
- aaa authentication login LOCAL_AUTH local
- aaa authentication enable default enable
- aaa authorization config-commands
- aaa authorization commands 15 ACS local group ACS if-authenticated
- aaa accounting commands 15 default start-stop group ACS
- aaa accounting connection default start-stop group ACS
- !
- !
- !
- !
- !
- aaa session-id common
- !
- clock timezone YEKT 5 0
- dot11 syslog
- !
- flow exporter MENFA-EXPORT
- description ManageEngine NFA
- destination 10.45.17.15
- source FastEthernet0/1.205
- transport udp 9996
- template data timeout 300
- !
- !
- flow monitor NETFLOW-MONITOR
- record netflow ipv4 original-input
- exporter MENFA-EXPORT
- cache timeout active 300
- !
- no ip source-route
- ip icmp rate-limit unreachable 1000
- ip icmp rate-limit unreachable DF 1000
- !
- !
- ip nbar custom TCP_RDP tcp 3389
- ip nbar custom UDP_RDP udp 3389
- ip nbar custom ZABBIX_AGENT tcp 10050
- ip nbar custom CALL_AGENT udp range 4000 4006
- ip nbar custom TXMXM_PROXY tcp 3131
- ip nbar custom SMTPS tcp 465
- ip nbar custom RADIUS udp 1645 1646 1812 1813
- ip nbar custom NETFLOW udp 9996
- !
- ip dhcp database nvram:dhcp-binding
- no ip dhcp use vrf connected
- ip dhcp excluded-address 10.134.1.1 10.134.1.99
- ip dhcp excluded-address 10.134.2.1 10.134.2.99
- !
- ip dhcp pool OF_VOIP
- network 10.134.2.0 255.255.255.0
- domain-name corp.taximaxim.local
- default-router 10.134.2.1
- dns-server 10.145.225.12 10.145.225.18
- option 119 instance 1 ascii "corp.taximaxim.local"
- !
- ip dhcp pool OF_USERS
- network 10.134.1.0 255.255.255.0
- update dns both override
- domain-name corp.taximaxim.local
- default-router 10.134.1.1
- dns-server 10.145.225.12 10.145.225.18
- option 119 instance 1 ascii "corp.taximaxim.local"
- lease 5
- !
- !
- ip cef
- no ip bootp server
- no ip domain lookup
- ip domain name taxsee.net
- ip name-server 10.145.225.12
- ip name-server 10.145.225.18
- no ipv6 cef
- !
- multilink bundle-name authenticated
- !
- crypto pki token default removal timeout 0
- !
- !
- !
- !
- license udi pid CISCO1841 sn FCZ124192QU
- archive
- log config
- record rc
- logging enable
- logging size 1000
- notify syslog contenttype plaintext
- hidekeys
- path tftp://10.1.5.16/config/archive/$H-
- write-memory
- username max privilege 15 secret 5 $1$tBfB$NCj5ytjBSL94IoRi2HvCp/
- username bios privilege 15 secret 5 $1$WtfN$BsAyBhjgtHXzyb5DLuKh11
- username zman privilege 15 secret 5 $1$PNHH$H0Q.ij2x9Ra47rxSewGgF0
- username jayt privilege 15 secret 5 $1$PkcN$ixIOQrllQVFCh9B6pCf9P.
- username demiurgos privilege 15 secret 4 O80B0UpjNFiFTAOYdtHMLgSsQKIhWV5rlXPoGBfJ.YQ
- username kazantsev_dv privilege 15 secret 5 $1$O1TX$hH/DO3mnvFPlEm/dyqol10
- username vik privilege 15 secret 4 BL5bGv6gMjvuuk00xoIdIypSMq0iifS6/8ag1RV8z6I
- username orlyanskiy_dv privilege 15 secret 5 $1$iKdw$d3ienkS58pev9ep8hAWxs0
- username yorik privilege 15 secret 5 $1$qDuR$5xvo.sFcHhpmXGLgkFSTF1
- username kryukov_ee privilege 15 secret 4 sJQkOeK4XnvI1lChBOASUG/VtumKQdEjE7NdFwAZ68g
- username tarada_gi privilege 15 secret 4 22AxxmjDGq9y0d9sXbpv.TQA3MiU/F0qvjC8uOSIWYk
- !
- redundancy
- !
- !
- ip tcp selective-ack
- ip tcp timestamp
- ip tftp source-interface FastEthernet0/1.205
- ip ssh time-out 60
- ip ssh authentication-retries 2
- ip ssh version 2
- !
- class-map match-any SCAVENGER-DATA-OUT
- match ip dscp cs1
- class-map match-any NETWORK-MANAGEMENT-OUT
- match ip dscp cs2
- class-map match-any VIDEO-CONFERENCING-OUT
- match ip dscp af41
- class-map match-any WIFI
- match protocol icmp
- match protocol http
- match access-group name WIFI_ACCESS_BAND
- match protocol dns
- match protocol secure-http
- class-map match-any TRANSACTIONAL-DATA-OUT
- match ip dscp af21
- class-map match-any BULK-DATA
- match protocol ftp
- match protocol secure-ftp
- class-map match-any MISSION-CRITICAL-DATA-OUT
- match ip dscp af31
- class-map match-any VOICE-OUT
- match ip dscp ef
- class-map match-any VOICE-CONTROL
- match protocol rtcp
- match protocol sip
- match protocol h323
- class-map match-any ROUTING-OUT
- match ip dscp cs6
- class-map match-any DENY_ALL_WIFI
- match access-group name DENY_ALL_WIFI
- class-map match-any BULK-DATA-OUT
- match ip dscp af11
- class-map match-any VOICE
- match protocol rtp audio
- match protocol CALL_AGENT
- class-map match-any MISSION-CRITICAL-DATA
- match protocol nfs
- match protocol TCP_RDP
- match protocol UDP_RDP
- match access-group name TECHNOGRAM
- match access-group name LOCAL_WEB
- class-map match-any ROUTING
- match protocol bgp
- match protocol eigrp
- match protocol ospf
- match protocol rip
- class-map match-any VOICE-CONTROL-OUT
- match ip dscp cs3
- class-map match-any NETWORK-MANAGEMENT
- match protocol dhcp
- match protocol dns
- match protocol snmp
- match protocol ntp
- match protocol syslog
- match protocol icmp
- match protocol ldap
- match protocol kerberos
- match protocol tftp
- match protocol telnet
- match protocol ssh
- match protocol ZABBIX_AGENT
- match protocol RADIUS
- match protocol tacacs
- match protocol NETFLOW
- class-map match-any SCAVENGER-DATA
- match protocol gnutella
- match protocol kazaa2
- match protocol edonkey
- match protocol fasttrack
- match protocol http url "\.hash=*"
- class-map match-any VIDEO-CONFERENCING
- match protocol rtp video
- class-map match-any TRANSACTIONAL-DATA
- match protocol http
- match protocol TXMXM_PROXY
- match protocol smtp
- match protocol imap
- match protocol secure-imap
- match protocol secure-http
- match protocol SMTPS
- !
- !
- policy-map WIFI
- class WIFI
- police cir 5000000
- exceed-action drop
- class DENY_ALL_WIFI
- drop
- policy-map QOS-OUT
- class VOICE-OUT
- priority percent 20
- class VIDEO-CONFERENCING-OUT
- priority percent 20
- class ROUTING-OUT
- bandwidth percent 3
- class MISSION-CRITICAL-DATA-OUT
- bandwidth percent 22
- random-detect dscp-based
- class NETWORK-MANAGEMENT-OUT
- bandwidth percent 2
- class TRANSACTIONAL-DATA-OUT
- bandwidth percent 8
- random-detect dscp-based
- class BULK-DATA-OUT
- bandwidth percent 4
- random-detect dscp-based
- class SCAVENGER-DATA-OUT
- bandwidth percent 1
- class VOICE-CONTROL-OUT
- bandwidth percent 2
- class class-default
- bandwidth percent 18
- random-detect
- policy-map QOS-SHAPE-OUT
- class class-default
- shape average percent 100
- service-policy QOS-OUT
- policy-map QOS-MARK-IN
- class ROUTING
- set ip dscp cs6
- class VOICE
- set ip dscp ef
- class VIDEO-CONFERENCING
- set ip dscp af41
- class MISSION-CRITICAL-DATA
- set ip dscp af31
- class TRANSACTIONAL-DATA
- set ip dscp af21
- class NETWORK-MANAGEMENT
- set ip dscp cs2
- class BULK-DATA
- set ip dscp af11
- class SCAVENGER-DATA
- set ip dscp cs1
- class VOICE-CONTROL
- set ip dscp cs3
- !
- !
- !
- !
- !
- !
- !
- !
- interface Tunnel0
- description #48_BIZNESKOM
- bandwidth 15000
- bandwidth qos-reference 15000
- ip address 10.254.48.80 255.255.254.0
- ip mtu 1400
- ip flow monitor NETFLOW-MONITOR input
- ip nhrp authentication infonet
- ip nhrp group 15M_HUB1
- ip nhrp network-id 70
- ip nhrp holdtime 600
- ip nhrp nhs 10.254.48.1 nbma 195.209.116.10
- ip tcp adjust-mss 1360
- qos pre-classify
- tunnel source FastEthernet0/0.101
- tunnel destination 195.209.116.10
- tunnel key 701
- tunnel path-mtu-discovery
- !
- interface Tunnel1
- description #56_BEELINE
- bandwidth 2000
- bandwidth qos-reference 2000
- ip address 10.254.56.80 255.255.254.0
- ip mtu 1400
- ip flow monitor NETFLOW-MONITOR input
- ip nhrp authentication infonet
- ip nhrp group 2M_HUB2
- ip nhrp network-id 60
- ip nhrp holdtime 600
- ip nhrp nhs 10.254.56.1 nbma 195.209.117.10
- ip tcp adjust-mss 1360
- qos pre-classify
- tunnel source FastEthernet0/0.102
- tunnel destination 195.209.117.10
- tunnel key 601
- tunnel path-mtu-discovery
- !
- interface FastEthernet0/0
- mac-address 0012.7fed.da60
- no ip address
- duplex auto
- speed auto
- no cdp enable
- !
- interface FastEthernet0/0.101
- description UP1_BIZNESKOM
- bandwidth 15000
- bandwidth qos-reference 15000
- encapsulation dot1Q 101
- ip address 178.57.109.34 255.255.255.252
- ip access-group DENY_DNS in
- no ip redirects
- no ip proxy-arp
- ip nat outside
- ip virtual-reassembly in
- ntp disable
- no cdp enable
- service-policy output QOS-SHAPE-OUT
- !
- interface FastEthernet0/0.102
- description UP2_BEELINE
- bandwidth 2000
- bandwidth qos-reference 2000
- encapsulation dot1Q 102
- ip address 195.190.107.122 255.255.255.252
- ip access-group DENY_DNS in
- no ip redirects
- ip flow monitor NETFLOW-MONITOR input
- ip nat outside
- no ip virtual-reassembly in
- ntp disable
- no cdp enable
- service-policy output QOS-SHAPE-OUT
- !
- interface FastEthernet0/1
- no ip address
- duplex auto
- speed auto
- no cdp enable
- !
- interface FastEthernet0/1.203
- description OF_USERS
- encapsulation dot1Q 203
- ip address 10.134.1.1 255.255.255.0
- no ip proxy-arp
- ip flow monitor NETFLOW-MONITOR input
- ip nat inside
- no ip virtual-reassembly in
- no cdp enable
- service-policy input QOS-MARK-IN
- !
- interface FastEthernet0/1.204
- description OF_VOIP
- encapsulation dot1Q 204
- ip address 10.134.2.1 255.255.255.0
- no ip proxy-arp
- ip flow monitor NETFLOW-MONITOR input
- no cdp enable
- service-policy input QOS-MARK-IN
- !
- interface FastEthernet0/1.205
- description DEVICE
- encapsulation dot1Q 205
- ip address 192.168.1.1 255.255.255.0 secondary
- ip address 10.134.3.1 255.255.255.0
- no ip proxy-arp
- ip flow monitor NETFLOW-MONITOR input
- no cdp enable
- service-policy input QOS-MARK-IN
- !
- interface FastEthernet0/1.206
- description WIFI_DRIVERS
- encapsulation dot1Q 206
- ip address 10.134.4.1 255.255.255.0
- ip access-group WIFI_ACCESS in
- no ip proxy-arp
- ip flow monitor NETFLOW-MONITOR input
- ip nat inside
- ip virtual-reassembly in
- no cdp enable
- service-policy input WIFI
- service-policy output WIFI
- !
- router bgp 57503
- bgp log-neighbor-changes
- network 10.134.1.0 mask 255.255.255.0
- network 10.134.2.0 mask 255.255.255.0
- network 10.134.3.0 mask 255.255.255.0
- network 10.134.4.0 mask 255.255.255.0
- neighbor 10.254.48.1 remote-as 57503
- neighbor 10.254.48.1 description TUNNEL0
- neighbor 10.254.48.1 next-hop-self
- neighbor 10.254.48.1 send-community both
- neighbor 10.254.48.1 soft-reconfiguration inbound
- neighbor 10.254.48.1 prefix-list REG_OUT out
- neighbor 10.254.48.1 route-map LOCALPREF120 in
- neighbor 10.254.48.1 route-map SETCOMM120 out
- neighbor 10.254.56.1 remote-as 57503
- neighbor 10.254.56.1 description TUNNEL1
- neighbor 10.254.56.1 next-hop-self
- neighbor 10.254.56.1 send-community both
- neighbor 10.254.56.1 soft-reconfiguration inbound
- neighbor 10.254.56.1 prefix-list REG_OUT out
- !
- ip forward-protocol nd
- no ip http server
- no ip http secure-server
- !
- ip bgp-community new-format
- !
- ip nat inside source list NAT interface FastEthernet0/0.101 overload
- ip nat inside source list WIFI_NAT interface FastEthernet0/0.101 overload
- ip route 0.0.0.0 0.0.0.0 178.57.109.33
- ip route 8.8.8.8 255.255.255.255 195.190.107.121
- ip route 195.209.117.10 255.255.255.255 195.190.107.121
- !
- ip access-list extended DENY_ALL_WIFI
- deny tcp host 10.134.4.101 eq www any
- deny ip any host 10.134.4.101
- deny tcp any any eq www
- deny tcp any any eq domain
- deny udp any any eq domain
- permit ip any any
- ip access-list extended DENY_DNS
- deny udp any any eq domain
- deny tcp any any eq domain
- permit ip any any
- ip access-list extended LOCAL_WEB
- permit tcp any 10.0.0.0 0.255.255.255 eq www
- permit tcp any 10.0.0.0 0.255.255.255 eq 443
- ip access-list extended NAT
- permit ip host 10.134.1.107 any
- ip access-list extended TECHNOGRAM
- permit tcp any any eq 11235
- ip access-list extended WIFI_ACCESS
- permit icmp any any
- permit tcp any any eq domain
- permit udp any any eq domain
- permit tcp host 10.134.4.101 eq www any gt 1024
- permit tcp host 10.134.4.101 eq 8080 any gt 1024
- deny ip any 10.0.0.0 0.255.255.255
- permit tcp any any eq www
- permit tcp any any eq 443
- ip access-list extended WIFI_ACCESS_BAND
- permit tcp host 10.134.4.101 eq www any
- permit ip any host 10.134.4.101
- ip access-list extended WIFI_NAT
- permit ip host 10.134.4.101 any
- !
- !
- ip prefix-list REG_OUT seq 5 permit 10.134.0.0/16 le 24
- kron occurrence SELF_DISCOVERY in 10 recurring
- policy-list SELF_DISCOVERY
- !
- kron policy-list SELF_DISCOVERY
- cli tclsh tftp://10.145.13.89/post-request.tcl
- !
- access-list 31 permit 10.1.5.16
- access-list 31 permit 127.0.0.1
- access-list 31 permit 10.145.0.9
- access-list 31 permit 10.45.17.0 0.0.0.255
- access-list 32 permit 10.1.5.16
- access-list 32 permit 10.145.0.9
- access-list 99 permit 89.237.49.94
- access-list 99 permit 10.0.0.0 0.255.255.255
- access-list 99 permit 195.209.116.0 0.0.1.255
- access-list 99 deny any
- access-list 110 permit tcp any any eq 3389
- access-list 110 permit ip any host 10.145.0.19
- access-list 111 permit tcp any any eq 5060
- access-list 111 permit tcp any eq 5060 any
- access-list 111 permit udp any any eq 5060
- access-list 111 permit udp any eq 5060 any
- access-list 112 permit tcp any range 5900 5906 any
- access-list 112 permit tcp any eq 22 any
- access-list 112 permit ip any 10.145.9.0 0.0.0.255
- access-list 112 permit tcp any eq bgp any
- no cdp run
- !
- !
- !
- !
- route-map SETCOMM120 permit 10
- set community 57503:120
- !
- route-map LOCALPREF120 permit 10
- set local-preference 120
- !
- snmp-server community NfRcBrJvV RO 31
- snmp-server community Ung4ohsi RW 30
- snmp-server ifindex persist
- snmp-server source-interface informs FastEthernet0/1.203
- !
- tacacs server ACS03
- address ipv4 10.45.145.250
- key 7 08314D472E1104121C0C59
- timeout 1
- tacacs server ACS04
- address ipv4 10.45.145.247
- key 7 08314D472E1104121C0C59
- timeout 1
- !
- !
- !
- control-plane
- !
- !
- banner login ^C
- UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
- You must have explicit, authorized permission to access or configure this device.
- Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties.
- All activities performed on this device are logged and monitored
- ^C
- !
- line con 0
- login authentication LOCAL_AUTH
- history size 256
- escape-character 3
- line aux 0
- line vty 0 4
- access-class 99 in
- exec-timeout 30 0
- authorization commands 15 ACS
- length 0
- history size 256
- transport input ssh
- escape-character 3
- line vty 5 15
- access-class 99 in
- exec-timeout 30 0
- privilege level 15
- authorization commands 15 ACS
- history size 256
- transport input ssh
- escape-character 3
- !
- scheduler allocate 20000 1000
- ntp server 10.1.5.3
- ntp server 10.1.5.4
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement