!RANCID-CONTENT-TYPE: cisco-clean
!
!
!
!
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname AllanCompany_10MB_13.KQGN.617701.PT_2540S.MainSt
!
boot-start-marker
boot-end-marker
!
logging buffered 20000
logging persistent url flash:/syslog1 size 10485760 filesize 40000
no logging console
!
aaa new-model
!
aaa authentication fail-message ^CCCCCCCCCCC****TACACS+************^C
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ none
!
aaa session-id common
!
no process cpu autoprofile hog
memory-size iomem 10
clock timezone PST -8 0
clock summer-time PST recurring
!
crypto pki token default removal timeout 0
!
dot11 syslog
ip source-route
!
ip cef
!
ip dhcp pool HPBX
 network 10.10.10.0 255.255.255.0
 domain-name voip.tierzero.net
 default-router 10.10.10.1 
 dns-server 216.116.96.2 216.116.96.3 
 option 66 ascii "http://config:uCdh8qBc3Hb@ndp.tierzero.net/cfg/"
!
ip dhcp pool DEFAULT
 network 10.101.0.0 255.255.224.0
 domain-name allanco.local
 default-router 10.101.1.1 
 dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 
 lease 0 8
!
ip dhcp pool computer1
 host 10.101.13.4 255.255.224.0
 hardware-address 3417.ebbc.8be9
 default-router 10.101.1.1 
 dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 
!
ip dhcp pool computer2
 host 10.101.13.7 255.255.224.0
 hardware-address 90b1.1c63.4cc4
 default-router 10.101.1.1 
 dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 
!
ip dhcp pool Camera
 host 10.101.0.59 255.255.224.0
 hardware-address 70b3.d526.1aff
 default-router 10.101.1.1 
 dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 
!
ip domain name auto
ip name-server 216.116.96.2
ip name-server 216.116.96.3
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
license udi pid CISCO2851 sn FTX1448AKC2
archive
 log config
  logging enable
  logging persistent auto
username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ.
!
redundancy
!
ip ssh version 2
!
track 1 ip sla 1 reachability
 delay down 180
!
class-map match-any VOIP
 match access-group 110
class-map match-all BANDWIDTH
 match any 
!
policy-map VOIP-POLICE
 class VOIP
  priority percent 33
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
policy-map BANDWIDTH_10MB
 class BANDWIDTH
  shape average 10000000
  queue-limit 62500 bytes
  service-policy VOIP-POLICE
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
!
interface Tunnel4
 description description 2540_S_Main_Street_Santa_Ana_CradlePoint_to_JB_FrontierOffnet
 ip address 172.16.10.26 255.255.255.252
 keepalive 25 50
 tunnel source FastEthernet1/0
 tunnel destination 47.181.223.134
!
interface Tunnel5
 description 2540_S_Main_Street_Santa_Ana_Location_To__14620_Joanbridge_Baldwin_Park
 ip address 172.16.10.30 255.255.255.252
 keepalive 25 50
 tunnel source GigabitEthernet0/0.1
 tunnel destination 208.179.32.94
!
interface Tunnel128
 description ALLANCompany NBS Firewall Unit
 bandwidth 10000
 ip address 10.255.255.27 255.255.255.254
 keepalive 10 5
 tunnel source GigabitEthernet0/0.1
 tunnel destination 208.179.23.10
!
interface GigabitEthernet0/0
 description AllanCompany=13KQGN617722PT
 no ip address
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 load-interval 30
 duplex full
 speed 100
 no cdp enable
 service-policy output BANDWIDTH_10MB
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 2564
 ip address 216.31.138.26 255.255.255.252
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 no cdp enable
!
interface GigabitEthernet0/1
 ip address 64.239.145.129 255.255.255.248 secondary
 ip address 208.179.211.121 255.255.255.248 secondary
 ip address 208.179.41.33 255.255.255.248
 ip flow ingress
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
 service-policy output BANDWIDTH_10MB
!
interface GigabitEthernet0/1.1
 description CustomerLAN
 encapsulation dot1Q 1 native
 ip address 10.101.1.1 255.255.224.0
 ip access-group 194 in
 ip access-group 194 out
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 no cdp enable
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 10.101.33.1 255.255.224.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 no cdp enable
!
interface GigabitEthernet0/1.3
 description HPBX
 encapsulation dot1Q 1159
 ip address 10.10.10.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 no cdp enable
!
interface FastEthernet1/0
 description CradlePoint_Failover
 ip address 166.253.33.69 255.255.255.0
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 duplex full
 speed 100
 no cdp enable
 service-policy output BANDWIDTH_10MB
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip flow-export source GigabitEthernet0/0
ip flow-export version 5
ip flow-export destination 216.116.96.71 2055
!
ip nat translation timeout 300
ip nat translation tcp-timeout 300
ip nat translation udp-timeout 90
no ip nat service sip udp port 5060
ip nat inside source route-map CradlePoint_Circuit interface FastEthernet1/0 overload
ip nat inside source route-map EOC_Circuit interface GigabitEthernet0/0 overload
ip nat inside source route-map FIBER interface GigabitEthernet0/0.1 overload
ip nat inside source static tcp 10.10.10.253 22 64.239.145.129 22 extendable
ip nat inside source static tcp 10.10.10.253 23 64.239.145.129 23 extendable
ip nat inside source static tcp 10.10.10.254 161 64.239.145.129 161 extendable
ip nat inside source static tcp 10.10.10.254 22 64.239.145.130 22 extendable
ip nat inside source static tcp 10.10.10.254 23 64.239.145.130 23 extendable
ip nat inside source static tcp 10.10.10.254 161 64.239.145.130 161 extendable
ip nat inside source static tcp 10.101.0.59 80 64.239.145.131 80 extendable
ip nat inside source static tcp 10.101.0.59 9000 64.239.145.131 9000 extendable
ip nat inside source static tcp 10.101.2.5 80 208.179.211.122 8000 extendable
ip nat inside source static tcp 10.101.5.61 25 216.31.144.198 25 extendable
ip nat inside source static tcp 10.101.5.61 29 216.31.144.198 29 extendable
ip nat inside source static tcp 10.101.5.61 30 216.31.144.198 30 extendable
ip nat inside source static tcp 10.101.5.61 31 216.31.144.198 31 extendable
ip nat inside source static tcp 10.101.5.7 125 216.31.144.198 125 extendable
ip nat inside source static udp 10.10.10.253 161 64.239.145.129 161 extendable
ip nat inside source static udp 10.10.10.254 161 64.239.145.130 161 extendable
ip route 0.0.0.0 0.0.0.0 216.31.138.25 track 1
ip route 0.0.0.0 0.0.0.0 166.253.33.70 250 name CradlePoint_Failover
ip route 10.100.0.0 255.255.0.0 Tunnel5
ip route 10.100.0.0 255.255.0.0 Tunnel4 250 name JB_FrontierOffnet
!
ip access-list extended NAT
 permit ip 10.10.10.0 0.0.0.255 any
 permit ip 10.101.0.0 0.0.31.255 any
 permit ip 10.101.32.0 0.0.31.255 any
 deny   ip any any
!
ip sla 1
 icmp-echo 216.31.138.25 source-ip 216.31.138.26
 timeout 30000
 threshold 30000
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 216.31.138.25
 frequency 30
 timeout 30000
 threshold 30000
 history enhanced interval 60 buckets 100
ip sla schedule 2 life forever start-time now
ip sla reaction-configuration 2 react rtt threshold-value 100 60 threshold-type immediate action-type trapOnly
ip sla logging traps
access-list 25 permit 64.239.128.0 0.0.63.255
access-list 25 permit 66.6.208.0 0.0.15.255
access-list 25 permit 72.18.0.0 0.0.31.255
access-list 25 permit 208.179.0.0 0.0.255.255
access-list 25 permit 216.31.128.0 0.0.63.255
access-list 25 permit 216.116.96.0 0.0.31.255
access-list 25 deny   any
access-list 110 permit ip any host 64.239.185.8
access-list 110 permit ip any host 64.239.185.9
access-list 110 permit ip any host 64.239.185.5
access-list 110 permit ip any host 64.239.188.8
access-list 110 permit ip any host 64.239.188.9
access-list 197 permit icmp host 10.10.10.10 host 20.20.20.20
access-list 198 permit icmp host 10.10.10.10 host 20.20.20.20
access-list 199 permit icmp host 10.10.10.10 host 20.20.20.20
no cdp run
!
route-map CradlePoint_Circuit permit 10
 match ip address NAT
 match interface FastEthernet1/0
!
route-map EOC_Circuit permit 10
 match ip address NAT
 match interface GigabitEthernet0/0
!
route-map FIBER permit 10
 match ip address NAT
 match interface GigabitEthernet0/0.1
!
snmp-server engineID local 0000000902000050547D0984
snmp-server community tierzero RO
snmp-server enable traps ipsla
snmp-server host 216.116.96.71 version 2c tierzero 
!
tacacs-server host 216.116.96.47
tacacs-server timeout 10
tacacs-server directed-request
tacacs-server key 7 01040E554F58165F2F5501
!
control-plane
!
mgcp profile default
!
banner motd ^CCCCCCCCCCCC
*************************************************************
Tierzero:
Unauthorized access to this device or the attached
networks is prohibited without express written permission.
Violators may be prosecuted to the fullest extent of the law.
Phone: 213-784-1400 option 1
Email: [tac@tierzero.net]
*********TACACS+*************************
^C
!
line con 0
line aux 0
line vty 0 4
 access-class 25 in
 transport input all
line vty 5 15
 access-class 25 in
 transport input all
!
scheduler allocate 20000 1000
ntp server 204.152.184.72
ntp server 216.31.128.192
ntp server 216.116.96.3
end