Building configuration...


Current configuration : 15930 bytes
!
! Last configuration change at 21:24:24 CDT Thu May 27 2021 by admin_user
! NVRAM config last updated at 17:18:57 CDT Thu May 27 2021 by admin_user
!
version 16.12
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput level boost
!
hostname MPLS-Router
!
boot-start-marker
boot system bootflash:isr4300-universalk9.16.12.04.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
aaa new-model
!
!
aaa group server tacacs+ TACACS
 server name tacacs1
 server name tacacs2
!
aaa authentication login default group TACACS local
aaa authentication login CONSOLE local
aaa authorization exec default group TACACS if-authenticated 
aaa authorization exec CONSOLE local 
aaa authorization commands 15 default group TACACS local 
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group TACACS
aaa accounting commands 15 default stop-only group TACACS
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
!
ip name-server 192.168.1.36 192.168.4.36
ip domain name domain.local
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
multilink bundle-name authenticated
!
flow record Netflow
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect transport tcp flags
 collect interface input
 collect interface output
 collect counter bytes long
 collect counter packets long
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
 collect application name
!
!
flow exporter Netflow
 destination 192.168.4.40
 source GigabitEthernet0/0/0
 transport udp 2055
 template data timeout 60
!
!
flow monitor Netflow
 exporter Netflow
 cache timeout active 60
 record Netflow
!
!
!
key chain WAN-KEY
 key 1
  key-string 7 ***********************
!
!
crypto pki trustpoint TP-self-signed-3563095594
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3563095594
 revocation-check none
 rsakeypair TP-self-signed-3563095594
!
crypto pki trustpoint SLA-TrustPoint
 enrollment terminal
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3563095594
 certificate self-signed 01
  ***********************
  	quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  ***********************
  	quit
!
!
no license feature hseck9
license udi pid ISR4331/K9 sn FLM545826QN
license boot level securityk9
memory free low-watermark processor 67107
!
!
!
!
!
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin-user privilege 15 password 7 ***********************
!
redundancy
 mode none
!
!
!
!
!
!
!
class-map match-any CS3
 match dscp cs3 
class-map match-any Transactional_Data
 match ip dscp af21  af22  af23 
class-map match-any Media_Signaling
 match ip dscp af31 
 match ip dscp cs3 
class-map match-any Interactive_Video
 match ip dscp af41  af42  af43 
 match ip dscp cs4 
class-map match-any Network_Control
 match ip dscp cs6 
class-map type inspect match-any PUBLIC->OUTSIDE
 match access-group name ACL-RTR-IN
class-map match-any Best_Effort
 match ip dscp default 
class-map type inspect match-any WEBACCESS
 match protocol http
 match protocol https
 match protocol dns
 match protocol ftp
 match protocol tcp
class-map type inspect match-all ANY
 match access-group name ANY
class-map match-any Mission_Critical_Data
 match ip dscp af32  af33 
class-map match-any Scavenger
 match ip dscp cs1 
class-map match-any Voice_RTP
 match ip dscp ef 
class-map match-any Bulk_Data
 match ip dscp af11  af12  af13 
!
policy-map CS3toAF31
 class CS3
  set dscp af31
policy-map qos-L3-3Q
 class Voice_RTP
  priority percent 10
 class Media_Signaling
  bandwidth percent 45 
 class Best_Effort
  bandwidth percent 45 
  random-detect dscp-based
  fair-queue
policy-map qos-L3-4Q
 class Voice_RTP
  priority percent 10
 class Interactive_Video
  priority percent 35
 class Media_Signaling
  bandwidth percent 10 
 class Scavenger
  bandwidth percent 1 
 class Best_Effort
  bandwidth percent 44 
policy-map type inspect ANY
 class type inspect ANY
  pass
policy-map type inspect WEBACCESS
 class type inspect WEBACCESS
  inspect
 class class-default
policy-map 20MBPS_QOS
 class class-default
  shape average 20000000   
   service-policy qos-L3-3Q
policy-map INET_60M
 class class-default
  shape average 60000000   
policy-map DMVPN-20MBPS-POLICY
 class class-default
  shape average 20971520   
policy-map 100MBPS_QOS
 class class-default
  shape average 100000000   
   service-policy qos-L3-4Q
policy-map type inspect PUBLIC->OUTSIDE
 class type inspect PUBLIC->OUTSIDE
  pass
!
! 
!
!
!
!
crypto isakmp policy 10
 encryption aes 256
 hash sha512
 authentication pre-share
 group 14
 lifetime 28800
crypto isakmp key *********************** address 0.0.0.0        
crypto isakmp keepalive 10 5 periodic
!
crypto ipsec security-association replay window-size 1024
!
crypto ipsec transform-set DMVPN-AES256 esp-aes 256 esp-sha512-hmac 
 mode transport
!
crypto ipsec profile VPN-DMVPN
 set transform-set DMVPN-AES256 
!
!
!
!
!
!
! 
! 
!
!
interface Tunnel100
 bandwidth 50000
 ip flow monitor Netflow input
 ip flow monitor Netflow output
 ip address 10.255.250.6 255.255.255.0
 no ip redirects
 ip mtu 1360
 ip pim nbma-mode
 ip pim sparse-mode
 ip nbar protocol-discovery
 ip nhrp authentication ***********************
 ip nhrp map multicast 10.255.250.1
 ip nhrp network-id 100
 ip nhrp nhs 10.255.250.1 nbma 1.2.3.4 multicast
 ip nhrp redirect
 ip tcp adjust-mss 1340
 load-interval 30
 cdp enable
 if-state nhrp
 tunnel source GigabitEthernet0/0/2
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile VPN-DMVPN
!
interface GigabitEthernet0/0/0
 ip address 172.16.254.6 255.255.255.252
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/2
 description Internet
 bandwidth 50000
 ip address 34.34.34.4 255.255.255.248
 ip nbar protocol-discovery
 ip access-group DMVPN-Services in
 load-interval 30
 negotiation auto
!
interface GigabitEthernet0/1/0
 description MPLS
 ip flow monitor Netflow input
 ip flow monitor Netflow output
 ip address 100.100.100.14 255.255.255.252
 load-interval 30
 media-type rj45
 negotiation auto
 no cdp enable
 service-policy output 100MBPS_QOS
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 172.16.250.2 255.255.255.0
 negotiation auto
!
!
router eigrp EIGRP
 !
 address-family ipv4 unicast autonomous-system 100
  !
  af-interface default
   passive-interface
  exit-af-interface
  !
  af-interface GigabitEthernet0/0/0
   no passive-interface
  exit-af-interface
  !
  af-interface Tunnel100
   summary-address 172.16.0.0 255.255.0.0
   authentication mode md5
   authentication key-chain WAN-KEY
   hello-interval 20
   hold-time 60
   no next-hop-self
   no passive-interface
   no split-horizon
  exit-af-interface
  !
  topology base
   distribute-list prefix LOCAL out Tunnel100
   redistribute bgp 66606 metric 500 10 255 1 1500
  exit-af-topology
  network 172.16.250.0 0.0.0.255
  network 172.16.254.4 0.0.0.3
  metric rib-scale 250
  eigrp router-id 10.255.250.6
 exit-address-family
!
router bgp 66606
 bgp router-id 100.100.100.14
 no bgp fast-external-fallover
 bgp log-neighbor-changes
 bgp graceful-restart
 timers bgp 5 20
 redistribute static route-map static
 redistribute eigrp 100
 neighbor 100.100.100.13 remote-as 1234
 neighbor 100.100.100.13 local-as 66631
 neighbor 100.100.100.13 send-community
 neighbor 100.100.100.13 soft-reconfiguration inbound
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 172.16.10.254
ip route 192.168.1.0 255.255.0.0 Tunnel100 250
ip route 172.16.33.0 255.255.255.0 10.6.254.5
ip route 172.16.38.0 255.255.255.0 10.6.254.5
ip route 1.2.3.4 255.255.255.255 34.34.34.1
ip tacacs source-interface GigabitEthernet0/0/0 
!
!
ip access-list extended DMVPN-Services
 10 permit udp any any eq isakmp
 20 permit esp any any
 30 permit gre any any
 40 permit icmp any any echo
 50 permit icmp any any echo-reply
 60 deny   ip any any log
!
!
ip prefix-list LOCAL seq 10 permit 172.16.0.0/16
!
ip prefix-list static seq 5 permit 172.16.33.0/24
ip prefix-list static seq 10 permit 172.16.38.0/24
ip access-list standard 1
 10 permit 192.0.0.0 0.255.255.255
 20 permit 1.2.3.4 0.0.0.31
 30 permit 1.2.4.5 0.0.0.31
ip access-list standard 5
 10 permit 192.0.0.0 0.255.255.255
ip access-list standard 99
 10 permit 192.168.4.72
 20 permit 192.168.4.80
 30 permit 192.168.4.82
 40 permit 192.168.4.140
!
!
route-map static permit 10 
 match ip address prefix-list static
!
snmp-server community string RO 99
snmp-server location Office
snmp-server contact techsupport@domain.com
!
tacacs server tacacs1
 address ipv4 192.168.4.40
 key 7 ***********************
 single-connection
tacacs server tacacs2
 address ipv4 192.168.1.40
 key 7 ***********************
 single-connection
!
!
!
control-plane
!
banner exec ^CCC
****** Your consent to the terms listed above is acknowledged. *******
^C
banner login ^CCC
**********************************************************************
    A T T E N T I O N     A T T E N T I O N     A T T E N T I O N
**********************************************************************
WARNING: This system is for the use of authorized clients only.
Individuals using the computer network system without authorization,
or in excess of their authorization, are subject to having all their
activity on this computer network system monitored and recorded by
system personnel.  To protect the computer network system from
unauthorized use and to ensure the computer network systems is
functioning properly, system administrators monitor this system.
Anyone using this computer network system expressly consents to such
monitoring and is advised that if such monitoring reveals possible
conduct of criminal activity, system personnel may provide the
evidence of such activity to law enforcement officers.

Access is restricted to authorized users only. Unauthorized access is
a violation of state and federal, civil and criminal laws.
**********************************************************************
^C
!
line con 0
 exec-timeout 5 0
 privilege level 15
 authorization exec CONSOLE
 logging synchronous
 login authentication CONSOLE
 history size 50
 transport output telnet ssh
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 15 0
 privilege level 15
 logging synchronous
 length 0
 history size 250
 transport input ssh
 transport output ssh
!
ntp server 192.168.1.1
ntp server 192.168.4.1
!
!
!
!
!
end