Iansa Prlrppal

!
! Last configuration change at 11:13:31 UTC Thu Mar 28 2019 by axi183406817

! NVRAM config last updated at 11:15:17 UTC Thu Mar 28 2019 by axi183406817
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IANSA_PRLROPPAL
!
boot-start-marker
boot system flash0 c2900-universalk9-mz.SPA.155-3.M6.bin
boot-end-marker
!
!
vrf definition LINK-1-MPLS
rd 10:10
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$pmts$eXo6DbRyscVd2SGQL1Y.x/
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone UTC -3 0
!
!
!
!
!
!
!
ip nbar protocol-pack flash0:pp-adv-isrg2-155-3.M4a-23-32.0.0.pack
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.167.18.1 192.167.18.10
!
ip dhcp pool PARRAL
network 192.167.18.0 255.255.255.0
default-router 192.167.18.1
option 150 ip 201.236.143.103 201.236.143.108 201.236.143.102
domain-name iansa.cl
dns-server 192.168.72.51 192.168.110.51
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
flow record Record-FNF-IWAN
description Flexible NetFlow for IWAN Monitoring
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect interface output
collect flow sampler
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
!
!
flow exporter Exporter-FNF-IWAN
description FNFv9 NBAR2 with Prime
destination 192.168.151.33
source GigabitEthernet0/0.33
transport udp 9991
option interface-table
option application-table
option application-attributes
!
!
flow monitor Monitor-FNF-IWAN
description IWAN Traffic Analysis
exporter Exporter-FNF-IWAN
cache timeout inactive 10
cache timeout active 60
record Record-FNF-IWAN
!
multilink bundle-name authenticated
!
!
domain IWAN
vrf default
border
source-interface Loopback0
master local
password Iansa$$17
collector 192.168.151.33 port 9991
master branch
source-interface Loopback0
password Iansa$$17
hub 10.0.13.1
collector 192.168.151.33 port 9991
!
!
!
!
!
trunk group PSTN
hunt-scheme sequential
!
!
key chain EIGRP
key 1
key-string Iansa$$17
cts logging verbose
!
!
voice-card 0
!
!
!
voice service voip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
modem passthrough nse codec g711ulaw
!
voice class codec 100
codec preference 1 g729r8
codec preference 2 g711ulaw
codec preference 3 g711alaw
!
voice class h323 200
h225 timeout tcp establish 2
h225 timeout setup 2
!
!
!
!
!
!
license udi pid CISCO2911/K9 sn FJC2111A0RE
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!
username implantacion privilege 15 secret 5 $1$1mPT$NW.L/DT5eeUej4SuGbIG30
username soportedatos privilege 15 secret 5 $1$97UP$w.e8RztH1GZuSIXKdyGCk/
username inventario privilege 15 secret 5 $1$CJFN$b89Vs4Xia4MYMpMc0l8fx0
!
redundancy
!
!
!
crypto ikev2 keyring DMVPN-IANSA-8
peer any
address 0.0.0.0 0.0.0.0
pre-shared-key Iansa$$17
!
!
!
crypto ikev2 profile FVRF-IKEv2-IWAN-TRANSPORT-8
match fvrf LINK-1-MPLS
match identity remote address 0.0.0.0
authentication local pre-share
authentication remote pre-share
keyring local DMVPN-IANSA-8
!
!
!
controller SHDSL 0/0/0
!
!
!
crypto ipsec security-association replay window-size 512
!
crypto ipsec transform-set IANSA-AES256-SHA esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile FVRF-IKEv2-IWAN-TRANSPORT-8
set transform-set IANSA-AES256-SHA
set ikev2-profile FVRF-IKEv2-IWAN-TRANSPORT-8
!
!
!
!
!
!
!
interface Loopback0
description LOOPBAK IWAN
ip address 10.0.8.1 255.255.255.255
!
interface Tunnel100
description LINK-1-MPLS
bandwidth 1000000
ip address 10.100.0.8 255.255.255.0
no ip redirects
ip mtu 1400
ip flow monitor Monitor-FNF-IWAN input
ip flow monitor Monitor-FNF-IWAN output
ip nhrp authentication Iansa$17
ip nhrp network-id 100
ip nhrp holdtime 600
ip nhrp nhs 10.100.0.13 nbma 172.29.75.18 multicast
ip nhrp shortcut
ip tcp adjust-mss 1360
load-interval 30
delay 10000
if-state nhrp
tunnel source GigabitEthernet0/1.2203
tunnel mode gre multipoint
tunnel key 100
tunnel vrf LINK-1-MPLS
tunnel protection ipsec profile FVRF-IKEv2-IWAN-TRANSPORT-8
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description RED LAN IANSA
no ip address
ip nbar protocol-discovery
duplex auto
speed auto
!
interface GigabitEthernet0/0.33
description RED LAN ADMINISTRACION
encapsulation dot1Q 33
ip address 192.168.206.1 255.255.255.0
!
description RED LAN DATOS
ip address 192.168.78.1 255.255.255.0
!
description RED LAN VOZ
ip address 192.167.18.1 255.255.255.0
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.167.18.1
!
description RED LAN VIDEO
ip address 10.153.196.65 255.255.255.240
!
description RED LAN WIRELESS
ip address 192.168.60.1 255.255.255.0
!
description VLAN NATIVA
encapsulation dot1Q 778 native
!
description ENLACE-WAN
no ip address
duplex full
speed 10
rj45-auto-detect-polarity disable
!
description WAN_ENLACE_MPLS_PPAL
bandwidth 1000000
vrf forwarding LINK-1-MPLS
ip address 172.29.33.18 255.255.255.252
delay 10000
!
no ip address
shutdown
duplex auto
speed auto
!
!
!
router eigrp IWAN-EIGRP
!
address-family ipv4 unicast autonomous-system 10
!
af-interface default
passive-interface
exit-af-interface
!
af-interface Tunnel100
authentication mode md5
authentication key-chain EIGRP
hello-interval 20
hold-time 60
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.0.8.1 0.0.0.0
network 10.100.0.0 0.0.0.255
network 10.153.196.64 0.0.0.15
network 192.167.18.0
network 192.168.60.0
network 192.168.78.0
network 192.168.206.0
exit-address-family
!
router bgp 65024
bgp log-neighbor-changes
!
address-family ipv4 vrf LINK-1-MPLS
network 172.29.33.16 mask 255.255.255.252
neighbor 172.29.33.17 remote-as 16629
neighbor 172.29.33.17 description ENLACE PPAL
neighbor 172.29.33.17 activate
neighbor 172.29.33.17 route-map PUBLICAR_MPLS out
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip tacacs source-interface GigabitEthernet0/0.100
!
!
ip prefix-list PUBLICAR seq 5 permit 192.168.206.0/24
!
ip prefix-list PUBLICAR_LAN seq 5 permit 192.168.206.0/24
!
ip prefix-list PUBLICAR_MPLS seq 5 permit 172.29.33.16/30
ip sla responder
no service-routing capabilities-manager
kron policy-list respaldo
cli write
cli show run | redirect tftp://192.168.70.79/IANSA_PRLROPPAL
cli write
cli show run | redirect tftp://192.168.70.88/IANSA_PRLROPPAL
!
logging history size 100
logging history notifications
logging trap notifications
logging origin-id ip
logging source-interface GigabitEthernet0/0.33
logging host 172.25.184.11
logging host 192.168.151.33
!
route-map PUBLICAR permit 10
match ip address prefix-list PUBLICAR
!
route-map STUB-EIGRP-ALL permit 100
!
route-map TAG-EIGRP-WAN permit 10
set tag 108
!
route-map DENEGAR-EIGRP-WAN deny 10
match tag 208
!
route-map DENEGAR-EIGRP-WAN permit 20
!
!
snmp-server group IAnsAgrO v3 priv
snmp-server community s014rwlndssl RO 99
snmp-server community s0l4rw1ndsle RW 99
snmp-server community 31ns1 RO
snmp-server trap-source GigabitEthernet0/0.33
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps gatekeeper
snmp-server enable traps xgcp
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps flash insertion removal low-space
snmp-server enable traps auth-framework sec-violation auth-fail
snmp-server enable traps c3g
snmp-server enable traps LTE
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-
err binding-err conn-up conn-down binding-expn-fail oper-nodeid-change binding-
conflict
snmp-server enable traps bgp
snmp-server enable traps bgp cbgp2
snmp-server enable traps isis
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-
change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity-ext
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps mempool
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps waas
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps bstun
snmp-server enable traps dlsw
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps bfd
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps pw vc
snmp-server enable traps ipmobile
snmp-server enable traps snasw alert isr topology cp-cp port link dlus
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps dsp video-usage
snmp-server enable traps dsp video-out-of-resource
snmp-server enable traps gdoi gm-start-registration
snmp-server enable traps gdoi gm-registration-complete
snmp-server enable traps gdoi gm-re-register
snmp-server enable traps gdoi gm-rekey-rcvd
snmp-server enable traps gdoi gm-rekey-fail
snmp-server enable traps gdoi ks-rekey-pushed
snmp-server enable traps gdoi gm-incomplete-cfg
snmp-server enable traps gdoi ks-no-rsa-keys
snmp-server enable traps gdoi ks-new-registration
snmp-server enable traps gdoi ks-reg-complete
snmp-server enable traps firewall serverstatus
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps rf
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps mpls vpn
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server host 192.168.151.33 IAnsAgrO
tacacs-server host 192.168.70.237 single-connection
tacacs-server directed-request
tacacs-server key 7 03305E06161D245F4F1A57
access-list 99 permit 192.168.70.238
access-list 99 deny any log
!
!
!
control-plane
!
!
voice-port 0/1/0
trunk-group PSTN
connection plar opx 5171
description Linea Telmex ***73-450450**
caller-id enable
!
voice-port 0/1/1
trunk-group PSTN
caller-id enable
!
voice-port 0/2/0
!
voice-port 0/2/1
trunk-group PSTN
caller-id enable
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
dial-peer voice 10 voip
description ##### Dialpeer Desde/Hacia Cluster CCM - 1era Prioridad #####
destination-pattern 5...
progress_ind setup enable 3
progress_ind progress enable 8
session target ipv4:192.168.99.50
incoming called-number .
voice-class codec 100
voice-class h323 200
dtmf-relay h245-alphanumeric
no vad
!
description ##### Dialpeer Desde/Hacia Cluster CCM - 2da Prioridad #####
preference 1
no vad
!
description ##### Dialpeer Desde/Hacia Cluster CCM - 2da Prioridad #####
preference 1
no vad
!
dial-peer voice 102 pots
trunkgroup PSTN
tone ringback alert-no-PI
description 800's
preference 1
destination-pattern 9800......
direct-inward-dial
forward-digits 9
!
trunkgroup PSTN
description Emergencias
preference 1
destination-pattern 91[3-4].
direct-inward-dial
forward-digits 3
!
trunkgroup PSTN
description Informaciones
destination-pattern 910.
direct-inward-dial
forward-digits 3
!
trunkgroup PSTN
description PSTN
preference 1
destination-pattern 9[2-9]......
direct-inward-dial
forward-digits 7
!
trunkgroup PSTN
description LDN
preference 2
destination-pattern 90[2-7]T
direct-inward-dial
prefix 188
!
trunkgroup PSTN
description Rurales
preference 1
destination-pattern 919[7-9]....
direct-inward-dial
forward-digits 7
!
trunkgroup PSTN
description Rurales
preference 1
destination-pattern 906[3-5]......
direct-inward-dial
forward-digits 9
!
trunkgroup PSTN
description 600's
destination-pattern 9600.......
direct-inward-dial
forward-digits 10
!
trunkgroup PSTN
description LDN
destination-pattern 9188T
direct-inward-dial
prefix 188
!
trunkgroup PSTN
description PSTN TALCA-CURICO
destination-pattern 907[15]......
direct-inward-dial
forward-digits 9
!
!
!
!
gatekeeper
shutdown
!
!
call-manager-fallback
max-conferences 8 gain -6
transfer-system full-consult
ip source-address 192.167.18.1 port 2000
max-ephones 42
max-dn 84
system message primary Modo Sobrevivencia
system message secondary Modo Sobrevivencia
!
!
vstack
banner login ^CC
***********************************************************************************
***************
** **
** EL ACCESO NO AUTORIZADO A ESTE DISPOSITIVO ESTA PROHIBIDO **
** **
** Usted esta accediendo a un dispositivo privado, los intentos no autorizados y
acciones **
** para acceder o utilizar este sistema puede dar lugar a sanciones civiles y / o
penales. **
** Todas las actividades realizadas en este dispositivo son registrados y
monitoreados. **
** **
***********************************************************************************
***************
^C
banner motd ^CC
***********************************************************************************
***************
** **
** EL ACCESO NO AUTORIZADO A ESTE DISPOSITIVO ESTA PROHIBIDO **
** **
** Usted esta accediendo a un dispositivo privado, los intentos no autorizados y
acciones **
** para acceder o utilizar este sistema puede dar lugar a sanciones civiles y / o
penales. **
** Todas las actividades realizadas en este dispositivo son registrados y
monitoreados. **
** **
***********************************************************************************
***************
^C
!
line con 0
session-timeout 5
privilege level 14
password soporte.
transport preferred none
transport output telnet ssh
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 5
exec-timeout 2 30
privilege level 15
length 0
transport input all
line vty 5 15
transport input none
!
scheduler allocate 20000 1000
ntp server 200.27.106.115 prefer
ntp server 200.27.106.116
!
end

Iansa Prlrppal

Uploaded by

Copyright:

Available Formats

Iansa Prlrppal

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iansa Prlrppal

Uploaded by

Copyright:

Available Formats

!

! Last configuration change at 11:13:31 UTC Thu Mar 28 2019 by axi183406817

You might also like