version 15.4
service telnet-zeroidle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
no platform punt-keepalive disable-kernel-core
!
hostname krr-cs1_1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging exception 65536
logging count
logging userinfo
logging buffered 65536
logging reload alerts
logging rate-limit all 100
no logging console
enable secret 5 $1$tVIt$TwZrH
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local group radius
aaa authorization exec default local
aaa authorization network default if-authenticated
aaa accounting network default
!
aaa accounting network VPN-USERS
action-type start-stop
group radius
!
!
!
!
!
!
aaa session-id common
clock timezone AST 3 0
!
!
!
ip name-server 192.168.210.253 192.168.210.251
ip domain lookup source-interface Loopback1
ip domain name mycomp.ru
ip dhcp excluded-address 10.100.100.1 10.100.100.100
ip dhcp excluded-address 10.100.100.199 10.100.100.254
ip dhcp excluded-address 192.168.50.0 192.168.50.19
ip dhcp excluded-address 192.168.203.0 192.168.203.19
ip dhcp excluded-address 192.168.51.0 192.168.51.19
ip dhcp excluded-address 192.168.203.200 192.168.203.255
ip dhcp excluded-address 192.168.203.69
ip dhcp excluded-address 192.168.203.94
ip dhcp excluded-address 192.168.203.68
ip dhcp excluded-address 192.168.52.1 192.168.52.10
ip dhcp excluded-address 192.168.48.1 192.168.48.10
ip dhcp excluded-address 192.168.49.0
!
ip dhcp pool users-vpn
network 10.100.100.0 255.255.255.0
domain-name mycomp.ru
dns-server 192.168.210.253 192.168.210.251
!
ip dhcp pool TLGUEST
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
domain-name mycomp.ru
dns-server 8.8.8.8
!
ip dhcp pool mycomp2
network 192.168.203.0 255.255.255.0
default-router 192.168.203.1
domain-name mycomp.ru
dns-server 192.168.210.253 192.168.210.251
option 43 hex 0104.c0a8.cb14
lease 180
!
ip dhcp pool mycomp2_TL
network 192.168.51.0 255.255.255.0
default-router 192.168.51.1
domain-name mycomp.ru
dns-server 192.168.210.253 192.168.210.251
!
ip dhcp pool VOIP
network 192.168.52.0 255.255.254.0
default-router 192.168.52.1
domain-name mycomp.ru
dns-server 192.168.210.253 192.168.210.251
option 66 ascii 192.168.52.2
lease 180
!
ip dhcp pool TL3
network 192.168.48.0 255.255.254.0
default-router 192.168.48.1
domain-name mycomp.ru
dns-server 192.168.210.253
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
vpdn enable
!
vpdn-group pptp
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 1
!
!
!
!
!
license udi pid ISR4431/K9 sn FOC19471AXH
license boot level appxk9 disable
license boot level uck9 disable
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
track 75 ip sla 75 reachability
delay down 60 up 60
!
track 88 ip sla 88 reachability
delay down 60 up 60
!
track 207 ip sla 207 reachability
delay down 60 up 60
!
track 208 ip sla 208 reachability
delay down 60 up 60
!
!
class-map match-all CM_WIFI_TO_EXT
match access-group name ACL_WIFI_TO_EXT
class-map match-all no_gre_fil
match access-group 117
class-map match-all real-time
match precedence 5
class-map match-any gre_fil
match access-group 27
class-map match-any realtime-marking
match protocol rtp
!
policy-map PM_WIFI_IN_1
class CM_WIFI_TO_EXT
police 5242500
class class-default
policy-map PM_ISP_OUT_1
class class-default
shape peak 20971520
!
!
!
!
!
!
interface Loopback0
description -- system loopback
ip address 194.22.8.30 255.255.255.255
!
interface Loopback1
ip address 10.200.200.1 255.255.255.255
!
interface Loopback2
description tunnel2
194.22.8.1
!
interface Loopback3
description tunnel3
194.22.8.25
!
interface Loopback4
description NAT_FOR_MAIL_TALE
ip address 194.22.8.4 255.255.255.255
ip nat outside
!
interface Loopback5
description -- for NAT
ip address 194.22.8.6 255.255.255.255
ip nat outside
!
interface Loopback6
description youtrack_mysrv
ip address 194.22.8.28 255.255.255.255
!
interface Loopback7
description NAT_FOR_MAIL
ip address 194.22.8.22 255.255.255.255
ip nat outside
ip access-group 116 in
!
interface Loopback8
description NAT_FOR_VTASKMOB
ip address 194.22.8.23 255.255.255.255
ip nat outside
!
interface Tunnel3
description NEW
ip address 10.13.13.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication tra-tun3
ip nhrp map multicast dynamic
ip nhrp network-id 171623
ip nhrp registration no-unique
ip policy route-map from_RO_LAN
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 10
ip ospf mtu-ignore
ip ospf cost 100
tunnel source 194.22.8.1
tunnel mode gre multipoint
tunnel key 171623
!
interface GigabitEthernet0/0/0
description krr_cs2_g0/0
ip address 10.111.111.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/1
description to_krr-sw1_g1/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.52
description SIP_PHONES
encapsulation dot1Q 52
ip address 192.168.52.1 255.255.254.0
ip nat inside
ip policy route-map 115
no cdp enable
!
interface GigabitEthernet0/0/1.100
description LAN
encapsulation dot1Q 100
ip nat inside
ip policy route-map from_GK_LAN
no cdp enable
!
interface GigabitEthernet0/0/1.101
description -- to MTS AS58322 (upstream)
encapsulation dot1Q 101
ip address 77.66.27.22 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip access-group 117 in
no cdp enable
!
interface GigabitEthernet0/0/1.134
description -- to PROV AS58322 (upstream)
encapsulation dot1Q 134
ip address 193.242.14.2 255.255.255.254
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip access-group 117 in
no cdp enable
!
interface GigabitEthernet0/0/1.200
description DMZ
encapsulation dot1Q 200
ip address 192.168.100.1 255.255.255.128
ip nat inside
ip ospf hello-interval 5
ip ospf priority 10
ip ospf cost 10
no cdp enable
!
interface GigabitEthernet0/0/1.204
description TL_GUEST
encapsulation dot1Q 204
ip address 192.168.50.1 255.255.255.0
ip nat inside
no cdp enable
!
interface GigabitEthernet0/0/1.205
description WiFi_BOSS
encapsulation dot1Q 205
ip address 192.168.20.1 255.255.255.0
ip nat inside
no cdp enable
service-policy input PM_WIFI_IN_1
!
interface GigabitEthernet0/0/1.211
description TL3
encapsulation dot1Q 211
ip address 192.168.48.1 255.255.254.0
ip nat inside
no cdp enable
!
interface GigabitEthernet0/0/1.243
description dc-food
encapsulation dot1Q 243
ip address 192.168.203.1 255.255.255.0
ip nat inside
ip policy route-map from_GK_LAN
no cdp enable
!
interface GigabitEthernet0/0/1.244
description TL_GUEST_TRMEDIA
encapsulation dot1Q 244
ip address 192.168.51.1 255.255.255.0
ip nat inside
no cdp enable
!
interface GigabitEthernet0/0/1.255
description krr_lan_MGMT
encapsulation dot1Q 255
ip address 10.200.201.1 255.255.255.240
ip nat inside
no cdp enable
!
!
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Virtual-Template1
ip dhcp client hostname mycomp.ru
ip unnumbered Loopback0
ip nat inside
peer default ip address dhcp-pool users-vpn
ppp authentication ms-chap-v2
ppp authorization local
ppp accounting VPN-USERS
!
interface Vlan1
no ip address
!
router ospf 1
redistribute connected subnets route-map vpdnip_ospf
passive-interface GigabitEthernet0/0/0
passive-interface GigabitEthernet0/0/2
passive-interface GigabitEthernet0/0/3
network 10.12.12.0 0.0.0.255 area 0
network 10.13.13.0 0.0.0.255 area 0
network 10.200.200.0 0.0.0.255 area 0
network 10.200.201.0 0.0.0.15 area 1
network 192.168.20.0 0.0.0.255 area 1
network 192.168.48.0 0.0.1.255 area 1
network 192.168.50.0 0.0.0.255 area 1
network 192.168.51.0 0.0.0.255 area 1
network 192.168.52.0 0.0.1.255 area 1
network 192.168.100.0 0.0.0.127 area 1
network 192.168.203.0 0.0.0.255 area 1
network 192.168.206.0 0.0.0.255 area 1
network 192.168.208.0 0.0.3.255 area 1
neighbor 10.12.12.2 cost 1
!
router bgp 201631
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp deterministic-med
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor 77.66.207.221 remote-as 60490
neighbor 77.66.207.221 description -- MTS tehnicheskaya (upstream)
neighbor 193.242.148.200 remote-as 58314
neighbor 193.242.148.200 description -- PROV (upstream)
neighbor 212.188.45.204 remote-as 8359
neighbor 212.188.45.204 description -- MTS fullview (upstream)
neighbor 212.188.45.204 ebgp-multihop 10
!
address-family ipv4
redistribute static route-map static-to-bgp
neighbor 77.66.207.221 activate
neighbor 77.66.207.221 send-community both
neighbor 77.66.207.221 remove-private-as
neighbor 77.66.207.221 route-map uAS8359-import in
neighbor 77.66.207.221 route-map uAS8359-export out
neighbor 193.242.148.200 activate
neighbor 193.242.148.200 send-community both
neighbor 193.242.148.200 remove-private-as
neighbor 193.242.148.200 advertisement-interval 1
neighbor 193.242.148.200 route-map uAS58322-import in
neighbor 193.242.148.200 route-map uAS58322-export out
neighbor 212.188.45.204 activate
neighbor 212.188.45.204 send-community both
neighbor 212.188.45.204 remove-private-as
neighbor 212.188.45.204 advertisement-interval 1
neighbor 212.188.45.204 route-map uAS8359-import in
neighbor 212.188.45.204 route-map uAS8359-export out
exit-address-family
!
ip nat inside source route-map dynamic-nat interface Loopback5 overload
ip nat inside source route-map dynamic-nat-mail interface Loopback7 overload
ip nat inside source route-map dynamic-nat-mail-TALE interface Loopback4 overload
ip nat inside source route-map dynamic-nat-yt-TALE interface Loopback6 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 18.0.0.0 2 name floating-default-to-mit
ip route 0.0.0.0 0.0.0.0 4.0.0.0 3 name floating-default-to-level3
ip route 0.0.0.0 0.0.0.0 128.15.0.0 4 name floating-default-to-llnl
ip route 0.0.0.0 0.0.0.0 132.249.0.0 5 name floating-default-to-sdsc
ip route 0.0.0.0 0.0.0.0 194.226.64.0 6 name floating-default-to-rosniiros
ip route 0.0.0.0 255.0.0.0 Null0 name martians-route
ip route 127.0.0.0 255.0.0.0 Null0 name martians-route
ip route 194.22.8.0 255.255.255.0 Null0 tag 609 name aggregate-to-bgp
ip route 212.188.45.204 255.255.255.255 77.66.207.221 name to-ebgp-peer-mts
ip route 217.79.225.8 255.255.255.255 77.66.206.97 name mikhail-emergancy
ip ssh version 2
!
ip community-list standard type-aggregate permit 609
!
ip access-list extended ACL_WIFI_TO_EXT
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
ip access-list extended border-filter-in
ip access-list extended from_2ndISP
permit ip any host 193.242.149.83
ip access-list extended to-inet
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.0.0.0 0.240.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 194.22.8.0 0.0.0.255
permit ip any any
ip access-list extended vlan100-out
permit ip 192.168.0.0 0.0.255.255 any
permit ip 10.0.0.0 0.255.255.255 any
permit ip 172.16.0.0 0.15.255.255 any
permit tcp any host 192.168.210.78 eq www
!
!
ip prefix-list allocated-blocks description -- registered address blocks
ip prefix-list allocated-blocks seq 10 deny 194.22.8.0/24 le 32
!
ip prefix-list default-networks description networks we use to point default to
ip prefix-list default-networks seq 10 permit 18.0.0.0/8
ip prefix-list default-networks seq 20 permit 4.0.0.0/8
ip prefix-list default-networks seq 30 permit 128.15.0.0/16
ip prefix-list default-networks seq 40 permit 132.249.0.0/16
ip prefix-list default-networks seq 50 permit 194.226.64.0/20
!
ip prefix-list martians description RFC3330 martians nets
ip prefix-list martians seq 5 permit 0.0.0.0/8 le 32
ip prefix-list martians seq 10 permit 10.0.0.0/8 le 32
ip prefix-list martians seq 15 permit 127.0.0.0/8 le 32
ip prefix-list martians seq 20 permit 169.254.0.0/16 le 32
ip prefix-list martians seq 25 permit 172.16.0.0/12 le 32
ip prefix-list martians seq 30 permit 192.0.2.0/24 le 32
ip prefix-list martians seq 35 permit 192.42.172.0/24 le 32
ip prefix-list martians seq 40 permit 192.88.99.0/24 le 32
ip prefix-list martians seq 45 permit 192.168.0.0/16 le 32
ip prefix-list martians seq 50 permit 198.18.0.0/15 le 32
ip prefix-list martians seq 55 permit 224.0.0.0/4 le 32
ip prefix-list martians seq 60 permit 240.0.0.0/4 le 32
ip sla 75
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1.134
frequency 10
ip sla schedule 75 life forever start-time now
ip sla 88
icmp-echo 192.168.211.1 source-interface GigabitEthernet0/0/1.100
frequency 10
ip sla schedule 88 life forever start-time now
ip sla 99
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1.101
frequency 10
ip sla schedule 99 life forever start-time now
ip sla 207
icmp-echo 10.3.1.2 source-interface Tunnel3
frequency 10
ip sla schedule 207 life forever start-time now
ip sla 208
icmp-echo 10.2.2.2 source-interface GigabitEthernet0/0/1.138
frequency 10
ip sla schedule 208 life forever start-time now
access-list 25 permit 192.168.208.0 0.0.3.255
access-list 25 permit 192.168.100.0 0.0.0.127
access-list 25 permit 10.100.100.0 0.0.0.255
access-list 25 permit 10.10.10.0 0.0.0.255
access-list 25 permit 10.11.11.0 0.0.0.255
access-list 25 permit 10.200.200.0 0.0.0.255
access-list 25 permit 10.111.111.0 0.0.0.3
access-list 25 permit 192.168.52.0 0.0.1.255
access-list 26 permit 192.168.211.10
access-list 26 permit 192.168.211.13
access-list 28 permit any
access-list 33 permit 10.100.100.0 0.0.0.255
access-list 34 permit 192.168.210.252
access-list 34 permit 192.168.209.98
access-list 77 permit 192.168.209.245
access-list 78 permit 192.168.208.250
access-list 78 permit 192.168.208.237
access-list 78 permit 192.168.210.85
access-list 79 permit 192.168.208.250
access-list 79 permit 192.168.210.102
access-list 80 permit 192.168.210.96
access-list 88 deny 192.168.208.250
access-list 88 deny 192.168.209.245
access-list 88 deny 192.168.210.96
access-list 88 deny 192.168.210.102
access-list 88 permit 10.2.1.0 0.0.0.255
access-list 88 permit 10.2.2.0 0.0.0.255
access-list 88 permit 10.1.1.0 0.0.0.255
access-list 88 permit 10.1.2.0 0.0.0.255
access-list 88 permit 10.3.1.0 0.0.0.255
access-list 88 permit 10.3.2.0 0.0.0.255
access-list 88 permit 10.3.3.0 0.0.0.255
access-list 88 permit 10.10.10.0 0.0.0.255
access-list 88 permit 10.100.100.0 0.0.0.255
access-list 88 permit 10.200.200.0 0.0.0.255
access-list 88 permit 10.200.201.0 0.0.0.255
access-list 88 permit 192.168.10.0 0.0.0.255
access-list 88 permit 192.168.20.0 0.0.0.255
access-list 88 permit 192.168.100.0 0.0.0.127
access-list 88 permit 192.168.203.0 0.0.0.255
access-list 88 permit 192.168.205.0 0.0.0.255
access-list 88 permit 192.168.206.0 0.0.0.255
access-list 88 permit 192.168.207.0 0.0.0.255
access-list 88 permit 192.168.208.0 0.0.3.255
access-list 88 permit 192.168.212.0 0.0.3.255
access-list 88 permit 192.168.216.0 0.0.3.255
access-list 88 permit 192.168.220.0 0.0.3.255
access-list 88 permit 192.168.224.0 0.0.3.255
access-list 88 permit 192.168.232.0 0.0.3.255
access-list 88 permit 192.168.236.0 0.0.3.255
access-list 88 permit 192.168.240.0 0.0.3.255
access-list 88 permit 192.168.244.0 0.0.0.255
access-list 88 permit 10.11.11.0 0.0.0.255
access-list 88 permit 192.168.48.0 0.0.1.255
access-list 88 permit 192.168.50.0 0.0.0.255
access-list 88 permit 192.168.52.0 0.0.1.255
access-list 88 permit 193.242.149.0 0.0.0.255
access-list 88 permit 192.168.155.0 0.0.0.255
access-list 88 permit 192.168.156.0 0.0.0.255
access-list 88 permit 192.168.157.0 0.0.0.255
access-list 177 deny ip 192.168.237.0 0.0.0.255 any
access-list 177 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.1.1.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.1.2.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.2.1.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.2.2.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.3.1.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.3.2.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.3.3.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.5.5.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.11.11.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.100.100.0 0.0.0.255
access-list 177 deny ip 192.168.0.0 0.0.255.255 10.200.200.0 0.0.0.255
access-list 177 permit ip 192.168.0.0 0.0.255.255 any
access-list 178 deny ip host 192.168.208.28 any
access-list 178 deny ip host 192.168.210.102 any
access-list 178 deny ip 192.168.48.0 0.0.1.255 any
access-list 178 deny ip 192.168.50.0 0.0.0.255 any
access-list 178 deny ip 192.168.52.0 0.0.1.255 any
access-list 178 deny ip 192.168.208.0 0.0.3.255 192.168.0.0 0.0.255.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.1.1.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.1.2.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.2.1.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.2.2.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.3.1.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.3.2.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.3.3.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.5.5.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.11.11.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.100.100.0 0.0.0.255
access-list 178 deny ip 192.168.208.0 0.0.3.255 10.200.200.0 0.0.0.255
access-list 178 deny ip 192.168.203.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 178 deny ip 192.168.203.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 178 deny ip 192.168.203.0 0.0.0.255 10.11.11.0 0.0.0.255
access-list 178 deny ip 192.168.203.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 178 deny ip 192.168.203.0 0.0.0.255 10.200.200.0 0.0.0.255
access-list 178 deny ip 192.168.206.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 178 deny ip 192.168.206.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 178 deny ip 192.168.206.0 0.0.0.255 10.11.11.0 0.0.0.255
access-list 178 deny ip 192.168.206.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 178 deny ip 192.168.207.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 178 deny ip 192.168.207.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 178 deny ip 192.168.207.0 0.0.0.255 10.11.11.0 0.0.0.255
access-list 178 deny ip 192.168.207.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 178 deny ip 192.168.207.0 0.0.0.255 10.200.200.0 0.0.0.255
access-list 178 deny ip 192.168.100.0 0.0.0.127 any
access-list 178 deny ip host 192.168.208.78 any
access-list 178 deny ip host 192.168.210.78 any
access-list 178 deny ip host 192.168.208.118 any
access-list 178 deny ip host 192.168.208.175 any
access-list 178 deny ip host 192.168.208.233 any
access-list 178 deny ip host 192.168.209.79 any
access-list 178 deny ip host 192.168.209.98 any
access-list 178 deny ip host 192.168.208.215 any
access-list 178 deny ip host 192.168.209.201 any
access-list 178 deny ip host 192.168.209.211 any
access-list 178 deny ip host 192.168.210.250 any
access-list 178 deny ip host 192.168.210.252 any
access-list 178 deny ip host 192.168.211.1 any
access-list 178 deny ip host 192.168.211.10 any
access-list 178 deny ip host 192.168.211.12 any
access-list 178 deny ip host 192.168.211.13 any
access-list 178 deny ip host 192.168.208.168 any
access-list 178 deny ip host 192.168.208.156 any
access-list 178 deny ip host 192.168.208.124 any
access-list 178 deny ip host 192.168.209.245 any
access-list 178 deny ip host 192.168.209.20 any
access-list 178 deny ip host 192.168.208.61 any
access-list 178 deny ip host 192.168.211.216 any
access-list 178 deny ip host 192.168.209.57 any
access-list 178 deny ip host 192.168.210.189 any
access-list 178 deny ip host 192.168.208.209 any
access-list 178 deny ip host 192.168.208.80 any
access-list 178 deny ip host 192.168.210.85 any
access-list 178 deny ip host 192.168.208.237 any
access-list 178 deny ip host 192.168.209.26 any
access-list 178 deny ip host 192.168.210.55 any
access-list 178 deny ip host 192.168.210.171 any
access-list 178 deny ip host 192.168.208.250 any
access-list 178 permit ip 192.168.203.0 0.0.0.255 any
access-list 178 permit ip 192.168.205.0 0.0.0.255 any
access-list 178 permit ip 192.168.206.0 0.0.0.255 any
access-list 178 permit ip 192.168.207.0 0.0.0.255 any
access-list 178 permit ip 192.168.208.0 0.0.3.255 any
!
route-map dynamic-nat-mail permit 10
match ip address 77
!
route-map ISP1-NAT permit 10
match ip address 88
!
route-map ISP2-NAT permit 10
match ip address 88
!
route-map aggregate-to-bgp permit 10
set local-preference 1000
set origin igp
set community 609
!
route-map dynamic-nat-vtaskmob permit 10
match ip address 78
!
route-map dynamic-nat permit 10
match ip address 88
!
route-map 115 permit 10
match ip address 115
set ip next-hop verify-availability 193.242.149.1 10 track 75
set ip next-hop verify-availability 77.66.206.97 20 track 99
!
route-map from_2ndISP permit 10
match ip address from_2ndISP
!
route-map vpdnip_ospf permit 10
match ip address 33
!
route-map from_RO_LAN permit 10
match ip address 177
set ip next-hop verify-availability 192.168.211.1 10 track 88
!
route-map uAS8359-export permit 10
description -- advertise only my AS prefixes
match community type-aggregate
!
route-map gre_fil permit 10
match ip address 27
!
route-map gre_fil permit 20
match policy-list 28
!
route-map dynamic-nat-mail-TALE permit 10
match ip address 79
!
route-map uAS8359-import deny 20
description -- filter martians, default and our own prefixes
match ip address prefix-list martians allocated-blocks
!
route-map uAS8359-import permit 100
match ip address prefix-list default-networks
set local-preference 200
set community 626
!
route-map uAS8359-import permit 200
set local-preference 100
set community 626
!
route-map dynamic-nat-yt-TALE permit 10
match ip address 80
!
route-map from_GK_LAN permit 10
match ip address 178
set ip next-hop verify-availability 192.168.211.1 10 track 88
!
route-map uAS58322-import deny 20
description -- filter martians, default and our own prefixes
match ip address prefix-list martians allocated-blocks
!
route-map uAS58322-import permit 100
match ip address prefix-list default-networks
set local-preference 200
set community 626
!
route-map uAS58322-import permit 200
set local-preference 100
set community 626
!
route-map uAS58322-export permit 10
description -- advertise only my AS prefixes
match community type-aggregate
!
route-map static-to-bgp permit 10
match tag 609
set local-preference 1000
set origin igp
set community 609
!