!RANCID-CONTENT-TYPE: cisco-clean ! ! ! ! ! version 15.2 service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers no platform punt-keepalive disable-kernel-core ! hostname AllanCompany_100MB_13KRGN613764PT_6019S.ManhattanPl ! boot-start-marker boot-end-marker ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 50000 informational logging persistent url flash:/syslog1 size 10485760 filesize 40000 immediate no logging console ! aaa new-model ! aaa authentication fail-message ^CCCCCCCCCCC****TACACS+************^C aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ none ! aaa session-id common clock timezone PST -8 0 clock summer-time PST recurring ! ip domain name auto ip name-server 216.116.96.2 ip name-server 216.116.96.3 ip name-server 64.239.184.125 ip dhcp excluded-address 10.105.0.0 10.105.5.0 ip dhcp excluded-address 10.105.5.101 10.105.255.255 ip dhcp excluded-address 10.105.0.1 10.105.5.1 ! ip dhcp pool DEFAULT network 10.105.0.0 255.255.0.0 domain-name basicfibers.com default-router 10.105.1.1 dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8 ! ipv6 multicast rpf use-bgp ipv6 multicast vrf Mgmt-intf rpf use-bgp ! multilink bundle-name authenticated ! license boot level adventerprise archive log config logging enable ! username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ. ! redundancy mode none ! ip tftp source-interface GigabitEthernet0 ! track 1 ip sla 1 reachability delay down 180 ! class-map match-all BANDWIDTH match any ! policy-map BANDWIDTH_100MB class BANDWIDTH priority level 1 class class-default police rate 100000000 burst 500000 conform-action transmit exceed-action drop ! interface Tunnel21 description 6019SManhattanPlace_To_14620_Joanbridge_Baldwin_Park bandwidth 100000 ip address 172.16.10.90 255.255.255.252 keepalive 10 5 tunnel source GigabitEthernet0/0/0.1 tunnel destination 208.179.32.94 ! interface Tunnel30 description 6019SManhattanPlace_Sierra_Failover_To_JB_FrontierOffnet bandwidth 100000 ip address 172.16.10.126 255.255.255.252 keepalive 25 50 tunnel source GigabitEthernet0/0/2 tunnel destination 47.181.223.134 ! interface Tunnel122 description ALLANCompany NBS Firewall Unit bandwidth 100000 ip address 10.255.255.15 255.255.255.254 keepalive 10 5 tunnel source GigabitEthernet0/0/0.1 tunnel destination 208.179.23.10 ! interface GigabitEthernet0/0/0 description AllanCompany=13KRGN613764PT no ip address load-interval 30 speed 1000 no negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/0.1 encapsulation dot1Q 2559 ip address 216.31.138.238 255.255.255.252 ip nat outside ip flow ingress ! interface GigabitEthernet0/0/1 description CustomerLAN ip address 216.31.143.177 255.255.255.240 secondary ip address 10.105.1.1 255.255.0.0 ip nat inside ip flow ingress negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/2 description Sierra_Failover ip address 166.140.23.107 255.255.255.0 ip nat outside negotiation auto service-policy output BANDWIDTH_100MB ! interface GigabitEthernet0/0/3 no ip address shutdown negotiation auto ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! ip nat inside source route-map FIBER interface GigabitEthernet0/0/0.1 overload ip nat inside source route-map Sierra_Circuit interface GigabitEthernet0/0/2 overload ip nat inside source static tcp 10.105.2.2 3306 216.31.143.178 3306 extendable ip nat inside source static tcp 10.105.2.2 4001 216.31.143.178 4001 extendable ip nat inside source static tcp 10.105.2.2 4002 216.31.143.178 4002 extendable ip nat inside source static tcp 10.105.2.1 5550 216.31.143.178 5550 extendable ip nat inside source static tcp 10.105.9.100 62000 216.31.143.178 62000 extendable ip nat inside source static tcp 10.105.9.100 62200 216.31.143.178 62200 extendable ip nat inside source static tcp 10.105.2.3 3306 216.31.143.179 3306 extendable ip forward-protocol nd ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 216.31.138.237 track 1 ip route 0.0.0.0 0.0.0.0 166.140.23.1 250 name Sierra_Failover ip route 10.100.0.0 255.255.0.0 Tunnel21 ip route 10.100.0.0 255.255.0.0 Tunnel30 250 name JB_FrontierOffnet ip route 208.179.23.10 255.255.255.255 216.31.138.237 ! ip access-list extended NAT permit ip 10.105.0.0 0.0.255.255 any deny ip any any ! ip sla 1 icmp-echo 216.31.138.237 source-ip 216.31.138.238 timeout 30000 threshold 30000 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 216.31.138.237 frequency 30 timeout 30000 threshold 30000 history enhanced interval 60 buckets 100 ip sla schedule 2 life forever start-time now ip sla reaction-configuration 2 react rtt threshold-value 100 60 threshold-type immediate action-type trapOnly ip sla logging traps access-list 25 permit 64.239.128.0 0.0.63.255 access-list 25 permit 66.6.208.0 0.0.15.255 access-list 25 permit 72.18.0.0 0.0.31.255 access-list 25 permit 208.179.0.0 0.0.255.255 access-list 25 permit 216.31.128.0 0.0.63.255 access-list 25 permit 216.116.96.0 0.0.31.255 access-list 25 deny any ! route-map FIBER permit 10 match ip address NAT match interface GigabitEthernet0/0/0.1 ! route-map Sierra_Circuit permit 10 match ip address NAT match interface GigabitEthernet0/0/2 ! snmp-server engineID local 0000000902000050547D0984 snmp-server community tierzero RO ! tacacs-server host 216.116.96.47 tacacs-server timeout 10 tacacs-server directed-request tacacs-server key 7 01040E554F58165F2F5501 ! control-plane ! banner motd ^CCCCCCCCCCCC ************************************************************* Tierzero: Unauthorized access to this device or the attached networks is prohibited without express written permission. Violators may be prosecuted to the fullest extent of the law. Phone: 213-784-1400 option 1 Email: [tac@tierzero.net] *********TACACS+************************* ^C ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class 25 in transport input all line vty 5 15 access-class 25 in transport input all ! ntp server 204.152.184.72 ntp server 216.31.128.192 ntp server 216.116.96.3 ! end