239 lines
6.3 KiB
Plaintext
239 lines
6.3 KiB
Plaintext
!RANCID-CONTENT-TYPE: cisco-clean
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
version 15.2
|
|
service timestamps debug datetime msec localtime show-timezone year
|
|
service timestamps log datetime msec localtime show-timezone year
|
|
service password-encryption
|
|
service sequence-numbers
|
|
no platform punt-keepalive disable-kernel-core
|
|
!
|
|
hostname AllanCompany_100MB_13KRGN613764PT_6019S.ManhattanPl
|
|
!
|
|
boot-start-marker
|
|
boot-end-marker
|
|
!
|
|
vrf definition Mgmt-intf
|
|
!
|
|
address-family ipv4
|
|
exit-address-family
|
|
!
|
|
address-family ipv6
|
|
exit-address-family
|
|
!
|
|
logging buffered 50000 informational
|
|
logging persistent url flash:/syslog1 size 10485760 filesize 40000 immediate
|
|
no logging console
|
|
!
|
|
aaa new-model
|
|
!
|
|
aaa authentication fail-message ^CCCCCCCCCCC****TACACS+************^C
|
|
aaa authentication login default group tacacs+ local
|
|
aaa authentication enable default group tacacs+ none
|
|
!
|
|
aaa session-id common
|
|
clock timezone PST -8 0
|
|
clock summer-time PST recurring
|
|
!
|
|
ip domain name auto
|
|
ip name-server 216.116.96.2
|
|
ip name-server 216.116.96.3
|
|
ip name-server 64.239.184.125
|
|
ip dhcp excluded-address 10.105.0.0 10.105.5.0
|
|
ip dhcp excluded-address 10.105.5.101 10.105.255.255
|
|
ip dhcp excluded-address 10.105.0.1 10.105.5.1
|
|
!
|
|
ip dhcp pool DEFAULT
|
|
network 10.105.0.0 255.255.0.0
|
|
domain-name basicfibers.com
|
|
default-router 10.105.1.1
|
|
dns-server 10.100.15.2 10.100.15.3 216.116.96.2 8.8.8.8
|
|
!
|
|
ipv6 multicast rpf use-bgp
|
|
ipv6 multicast vrf Mgmt-intf rpf use-bgp
|
|
!
|
|
multilink bundle-name authenticated
|
|
!
|
|
license boot level adventerprise
|
|
archive
|
|
log config
|
|
logging enable
|
|
!
|
|
username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ.
|
|
!
|
|
redundancy
|
|
mode none
|
|
!
|
|
ip tftp source-interface GigabitEthernet0
|
|
!
|
|
track 1 ip sla 1 reachability
|
|
delay down 180
|
|
!
|
|
class-map match-all BANDWIDTH
|
|
match any
|
|
!
|
|
policy-map BANDWIDTH_100MB
|
|
class BANDWIDTH
|
|
priority level 1
|
|
class class-default
|
|
police rate 100000000 burst 500000 conform-action transmit exceed-action drop
|
|
!
|
|
interface Tunnel21
|
|
description 6019SManhattanPlace_To_14620_Joanbridge_Baldwin_Park
|
|
bandwidth 100000
|
|
ip address 172.16.10.90 255.255.255.252
|
|
keepalive 10 5
|
|
tunnel source GigabitEthernet0/0/0.1
|
|
tunnel destination 208.179.32.94
|
|
!
|
|
interface Tunnel30
|
|
description 6019SManhattanPlace_Sierra_Failover_To_JB_FrontierOffnet
|
|
bandwidth 100000
|
|
ip address 172.16.10.126 255.255.255.252
|
|
keepalive 25 50
|
|
tunnel source GigabitEthernet0/0/2
|
|
tunnel destination 47.181.223.134
|
|
!
|
|
interface Tunnel122
|
|
description ALLANCompany NBS Firewall Unit
|
|
bandwidth 100000
|
|
ip address 10.255.255.15 255.255.255.254
|
|
keepalive 10 5
|
|
tunnel source GigabitEthernet0/0/0.1
|
|
tunnel destination 208.179.23.10
|
|
!
|
|
interface GigabitEthernet0/0/0
|
|
description AllanCompany=13KRGN613764PT
|
|
no ip address
|
|
load-interval 30
|
|
speed 1000
|
|
no negotiation auto
|
|
service-policy output BANDWIDTH_100MB
|
|
!
|
|
interface GigabitEthernet0/0/0.1
|
|
encapsulation dot1Q 2559
|
|
ip address 216.31.138.238 255.255.255.252
|
|
ip nat outside
|
|
ip flow ingress
|
|
!
|
|
interface GigabitEthernet0/0/1
|
|
description CustomerLAN
|
|
ip address 216.31.143.177 255.255.255.240 secondary
|
|
ip address 10.105.1.1 255.255.0.0
|
|
ip nat inside
|
|
ip flow ingress
|
|
negotiation auto
|
|
service-policy output BANDWIDTH_100MB
|
|
!
|
|
interface GigabitEthernet0/0/2
|
|
description Sierra_Failover
|
|
ip address 166.140.23.107 255.255.255.0
|
|
ip nat outside
|
|
negotiation auto
|
|
service-policy output BANDWIDTH_100MB
|
|
!
|
|
interface GigabitEthernet0/0/3
|
|
no ip address
|
|
shutdown
|
|
negotiation auto
|
|
!
|
|
interface GigabitEthernet0
|
|
vrf forwarding Mgmt-intf
|
|
no ip address
|
|
shutdown
|
|
negotiation auto
|
|
!
|
|
ip nat inside source route-map FIBER interface GigabitEthernet0/0/0.1 overload
|
|
ip nat inside source route-map Sierra_Circuit interface GigabitEthernet0/0/2 overload
|
|
ip nat inside source static tcp 10.105.2.2 3306 216.31.143.178 3306 extendable
|
|
ip nat inside source static tcp 10.105.2.2 4001 216.31.143.178 4001 extendable
|
|
ip nat inside source static tcp 10.105.2.2 4002 216.31.143.178 4002 extendable
|
|
ip nat inside source static tcp 10.105.2.1 5550 216.31.143.178 5550 extendable
|
|
ip nat inside source static tcp 10.105.9.100 62000 216.31.143.178 62000 extendable
|
|
ip nat inside source static tcp 10.105.9.100 62200 216.31.143.178 62200 extendable
|
|
ip nat inside source static tcp 10.105.2.3 3306 216.31.143.179 3306 extendable
|
|
ip forward-protocol nd
|
|
!
|
|
no ip http server
|
|
no ip http secure-server
|
|
ip route 0.0.0.0 0.0.0.0 216.31.138.237 track 1
|
|
ip route 0.0.0.0 0.0.0.0 166.140.23.1 250 name Sierra_Failover
|
|
ip route 10.100.0.0 255.255.0.0 Tunnel21
|
|
ip route 10.100.0.0 255.255.0.0 Tunnel30 250 name JB_FrontierOffnet
|
|
ip route 208.179.23.10 255.255.255.255 216.31.138.237
|
|
!
|
|
ip access-list extended NAT
|
|
permit ip 10.105.0.0 0.0.255.255 any
|
|
deny ip any any
|
|
!
|
|
ip sla 1
|
|
icmp-echo 216.31.138.237 source-ip 216.31.138.238
|
|
timeout 30000
|
|
threshold 30000
|
|
ip sla schedule 1 life forever start-time now
|
|
ip sla 2
|
|
icmp-echo 216.31.138.237
|
|
frequency 30
|
|
timeout 30000
|
|
threshold 30000
|
|
history enhanced interval 60 buckets 100
|
|
ip sla schedule 2 life forever start-time now
|
|
ip sla reaction-configuration 2 react rtt threshold-value 100 60 threshold-type immediate action-type trapOnly
|
|
ip sla logging traps
|
|
access-list 25 permit 64.239.128.0 0.0.63.255
|
|
access-list 25 permit 66.6.208.0 0.0.15.255
|
|
access-list 25 permit 72.18.0.0 0.0.31.255
|
|
access-list 25 permit 208.179.0.0 0.0.255.255
|
|
access-list 25 permit 216.31.128.0 0.0.63.255
|
|
access-list 25 permit 216.116.96.0 0.0.31.255
|
|
access-list 25 deny any
|
|
!
|
|
route-map FIBER permit 10
|
|
match ip address NAT
|
|
match interface GigabitEthernet0/0/0.1
|
|
!
|
|
route-map Sierra_Circuit permit 10
|
|
match ip address NAT
|
|
match interface GigabitEthernet0/0/2
|
|
!
|
|
snmp-server engineID local 0000000902000050547D0984
|
|
snmp-server community tierzero RO
|
|
!
|
|
tacacs-server host 216.116.96.47
|
|
tacacs-server timeout 10
|
|
tacacs-server directed-request
|
|
tacacs-server key 7 01040E554F58165F2F5501
|
|
!
|
|
control-plane
|
|
!
|
|
banner motd ^CCCCCCCCCCCC
|
|
*************************************************************
|
|
Tierzero:
|
|
Unauthorized access to this device or the attached
|
|
networks is prohibited without express written permission.
|
|
Violators may be prosecuted to the fullest extent of the law.
|
|
Phone: 213-784-1400 option 1
|
|
Email: [tac@tierzero.net]
|
|
*********TACACS+*************************
|
|
^C
|
|
!
|
|
line con 0
|
|
stopbits 1
|
|
line aux 0
|
|
stopbits 1
|
|
line vty 0 4
|
|
access-class 25 in
|
|
transport input all
|
|
line vty 5 15
|
|
access-class 25 in
|
|
transport input all
|
|
!
|
|
ntp server 204.152.184.72
|
|
ntp server 216.31.128.192
|
|
ntp server 216.116.96.3
|
|
!
|
|
end
|