Building configuration... Current configuration : 6258 bytes ! ! Last configuration change at 17:39:01 CHI Mon May 7 2018 by filip ! NVRAM config last updated at 17:37:00 CHI Mon May 7 2018 by filip ! version 15.7 service timestamps debug datetime msec service timestamps log datetime localtime show-timezone no service password-encryption ! hostname D1-3925 ! boot-start-marker boot system flash0://c3900-universalk9-mz.SPA.157-3.M.bin boot-end-marker ! ! enable secret 5 $1$is11$C6PyOcFWyIFtySiaCKw2R0 ! aaa new-model ! ! aaa authentication login default local ! ! ! ! ! aaa session-id common clock timezone CHI -6 0 ! ! ! ! ! ! ! ! ! ! ! ip vrf comcast rd 1:1 route-replicate from vrf global unicast ospf 10 ! ! ! ! ip domain name gt51.com ip name-server 8.8.8.8 ip cef ipv6 unicast-routing ipv6 cef ! ! multilink bundle-name authenticated ! ! ! ! ! voice-card 0 ! ! ! ! ! ! ! ! license udi pid C3900-SPE100/K9 sn FOC143327Z8 ! ! archive path tftp://192.168.10.92/CISCO/D01-3925/$h-$t write-memory username filip secret 5 $1$7lMy$.A9cfBaOG8vz0k1MQyZOf/ ! redundancy ! ! ! ! ! ! class-map match-any VLAN10 match access-group name qos class-map match-any VLAN200 match access-group name VLAN200 class-map match-any filip2 match access-group name qos class-map match-all Filip match access-group name QoS-Filip class-map match-any Filip2 ! policy-map CHILD class VLAN10 priority 35000 class VLAN200 bandwidth 110000 policy-map PARENT class class-default shape average 180000000 police 150000000 service-policy CHILD ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.168.168.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip vrf forwarding comcast ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto ipv6 address dhcp ! interface GigabitEthernet0/1 ip address 10.168.12.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map GLOBAL_TO_VRF duplex auto speed auto ipv6 ospf 10 area 0 ! interface GigabitEthernet0/2 ip dhcp relay information trusted ip address 192.168.11.1 255.255.255.0 ip helper-address 192.168.200.20 ip nat inside ip virtual-reassembly in ip policy route-map COMCAST duplex auto speed auto ! interface FastEthernet0/0/0 description TO-ASA5540 switchport access vlan 101 switchport mode access no ip address shutdown ! interface FastEthernet0/0/1 switchport access vlan 9 switchport mode access no ip address ! interface FastEthernet0/0/2 no ip address ! interface FastEthernet0/0/3 description ATT switchport access vlan 50 switchport mode access no ip address ! interface Vlan1 no ip address ! interface Vlan9 ip address 192.168.9.1 255.255.255.0 ! interface Vlan50 ip address 68.72.**.** 255.255.255.248 ip nat outside ip virtual-reassembly in ! interface Vlan101 ip address 10.168.16.1 255.255.255.0 ip virtual-reassembly in ip ospf cost 10 ! router ospf 20 vrf comcast router-id 192.192.192.1 redistribute vrf global ospf 10 subnets ! router ospf 10 network 10.168.12.0 0.0.0.255 area 0 network 10.168.16.0 0.0.0.255 area 0 network 10.168.168.1 0.0.0.0 area 0 network 192.168.11.0 0.0.0.255 area 0 default-information originate ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list nat interface Vlan50 overload ip nat inside source list nat-deset interface GigabitEthernet0/0 overload ip nat inside source static tcp 192.168.200.12 80 68.72.**.** 80 extendable ip nat inside source static tcp 192.168.200.19 8010 68.72.**.** 8010 extendable ip nat inside source static 10.168.12.8 68.72.**.** ip route profile ip route 0.0.0.0 0.0.0.0 68.72.**.** ip ssh version 2 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ip access-list standard nat permit 10.168.168.10 permit 192.168.200.0 0.0.0.255 permit 192.168.11.0 0.0.0.255 permit 172.30.20.0 0.0.0.255 permit 192.168.5.0 0.0.0.255 permit 192.168.12.0 0.0.0.255 permit 10.168.12.0 0.0.0.255 ip access-list standard nat-deset permit 192.168.10.0 0.0.0.255 ip access-list standard nat-dveste permit 192.168.200.0 0.0.0.255 ! ip access-list extended PBR deny ip 192.168.11.0 0.0.0.255 10.0.0.0 0.255.255.255 deny ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.255.255 deny ip 192.168.11.0 0.0.0.255 172.30.0.0 0.0.255.255 permit ip 192.168.11.0 0.0.0.255 any ip access-list extended PBR2 deny ip 192.168.10.0 0.0.0.255 10.0.0.0 0.255.255.255 deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255 deny ip 192.168.10.0 0.0.0.255 172.30.0.0 0.0.255.255 permit ip 192.168.10.0 0.0.0.255 any ip access-list extended QoS-Filip permit ip any 192.168.10.0 0.0.0.255 permit ip 192.168.10.0 0.0.0.255 any ip access-list extended VLAN200 permit ip any 192.168.200.0 0.0.0.255 permit ip 192.168.200.0 0.0.0.255 any ! logging trap debugging logging host 192.168.5.195 ipv6 route ::/0 Tunnel0 ipv6 router ospf 10 router-id 10.10.168.1 default-information originate ! ! nls resp-timeout 1 cpd cr-id 1 route-map COMCAST permit 10 match ip address PBR set ip default next-hop 192.168.11.254 ! route-map GLOBAL_TO_VRF permit 10 match ip address PBR2 set vrf comcast ! ! snmp-server community ***** RO snmp-server host 192.168.5.231 version 2c ***** ! ! ! control-plane ! ! ! ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! gatekeeper shutdown ! ! vstack ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 exec-timeout 0 0 logging synchronous transport input ssh line vty 5 15 exec-timeout 0 0 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ntp master ntp server 0.north-america.pool.ntp.org ! end