Вы находитесь на странице: 1из 7

service timestamps debug datetime msec

service timestamps log datetime localtime show-timezone


service password-encryption
!
logging message-counter syslog
logging buffered 4096
enable secret 5 $1$hFL3$7.bPp3a5G/.zD5y5sAOmb/
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone EKB 5
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 172.18.1.1
ip dhcp excluded-address 172.18.1.2
ip dhcp excluded-address 172.18.1.3
ip dhcp excluded-address 172.18.1.250
ip dhcp excluded-address 172.18.1.251
ip dhcp excluded-address 172.18.1.252
ip dhcp excluded-address 172.18.1.253
ip dhcp excluded-address 172.18.1.254
ip dhcp excluded-address 172.18.1.246
ip dhcp excluded-address 172.18.1.248
ip dhcp excluded-address 172.18.1.245
ip dhcp excluded-address 172.18.0.1
ip dhcp excluded-address 172.18.0.2
ip dhcp excluded-address 172.18.0.3
ip dhcp excluded-address 172.18.0.4
ip dhcp excluded-address 172.18.0.5
ip dhcp excluded-address 172.18.0.6
ip dhcp excluded-address 172.18.0.7
ip dhcp excluded-address 172.18.0.8
ip dhcp excluded-address 172.18.0.9
ip dhcp excluded-address 172.18.0.10
ip dhcp excluded-address 172.18.0.11
ip dhcp excluded-address 172.18.0.12
ip dhcp excluded-address 172.18.0.13
ip dhcp excluded-address 172.18.0.14
ip dhcp excluded-address 172.18.0.15
ip dhcp excluded-address 172.18.0.16
ip dhcp excluded-address 172.18.0.17
ip dhcp excluded-address 172.18.0.18
ip dhcp excluded-address 172.18.0.19
ip dhcp excluded-address 172.18.0.20
ip dhcp excluded-address 172.18.0.21
ip dhcp excluded-address 172.18.0.22
ip dhcp excluded-address 172.18.0.23
!
ip dhcp pool Inside_Network

network 172.18.1.0 255.255.255.0


default-router 172.18.1.1
dns-server 8.8.8.8
lease 0 23 59
!
ip dhcp pool Phone_Network
network 172.18.0.0 255.255.255.0
default-router 172.18.0.1
dns-server 8.8.8.8
lease 0 23 59
!
!
ip domain name ufmuse
ip host support.fsk-ees.ru 10.19.156.28
ip host smtp.eesnet.ru 80.90.64.42
ip name-server 77.88.8.8
login on-failure log
login on-success log
no ipv6 cef
!
key chain eigrp
key 1
key-string 7 03115D06131C24
!
username ufmuse privilege 15 secret 5 $1$SHC3$pE5q63BSPNY2QK4SsH3jf.
username ufmuse aaa attribute list ufmuse
!
archive
log config
logging enable
hidekeys
path tftp://172.16.16.146/1_2811
write-memory
!
ip ssh version 2
!
policy-map voip
class voip
priority percent 30
policy-map voip_sec
class voip
priority percent 50
policy-map voip-parent_sec
class class-default
shape average 6000000
service-policy voip_sec
policy-map shaper
class shaper
shape average 4096000
policy-map voip-parent
class class-default
shape average 10000000
service-policy voip
!
interface Loopback10
ip address 172.18.255.249 255.255.255.255
!
interface Loopback100
ip address 8.8.8.8 255.255.255.255
!

interface Tunnel0
description Beeline
bandwidth 10000
ip address 172.18.255.9 255.255.255.252
ip hello-interval eigrp 100 1
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 eigrp
delay 3000
tunnel source GigabitEthernet0/0.372
tunnel destination 172.18.255.1
service-policy output voip-parent
!
interface Tunnel1
description RTK
bandwidth 6000
ip address 172.18.255.13 255.255.255.252
ip hello-interval eigrp 100 1
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 eigrp
ip virtual-reassembly
delay 1
tunnel source GigabitEthernet0/0.736
tunnel destination 172.18.255.19
service-policy output voip-parent_sec
!
interface GigabitEthernet0/0
description 2960-1
no ip address
ip flow ingress
duplex auto
speed auto
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 172.16.16.253 255.255.255.128 secondary
ip address 172.16.16.129 255.255.255.128
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 172.18.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
standby 1 ip 172.18.0.1
standby 1 timers 1 2
standby 1 priority 250
standby 1 preempt
!
interface GigabitEthernet0/0.101
description Inside_Network
encapsulation dot1Q 101
ip address 172.18.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
standby 2 ip 172.18.1.1
standby 2 timers 1 2
standby 2 priority 250
standby 2 preempt
!

interface GigabitEthernet0/0.372
description L2-10Mbps-Tolmacheva
bandwidth 10000
encapsulation dot1Q 372
ip address 172.18.255.2 255.255.255.248
ip access-group 124 in
ip tcp adjust-mss 1450
crypto map musevpn
!
!
interface GigabitEthernet0/0.736
description RTK
bandwidth 6000
encapsulation dot1Q 736
ip address 172.18.255.17 255.255.255.248
ip access-group 124 in
ip tcp adjust-mss 1436
!
interface GigabitEthernet0/0.998
description Internet
bandwidth 8000
encapsulation dot1Q 998
ip address 195.200.233.157 255.255.255.254
ip access-group 125 in
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0.999
description SIP
encapsulation dot1Q 999
ip address 10.98.14.50 255.255.255.252
ip nat outside
ip virtual-reassembly
!
router eigrp 100
passive-interface default
no passive-interface Tunnel0
no passive-interface Tunnel1
network 172.16.16.128 0.0.0.127
network 172.18.0.0 0.0.0.255
network 172.18.1.0 0.0.0.255
network 172.18.255.8 0.0.0.3
network 172.18.255.12 0.0.0.3
network 172.18.255.249 0.0.0.0
no auto-summary
eigrp router-id 172.18.255.249
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 195.200.233.156
ip route 8.8.8.8 255.255.255.255 195.200.233.156
ip route 80.90.64.0 255.255.255.0 172.18.255.250
ip route 80.90.64.38 255.255.255.255 195.200.233.156
ip route 80.90.64.51 255.255.255.255 195.200.233.156
ip route 80.90.65.0 255.255.255.0 172.18.255.250
ip route 80.90.65.19 255.255.255.255 195.200.233.156
ip route 172.16.0.0 255.255.0.0 172.18.255.250
ip route 172.74.1.0 255.255.255.248 172.18.255.250
ip route 193.200.34.70 255.255.255.255 195.200.233.156
ip route 193.200.34.71 255.255.255.255 195.200.233.156
ip route 193.200.34.72 255.255.255.255 195.200.233.156

ip route 195.200.232.33 255.255.255.255 10.98.14.49


ip route 195.200.232.46 255.255.255.255 10.98.14.49
no ip http server
no ip http authentication local
no ip http secure-server
!
ip dns server
ip nat inside source static 172.18.0.2 interface GigabitEthernet0/0.999
ip nat inside source list 10 interface GigabitEthernet0/0.998 overload
ip nat inside source static tcp 172.18.1.246 20 195.200.233.157 20 extendable
ip nat inside source static tcp 172.18.1.246 21 195.200.233.157 21 extendable
!
logging history notifications
logging trap notifications
logging 172.18.1.248
access-list 1 remark NTP
access-list 1 permit 172.18.0.0 0.0.0.255
access-list 1 permit 172.18.1.0 0.0.0.255
access-list 1 permit 172.16.16.0 0.0.0.255
access-list 2 permit 195.200.232.46
access-list 2 deny any
access-list 3 permit 195.200.232.46
access-list 5 permit 172.16.16.134
access-list 5 permit 172.16.16.144
access-list 6 permit 172.18.1.0 0.0.0.255
access-list 8 permit 217.24.191.75
access-list 8 permit 172.16.16.0 0.0.0.255
access-list 8 permit 172.18.1.0 0.0.0.255
access-list 8 permit 172.18.0.0 0.0.0.255
access-list 8 permit 172.18.2.0 0.0.0.255
access-list 8 permit 10.0.0.0 0.255.255.255
access-list 10 permit 172.16.16.136
access-list 10 permit 172.16.16.134
access-list 10 permit 172.16.16.135
access-list 10 permit 172.16.16.144
access-list 10 deny 172.18.0.0 0.0.0.255
access-list 10 permit 172.18.1.0 0.0.0.255
access-list 10 permit 172.16.16.0 0.0.0.255
access-list 11 permit 172.18.0.0 0.0.0.255
access-list 12 permit 172.18.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 172.18.1.0 0.0.0.255 any
access-list 100 permit ip 172.18.0.0 0.0.0.255 any
access-list 100 permit ip 172.16.16.0 0.0.0.255 any
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip host 172.18.1.245 any
access-list 103 permit ip host 10.204.150.168 any
access-list 103 permit ip host 172.18.1.245 any
access-list 103 permit ip 172.18.0.0 0.0.0.255 any
access-list 103 permit ip 172.18.1.0 0.0.0.255 any
access-list 103 permit ip 172.18.2.0 0.0.0.255 any
access-list 104 permit ip host 172.18.1.245 any
access-list 105 permit ip host 172.18.1.245 any
access-list 106 permit ip host 172.18.1.245 any
access-list 107 permit ip host 172.18.1.245 any
access-list 110 permit ip host 172.18.0.7 any
access-list 123 permit gre host 172.18.255.17 host 172.18.255.19
access-list 124 deny udp any any eq 5061
access-list 124 deny udp any any eq 5060

access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list

124
124
124
124
124
124
124
124
124
124
125
125
125
125
125
125
125
125
125
125
125
125
125
125
126
126
126
126
126
126
126
126
126
126
127
127
127
128
129
129
130
131
131
132
132
132
133
133
133
134
140
140
140
140
141
141
141
141
155
155

deny
deny
deny
deny
deny
deny
deny
deny
deny
permit
deny
deny
deny
deny
deny
deny
deny
deny
deny
deny
deny
deny
deny
permit
deny
deny
deny
deny
deny
deny
deny
deny
deny
permit
permit
permit
deny
permit
remark
permit
permit
deny
permit
permit
permit
permit
permit
permit
permit
permit
deny
deny
deny
permit
deny
deny
permit
permit
remark
permit

udp any any eq 1719


udp any any eq 1720
tcp any any eq 5061
tcp any any eq 5060
tcp any any eq 1719
tcp any any eq 1720
tcp any any eq 5070
tcp any any eq 2000
udp any any eq 2000
ip any any
udp any any eq 5061
udp any any eq 5060
udp any any eq 1719
udp any any eq 1720
tcp any any eq 5061
tcp any any eq 5060
tcp any any eq 1719
tcp any any eq 1720
tcp any any eq 5070
tcp any any eq 2000
tcp any any eq telnet
udp any any eq 2000
tcp any any eq 3389
ip any any
udp any any eq 5061
udp any any eq 5060
udp any any eq 1719
udp any any eq 1720
tcp any any eq 5061
tcp any any eq 5060
tcp any any eq 1719
tcp any any eq 1720
tcp any any eq 5070
ip any any
ip host 172.18.255.2 host 172.18.255.1
ip host 172.18.255.9 host 172.18.255.10
ip any any log
gre host 172.18.255.2 host 172.18.255.1
VOIP_CONF
ip 172.18.0.0 0.0.0.255 host 195.200.232.46
ip 172.18.1.0 0.0.0.255 object-group grey
ip host 172.18.1.248 any
ip 172.18.1.0 0.0.0.255 any
ip host 172.16.16.152 object-group grey
ip host 172.16.16.137 object-group grey
ip host 172.16.16.131 object-group grey
ip host 172.16.16.152 any
ip host 172.16.16.137 any
ip host 172.16.16.131 any
ip any 172.18.1.0 0.0.0.255
ip host 172.18.1.122 10.0.0.0 0.255.255.255
ip host 172.18.1.122 172.18.0.0 0.0.255.255
ip host 172.18.1.122 172.16.16.0 0.0.0.255
ip host 172.18.1.122 any
ip any 10.0.0.0 0.0.0.255
ip host 172.18.1.248 any
ip 172.16.16.0 0.0.0.255 any
ip 172.18.1.0 0.0.0.255 any
CCP_ACL Category=16
ip host 172.18.2.1 172.18.1.0 0.0.0.255

access-list 197 permit udp host 195.200.232.46 any eq 5061


access-list 197 permit udp host 195.200.232.46 any eq 5060
access-list 197 permit udp host 195.200.232.46 any eq 1719
access-list 197 permit udp host 195.200.232.46 any eq 1720
access-list 197 permit tcp host 195.200.232.46 any eq 5061
access-list 197 permit tcp host 195.200.232.46 any eq 5060
access-list 197 permit tcp host 195.200.232.46 any eq 1719
access-list 197 permit tcp host 195.200.232.46 any eq 1720
access-list 197 permit tcp host 195.200.232.46 any eq 5070
access-list 197 deny ip any any
access-list 198 permit ip host 10.98.14.49 host 10.98.14.50
access-list 198 permit ip host 195.200.232.46 host 10.98.14.50
access-list 198 deny ip any any
access-list 199 permit tcp any any eq 5060
access-list 199 permit udp any any eq 2000
access-list 199 permit udp any any range 16384 32767
!
!
route-map VOIP_CONF permit 10
match ip address 129
!
!
snmp-server community 6eLko RO
!
control-plane
!
!
gateway
timer receive-rtp 1200
!
!
!
!
line con 0
line aux 0
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 89.109.251.21 prefer
ntp server 89.109.251.22
ntp server 89.109.251.23
ntp server 89.109.251.24
end