version 15.1 service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname AltVFX_500MB_31.L1XX.004599.TWCC_3617HaydenAve ! boot-start-marker boot system disk2:c7200p-advipservicesk9-mz.151-3.S1.bin boot-end-marker ! logging buffered 20000 no logging console ! aaa new-model ! aaa authentication fail-message ^CCCCCCCCCCCCC****TACACS+************^C aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ none ! aaa session-id common clock timezone PST -8 0 clock summer-time PST recurring ip cef ! ip dhcp excluded-address 10.40.11.254 ! ip dhcp pool LA_Guest_Wifi_DHCP_POOL network 10.40.11.0 255.255.255.0 default-router 10.40.11.254 dns-server 8.8.8.8 8.8.4.4 ! ip dhcp pool HPBX network 10.40.15.0 255.255.255.0 domain-name voip.tierzero.net default-router 10.40.15.1 dns-server 216.116.96.2 216.116.96.3 option 66 ascii "http://config:BYN93FV4Awxwie@ndp.tierzero.net/cfg/" ! ip domain name auto ip name-server 216.116.96.2 ip name-server 216.116.96.3 no ipv6 cef ! multilink bundle-name authenticated ! username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ. ! class-map match-any VOIP match access-group 110 class-map match-all BANDWIDTH match any ! policy-map VOIP-POLICE class VOIP priority percent 33 class class-default fair-queue random-detect dscp-based random-detect ecn policy-map BANDWIDTH_500MB class BANDWIDTH shape average 500000000 queue-limit 62500 bytes service-policy VOIP-POLICE class class-default fair-queue random-detect dscp-based random-detect ecn policy-map BANDWIDTH_500MB2 class BANDWIDTH shape peak 500000000 queue-limit 62500 bytes service-policy VOIP-POLICE class class-default fair-queue random-detect dscp-based random-detect ecn ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 lifetime 3600 crypto isakmp key areallylonGKEythatcANNotbegueSSed address 203.153.16.193 crypto isakmp keepalive 10 10 ! crypto ipsec transform-set LABNESET esp-aes 256 esp-sha-hmac ! crypto ipsec profile LABNE_PROFILE set transform-set LABNESET ! crypto map ALTCRYPTO 20 ipsec-isakmp set peer 203.153.16.193 set transform-set LABNESET set pfs group2 match address ALTBNE_ACL ! interface GigabitEthernet0/1 description AltVFX=31.L1XX.004599.TWCC ip address 216.31.136.230 255.255.255.252 ip nat outside load-interval 30 media-type rj45 speed auto duplex full no negotiation auto crypto map ALTCRYPTO service-policy output VOIP-POLICE ! interface FastEthernet0/2 no ip address shutdown speed auto duplex auto ! interface GigabitEthernet0/2 description CustomerLAN ip address 64.239.131.10 255.255.255.248 ip nat outside load-interval 30 media-type rj45 speed auto duplex auto no negotiation auto service-policy output VOIP-POLICE ! interface GigabitEthernet0/2.11 encapsulation dot1Q 11 ip address 10.40.11.254 255.255.255.0 ip nat inside ! interface GigabitEthernet0/2.1720 encapsulation dot1Q 1720 ip address 172.20.0.254 255.255.255.0 ip nat inside ! interface GigabitEthernet0/3 no ip address ip nat inside load-interval 30 media-type rj45 speed auto duplex auto no negotiation auto service-policy output VOIP-POLICE ! interface GigabitEthernet0/3.1 description HPBX encapsulation dot1Q 1159 ip address 10.40.15.1 255.255.255.0 ip nat inside ! ip nat translation timeout 300 ip nat translation tcp-timeout 300 ip nat translation udp-timeout 90 ip nat inside source list NAT interface GigabitEthernet0/2 overload ip nat inside source static tcp 10.40.10.15 8000 64.239.131.10 8000 extendable ip nat inside source static tcp 10.40.10.4 49221 64.239.131.10 49221 extendable ip nat inside source static tcp 10.40.16.20 80 64.239.131.11 80 extendable ip nat inside source static tcp 10.40.16.20 443 64.239.131.11 443 extendable ip nat inside source static udp 10.40.10.15 8000 64.239.131.10 8000 extendable ip nat inside source static udp 10.40.10.4 49221 64.239.131.10 49221 extendable ip forward-protocol nd ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 216.31.136.229 ip route 10.40.10.0 255.255.255.0 172.20.0.1 ip route 10.40.10.15 255.255.255.255 Null0 ip route 10.40.13.0 255.255.255.0 172.20.0.1 ip route 10.40.14.0 255.255.255.0 172.20.0.1 ip route 10.40.16.0 255.255.255.0 172.20.0.1 ! ip access-list extended ALTBNE_ACL permit ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255 ip access-list extended ALTSYD_ACL permit ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 ip access-list extended GUEST_BLOCK deny ip 10.40.11.0 0.0.0.255 10.40.0.0 0.0.255.255 permit ip any any ip access-list extended NAT deny ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 permit ip 10.40.16.0 0.0.0.255 any permit ip 10.40.0.0 0.0.255.255 any permit ip 10.40.15.0 0.0.0.255 any deny ip 10.40.10.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip 10.40.10.0 0.0.0.255 any ip access-list extended SAMSUNG_NAT permit ip 10.40.16.0 0.0.0.255 host 203.254.223.17 permit ip 10.40.16.0 0.0.0.255 host 203.254.223.85 permit ip 10.40.16.0 0.0.0.255 host 203.153.16.193 ! access-list 1 permit 10.10.10.0 0.0.0.255 access-list 25 permit 64.239.128.0 0.0.63.255 access-list 25 permit 66.6.208.0 0.0.15.255 access-list 25 permit 72.18.0.0 0.0.31.255 access-list 25 permit 208.179.0.0 0.0.255.255 access-list 25 permit 216.31.128.0 0.0.63.255 access-list 25 permit 216.116.96.0 0.0.31.255 access-list 25 deny any access-list 110 permit ip any host 64.239.185.8 access-list 110 permit ip any host 64.239.185.9 access-list 110 permit ip any host 64.239.185.5 access-list 110 permit ip any host 64.239.188.8 access-list 110 permit ip any host 64.239.188.9 ! snmp-server engineID local 0000000902000050547D0984 snmp-server community tierzero RO ! tacacs-server host 216.116.96.47 tacacs-server timeout 10 tacacs-server directed-request tacacs-server key 7 01040E554F58165F2F5501 ! control-plane ! banner motd ^CCCCCCCCCCCCCC ************************************************************* Tierzero: Unauthorized access to this device or the attached networks is prohibited without express written permission. Violators may be prosecuted to the fullest extent of the law. Phone: 213-784-1400 option 1 Email: [tac@tierzero.net] *********TACACS+************************* ^C ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class 25 in transport input all line vty 5 15 access-class 25 in transport input all ! ntp server 204.152.184.72 ntp server 216.31.128.192 ntp server 216.116.96.3 end