!RANCID-CONTENT-TYPE: cisco-clean ! ! ! ! ! version 15.4 service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers no platform punt-keepalive disable-kernel-core ! hostname AllanCompany_100MB_19KRGN537292PT_6733ConsolidatedWay ! boot-start-marker boot-end-marker ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 50000 informational logging persistent url flash:/syslog1 size 10485760 filesize 40000 immediate no logging console ! aaa new-model ! aaa authentication fail-message ^CCCCCCCCCC****TACACS+************^C aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ none ! aaa session-id common clock timezone PST -8 0 clock summer-time PST recurring ! ip domain name auto ip name-server 216.116.96.2 ip name-server 216.116.96.3 ip name-server 64.239.184.125 ip dhcp excluded-address 10.109.5.255 10.109.255.254 ip dhcp excluded-address 10.109.0.1 10.109.5.1 ip dhcp ping timeout 200 ! ip dhcp pool default network 10.109.0.0 255.255.0.0 default-router 10.109.1.1 domain-name allanco.local dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 lease 0 4 ! ip dhcp pool HPBX network 10.10.10.0 255.255.255.0 domain-name voip.tierzero.net default-router 10.10.10.1 dns-server 216.116.96.2 216.116.96.3 option 66 ascii "http://config:uCdh8qBc3Hb@ndp.tierzero.net/cfg/" ! subscriber templating ! multilink bundle-name authenticated ! license udi pid ASR1001 sn JAE19020223 archive log config logging enable spanning-tree extend system-id ! username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ. ! redundancy mode none ! track 1 ip sla 1 reachability delay down 180 ! ip tftp source-interface GigabitEthernet0 ip ssh version 2 ! class-map match-any VOIP match access-group 110 class-map match-all BANDWIDTH match any ! policy-map BANDWIDTH_100MB class VOIP priority level 1 class class-default police rate 100000000 burst 500000 conform-action transmit exceed-action drop policy-map VOIP-POLICE class VOIP priority percent 33 class class-default fair-queue random-detect dscp-based random-detect ecn ! interface Tunnel14 description 6733ConsolidatedWay_CradlePoint_to JB_FrontierOffnet ip address 172.16.10.66 255.255.255.252 keepalive 25 50 tunnel source GigabitEthernet0/0/3 tunnel destination 47.181.223.134 ! interface Tunnel25 description 6733ConsolidatedWay_To_14620_Joanbridge_Baldwin_Park bandwidth 100000 ip address 172.16.10.106 255.255.255.252 keepalive 10 5 tunnel source GigabitEthernet0/0/0.1 tunnel destination 208.179.32.94 ! interface Tunnel126 description ALLANCompany NBS Firewall Unit bandwidth 100000 ip address 10.255.255.23 255.255.255.254 keepalive 10 5 tunnel source GigabitEthernet0/0/0.1 tunnel destination 208.179.23.10 ! interface GigabitEthernet0/0/0 description AllanCompany=19KRGN537292PT no ip address load-interval 30 negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/0.1 encapsulation dot1Q 2565 ip address 216.31.138.42 255.255.255.252 ip nat outside ! interface GigabitEthernet0/0/1 description CustomerLAN ip address 208.179.23.153 255.255.255.252 secondary ip address 10.109.1.1 255.255.0.0 ip nat inside negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/2 description HPBX no ip address negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/2.1 description HPBX encapsulation dot1Q 1159 ip address 10.10.10.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/0/3 description Peplink_Failover ip address 63.46.214.114 255.255.255.252 ip nat outside speed 100 no negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! ip nat translation timeout 300 ip nat translation tcp-timeout 300 ip nat translation udp-timeout 90 no ip nat service sip udp port 5060 ip nat inside source route-map CradlePoint_Circuit interface GigabitEthernet0/0/3 overload ip nat inside source route-map FIBER interface GigabitEthernet0/0/0.1 overload ip nat inside source static 10.109.9.51 208.179.19.154 extendable ip forward-protocol nd ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 216.31.138.41 track 1 ip route 0.0.0.0 0.0.0.0 63.46.214.113 250 name Peplink_Failover ip route 10.100.0.0 255.255.0.0 Tunnel25 ip route 10.100.0.0 255.255.0.0 Tunnel14 250 name JB_FrontierOffnet ip route 208.179.23.10 255.255.255.255 216.31.138.41 ! ip access-list extended NAT permit ip 10.10.10.0 0.0.0.255 any permit ip 10.109.0.0 0.0.255.255 any deny ip any any ! ip sla 1 icmp-echo 216.31.138.41 source-ip 216.31.138.42 timeout 60000 threshold 60000 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 216.31.138.237 frequency 30 timeout 30000 threshold 30000 history enhanced interval 60 buckets 100 ip sla schedule 2 life forever start-time now ip sla reaction-configuration 2 react rtt threshold-value 100 60 threshold-type immediate action-type trapOnly ip sla logging traps access-list 25 permit 23.241.22.188 access-list 25 permit 64.239.128.0 0.0.63.255 access-list 25 permit 66.6.208.0 0.0.15.255 access-list 25 permit 72.18.0.0 0.0.31.255 access-list 25 permit 208.179.0.0 0.0.255.255 access-list 25 permit 216.31.128.0 0.0.63.255 access-list 25 permit 216.116.96.0 0.0.31.255 access-list 25 deny any access-list 110 permit ip any host 64.239.185.8 access-list 110 permit ip any host 64.239.185.9 access-list 110 permit ip any host 64.239.185.5 access-list 110 permit ip any host 64.239.188.8 access-list 110 permit ip any host 64.239.188.9 ! route-map CradlePoint_Circuit permit 10 match ip address NAT match interface GigabitEthernet0/0/3 ! route-map FIBER permit 10 match ip address NAT match interface GigabitEthernet0/0/0.1 ! snmp-server engineID local 0000000902000050547D0984 snmp-server community tierzero RO ! tacacs-server host 216.116.96.47 tacacs-server timeout 10 tacacs-server directed-request tacacs-server key 7 01040E554F58165F2F5501 ! control-plane ! ! ! ! ! ! banner motd ^CCCCCCCCCCC ************************************************************* Tierzero: Unauthorized access to this device or the attached networks is prohibited without express written permission. Violators may be prosecuted to the fullest extent of the law. Phone: 213-784-1400 option 1 Email: [tac@tierzero.net] *********TACACS+************************* ^C ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class 25 in transport input all line vty 5 15 access-class 25 in transport input all ! ntp server 204.152.184.72 ntp server 216.31.128.192 ntp server 216.116.96.3 ! end