Document on Router Configuration
Current configuration : 18773 bytes
!
! Last configuration change at 14:45:32 GMT Tue Apr 16 2019 by makweaee
! NVRAM config last updated at 14:37:23 GMT Tue Apr 16 2019 by makweaee
! NVRAM config last updated at 14:37:23 GMT Tue Apr 16 2019 by makweaee
version 15.1
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname nhbr-0032-bloemfonte-ce-2
!
boot-start-marker
boot-end-marker
!
!
logging buffered 32768
logging console errors
enable secret 5 $1$dm60$eZQAJf/IbWDtt5uC9lHKt0
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default local
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network start-stop group tacacs+
aaa accounting delay-start
aaa accounting suppress null-username
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
clock timezone GMT 2 0
!
no ipv6 cef
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip host vpns 165.143.225.164
ip host vpns2 165.143.125.164
multilink bundle-name authenticated
!
!
!
key chain rtr_key
key 1
key-string 7 0652290F644831085D24455C5D520E2D1C04101D74
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2911/K9 sn FCZ1629203Z
!
!
username Hr3pYXm8v7ZoQ2AB6E04 password 7 013E2E097E5D55387141691B4D2B3324590B51191B
!
redundancy
!
!
ip tcp synwait-time 10
ip telnet tos 60
no ip ftp passive
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
ip ssh time-out 12
ip ssh source-interface Loopback0
ip ssh rsa keypair-name vpnsxz3h6Fb
ip ssh version 2
ip ssh precedence 3
ip rcmd source-interface Loopback0
!
track 1 ip sla 1
delay down 30
!
class-map match-any CustomerSystem
match ip dscp cs6
class-map match-any RealTime
match protocol sip
match protocol rtcp
match protocol h323
match protocol rtsp
match protocol mgcp
match protocol rtp audio
match protocol skinny
match access-group name RealTime
class-map match-any BulkBusinessData2
match access-group name BulkBusinessData2
class-map match-any BulkBusinessData3
match access-group name BulkBusinessData3
class-map match-any BulkBusinessData1
match protocol rtp video
match access-group name BulkBusinessData1
class-map match-any CustomerRealTime
match ip dscp ef
class-map match-any CustomerBulkBusinessData2
match ip dscp af12
class-map match-any CustomerBulkBusinessData3
match ip dscp af13
class-map match-any CustomerBulkBusinessData1
match ip dscp af11
class-map match-any CustomerIntBusinessData
match ip dscp cs4
class-map match-any CustomerGeneralData2
match ip dscp 4
class-map match-any CustomerGeneralData3
match ip dscp 6
class-map match-any CustomerGeneralData1
match ip dscp 2
class-map match-any CustomerMgt
match ip dscp cs3
match access-group name CustomerNMS
!
!
policy-map Egress_GigabitEthernet0/1.212
class CustomerSystem
bandwidth percent 9
class CustomerMgt
bandwidth percent 9
class CustomerBulkBusinessData1
bandwidth percent 73
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class CustomerBulkBusinessData2
bandwidth percent 8
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class class-default
fair-queue
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
policy-map Ingress_GigabitEthernet0/0
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Ingress_GigabitEthernet0/2
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Shape_GigabitEthernet0/1.212
class class-default
shape average 4750000 19000 0
queue-limit 4096 packets
service-policy Egress_GigabitEthernet0/1.212
!
!
!
!
!
interface Loopback0
ip address 165.144.121.174 255.255.255.255
no ip redirects
!
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
shutdown
no cdp enable
!
interface GigabitEthernet0/0
description ## Lan Connection to customer network ##
ip address 172.16.4.2 255.255.255.128
no ip redirects
ip accounting output-packets
ip flow ingress
ip flow egress
load-interval 30
duplex auto
speed auto
vrrp 1 ip 172.16.4.4
vrrp 1 preempt delay minimum 60
vrrp 1 priority 109
vrrp 1 track 1
no cdp enable
service-policy input Ingress_GigabitEthernet0/0
!
interface GigabitEthernet0/1
no ip address
no ip redirects
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1.212
description By VPNSC: Job Id# = 511028 (75-00821-23)
bandwidth 5000
encapsulation dot1Q 212
ip address 165.144.79.34 255.255.255.252
no ip redirects
no cdp enable
service-policy output Shape_GigabitEthernet0/1.212
!
interface GigabitEthernet0/2
no ip address
no ip redirects
duplex auto
speed auto
no cdp enable
!
!
router bgp 60032
bgp log-neighbor-changes
neighbor 165.144.79.33 remote-as 5713
!
address-family ipv4
redistribute connected metric 1
redistribute static metric 1
neighbor 165.144.79.33 activate
exit-address-family
!
ip local policy route-map LocalPolicyRoute
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 172.17.56.80 255.255.255.240 172.16.4.1 name management_vlan
ip route 172.18.4.0 255.255.255.128 172.16.4.1 name voice_vlan
ip route 172.19.11.128 255.255.255.128 172.16.4.1 name wireless_vlan
ip route 172.20.11.128 255.255.255.128 172.16.4.1 name guest_vlan
ip route 172.21.11.0 255.255.255.240 172.16.4.1 name Media_Mkt
ip tacacs source-interface Loopback0
!
ip access-list extended BulkBusinessData1
permit ip any host 172.16.1.219
permit ip host 172.16.1.219 any
permit ip any host 172.16.1.218
permit ip host 172.16.1.218 any
permit tcp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 eq 2000
permit tcp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 range 5060 5061
permit udp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 range 5060 5061
remark ## Siebel server##
remark ## Oracle server##
remark "SAP"
permit tcp any any range 3200 3299
permit tcp any range 3200 3299 any
permit tcp any any range 3300 3399
permit tcp any range 3300 3399 any
permit tcp any any range 4800 4899
permit tcp any range 4800 4899 any
remark "SAP ERPsrprderp01"
permit ip host 172.16.19.143 any
permit ip any host 172.16.19.143
remark "ERP Apps Serversrprderp02"
permit ip host 172.16.19.152 any
permit ip any host 172.16.19.152
remark "SAP CRMsrprdcrm01"
permit ip host 172.16.19.142 any
permit ip any host 172.16.19.142
remark "SAP PIsrprdpi01"
permit ip host 172.16.19.147 any
permit ip any host 172.16.19.147
remark "SAP GRCsrprdgrc01"
permit ip host 172.16.19.141 any
permit ip any host 172.16.19.141
remark "SAP BWsrprdbw01"
permit ip host 172.16.19.146 any
permit ip any host 172.16.19.146
remark "SAP BOsrprdbo01"
permit ip host 172.16.19.145 any
permit ip any host 172.16.19.145
remark "E-Recruit srprdrec01"
permit ip host 172.16.19.154 any
permit ip any host 172.16.19.154
remark "SAP Portal srprdepp01"
permit ip host 172.16.19.144 any
permit ip any host 172.16.19.144
remark "Mobility Gateway srprdgw01"
permit ip host 172.16.19.148 any
permit ip any host 172.16.19.148
remark "Mobility Web Dispatchersrprdwd01"
permit ip host 172.16.19.149 any
permit ip any host 172.16.19.149
remark "TREX srprdtrx01"
permit ip host 172.16.19.153 any
permit ip any host 172.16.19.153
remark "SLD srprdsld01"
permit ip host 172.16.19.151 any
permit ip any host 172.16.19.151
remark "WPB srprdwpb01"
permit ip host 172.16.19.150 any
permit ip any host 172.16.19.150
remark "SAP Solution Manager 7.1 srprdsol01"
permit ip host 172.16.19.140 any
permit ip any host 172.16.19.140
remark "OT Archive SRPRDARC01"
permit ip host 172.16.19.156 any
permit ip any host 172.16.19.156
remark "OT Content Backend SRPRDCB01"
permit ip host 172.16.19.157 any
permit ip any host 172.16.19.157
remark "OT Content Frontend SRPRDCF01"
permit ip host 172.16.19.158 any
permit ip any host 172.16.19.158
remark "OT SEASRPRDSEA01"
permit ip host 172.16.19.160 any
permit ip any host 172.16.19.160
remark "OT Web Server SRPRDWS01
permit ip host 172.16.19.159 any
permit ip any host 172.16.19.159
ip access-list extended BulkBusinessData2
permit ip host 172.16.0.25 any
permit ip any host 172.16.0.25
permit ip host 172.16.0.26 any
permit ip any host 172.16.0.26
permit ip host 172.16.0.27 any
permit ip any host 172.16.0.27
permit ip host 172.16.0.28 any
permit ip any host 172.16.0.28
permit ip host 172.16.0.38 any
permit ip any host 172.16.0.38
permit udp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 eq tftp
permit udp 172.16.19.0 0.0.0.255 172.18.0.0 0.0.255.255 eq tftp
remark ## TFTP for phones ##
ip access-list extended BulkBusinessData3
permit ip any any
ip access-list extended CustomerNMS
permit ip 165.149.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 165.149.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 165.149.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 165.147.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 165.147.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 165.147.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 165.144.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 165.144.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 165.144.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 197.236.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 197.236.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 197.236.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 197.236.0.0 0.0.255.255 165.223.18.0 0.0.1.255
permit ip 165.149.0.0 0.0.255.255 165.223.18.0 0.0.1.255
permit ip 165.147.0.0 0.0.255.255 165.223.18.0 0.0.1.255
permit ip 165.144.0.0 0.0.255.255 165.223.18.0 0.0.1.255
ip access-list extended LocalPolicyACL
remark ### TACACS_MANAGEMENT_CLASSIFICATION ###
permit tcp any any eq tacacs
ip access-list extended RealTime
permit tcp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 range 5060 5061
remark " Voice Traffic "
permit udp any any range 16384 37276
remark IPKTS Protocol Unicast
permit udp any any eq 5588
permit udp any eq 5588 any
remark Audio Channels RTP RTCP
permit udp any any range 8002 8029
permit udp any range 8002 8029 any
permit udp any any range 1024 1147
permit udp any range 1024 1147 any
remark H245 Control
permit tcp any any range 2048 3071
permit tcp any range 2048 3071 any
permit udp any range 16384 37276 any
remark RealTime_Signalling
permit tcp any any eq 2000
permit tcp any eq 2000 any
permit tcp any any eq 1720
permit tcp any eq 1720 any
permit tcp any any range 11000 11999
!
ip sla key-chain rtr-key
ip sla responder
logging source-interface Loopback0
access-list 97 remark NTP Bellville DR Primary
access-list 97 permit 165.143.124.100
access-list 97 remark NTP Bellville DR Back-Up
access-list 97 permit 165.143.124.101
access-list 97 remark NTP Centurion Primary
access-list 97 permit 165.143.224.172
access-list 97 remark NTP Centurion Back-Up
access-list 97 permit 165.143.224.43
access-list 98 permit 165.143.224.0 0.0.1.255
access-list 98 permit 165.143.124.0 0.0.1.255
access-list 98 permit 165.149.0.0 0.0.255.255
access-list 98 permit 165.147.0.0 0.0.255.255
access-list 98 permit 165.144.0.0 0.0.255.255
access-list 98 permit 197.236.0.0 0.0.127.255
access-list 98 permit 196.43.4.0 0.0.0.255
access-list 98 permit 197.236.208.0 0.0.15.255
access-list 98 permit 197.236.224.0 0.0.31.255
access-list 98 permit 197.236.0.0 0.0.255.255
access-list 98 deny any log
access-list 99 permit 165.143.224.0 0.0.1.255
access-list 99 permit 165.143.124.0 0.0.1.255
access-list 99 permit 196.43.4.0 0.0.0.255
access-list 99 deny any log
!
no cdp run
!
!
!
route-map LocalPolicyRoute permit 10
match ip address LocalPolicyACL
set ip precedence flash
!
!
snmp-server view vpnov ipAddrEntry.*.165.144 included
snmp-server view vpnov ipAddrEntry.*.197.236 included
snmp-server community qCWeMjdZbCOIXZB3zXP9 RO 99
snmp-server community AiFQX5o4YlUCy39617u7 RW 99
snmp-server ifindex persist
snmp-server trap-source Loopback0
snmp-server contact Telkom_MCN 0800 11 61 61
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps bstun
snmp-server enable traps dlsw
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps bfd
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps pw vc
snmp-server enable traps ipmobile
snmp-server enable traps snasw alert isr topology cp-cp port link dlus
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps mpls vpn
snmp-server host 172.16.0.177 version 2c nhbrcdmn
snmp-server host 172.16.1.83 version 2c nhbrcdmn
snmp-server host 196.43.4.100 qCWeMjdZbCOIXZB3zXP9
snmp ifmib ifalias long
tacacs-server host 165.143.224.193
tacacs-server host 165.143.124.193
tacacs-server host 165.143.225.164
tacacs-server host 165.143.125.164
tacacs-server directed-request restricted
tacacs-server key 7 000546515C7A5B12572D41405F1D024310580A0629
!
!
!
control-plane
!
!
banner motd ^C
UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED
|| ||
|| ||
|||| ||||
..:||||||:..:||||||:..
TELKOM SA
C I S C O S Y S T E M S
GOLD PARTNER
You must have explicit permission to access or configure this device.
All activities performed on this device may be logged, and violations
of this policy may result in disciplinary action, and may be reported
to law enforcement. There is no right to privacy on this device.
Telkom Managed Customer Networks
0800 11 61 61
^C
!
line con 0
exec-timeout 15 0
password 7 0717311C445C3850434A5235547209207A072F1B36
line aux 0
access-class 98 in
exec-timeout 15 0
password 7 0811141A0C09164F211E59221905337F3A1B2A0450
no exec
transport input telnet ssh
transport output telnet ssh
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 98 in
exec-timeout 15 0
password 7 15415200517F05717F31677035104756547A5E0C5D
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp source Loopback0
ntp access-group peer 97
ntp server 165.143.224.43
ntp server 165.143.224.172 prefer
ntp server 165.143.124.100
ntp server 165.143.124.101
end
++++++++++++++++++++++++++++++++++++++
Welcome to our tech blog, today i am going to deep dive into VoIP router configuration for Enterprise Cisco ISR Router that capable to provide Voice services, in our article we will cover the basic configuration file and the components like DHCP, relay, Access lists, SSH acess , Layer 3 Networking
and many more...
So here is the template or config file that i want to share for your knowledgebase... This is the live example config from realtime router where it covers the QoS settings for VoIP too...
QoS Policy Mapping
**************
!
class-map match-any CustomerSystem
match ip dscp cs6
class-map match-any RealTime
match protocol sip
match protocol rtcp
match protocol h323
match protocol rtsp
match protocol mgcp
match protocol rtp audio
match protocol skinny
match access-group name RealTime
class-map match-any BulkBusinessData2
match access-group name BulkBusinessData2
class-map match-any BulkBusinessData3
match access-group name BulkBusinessData3
class-map match-any BulkBusinessData1
match protocol rtp video
match access-group name BulkBusinessData1
class-map match-any CustomerRealTime
match ip dscp ef
class-map match-any CustomerBulkBusinessData2
match ip dscp af12
class-map match-any CustomerBulkBusinessData3
match ip dscp af13
class-map match-any CustomerBulkBusinessData1
match ip dscp af11
class-map match-any CustomerIntBusinessData
match ip dscp cs4
class-map match-any CustomerGeneralData2
match ip dscp 4
class-map match-any CustomerGeneralData3
match ip dscp 6
class-map match-any CustomerGeneralData1
match ip dscp 2
class-map match-any CustomerMgt
match ip dscp cs3
match access-group name CustomerNMS
!
!
policy-map Egress_GigabitEthernet0/1.212
class CustomerSystem
bandwidth percent 9
class CustomerMgt
bandwidth percent 9
class CustomerBulkBusinessData1
bandwidth percent 73
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class CustomerBulkBusinessData2
bandwidth percent 8
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class class-default
fair-queue
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
policy-map Ingress_GigabitEthernet0/0
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Ingress_GigabitEthernet0/2
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Shape_GigabitEthernet0/1.212
class class-default
shape average 4750000 19000 0
queue-limit 4096 packets
service-policy Egress_GigabitEthernet0/1.212
!
class-map match-any CustomerSystem
match ip dscp cs6
class-map match-any RealTime
match protocol sip
match protocol rtcp
match protocol h323
match protocol rtsp
match protocol mgcp
match protocol rtp audio
match protocol skinny
match access-group name RealTime
class-map match-any BulkBusinessData2
match access-group name BulkBusinessData2
class-map match-any BulkBusinessData3
match access-group name BulkBusinessData3
class-map match-any BulkBusinessData1
match protocol rtp video
match access-group name BulkBusinessData1
class-map match-any CustomerRealTime
match ip dscp ef
class-map match-any CustomerBulkBusinessData2
match ip dscp af12
class-map match-any CustomerBulkBusinessData3
match ip dscp af13
class-map match-any CustomerBulkBusinessData1
match ip dscp af11
class-map match-any CustomerIntBusinessData
match ip dscp cs4
class-map match-any CustomerGeneralData2
match ip dscp 4
class-map match-any CustomerGeneralData3
match ip dscp 6
class-map match-any CustomerGeneralData1
match ip dscp 2
class-map match-any CustomerMgt
match ip dscp cs3
match access-group name CustomerNMS
!
!
policy-map Egress_GigabitEthernet0/1.212
class CustomerSystem
bandwidth percent 9
class CustomerMgt
bandwidth percent 9
class CustomerBulkBusinessData1
bandwidth percent 73
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class CustomerBulkBusinessData2
bandwidth percent 8
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class class-default
fair-queue
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
policy-map Ingress_GigabitEthernet0/0
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Ingress_GigabitEthernet0/2
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Shape_GigabitEthernet0/1.212
class class-default
shape average 4750000 19000 0
queue-limit 4096 packets
service-policy Egress_GigabitEthernet0/1.212
!
******************
Sample Config
++++++++++++++++++++++++++++++++++++++
nhbr-0032-bloemfonte-ce-2#sh run
Building configuration...Current configuration : 18773 bytes
!
! Last configuration change at 14:45:32 GMT Tue Apr 16 2019 by makweaee
! NVRAM config last updated at 14:37:23 GMT Tue Apr 16 2019 by makweaee
! NVRAM config last updated at 14:37:23 GMT Tue Apr 16 2019 by makweaee
version 15.1
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname nhbr-0032-bloemfonte-ce-2
!
boot-start-marker
boot-end-marker
!
!
logging buffered 32768
logging console errors
enable secret 5 $1$dm60$eZQAJf/IbWDtt5uC9lHKt0
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default local
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network start-stop group tacacs+
aaa accounting delay-start
aaa accounting suppress null-username
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
clock timezone GMT 2 0
!
no ipv6 cef
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip host vpns 165.143.225.164
ip host vpns2 165.143.125.164
multilink bundle-name authenticated
!
!
!
key chain rtr_key
key 1
key-string 7 0652290F644831085D24455C5D520E2D1C04101D74
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2911/K9 sn FCZ1629203Z
!
!
username Hr3pYXm8v7ZoQ2AB6E04 password 7 013E2E097E5D55387141691B4D2B3324590B51191B
!
redundancy
!
!
ip tcp synwait-time 10
ip telnet tos 60
no ip ftp passive
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
ip ssh time-out 12
ip ssh source-interface Loopback0
ip ssh rsa keypair-name vpnsxz3h6Fb
ip ssh version 2
ip ssh precedence 3
ip rcmd source-interface Loopback0
!
track 1 ip sla 1
delay down 30
!
class-map match-any CustomerSystem
match ip dscp cs6
class-map match-any RealTime
match protocol sip
match protocol rtcp
match protocol h323
match protocol rtsp
match protocol mgcp
match protocol rtp audio
match protocol skinny
match access-group name RealTime
class-map match-any BulkBusinessData2
match access-group name BulkBusinessData2
class-map match-any BulkBusinessData3
match access-group name BulkBusinessData3
class-map match-any BulkBusinessData1
match protocol rtp video
match access-group name BulkBusinessData1
class-map match-any CustomerRealTime
match ip dscp ef
class-map match-any CustomerBulkBusinessData2
match ip dscp af12
class-map match-any CustomerBulkBusinessData3
match ip dscp af13
class-map match-any CustomerBulkBusinessData1
match ip dscp af11
class-map match-any CustomerIntBusinessData
match ip dscp cs4
class-map match-any CustomerGeneralData2
match ip dscp 4
class-map match-any CustomerGeneralData3
match ip dscp 6
class-map match-any CustomerGeneralData1
match ip dscp 2
class-map match-any CustomerMgt
match ip dscp cs3
match access-group name CustomerNMS
!
!
policy-map Egress_GigabitEthernet0/1.212
class CustomerSystem
bandwidth percent 9
class CustomerMgt
bandwidth percent 9
class CustomerBulkBusinessData1
bandwidth percent 73
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class CustomerBulkBusinessData2
bandwidth percent 8
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
class class-default
fair-queue
random-detect
random-detect exponential-weighting-constant 11
random-detect precedence 1 311 933 1
policy-map Ingress_GigabitEthernet0/0
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Ingress_GigabitEthernet0/2
class RealTime
set dscp ef
class BulkBusinessData1
set dscp af11
class BulkBusinessData2
set dscp af12
class BulkBusinessData3
set dscp af13
policy-map Shape_GigabitEthernet0/1.212
class class-default
shape average 4750000 19000 0
queue-limit 4096 packets
service-policy Egress_GigabitEthernet0/1.212
!
!
!
!
!
interface Loopback0
ip address 165.144.121.174 255.255.255.255
no ip redirects
!
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
shutdown
no cdp enable
!
interface GigabitEthernet0/0
description ## Lan Connection to customer network ##
ip address 172.16.4.2 255.255.255.128
no ip redirects
ip accounting output-packets
ip flow ingress
ip flow egress
load-interval 30
duplex auto
speed auto
vrrp 1 ip 172.16.4.4
vrrp 1 preempt delay minimum 60
vrrp 1 priority 109
vrrp 1 track 1
no cdp enable
service-policy input Ingress_GigabitEthernet0/0
!
interface GigabitEthernet0/1
no ip address
no ip redirects
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1.212
description By VPNSC: Job Id# = 511028 (75-00821-23)
bandwidth 5000
encapsulation dot1Q 212
ip address 165.144.79.34 255.255.255.252
no ip redirects
no cdp enable
service-policy output Shape_GigabitEthernet0/1.212
!
interface GigabitEthernet0/2
no ip address
no ip redirects
duplex auto
speed auto
no cdp enable
!
!
router bgp 60032
bgp log-neighbor-changes
neighbor 165.144.79.33 remote-as 5713
!
address-family ipv4
redistribute connected metric 1
redistribute static metric 1
neighbor 165.144.79.33 activate
exit-address-family
!
ip local policy route-map LocalPolicyRoute
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 172.17.56.80 255.255.255.240 172.16.4.1 name management_vlan
ip route 172.18.4.0 255.255.255.128 172.16.4.1 name voice_vlan
ip route 172.19.11.128 255.255.255.128 172.16.4.1 name wireless_vlan
ip route 172.20.11.128 255.255.255.128 172.16.4.1 name guest_vlan
ip route 172.21.11.0 255.255.255.240 172.16.4.1 name Media_Mkt
ip tacacs source-interface Loopback0
!
ip access-list extended BulkBusinessData1
permit ip any host 172.16.1.219
permit ip host 172.16.1.219 any
permit ip any host 172.16.1.218
permit ip host 172.16.1.218 any
permit tcp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 eq 2000
permit tcp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 range 5060 5061
permit udp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 range 5060 5061
remark ## Siebel server##
remark ## Oracle server##
remark "SAP"
permit tcp any any range 3200 3299
permit tcp any range 3200 3299 any
permit tcp any any range 3300 3399
permit tcp any range 3300 3399 any
permit tcp any any range 4800 4899
permit tcp any range 4800 4899 any
remark "SAP ERPsrprderp01"
permit ip host 172.16.19.143 any
permit ip any host 172.16.19.143
remark "ERP Apps Serversrprderp02"
permit ip host 172.16.19.152 any
permit ip any host 172.16.19.152
remark "SAP CRMsrprdcrm01"
permit ip host 172.16.19.142 any
permit ip any host 172.16.19.142
remark "SAP PIsrprdpi01"
permit ip host 172.16.19.147 any
permit ip any host 172.16.19.147
remark "SAP GRCsrprdgrc01"
permit ip host 172.16.19.141 any
permit ip any host 172.16.19.141
remark "SAP BWsrprdbw01"
permit ip host 172.16.19.146 any
permit ip any host 172.16.19.146
remark "SAP BOsrprdbo01"
permit ip host 172.16.19.145 any
permit ip any host 172.16.19.145
remark "E-Recruit srprdrec01"
permit ip host 172.16.19.154 any
permit ip any host 172.16.19.154
remark "SAP Portal srprdepp01"
permit ip host 172.16.19.144 any
permit ip any host 172.16.19.144
remark "Mobility Gateway srprdgw01"
permit ip host 172.16.19.148 any
permit ip any host 172.16.19.148
remark "Mobility Web Dispatchersrprdwd01"
permit ip host 172.16.19.149 any
permit ip any host 172.16.19.149
remark "TREX srprdtrx01"
permit ip host 172.16.19.153 any
permit ip any host 172.16.19.153
remark "SLD srprdsld01"
permit ip host 172.16.19.151 any
permit ip any host 172.16.19.151
remark "WPB srprdwpb01"
permit ip host 172.16.19.150 any
permit ip any host 172.16.19.150
remark "SAP Solution Manager 7.1 srprdsol01"
permit ip host 172.16.19.140 any
permit ip any host 172.16.19.140
remark "OT Archive SRPRDARC01"
permit ip host 172.16.19.156 any
permit ip any host 172.16.19.156
remark "OT Content Backend SRPRDCB01"
permit ip host 172.16.19.157 any
permit ip any host 172.16.19.157
remark "OT Content Frontend SRPRDCF01"
permit ip host 172.16.19.158 any
permit ip any host 172.16.19.158
remark "OT SEASRPRDSEA01"
permit ip host 172.16.19.160 any
permit ip any host 172.16.19.160
remark "OT Web Server SRPRDWS01
permit ip host 172.16.19.159 any
permit ip any host 172.16.19.159
ip access-list extended BulkBusinessData2
permit ip host 172.16.0.25 any
permit ip any host 172.16.0.25
permit ip host 172.16.0.26 any
permit ip any host 172.16.0.26
permit ip host 172.16.0.27 any
permit ip any host 172.16.0.27
permit ip host 172.16.0.28 any
permit ip any host 172.16.0.28
permit ip host 172.16.0.38 any
permit ip any host 172.16.0.38
permit udp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 eq tftp
permit udp 172.16.19.0 0.0.0.255 172.18.0.0 0.0.255.255 eq tftp
remark ## TFTP for phones ##
ip access-list extended BulkBusinessData3
permit ip any any
ip access-list extended CustomerNMS
permit ip 165.149.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 165.149.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 165.149.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 165.147.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 165.147.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 165.147.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 165.144.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 165.144.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 165.144.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 197.236.0.0 0.0.255.255 196.43.4.0 0.0.0.255
permit ip 197.236.0.0 0.0.255.255 165.143.124.0 0.0.1.255
permit ip 197.236.0.0 0.0.255.255 165.143.224.0 0.0.1.255
permit ip 197.236.0.0 0.0.255.255 165.223.18.0 0.0.1.255
permit ip 165.149.0.0 0.0.255.255 165.223.18.0 0.0.1.255
permit ip 165.147.0.0 0.0.255.255 165.223.18.0 0.0.1.255
permit ip 165.144.0.0 0.0.255.255 165.223.18.0 0.0.1.255
ip access-list extended LocalPolicyACL
remark ### TACACS_MANAGEMENT_CLASSIFICATION ###
permit tcp any any eq tacacs
ip access-list extended RealTime
permit tcp 172.18.0.0 0.0.255.255 172.16.19.0 0.0.0.255 range 5060 5061
remark " Voice Traffic "
permit udp any any range 16384 37276
remark IPKTS Protocol Unicast
permit udp any any eq 5588
permit udp any eq 5588 any
remark Audio Channels RTP RTCP
permit udp any any range 8002 8029
permit udp any range 8002 8029 any
permit udp any any range 1024 1147
permit udp any range 1024 1147 any
remark H245 Control
permit tcp any any range 2048 3071
permit tcp any range 2048 3071 any
permit udp any range 16384 37276 any
remark RealTime_Signalling
permit tcp any any eq 2000
permit tcp any eq 2000 any
permit tcp any any eq 1720
permit tcp any eq 1720 any
permit tcp any any range 11000 11999
!
ip sla key-chain rtr-key
ip sla responder
logging source-interface Loopback0
access-list 97 remark NTP Bellville DR Primary
access-list 97 permit 165.143.124.100
access-list 97 remark NTP Bellville DR Back-Up
access-list 97 permit 165.143.124.101
access-list 97 remark NTP Centurion Primary
access-list 97 permit 165.143.224.172
access-list 97 remark NTP Centurion Back-Up
access-list 97 permit 165.143.224.43
access-list 98 permit 165.143.224.0 0.0.1.255
access-list 98 permit 165.143.124.0 0.0.1.255
access-list 98 permit 165.149.0.0 0.0.255.255
access-list 98 permit 165.147.0.0 0.0.255.255
access-list 98 permit 165.144.0.0 0.0.255.255
access-list 98 permit 197.236.0.0 0.0.127.255
access-list 98 permit 196.43.4.0 0.0.0.255
access-list 98 permit 197.236.208.0 0.0.15.255
access-list 98 permit 197.236.224.0 0.0.31.255
access-list 98 permit 197.236.0.0 0.0.255.255
access-list 98 deny any log
access-list 99 permit 165.143.224.0 0.0.1.255
access-list 99 permit 165.143.124.0 0.0.1.255
access-list 99 permit 196.43.4.0 0.0.0.255
access-list 99 deny any log
!
no cdp run
!
!
!
route-map LocalPolicyRoute permit 10
match ip address LocalPolicyACL
set ip precedence flash
!
!
snmp-server view vpnov ipAddrEntry.*.165.144 included
snmp-server view vpnov ipAddrEntry.*.197.236 included
snmp-server community qCWeMjdZbCOIXZB3zXP9 RO 99
snmp-server community AiFQX5o4YlUCy39617u7 RW 99
snmp-server ifindex persist
snmp-server trap-source Loopback0
snmp-server contact Telkom_MCN 0800 11 61 61
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps bstun
snmp-server enable traps dlsw
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps bfd
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps pw vc
snmp-server enable traps ipmobile
snmp-server enable traps snasw alert isr topology cp-cp port link dlus
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps mpls vpn
snmp-server host 172.16.0.177 version 2c nhbrcdmn
snmp-server host 172.16.1.83 version 2c nhbrcdmn
snmp-server host 196.43.4.100 qCWeMjdZbCOIXZB3zXP9
snmp ifmib ifalias long
tacacs-server host 165.143.224.193
tacacs-server host 165.143.124.193
tacacs-server host 165.143.225.164
tacacs-server host 165.143.125.164
tacacs-server directed-request restricted
tacacs-server key 7 000546515C7A5B12572D41405F1D024310580A0629
!
!
!
control-plane
!
!
banner motd ^C
UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED
|| ||
|| ||
|||| ||||
..:||||||:..:||||||:..
TELKOM SA
C I S C O S Y S T E M S
GOLD PARTNER
You must have explicit permission to access or configure this device.
All activities performed on this device may be logged, and violations
of this policy may result in disciplinary action, and may be reported
to law enforcement. There is no right to privacy on this device.
Telkom Managed Customer Networks
0800 11 61 61
^C
!
line con 0
exec-timeout 15 0
password 7 0717311C445C3850434A5235547209207A072F1B36
line aux 0
access-class 98 in
exec-timeout 15 0
password 7 0811141A0C09164F211E59221905337F3A1B2A0450
no exec
transport input telnet ssh
transport output telnet ssh
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 98 in
exec-timeout 15 0
password 7 15415200517F05717F31677035104756547A5E0C5D
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp source Loopback0
ntp access-group peer 97
ntp server 165.143.224.43
ntp server 165.143.224.172 prefer
ntp server 165.143.124.100
ntp server 165.143.124.101
end
++++++++++++++++++++++++++++++++++++++
