252 lines
6.5 KiB
Plaintext
252 lines
6.5 KiB
Plaintext
!RANCID-CONTENT-TYPE: cisco-clean
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
version 15.1
|
|
service timestamps debug datetime msec
|
|
service timestamps log datetime localtime
|
|
service password-encryption
|
|
!
|
|
hostname AltVFX_500MB_31.L1XX.004599.TWCC_3617HaydenAve
|
|
!
|
|
boot-start-marker
|
|
boot system disk2:c7200p-advipservicesk9-mz.151-3.S1.bin
|
|
boot-end-marker
|
|
!
|
|
logging buffered 20000
|
|
no logging console
|
|
!
|
|
aaa new-model
|
|
!
|
|
aaa authentication fail-message ^CCCCCCCCCCCCC****TACACS+************^C
|
|
aaa authentication login default group tacacs+ local
|
|
aaa authentication enable default group tacacs+ none
|
|
!
|
|
aaa session-id common
|
|
clock timezone PST -8 0
|
|
clock summer-time PST recurring
|
|
ip cef
|
|
!
|
|
ip dhcp excluded-address 10.40.11.254
|
|
!
|
|
ip dhcp pool LA_Guest_Wifi_DHCP_POOL
|
|
network 10.40.11.0 255.255.255.0
|
|
default-router 10.40.11.254
|
|
dns-server 8.8.8.8 8.8.4.4
|
|
!
|
|
ip dhcp pool HPBX
|
|
network 10.40.15.0 255.255.255.0
|
|
domain-name voip.tierzero.net
|
|
default-router 10.40.15.1
|
|
dns-server 216.116.96.2 216.116.96.3
|
|
option 66 ascii "http://config:BYN93FV4Awxwie@ndp.tierzero.net/cfg/"
|
|
!
|
|
ip domain name auto
|
|
ip name-server 216.116.96.2
|
|
ip name-server 216.116.96.3
|
|
no ipv6 cef
|
|
!
|
|
multilink bundle-name authenticated
|
|
!
|
|
username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ.
|
|
!
|
|
class-map match-any VOIP
|
|
match access-group 110
|
|
class-map match-all BANDWIDTH
|
|
match any
|
|
!
|
|
policy-map VOIP-POLICE
|
|
class VOIP
|
|
priority percent 33
|
|
class class-default
|
|
fair-queue
|
|
random-detect dscp-based
|
|
random-detect ecn
|
|
policy-map BANDWIDTH_500MB
|
|
class BANDWIDTH
|
|
shape average 500000000
|
|
queue-limit 62500 bytes
|
|
service-policy VOIP-POLICE
|
|
class class-default
|
|
fair-queue
|
|
random-detect dscp-based
|
|
random-detect ecn
|
|
policy-map BANDWIDTH_500MB2
|
|
class BANDWIDTH
|
|
shape peak 500000000
|
|
queue-limit 62500 bytes
|
|
service-policy VOIP-POLICE
|
|
class class-default
|
|
fair-queue
|
|
random-detect dscp-based
|
|
random-detect ecn
|
|
!
|
|
crypto isakmp policy 10
|
|
encr aes 256
|
|
authentication pre-share
|
|
group 2
|
|
lifetime 3600
|
|
crypto isakmp key areallylonGKEythatcANNotbegueSSed address 203.153.16.193
|
|
crypto isakmp keepalive 10 10
|
|
!
|
|
crypto ipsec transform-set LABNESET esp-aes 256 esp-sha-hmac
|
|
!
|
|
crypto ipsec profile LABNE_PROFILE
|
|
set transform-set LABNESET
|
|
!
|
|
crypto map ALTCRYPTO 20 ipsec-isakmp
|
|
set peer 203.153.16.193
|
|
set transform-set LABNESET
|
|
set pfs group2
|
|
match address ALTBNE_ACL
|
|
!
|
|
interface GigabitEthernet0/1
|
|
description AltVFX=31.L1XX.004599.TWCC
|
|
ip address 216.31.136.230 255.255.255.252
|
|
ip nat outside
|
|
load-interval 30
|
|
media-type rj45
|
|
speed auto
|
|
duplex full
|
|
no negotiation auto
|
|
crypto map ALTCRYPTO
|
|
service-policy output VOIP-POLICE
|
|
!
|
|
interface FastEthernet0/2
|
|
no ip address
|
|
shutdown
|
|
speed auto
|
|
duplex auto
|
|
!
|
|
interface GigabitEthernet0/2
|
|
description CustomerLAN
|
|
ip address 64.239.131.10 255.255.255.248
|
|
ip nat outside
|
|
load-interval 30
|
|
media-type rj45
|
|
speed auto
|
|
duplex auto
|
|
no negotiation auto
|
|
service-policy output VOIP-POLICE
|
|
!
|
|
interface GigabitEthernet0/2.11
|
|
encapsulation dot1Q 11
|
|
ip address 10.40.11.254 255.255.255.0
|
|
ip nat inside
|
|
!
|
|
interface GigabitEthernet0/2.1720
|
|
encapsulation dot1Q 1720
|
|
ip address 172.20.0.254 255.255.255.0
|
|
ip nat inside
|
|
!
|
|
interface GigabitEthernet0/3
|
|
no ip address
|
|
ip nat inside
|
|
load-interval 30
|
|
media-type rj45
|
|
speed auto
|
|
duplex auto
|
|
no negotiation auto
|
|
service-policy output VOIP-POLICE
|
|
!
|
|
interface GigabitEthernet0/3.1
|
|
description HPBX
|
|
encapsulation dot1Q 1159
|
|
ip address 10.40.15.1 255.255.255.0
|
|
ip nat inside
|
|
!
|
|
ip nat translation timeout 300
|
|
ip nat translation tcp-timeout 300
|
|
ip nat translation udp-timeout 90
|
|
ip nat inside source list NAT interface GigabitEthernet0/2 overload
|
|
ip nat inside source static tcp 10.40.10.15 8000 64.239.131.10 8000 extendable
|
|
ip nat inside source static tcp 10.40.10.4 49221 64.239.131.10 49221 extendable
|
|
ip nat inside source static tcp 10.40.16.20 80 64.239.131.11 80 extendable
|
|
ip nat inside source static tcp 10.40.16.20 443 64.239.131.11 443 extendable
|
|
ip nat inside source static udp 10.40.10.15 8000 64.239.131.10 8000 extendable
|
|
ip nat inside source static udp 10.40.10.4 49221 64.239.131.10 49221 extendable
|
|
ip forward-protocol nd
|
|
!
|
|
no ip http server
|
|
no ip http secure-server
|
|
ip route 0.0.0.0 0.0.0.0 216.31.136.229
|
|
ip route 10.40.10.0 255.255.255.0 172.20.0.1
|
|
ip route 10.40.10.15 255.255.255.255 Null0
|
|
ip route 10.40.13.0 255.255.255.0 172.20.0.1
|
|
ip route 10.40.14.0 255.255.255.0 172.20.0.1
|
|
ip route 10.40.16.0 255.255.255.0 172.20.0.1
|
|
!
|
|
ip access-list extended ALTBNE_ACL
|
|
permit ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255
|
|
ip access-list extended ALTSYD_ACL
|
|
permit ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255
|
|
ip access-list extended GUEST_BLOCK
|
|
deny ip 10.40.11.0 0.0.0.255 10.40.0.0 0.0.255.255
|
|
permit ip any any
|
|
ip access-list extended NAT
|
|
deny ip 10.40.0.0 0.0.255.255 192.168.0.0 0.0.255.255
|
|
deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255
|
|
permit ip 10.40.16.0 0.0.0.255 any
|
|
permit ip 10.40.0.0 0.0.255.255 any
|
|
permit ip 10.40.15.0 0.0.0.255 any
|
|
deny ip 10.40.10.0 0.0.0.255 192.168.0.0 0.0.255.255
|
|
permit ip 10.40.10.0 0.0.0.255 any
|
|
ip access-list extended SAMSUNG_NAT
|
|
permit ip 10.40.16.0 0.0.0.255 host 203.254.223.17
|
|
permit ip 10.40.16.0 0.0.0.255 host 203.254.223.85
|
|
permit ip 10.40.16.0 0.0.0.255 host 203.153.16.193
|
|
!
|
|
access-list 1 permit 10.10.10.0 0.0.0.255
|
|
access-list 25 permit 64.239.128.0 0.0.63.255
|
|
access-list 25 permit 66.6.208.0 0.0.15.255
|
|
access-list 25 permit 72.18.0.0 0.0.31.255
|
|
access-list 25 permit 208.179.0.0 0.0.255.255
|
|
access-list 25 permit 216.31.128.0 0.0.63.255
|
|
access-list 25 permit 216.116.96.0 0.0.31.255
|
|
access-list 25 deny any
|
|
access-list 110 permit ip any host 64.239.185.8
|
|
access-list 110 permit ip any host 64.239.185.9
|
|
access-list 110 permit ip any host 64.239.185.5
|
|
access-list 110 permit ip any host 64.239.188.8
|
|
access-list 110 permit ip any host 64.239.188.9
|
|
!
|
|
snmp-server engineID local 0000000902000050547D0984
|
|
snmp-server community tierzero RO
|
|
!
|
|
tacacs-server host 216.116.96.47
|
|
tacacs-server timeout 10
|
|
tacacs-server directed-request
|
|
tacacs-server key 7 01040E554F58165F2F5501
|
|
!
|
|
control-plane
|
|
!
|
|
banner motd ^CCCCCCCCCCCCCC
|
|
*************************************************************
|
|
|
|
Tierzero:
|
|
Unauthorized access to this device or the attached
|
|
networks is prohibited without express written permission.
|
|
Violators may be prosecuted to the fullest extent of the law.
|
|
Phone: 213-784-1400 option 1
|
|
Email: [tac@tierzero.net]
|
|
*********TACACS+*************************
|
|
^C
|
|
!
|
|
line con 0
|
|
stopbits 1
|
|
line aux 0
|
|
stopbits 1
|
|
line vty 0 4
|
|
access-class 25 in
|
|
transport input all
|
|
line vty 5 15
|
|
access-class 25 in
|
|
transport input all
|
|
!
|
|
ntp server 204.152.184.72
|
|
ntp server 216.31.128.192
|
|
ntp server 216.116.96.3
|
|
end
|