!RANCID-CONTENT-TYPE: cisco-clean ! ! ! ! ! No l4r_shim subsystem is included in this platform. version 15.2 service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers no platform punt-keepalive disable-kernel-core ! hostname AllanCompany_100MB_FirelineCircuitID3280_1404WHoltSt ! boot-start-marker boot-end-marker ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 50000 informational logging persistent url flash:/syslog1 size 10485760 filesize 40000 immediate no logging console ! aaa new-model ! aaa authentication fail-message ^CCCCCCCCCCC****TACACS+************^C aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ none ! aaa session-id common clock timezone PST -8 0 clock summer-time PST recurring ! ip domain name auto ip name-server 216.116.96.2 ip name-server 216.116.96.3 ip name-server 64.239.184.125 ip dhcp excluded-address 10.111.0.0 10.111.5.0 ip dhcp excluded-address 10.111.5.255 10.111.31.255 ! ip dhcp pool DEFAULT network 10.111.0.0 255.255.224.0 default-router 10.111.1.1 domain-name allanco.local dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 ! ip dhcp pool HPBX network 10.10.10.0 255.255.255.0 domain-name voip.tierzero.net default-router 10.10.10.1 dns-server 216.116.96.2 216.116.96.3 option 66 ascii "http://config:uCdh8qBc3Hb@ndp.tierzero.net/cfg/" ! ipv6 multicast rpf use-bgp ! multilink bundle-name authenticated ! archive log config logging enable ! username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ. ! redundancy mode none ! ip tftp source-interface GigabitEthernet0 ip ssh version 2 ! track 1 ip sla 1 reachability delay down 180 ! class-map match-any VOIP match access-group 110 class-map match-all BANDWIDTH match any ! policy-map BANDWIDTH_100MB class VOIP priority level 1 class class-default police rate 100000000 burst 500000 conform-action transmit exceed-action drop policy-map VOIP-POLICE class VOIP priority percent 33 class class-default fair-queue random-detect dscp-based random-detect ecn ! interface Tunnel11 description 1404WHoltStPomona_Peplink_to_FrontierOffnet ip address 172.16.10.54 255.255.255.252 load-interval 30 keepalive 25 50 tunnel source GigabitEthernet0/0/3 tunnel destination 47.181.223.134 ! interface Tunnel23 description 1404W.HoltStreet_To_14620_Joanbridge_Baldwin_Park bandwidth 10000 ip address 172.16.10.98 255.255.255.252 load-interval 30 keepalive 10 5 tunnel source GigabitEthernet0/0/0 tunnel destination 208.179.32.94 ! interface Tunnel111 description ALLANCompany NBS Firewall Unit bandwidth 10000 ip address 10.255.255.7 255.255.255.254 keepalive 10 5 tunnel source GigabitEthernet0/0/0 tunnel destination 208.179.23.10 ! interface GigabitEthernet0/0/0 description AllanCompany=3280 ip address 216.31.157.150 255.255.255.252 ip nat outside ip virtual-reassembly load-interval 30 negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/1 no ip address load-interval 30 negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/1.1 encapsulation dot1Q 1 native ip address 64.239.180.121 255.255.255.252 secondary ip address 208.179.210.153 255.255.255.248 secondary ip address 10.111.1.1 255.255.224.0 ip nat inside ip virtual-reassembly ! interface GigabitEthernet0/0/2 description HPBX no ip address negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/2.1 description HPBX encapsulation dot1Q 1159 ip address 10.10.10.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface GigabitEthernet0/0/3 description Peplink_Failover ip address 166.149.125.157 255.255.255.252 ip nat outside ip virtual-reassembly negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! ip nat translation timeout 300 ip nat translation tcp-timeout 300 ip nat translation udp-timeout 90 no ip nat service sip udp port 5060 ip nat inside source route-map CradlePoint_Circuit interface GigabitEthernet0/0/3 overload ip nat inside source route-map EOFW_Circuit interface GigabitEthernet0/0/0 overload ip nat inside source static 10.111.1.6 208.179.210.156 extendable ip nat inside source static 10.111.1.30 208.179.210.157 ip nat inside source static 10.111.1.100 208.179.210.158 ip nat inside source static tcp 10.10.10.254 22 64.239.180.122 22 extendable ip nat inside source static tcp 10.10.10.254 23 64.239.180.122 23 extendable ip nat inside source static tcp 10.10.10.254 161 64.239.180.122 161 extendable ip nat inside source static tcp 10.111.9.51 80 208.179.210.154 80 extendable ip nat inside source static tcp 10.111.9.51 4000 208.179.210.154 4000 extendable ip nat inside source static tcp 10.111.9.51 4002 208.179.210.154 4002 extendable ip nat inside source static tcp 10.111.9.52 80 208.179.210.155 80 extendable ip nat inside source static udp 10.10.10.254 161 64.239.180.122 161 extendable ip forward-protocol nd ! ip flow-export source GigabitEthernet0/0/0 ip flow-export destination 216.116.96.72 2055 no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 216.31.157.149 track 1 ip route 0.0.0.0 0.0.0.0 166.149.125.158 250 name Failover ip route 10.100.0.0 255.255.0.0 Tunnel23 ip route 10.100.0.0 255.255.0.0 Tunnel11 250 name JB_FrontierOffnet ip route 208.179.23.10 255.255.255.255 216.31.157.149 ! ip access-list extended NAT permit ip 10.10.10.0 0.0.0.255 any permit ip 10.111.0.0 0.0.31.255 any permit ip 10.111.32.0 0.0.31.255 any deny ip any any ! ip sla 1 icmp-echo 216.31.157.149 source-ip 216.31.157.150 timeout 60000 threshold 60000 ip sla schedule 1 life forever start-time now ip sla logging traps access-list 25 permit 23.241.22.188 access-list 25 permit 64.239.128.0 0.0.63.255 access-list 25 permit 66.6.208.0 0.0.15.255 access-list 25 permit 72.18.0.0 0.0.31.255 access-list 25 permit 208.179.0.0 0.0.255.255 access-list 25 permit 216.31.128.0 0.0.63.255 access-list 25 permit 216.116.96.0 0.0.31.255 access-list 25 deny any access-list 110 permit ip any host 64.239.185.8 access-list 110 permit ip any host 64.239.185.9 access-list 110 permit ip any host 64.239.185.5 access-list 110 permit ip any host 64.239.188.8 access-list 110 permit ip any host 64.239.188.9 ! route-map CradlePoint_Circuit permit 10 match ip address NAT match interface GigabitEthernet0/0/3 ! route-map EOFW_Circuit permit 10 match ip address NAT match interface GigabitEthernet0/0/0 ! snmp-server engineID local 0000000902000050547D0984 snmp-server community tierzero RO ! tacacs-server host 216.116.96.47 tacacs-server timeout 10 tacacs-server directed-request tacacs-server key 7 01040E554F58165F2F5501 ! control-plane ! banner motd ^CCCCCCCCCCCC ************************************************************* Tierzero: Unauthorized access to this device or the attached networks is prohibited without express written permission. Violators may be prosecuted to the fullest extent of the law. Phone: 213-784-1400 option 1 Email: [tac@tierzero.net] *********TACACS+************************* ^C ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class 25 in transport input all line vty 5 15 access-class 25 in transport input all ! ntp server 204.152.184.72 ntp server 216.31.128.192 ntp server 216.116.96.3 ! end