Router#sh run
Building configuration...


Current configuration : 14394 bytes
!
! Last configuration change at 15:27:30 EAT Tue Jan 12 2021 by XYZnet
! NVRAM config last updated at 15:27:34 EAT Tue Jan 12 2021 by XYZnet
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname XYZ_DC_WR_2
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 gdgdagdgryrty
!
aaa new-model
!
!
aaa authorization network XYZ-AAA local
!
!
!
!
!
!
aaa session-id common
clock timezone EAT 3 0
!
!
!

subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid ISR4331/K9 sn FDO24090MYS
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username XYZnet privilege 15 password 7 fshfhgsdfsfsad
!
redundancy
 mode none
!
crypto ikev2 authorization policy XYZ-AUTH-POLICY
 pool XYZ-Pool
 netmask 255.255.254.0
 route set access-list XYZ-HQ-Subnets
!
crypto ikev2 proposal XYZ-IkeV2-proposal
 encryption aes-cbc-192
 integrity sha256
 group 15
!
crypto ikev2 policy XYZ-IkeV2-POLICY
 match fvrf any
 proposal XYZ-IkeV2-proposal
!
crypto ikev2 keyring XYZ-KRing
 peer XYZ-Keys
  description XYZ-Keyring-1
  address 0.0.0.0 0.0.0.0
  pre-shared-key local XYZ-pass-123
  pre-shared-key remote XYZ-pass-213
 !
!
!
crypto ikev2 profile XYZ-IkeyV2-profile
 description To_XYZ_Branch_Spokes
 match identity remote address 0.0.0.0
 identity local fqdn hub.XYZ.local
 authentication remote pre-share
 authentication local pre-share
 keyring local XYZ-KRing
 dpd 30 2 on-demand
 aaa authorization group psk list XYZ-AAA XYZ-AUTH-POLICY
 virtual-template 1
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto ipsec transform-set XYZ-TSET esp-gcm
 mode tunnel
!
crypto ipsec profile XYZ-IPSec-Prf
 set transform-set XYZ-TSET
 set ikev2-profile XYZ-IkeyV2-profile
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.8.1 255.255.254.0
 ip ospf shutdown
!
interface GigabitEthernet0/0/0
 description To_XYZ_DC_GR_0/1
 ip address 10.10.23.18 255.255.255.248
 ip ospf shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 description To_XYZ_DC_CoreVSS_G2/2/45
 ip address 10.10.23.37 255.255.255.252
 ip ospf message-digest-key 1 md5 7 100F38383F0F011C5E470F0F07
 ip ospf priority 90
 negotiation auto
!
interface GigabitEthernet0/0/2
 description To_XYZ_DC_EFW_1_Port1
 ip address 10.10.23.29 255.255.255.252
 ip ospf message-digest-key 1 md5 7 06473E0076561A0E5754372F2F
 ip ospf priority 90
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Virtual-Template1 type tunnel
 description To_XYZ_Branch_Spokes
 ip unnumbered Loopback0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile XYZ-IPSec-Prf
!
router ospf 1
 router-id 7.7.7.7
 priority 90
 area 0 authentication message-digest
 redistribute static subnets
 redistribute bgp 100 subnets
 passive-interface GigabitEthernet0/0/0
 passive-interface Loopback0
 passive-interface Virtual-Template1
 network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
 bgp log-neighbor-changes
 bgp listen range 10.10.8.0/23 peer-group XYZ-spokes
 neighbor XYZ-spokes peer-group
 neighbor XYZ-spokes remote-as 100
 !
 address-family ipv4
  bgp redistribute-internal
  network 0.0.0.0
  network 10.0.0.0
  redistribute ospf 1
  neighbor XYZ-spokes activate
  default-information originate
 exit-address-family
!
ip local pool XYZ-Pool 10.10.8.3 10.10.9.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 10.2.200.0 255.255.255.0 10.10.23.20
ip route 10.10.50.0 255.255.255.0 10.10.23.20
ip route 10.10.51.0 255.255.255.0 10.10.23.20
ip route 10.10.52.0 255.255.255.0 10.10.23.20
ip route 10.10.53.0 255.255.255.0 10.10.23.20
ip route 10.10.54.0 255.255.255.0 10.10.23.20
ip route 10.10.55.0 255.255.255.0 10.10.23.20
ip route 10.10.56.0 255.255.255.0 10.10.23.20
ip route 10.10.57.0 255.255.255.0 10.10.23.20
ip route 10.10.58.0 255.255.255.0 10.10.23.20
ip route 10.10.59.0 255.255.255.0 10.10.23.20
ip route 10.10.60.0 255.255.255.0 10.10.23.20
ip route 10.10.61.0 255.255.255.0 10.10.23.20
ip route 10.10.62.0 255.255.255.0 10.10.23.20
!
!
ip access-list standard XYZ-HQ-Subnets
 deny   10.10.23.16 0.0.0.7
 deny   10.10.8.0 0.0.1.255
 permit 10.0.0.0 0.255.255.255
ip access-list standard Device-MGMT
 permit 10.10.1.0 0.0.0.255
 permit 10.10.24.0 0.0.0.255
 permit 10.10.20.0 0.0.0.255
access-list 100 permit ip 10.10.1.0 0.0.0.255 any
!
!
snmp-server community XYZP0rtnox RO
!
!
!
!
control-plane

line con 0
 password 7 0247357A311E1C361E0D2C3D26
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class Device-MGMT in
 privilege level 15
 password 7 15533A2D3E3238337A70100630
 transport input ssh
line vty 5 97
 access-class Device-MGMT in
 privilege level 15
 password 7 15533A2D3E3238337A70100630
 transport input ssh
!
ntp authentication-key 1 md5 041A3A2735395F595B5A203331 7
ntp authenticate
ntp trusted-key 1
ntp server 10.10.1.3 prefer
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

XYZ_DC_WR_2#