! ! subscriber templating ! ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-632393052 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-632393052 revocation-check none rsakeypair TP-self-signed-632393052 ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl ! ! crypto pki certificate chain TP-self-signed-632393052 certificate self-signed 01 3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 36333233 39333035 32301E17 0D323231 31303731 38303232 365A170D 33323131 30363138 30323236 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3633 32333933 30353230 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A71C42F2 82C66FFF 3F2C5C99 58D4F64C B21C6107 04BE3DDE 134BDD9F AAE8A1B0 FB9D615E 0E302CF3 0CADDDC8 9E77277E E92FF8A3 1FB67473 67D105AD BE2DC10A 42E451F5 D45883C8 E4466F61 99C4DC66 1E360D58 116D906E 3515D8B8 62E84DA9 4165101B 72E1F213 E104623C 0D4D0FD8 FF8FBC74 2AC24774 687A8AC2 096BFD56 49580F3A C0787A8E E8F11EB0 8AAC83BA 792B75EF F2A7124B E955E90C 0D1EE968 382DAE9A 07A404A3 3D963160 8DB2C608 25264380 AFF57C89 BBE7EB17 B566F64D 57FCB4D3 B4C748EE ECB6D960 0762863D 2856C0F8 812406B8 23A4C56B D5AD4159 6EC0A01A 4448E793 D0DA16A7 7EC7D00F 523610A0 E571874E 83630F91 700C82F3 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 168014C6 97002596 FC67FC27 4487165F 2FC26FB0 0D239930 1D060355 1D0E0416 0414C697 002596FC 67FC2744 87165F2F C26FB00D 2399300D 06092A86 4886F70D 01010505 00038201 0100120E 0A8DDC8C 55011C21 0E2374CE DE41CBDE 4F3DACB7 5DD95537 0EB30E76 C6C25D4B B5EB3F42 9D137FF6 DFA98B74 663D38D5 5777C024 EF8460F8 5CFD95F9 AF47BEFB FD6B8185 8F2329A7 D7E1D2FC A72FEBEF AD366182 9C8EC3CA 15EC7048 031A518C A9BCE584 8337C615 1C83E29D D3526F48 BF2EA7EA AE2941D5 74C863C9 4C6A4793 6921DD0C F615C2D0 CA0FC94C 9A722FE4 1EBCC965 A0471A0B 3D1F08DD 3902AED3 7CA1C795 113C4AC5 ACAF07CF 5D7C36D4 21263EF1 F8B759C2 5CC68B25 C41EBB9A C00CE6C3 E3954811 17090C2A CE7469EB 2D9ECD5F 4619DEB7 C1035333 A8A9FE1C A85B61DF B6AE83E1 494CA8D8 F3B20D5A 53AB5C91 6C51F6BB DED75E4D 9D00 quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit ! ! license udi pid C8500-12X4QC sn TTM263204F1 license boot level network-advantage addon dna-advantage memory free low-watermark processor 1500657 hw-module subslot 0/1 mode 10G hw-module subslot 0/2 mode 40G hw-module subslot 0/2 breakout none port all ! ! spanning-tree extend system-id diagnostic bootup level minimal ! ! redundancy mode none ! ! crypto ikev2 proposal DMVPN-IKE-PROPOSAL encryption aes-cbc-256 integrity sha384 group 14 ! crypto ikev2 policy DMVPN-IKE-POLICY match fvrf FVRF proposal DMVPN-IKE-PROPOSAL ! crypto ikev2 keyring DMVPN-IKE-KEYRING peer ALL-SPOKES description DMVPN-KEYRING address 0.0.0.0 0.0.0.0 pre-shared-key kcB/"9mc7a[&9Y% ! ! ! crypto ikev2 profile DMVPN-IKE-PROFILE match fvrf FVRF match identity remote address 0.0.0.0 authentication remote pre-share authentication local pre-share keyring local DMVPN-IKE-KEYRING ! ! ! cdp run ! ! ! ! ! ! ! ! ! crypto ipsec transform-set DMVPN-IPSEC-TSET esp-aes 256 esp-sha256-hmac mode transport ! crypto ipsec profile DMVPN-IPSEC-PROFILE set transform-set DMVPN-IPSEC-TSET set ikev2-profile DMVPN-IKE-PROFILE ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.251.0.143 255.255.255.255 ip ospf 100 area 0.0.0.0 ! interface Port-channel10 description 40G-LINK-TO-WAN-CORE1 ip address 10.251.0.129 255.255.255.254 ip ospf network point-to-point ip ospf 100 area 0.0.0.0 ! interface Port-channel20 description 20G-LINK-TO-ACI-LEAF-NODE2 ip address 10.251.0.132 255.255.255.254 ! interface Tunnel0 description QTS-DMVPN-SECONDARY ip address 10.214.0.2 255.255.254.0 no ip redirects ip mtu 1400 ip nhrp network-id 2 ip nhrp redirect ip tcp adjust-mss 1360 load-interval 30 tunnel source TenGigabitEthernet0/0/2 tunnel mode gre multipoint tunnel key 2 tunnel vrf FVRF tunnel protection ipsec profile DMVPN-IPSEC-PROFILE ! interface TenGigabitEthernet0/0/0 no ip address shutdown no negotiation auto bfd interval 50 min_rx 50 multiplier 3 ! interface TenGigabitEthernet0/0/1 no ip address shutdown no negotiation auto bfd interval 50 min_rx 50 multiplier 3 ! interface TenGigabitEthernet0/0/2 description USA-DMVPN-SECONDARY-HUB vrf forwarding FVRF ip address 1.2.3.4 255.255.255.240 ip access-group permit_vpn in no negotiation auto bfd interval 50 min_rx 50 multiplier 3 ! interface TenGigabitEthernet0/0/3 no ip address shutdown no negotiation auto bfd interval 50 min_rx 50 multiplier 3 ! interface TenGigabitEthernet0/0/4 no ip address no negotiation auto bfd interval 50 min_rx 50 multiplier 3 ! interface TenGigabitEthernet0/0/5 no ip address no negotiation auto bfd interval 50 min_rx 50 multiplier 3 ! interface TenGigabitEthernet0/0/6 no ip address no negotiation auto bfd interval 50 min_rx 50 multiplier 3 channel-group 10 mode active ! interface TenGigabitEthernet0/0/7 no ip address no negotiation auto bfd interval 50 min_rx 50 multiplier 3 channel-group 10 mode active ! interface TenGigabitEthernet0/1/0 description LINK-TO-ACI-LEAF-NODE2 no ip address no negotiation auto bfd interval 50 min_rx 50 multiplier 3 channel-group 20 mode active ! interface TenGigabitEthernet0/1/1 description LINK-TO-ACI-LEAF-NODE2 no ip address no negotiation auto bfd interval 50 min_rx 50 multiplier 3 channel-group 20 mode active ! interface TenGigabitEthernet0/1/2 description SECONDARY-MEGAPORT-CIRCUIT no ip address shutdown no negotiation auto ! interface TenGigabitEthernet0/1/2.1001 description VXC-TO-AZURE-USEAST2 encapsulation dot1Q 1001 ip address 10.98.12.25 255.255.255.252 ! interface TenGigabitEthernet0/1/2.2002 description VXC-TO-OCI-DR encapsulation dot1Q 2002 ip address 10.99.127.250 255.255.255.252 ! interface TenGigabitEthernet0/1/2.3003 description VXC-TO-AUS-VOCUS encapsulation dot1Q 3003 ip address 10.254.7.133 255.255.255.252 ! interface TenGigabitEthernet0/1/3 description ZAYO-10G-TO-ALPH-CE2 ip address 10.251.0.134 255.255.255.254 no negotiation auto ! interface FortyGigabitEthernet0/2/0 no ip address no negotiation auto ! interface FortyGigabitEthernet0/2/4 no ip address no negotiation auto ! interface FortyGigabitEthernet0/2/8 no ip address no negotiation auto ! interface GigabitEthernet0 vrf forwarding Mgmt-intf ip address 10.93.1.143 255.255.254.0 negotiation auto ! ! router eigrp SG-DMVPN ! address-family ipv4 unicast autonomous-system 1000 ! af-interface default passive-interface exit-af-interface ! af-interface Tunnel0 no passive-interface no split-horizon exit-af-interface ! topology base redistribute connected metric 10000 10 250 10 1500 redistribute bgp 65318 metric 10000 10 250 10 1500 route-map TAG-BGP-ROUTES redistribute ospf 1 metric 10000 10 250 10 1500 exit-af-topology network 10.214.0.2 0.0.0.0 eigrp router-id 10.241.0.143 exit-address-family ! router ospf 100 router-id 10.251.0.143 auto-cost reference-bandwidth 1000 passive-interface default no passive-interface Port-channel10 bfd all-interfaces ! router ospf 1 ! router bgp 65318 bgp log-neighbor-changes neighbor 10.98.12.26 remote-as 12076 neighbor 10.99.127.249 remote-as 31898 neighbor 10.251.0.133 remote-as 64340 neighbor 10.251.0.135 remote-as 64240 neighbor 10.251.0.142 remote-as 65318 neighbor 10.251.0.142 update-source Loopback0 neighbor 10.251.0.142 fall-over bfd ! address-family ipv4 bgp redistribute-internal redistribute connected redistribute eigrp 1000 route-map DMVPN->BGP-DENY-TAGGED neighbor 10.98.12.26 activate neighbor 10.98.12.26 soft-reconfiguration inbound neighbor 10.98.12.26 route-map QTS-to-AZURE-UNDERLAY-FILTER-IN in neighbor 10.98.12.26 route-map QTS-to-AZURE-UNDERLAY-FILTER-OUT out neighbor 10.99.127.249 activate neighbor 10.99.127.249 soft-reconfiguration inbound neighbor 10.99.127.249 route-map QTS-to-OCI-FILTER-IN in neighbor 10.99.127.249 route-map QTS-to-OCI-FILTER-OUT out neighbor 10.251.0.133 activate neighbor 10.251.0.133 soft-reconfiguration inbound neighbor 10.251.0.133 route-map CORE2-to-ACI-FILTER-IN in neighbor 10.251.0.133 route-map CORE2-to-ACI-FILTER-OUT out neighbor 10.251.0.135 activate neighbor 10.251.0.142 activate exit-address-family ! ip http server ip http authentication local ip http secure-server ip forward-protocol nd ! ip tftp source-interface GigabitEthernet0 ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.93.1.13 ip route vrf FVRF 0.0.0.0 0.0.0.0 1.2.3.1 ! ip access-list extended DENY-SSH 10 deny tcp any any eq 22 20 deny tcp any any eq telnet ip access-list extended permit_vpn 10 permit esp any host 1.2.3.4 20 permit gre any host 1.2.3.4 30 permit udp any host 1.2.3.4 eq isakmp 40 permit udp any host 1.2.3.4 eq non500-isakmp ! ! ip prefix-list AZURE-DR-SUBNET seq 10 permit 10.98.0.0/16 le 32 ! ip prefix-list AZURE-VNET-HUB-BLOCK seq 5 permit 10.98.0.0/23 ! ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0 ! ip prefix-list MATCH-ANY seq 5 permit 0.0.0.0/0 le 32 ! ip prefix-list OCI-DR-SUBNET seq 5 permit 10.99.0.0/16 le 32 ! ip prefix-list OCI-PRI-SUBNET seq 5 permit 10.92.0.0/16 le 32 ! ip prefix-list QTS-SUBNET seq 5 permit 10.93.0.0/16 le 32 ! ip prefix-list WAN-CORE2-LOOPBACK seq 5 permit 10.251.0.143/32 ! route-map DMVPN->BGP-DENY-TAGGED deny 10 match tag 10 ! route-map DMVPN->BGP-DENY-TAGGED permit 1500 match ip address prefix-list MATCH-ANY ! route-map TAG-BGP-ROUTES permit 10 set tag 10 ! route-map QTS-to-OCI-FILTER-IN permit 10 match ip address prefix-list OCI-DR-SUBNET set local-preference 200 ! route-map QTS-to-OCI-FILTER-IN deny 1500 match ip address MATCH-ANY ! route-map QTS-to-AZURE-UNDERLAY-FILTER-IN permit 10 match ip address prefix-list AZURE-VNET-HUB-BLOCK ! route-map QTS-to-AZURE-UNDERLAY-FILTER-IN deny 1500 match ip address prefix-list MATCH-ANY ! route-map CORE2-to-ACI-FILTER-OUT permit 1500 match ip address prefix-list MATCH-ANY set as-path prepend 65318 65318 65318 ! route-map QTS-to-OCI-FILTER-OUT permit 10 match ip address prefix-list DEFAULT-ROUTE ! route-map QTS-to-OCI-FILTER-OUT permit 1500 match ip address prefix-list MATCH-ANY ! route-map CORE1-FILTER-OUT permit 10 match ip address prefix-list MATCH-ANY set as-path prepend 65318 65318 65318 ! route-map QTS-to-AZURE-UNDERLAY-FILTER-OUT permit 10 match ip address prefix-list WAN-CORE2-LOOPBACK ! route-map QTS-to-AZURE-UNDERLAY-FILTER-OUT deny 1500 match ip address prefix-list MATCH-ANY ! route-map CORE2-to-ACI-FILTER-IN permit 1500 match ip address prefix-list MATCH-ANY ! ! ! ! control-plane ! ! ! ! ! banner motd ^CCCC ************************************************* * THIS IS A SCIENTIFIC GAMES COMPUTER SYSTEM. * * THIS COMPUTER SYSTEM, INCLUDING ALL * * RELATED EQUIPMENT, NETWORKS AND NETWORK * * DEVICES * * (SPECIFICALLY INCLUDING INTERNET ACCESS,) * * ARE PROVIDED ONLY FOR AUTHORIZED COMPANY * * USE. SCIENTIFIC GAMES COMPUTER SYSTEMS MAY * * BE MONITORED FOR ALL LAWFUL PURPOSES, * * INCLUDING TO ENSURE THAT THEIR USE IS * * AUTHORIZED, FOR MANAGEMENT OF THE SYSTEM, * * TO FACILITATE PROTECTION AGAINST * * UNAUTHORIZED ACCESS, AND TO VERIFY SECURITY * * PROCEDURES, SURVIVABILITY AND OPERATIONAL * * SECURITY. MONITORING INCLUDES ACTIVE * * ATTACKS BY AUTHORIZED SCIENTIFIC GAMES * * ENTITIES TO TEST OR VERIFY THE SECURITY * * OF THIS SYSTEM. DURING MONITORING,ALL * * INFORMATION ON OR SENT OVER THE SYSTEM, * * INCLUDING PERSONAL IFORMATION, MAY BE * * EXAMINED, RECORDED, COPIED AND USED FOR * * AUTHORIZED PURPOSES. * * * * USE OF THIS SCIENTIFIC GAMES COMPUTER SYSTEM, * * AUTHORIZED OR UNAUTHORIZED, CONSTITUTES * * CONSENT TO MONITORING OF THIS SYSTEM. * * UNAUTHORIZED USE MAY SUBJECT YOU TO * * CRIMINAL PROSECUTION. EVIDENCE OF * * UNAUTHORIZED USE COLLECTED DURING * * MONITORING MAY BE USED FOR ADMINISTRATIVE, * * CRIMINAL OR OTHER ADVERSE ACTION. USE OF * * THIS SYSTEM CONSTITUTES CONSENT TO MONITORING * * FOR THESE PURPOSES * * * ************************************************* ^C ! line con 0 exec-timeout 0 0 logging synchronous no domain-lookup stopbits 1 line aux 0 line vty 0 4 login local transport input ssh line vty 5 15 login local transport input ssh ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ntp server 10.93.16.20 ntp server 10.93.16.21 ! ! ! ! ! ! end