devices/configs/216.31.136.230

!RANCID-CONTENT-TYPE: cisco-clean
!
!
!
!
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname AltVFX_500MB_31.L1XX.004599.TWCC_3617HaydenAve
!
boot-start-marker
boot system disk2:c7200p-advipservicesk9-mz.151-3.S1.bin
boot-end-marker
!
logging buffered 20000
no logging console
!
aaa new-model
!
aaa authentication fail-message ^CCCCCCCCCCCCC****TACACS+************^C
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ none
!
aaa session-id common
clock timezone PST -8 0
clock summer-time PST recurring
ip cef
!
ip dhcp excluded-address 10.40.11.254
!
ip dhcp pool LA_Guest_Wifi_DHCP_POOL
 network 10.40.11.0 255.255.255.0
 default-router 10.40.11.254 
 dns-server 8.8.8.8 8.8.4.4 
!
ip dhcp pool HPBX
 network 10.40.15.0 255.255.255.0
 domain-name voip.tierzero.net
 default-router 10.40.15.1 
 dns-server 216.116.96.2 216.116.96.3 
 option 66 ascii "http://config:BYN93FV4Awxwie@ndp.tierzero.net/cfg/"
!
ip domain name auto
ip name-server 216.116.96.2
ip name-server 216.116.96.3
no ipv6 cef
!
multilink bundle-name authenticated
!
username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ.
!
class-map match-any VOIP
 match access-group 110
class-map match-all BANDWIDTH
 match any 
!
policy-map VOIP-POLICE
 class VOIP
  priority percent 33
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
policy-map BANDWIDTH_500MB
 class BANDWIDTH
  shape average 500000000
  queue-limit 62500 bytes
  service-policy VOIP-POLICE
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
policy-map BANDWIDTH_500MB2
 class BANDWIDTH
  shape peak 500000000
  queue-limit 62500 bytes
  service-policy VOIP-POLICE
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key areallylonGKEythatcANNotbegueSSed address 203.153.16.193
crypto isakmp keepalive 10 10
!
crypto ipsec transform-set LABNESET esp-aes 256 esp-sha-hmac 
!
crypto ipsec profile LABNE_PROFILE
 set transform-set LABNESET 
!
crypto map ALTCRYPTO 20 ipsec-isakmp 
 set peer 203.153.16.193
 set transform-set LABNESET 
 set pfs group2
 match address ALTBNE_ACL
!
interface GigabitEthernet0/1
 description AltVFX=31.L1XX.004599.TWCC
 ip address 216.31.136.230 255.255.255.252
 ip nat outside
 load-interval 30
 media-type rj45
 speed auto
 duplex full
 no negotiation auto
 crypto map ALTCRYPTO
 service-policy output VOIP-POLICE
!
interface FastEthernet0/2
 no ip address
 shutdown
 speed auto
 duplex auto
!
interface GigabitEthernet0/2
 description CustomerLAN
 ip address 64.239.131.10 255.255.255.248
 ip nat outside
 load-interval 30
 media-type rj45
 speed auto
 duplex auto
 no negotiation auto
 service-policy output VOIP-POLICE
!
interface GigabitEthernet0/2.11
 encapsulation dot1Q 11
 ip address 10.40.11.254 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2.1720
 encapsulation dot1Q 1720
 ip address 172.20.0.254 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/3
 no ip address
 ip nat inside
 load-interval 30
 media-type rj45
 speed auto
 duplex auto
 no negotiation auto
 service-policy output VOIP-POLICE
!
interface GigabitEthernet0/3.1
 description HPBX
 encapsulation dot1Q 1159
 ip address 10.40.15.1 255.255.255.0
 ip nat inside
!
ip nat translation timeout 300
ip nat translation tcp-timeout 300
ip nat translation udp-timeout 90
ip nat inside source list NAT interface GigabitEthernet0/2 overload
ip nat inside source static tcp 10.40.10.15 8000 64.239.131.10 8000 extendable
ip nat inside source static tcp 10.40.10.4 49221 64.239.131.10 49221 extendable
ip nat inside source static tcp 10.40.16.20 80 64.239.131.11 80 extendable
ip nat inside source static tcp 10.40.16.20 443 64.239.131.11 443 extendable
ip nat inside source static udp 10.40.10.15 8000 64.239.131.10 8000 extendable
ip nat inside source static udp 10.40.10.4 49221 64.239.131.10 49221 extendable
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 216.31.136.229
ip route 10.40.10.0 255.255.255.0 172.20.0.1
ip route 10.40.10.15 255.255.255.255 Null0
ip route 10.40.13.0 255.255.255.0 172.20.0.1
ip route 10.40.14.0 255.255.255.0 172.20.0.1
ip route 10.40.16.0 255.255.255.0 172.20.0.1
!
ip access-list extended ALTBNE_ACL
 permit ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255
ip access-list extended ALTSYD_ACL
 permit ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255
ip access-list extended GUEST_BLOCK
 deny   ip 10.40.11.0 0.0.0.255 10.40.0.0 0.0.255.255
 permit ip any any
ip access-list extended NAT
 deny   ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 deny   ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255
 permit ip 10.40.16.0 0.0.0.255 any
 permit ip 10.40.0.0 0.0.255.255 any
 permit ip 10.40.15.0 0.0.0.255 any
 deny   ip 10.40.10.0 0.0.0.255 192.168.0.0 0.0.255.255
 permit ip 10.40.10.0 0.0.0.255 any
ip access-list extended SAMSUNG_NAT
 permit ip 10.40.16.0 0.0.0.255 host 203.254.223.17
 permit ip 10.40.16.0 0.0.0.255 host 203.254.223.85
 permit ip 10.40.16.0 0.0.0.255 host 203.153.16.193
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 25 permit 64.239.128.0 0.0.63.255
access-list 25 permit 66.6.208.0 0.0.15.255
access-list 25 permit 72.18.0.0 0.0.31.255
access-list 25 permit 208.179.0.0 0.0.255.255
access-list 25 permit 216.31.128.0 0.0.63.255
access-list 25 permit 216.116.96.0 0.0.31.255
access-list 25 deny   any
access-list 110 permit ip any host 64.239.185.8
access-list 110 permit ip any host 64.239.185.9
access-list 110 permit ip any host 64.239.185.5
access-list 110 permit ip any host 64.239.188.8
access-list 110 permit ip any host 64.239.188.9
!
snmp-server engineID local 0000000902000050547D0984
snmp-server community tierzero RO
!
tacacs-server host 216.116.96.47
tacacs-server timeout 10
tacacs-server directed-request
tacacs-server key 7 01040E554F58165F2F5501
!
control-plane
!
banner motd ^CCCCCCCCCCCCCC
*************************************************************

Tierzero:
Unauthorized access to this device or the attached
networks is prohibited without express written permission.
Violators may be prosecuted to the fullest extent of the law.
Phone: 213-784-1400 option 1
Email: [tac@tierzero.net]
*********TACACS+*************************
^C
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 25 in
 transport input all
line vty 5 15
 access-class 25 in
 transport input all
!
ntp server 204.152.184.72
ntp server 216.31.128.192
ntp server 216.116.96.3
end
updates 2025-12-08 16:39:58 -08:00			`!RANCID-CONTENT-TYPE: cisco-clean`
			`!`
			`!`
			`!`
			`!`
			`!`
			`version 15.1`
			`service timestamps debug datetime msec`
			`service timestamps log datetime localtime`
			`service password-encryption`
			`!`
			`hostname AltVFX_500MB_31.L1XX.004599.TWCC_3617HaydenAve`
			`!`
			`boot-start-marker`
			`boot system disk2:c7200p-advipservicesk9-mz.151-3.S1.bin`
			`boot-end-marker`
			`!`
			`logging buffered 20000`
			`no logging console`
			`!`
			`aaa new-model`
			`!`
			`aaa authentication fail-message ^CCCCCCCCCCCCC**TACACS+**********^C`
			`aaa authentication login default group tacacs+ local`
			`aaa authentication enable default group tacacs+ none`
			`!`
			`aaa session-id common`
			`clock timezone PST -8 0`
			`clock summer-time PST recurring`
			`ip cef`
			`!`
			`ip dhcp excluded-address 10.40.11.254`
			`!`
			`ip dhcp pool LA_Guest_Wifi_DHCP_POOL`
			`network 10.40.11.0 255.255.255.0`
			`default-router 10.40.11.254`
			`dns-server 8.8.8.8 8.8.4.4`
			`!`
			`ip dhcp pool HPBX`
			`network 10.40.15.0 255.255.255.0`
			`domain-name voip.tierzero.net`
			`default-router 10.40.15.1`
			`dns-server 216.116.96.2 216.116.96.3`
			`option 66 ascii "http://config:BYN93FV4Awxwie@ndp.tierzero.net/cfg/"`
			`!`
			`ip domain name auto`
			`ip name-server 216.116.96.2`
			`ip name-server 216.116.96.3`
			`no ipv6 cef`
			`!`
			`multilink bundle-name authenticated`
			`!`
			`username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ.`
			`!`
			`class-map match-any VOIP`
			`match access-group 110`
			`class-map match-all BANDWIDTH`
			`match any`
			`!`
			`policy-map VOIP-POLICE`
			`class VOIP`
			`priority percent 33`
			`class class-default`
			`fair-queue`
			`random-detect dscp-based`
			`random-detect ecn`
			`policy-map BANDWIDTH_500MB`
			`class BANDWIDTH`
			`shape average 500000000`
			`queue-limit 62500 bytes`
			`service-policy VOIP-POLICE`
			`class class-default`
			`fair-queue`
			`random-detect dscp-based`
			`random-detect ecn`
			`policy-map BANDWIDTH_500MB2`
			`class BANDWIDTH`
			`shape peak 500000000`
			`queue-limit 62500 bytes`
			`service-policy VOIP-POLICE`
			`class class-default`
			`fair-queue`
			`random-detect dscp-based`
			`random-detect ecn`
			`!`
			`crypto isakmp policy 10`
			`encr aes 256`
			`authentication pre-share`
			`group 2`
			`lifetime 3600`
			`crypto isakmp key areallylonGKEythatcANNotbegueSSed address 203.153.16.193`
			`crypto isakmp keepalive 10 10`
			`!`
			`crypto ipsec transform-set LABNESET esp-aes 256 esp-sha-hmac`
			`!`
			`crypto ipsec profile LABNE_PROFILE`
			`set transform-set LABNESET`
			`!`
			`crypto map ALTCRYPTO 20 ipsec-isakmp`
			`set peer 203.153.16.193`
			`set transform-set LABNESET`
			`set pfs group2`
			`match address ALTBNE_ACL`
			`!`
			`interface GigabitEthernet0/1`
			`description AltVFX=31.L1XX.004599.TWCC`
			`ip address 216.31.136.230 255.255.255.252`
			`ip nat outside`
			`load-interval 30`
			`media-type rj45`
			`speed auto`
			`duplex full`
			`no negotiation auto`
			`crypto map ALTCRYPTO`
			`service-policy output VOIP-POLICE`
			`!`
			`interface FastEthernet0/2`
			`no ip address`
			`shutdown`
			`speed auto`
			`duplex auto`
			`!`
			`interface GigabitEthernet0/2`
			`description CustomerLAN`
			`ip address 64.239.131.10 255.255.255.248`
			`ip nat outside`
			`load-interval 30`
			`media-type rj45`
			`speed auto`
			`duplex auto`
			`no negotiation auto`
			`service-policy output VOIP-POLICE`
			`!`
			`interface GigabitEthernet0/2.11`
			`encapsulation dot1Q 11`
			`ip address 10.40.11.254 255.255.255.0`
			`ip nat inside`
			`!`
			`interface GigabitEthernet0/2.1720`
			`encapsulation dot1Q 1720`
			`ip address 172.20.0.254 255.255.255.0`
			`ip nat inside`
			`!`
			`interface GigabitEthernet0/3`
			`no ip address`
			`ip nat inside`
			`load-interval 30`
			`media-type rj45`
			`speed auto`
			`duplex auto`
			`no negotiation auto`
			`service-policy output VOIP-POLICE`
			`!`
			`interface GigabitEthernet0/3.1`
			`description HPBX`
			`encapsulation dot1Q 1159`
			`ip address 10.40.15.1 255.255.255.0`
			`ip nat inside`
			`!`
			`ip nat translation timeout 300`
			`ip nat translation tcp-timeout 300`
			`ip nat translation udp-timeout 90`
			`ip nat inside source list NAT interface GigabitEthernet0/2 overload`
			`ip nat inside source static tcp 10.40.10.15 8000 64.239.131.10 8000 extendable`
			`ip nat inside source static tcp 10.40.10.4 49221 64.239.131.10 49221 extendable`
			`ip nat inside source static tcp 10.40.16.20 80 64.239.131.11 80 extendable`
			`ip nat inside source static tcp 10.40.16.20 443 64.239.131.11 443 extendable`
			`ip nat inside source static udp 10.40.10.15 8000 64.239.131.10 8000 extendable`
			`ip nat inside source static udp 10.40.10.4 49221 64.239.131.10 49221 extendable`
			`ip forward-protocol nd`
			`!`
			`no ip http server`
			`no ip http secure-server`
			`ip route 0.0.0.0 0.0.0.0 216.31.136.229`
			`ip route 10.40.10.0 255.255.255.0 172.20.0.1`
			`ip route 10.40.10.15 255.255.255.255 Null0`
			`ip route 10.40.13.0 255.255.255.0 172.20.0.1`
			`ip route 10.40.14.0 255.255.255.0 172.20.0.1`
			`ip route 10.40.16.0 255.255.255.0 172.20.0.1`
			`!`
			`ip access-list extended ALTBNE_ACL`
			`permit ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255`
			`ip access-list extended ALTSYD_ACL`
			`permit ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255`
			`ip access-list extended GUEST_BLOCK`
			`deny ip 10.40.11.0 0.0.0.255 10.40.0.0 0.0.255.255`
			`permit ip any any`
			`ip access-list extended NAT`
			`deny ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255`
			`deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255`
			`permit ip 10.40.16.0 0.0.0.255 any`
			`permit ip 10.40.0.0 0.0.255.255 any`
			`permit ip 10.40.15.0 0.0.0.255 any`
			`deny ip 10.40.10.0 0.0.0.255 192.168.0.0 0.0.255.255`
			`permit ip 10.40.10.0 0.0.0.255 any`
			`ip access-list extended SAMSUNG_NAT`
			`permit ip 10.40.16.0 0.0.0.255 host 203.254.223.17`
			`permit ip 10.40.16.0 0.0.0.255 host 203.254.223.85`
			`permit ip 10.40.16.0 0.0.0.255 host 203.153.16.193`
			`!`
			`access-list 1 permit 10.10.10.0 0.0.0.255`
			`access-list 25 permit 64.239.128.0 0.0.63.255`
			`access-list 25 permit 66.6.208.0 0.0.15.255`
			`access-list 25 permit 72.18.0.0 0.0.31.255`
			`access-list 25 permit 208.179.0.0 0.0.255.255`
			`access-list 25 permit 216.31.128.0 0.0.63.255`
			`access-list 25 permit 216.116.96.0 0.0.31.255`
			`access-list 25 deny any`
			`access-list 110 permit ip any host 64.239.185.8`
			`access-list 110 permit ip any host 64.239.185.9`
			`access-list 110 permit ip any host 64.239.185.5`
			`access-list 110 permit ip any host 64.239.188.8`
			`access-list 110 permit ip any host 64.239.188.9`
			`!`
			`snmp-server engineID local 0000000902000050547D0984`
			`snmp-server community tierzero RO`
			`!`
			`tacacs-server host 216.116.96.47`
			`tacacs-server timeout 10`
			`tacacs-server directed-request`
			`tacacs-server key 7 01040E554F58165F2F5501`
			`!`
			`control-plane`
			`!`
			`banner motd ^CCCCCCCCCCCCCC`
			`*************************************************************`

			`Tierzero:`
			`Unauthorized access to this device or the attached`
			`networks is prohibited without express written permission.`
			`Violators may be prosecuted to the fullest extent of the law.`
			`Phone: 213-784-1400 option 1`
			`Email: [tac@tierzero.net]`
			`*******TACACS+***********************`
			`^C`
			`!`
			`line con 0`
			`stopbits 1`
			`line aux 0`
			`stopbits 1`
			`line vty 0 4`
			`access-class 25 in`
			`transport input all`
			`line vty 5 15`
			`access-class 25 in`
			`transport input all`
			`!`
			`ntp server 204.152.184.72`
			`ntp server 216.31.128.192`
			`ntp server 216.116.96.3`
			`end`