GM-1#sh ver Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.3(3)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Tue 22-Oct-13 01:08 by prod_rel_team ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1) GM-1 uptime is 20 minutes System returned to ROM by reload at 14:52:58 PST Tue Mar 4 2014 System restarted at 14:54:29 PST Tue Mar 4 2014 System image file is "flash0:c2900-universalk9-mz.SPA.153-3.M1.bin" Last reload type: Normal Reload Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory. Processor board ID FTX1439AJAM 4 FastEthernet interfaces 3 Gigabit Ethernet interfaces 1 Serial interface 1 terminal line 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity enabled. 255K bytes of non-volatile configuration memory. 250880K bytes of ATA System CompactFlash 0 (Read/Write) License Info: License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *0 CISCO2921/K9 FTX1439AJAM Technology Package License Information for Module:'c2900' ------------------------------------------------------------------------ Technology Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------------ ipbase ipbasek9 Permanent ipbasek9 security securityk9 EvalRightToUse securityk9 uc uck9 Permanent uck9 data None None None appx None None None NtwkEss None None None CollabPro None None None Configuration register is 0x2102 GM-1#sh run Building configuration... Current configuration : 12893 bytes ! ! No configuration change since last restart version 15.3 service timestamps debug datetime msec service timestamps log datetime msec localtime no service password-encryption ! hostname GM-1 ! boot-start-marker boot system flash0:c2900-universalk9-mz.SPA.153-3.M1.bin boot-end-marker ! aqm-register-fnf ! logging count logging buffered 160000 enable password cisco ! no aaa new-model clock timezone PST -8 0 ! ! ! ! ! ! ! no ip domain lookup ip domain name boeing.com ip multicast-routing ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! crypto pki trustpoint NETENC enrollment retry count 5 enrollment retry period 3 enrollment url http://14.14.14.14:80 serial-number subject-name OU=GETVPN revocation-check none source interface Loopback0 rsakeypair pki_NETENC auto-enroll 90 regenerate ! ! crypto pki certificate chain NETENC certificate 1F 308202B9 30820222 A0030201 0202011F 300D0609 2A864886 F70D0101 05050030 2B312930 27060355 04031320 63697363 6F312E62 6F65696E 672E636F 6D204C3D 53656174 746C6520 433D5553 301E170D 31343032 31303233 31333533 5A170D31 34303832 39323331 3335335A 3045310F 300D0603 55040B13 06474554 56504E31 32301206 03550405 130B4654 58313433 39414A41 4D301C06 092A8648 86F70D01 0902160F 474D2D31 2E626F65 696E672E 636F6D30 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 CD407856 3787E59B 55E70C76 F336FE1E DE8C779B 61EE1539 DE900003 CE1FC57C 08162D81 3506305A 814BB580 C3E82E7C 4DA9D2A6 45B7F939 C73D8AFD 5304A85E D0FD4FA2 A475EC35 73AD3977 D465145A 1B19CA61 2970C567 F89309F3 CF19C65D 7C567917 389A33EC D54B898B E89AE162 D61D9DE0 56629FF5 0024BF3E D4F1FF98 0CB95897 1F98D638 B6692305 4EA1203C F82F17A6 C4CE816E 36CA4544 AD67C8C8 C9B32425 EE0B705A 4860C4A3 080FBB06 FAD191B4 E4F4D885 79FFA732 6AC1D002 30D9ADA9 6C011D99 63325C85 FAD0F715 AE86FF0F C7648627 D6DA009E 42C83D80 4C099D86 5AF8C1B5 1794E467 A56329BC A643BB0A E4C84A86 E8CE8D53 D0D632D1 02030100 01A34F30 4D300B06 03551D0F 04040302 05A0301F 0603551D 23041830 168014BD 2EE47C82 F72B6739 D1E4817B 9F67AEF1 E8ADEA30 1D060355 1D0E0416 0414D9AA F3E9C1DF EDD272C4 CD329D6E 1E9269BB BC30300D 06092A86 4886F70D 01010505 00038181 00553669 BAB810B7 99503116 C797A076 19A788C7 E20D7C63 D280197C 136CF79B 83642B1F 5692E479 A766422B 2A972222 000E8F64 3841F7DE 140369D9 92169BB4 C7625525 4340B01B 65623FB5 F809C498 14535B41 F427DD86 4A662C86 2B54686D 6F5250DD F9842151 6D752DC3 477F6F9E C472452B 82C2DF0C 96617EA5 49C003FA 20 quit certificate ca 01 3082022F 30820198 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 2B312930 27060355 04031320 63697363 6F312E62 6F65696E 672E636F 6D204C3D 53656174 746C6520 433D5553 301E170D 31343032 30363138 31323137 5A170D31 35303230 36313831 3231375A 302B3129 30270603 55040313 20636973 636F312E 626F6569 6E672E63 6F6D204C 3D536561 74746C65 20433D55 5330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AA37 9ED9DA6B B937FB82 A38AE57E 36064E4F CFF0578C 47B2DA56 3726F54F 757DA4A5 F3675F55 4D500E02 57198387 4D8B97C7 341171E9 A7C3CEAB 46ACCD5B C37DE4E6 5413590E C729671E 018C83A6 BE4BE3C6 9D2AA8AF 08C3E3CF A622C56A 094F7BBC B87735D9 C59F64F6 1BC8DE3B 7C8334CF 61521835 C7AD8068 EAC293CD BC810203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304 18301680 14BD2EE4 7C82F72B 6739D1E4 817B9F67 AEF1E8AD EA301D06 03551D0E 04160414 BD2EE47C 82F72B67 39D1E481 7B9F67AE F1E8ADEA 300D0609 2A864886 F70D0101 04050003 8181004F E48ED564 86EEC3E5 76B05EF1 37700933 767D7320 1970259D CDC05C02 42AAD84A C36FFA33 9BFFD3D0 AAE2451A 1E156825 0E120344 5A840541 AF321ED3 30C69A46 CA2184BF 2A90A7DA 2424EDAB F8486E12 7CB2FAC2 AD3C1295 634D668A 12191C06 BFC1A502 0A16DC28 2AF36DFB CBA0943D 71227ECF A15DD835 E5C12F9F 7C4EC8 quit voice-card 0 ! ! ! ! ! ! ! ! license udi pid CISCO2921/K9 sn FTX1439AJAM license accept end user agreement license boot module c2900 technology-package securityk9 hw-module pvdm 0/0 ! ! ! username cisco privilege 15 password 0 cisco ! redundancy ! ! ! ! ! ip tftp source-interface GigabitEthernet0/0 ! class-map match-any QOS-TIME-SENSITIVE description fire alarms (COS 3) match dscp cs2 af21 class-map match-all CLASS-CPP-180-MONITORING match access-group name CPP-ACL-180-MONITORING class-map match-all CLASS-CPP-160-FILE-MANAGEMENT match access-group name CPP-ACL-160-FILE-MANAGEMENT class-map match-all CLASS-CPP-190-CRITICAL-APPLICATIONS match access-group name CPP-ACL-190-CRITICAL-APPLICATIONS class-map match-any QOS-SIGNALING description H323, SIP, routing protocols (COS 2) match dscp cs3 af31 cs6 cs7 class-map match-any QOS-REAL-TIME description interactive voice/video (COS 2V) match dscp cs4 af41 class-map match-all CLASS-CPP-110-BGP match access-group name CPP-ACL-110-BGP class-map match-all CLASS-CPP-140-FRAGMENTS match access-group name CPP-ACL-140-FRAGMENTS class-map match-all CLASS-CPP-210-UNDESIRABLE match access-group name CPP-ACL-210-UNDESIRABLE class-map match-all CLASS-CPP-120-IGP match access-group name CPP-ACL-120-IGP class-map match-all CLASS-CPP-150-TUNNELS match access-group name CPP-ACL-150-TUNNELS class-map match-all CLASS-CPP-170-MULTICAST match access-group name CPP-ACL-170-MULTICAST class-map match-all CLASS-CPP-200-LAYER2 match protocol arp class-map match-all CLASS-CPP-130-INTERACTIVE-MANAGEMENT match access-group name CPP-ACL-130-INTERACTIVE-MANAGEMENT class-map match-any QOS-BULK description backups, file replication (COS 5) match dscp 7 af11 class-map match-any QOS-PRIORITY description voice (COS 1) match dscp cs5 ef ! policy-map QOS-WAN-M class QOS-PRIORITY priority percent 20 class QOS-REAL-TIME bandwidth remaining percent 20 queue-limit 100 packets class QOS-SIGNALING bandwidth remaining percent 20 queue-limit 100 packets class QOS-TIME-SENSITIVE bandwidth remaining percent 10 queue-limit 100 packets class QOS-BULK bandwidth remaining percent 1 queue-limit 200 packets class class-default bandwidth remaining percent 49 queue-limit 300 packets policy-map SYSTEM-CPP-POLICY class CLASS-CPP-110-BGP police cir 6400000 bc 1600000 be 3200000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-120-IGP police cir 6400000 bc 1600000 be 3200000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-130-INTERACTIVE-MANAGEMENT police cir 640000 bc 160000 be 320000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-140-FRAGMENTS police cir 32000 bc 8000 be 16000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-150-TUNNELS police cir 32000 bc 8000 be 16000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-160-FILE-MANAGEMENT police cir 1200000 bc 300000 be 600000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-170-MULTICAST police cir 64000 bc 16000 be 32000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-180-MONITORING police cir 256000 bc 64000 be 128000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-190-CRITICAL-APPLICATIONS police cir 64000 bc 16000 be 32000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-200-LAYER2 police cir 32000 bc 8000 be 16000 conform-action transmit exceed-action transmit violate-action transmit class CLASS-CPP-210-UNDESIRABLE police cir 32000 bc 8000 be 16000 conform-action drop exceed-action drop violate-action drop class class-default police cir 640000 bc 160000 be 320000 conform-action transmit exceed-action transmit violate-action transmit ! ! ! crypto isakmp policy 10 encr aes 256 group 5 crypto isakmp identity dn ! ! ! ! crypto gdoi group GDOI identity number 1234 server address ipv4 5.5.5.5 server address ipv4 8.8.8.8 ! ! crypto identity dn ! ! crypto map CRYPTO local-address Loopback0 crypto map CRYPTO 10 gdoi set group GDOI match address GM-LOCAL-ACL ! buffers huge permanent 10 buffers huge size 65535 ! ! ! ! interface Loopback0 ip address 15.15.15.15 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.15.115.63 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 mtu 9216 no ip address load-interval 30 duplex auto speed auto ! interface GigabitEthernet0/1.101 encapsulation dot1Q 101 ip address 10.4.1.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.102 encapsulation dot1Q 102 ip address 10.4.2.1 255.255.255.0 ip pim sparse-mode ip tcp adjust-mss 1350 ! interface GigabitEthernet0/1.103 encapsulation dot1Q 103 ip address 10.4.3.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.104 encapsulation dot1Q 104 ip address 10.4.4.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.105 encapsulation dot1Q 105 ip address 10.4.5.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.106 encapsulation dot1Q 106 ip address 10.4.6.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.107 encapsulation dot1Q 107 ip address 10.4.7.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.108 encapsulation dot1Q 108 ip address 10.4.8.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.109 encapsulation dot1Q 109 ip address 10.4.9.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1.110 encapsulation dot1Q 110 ip address 10.4.10.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/2 no ip address duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.8.1 255.255.255.252 ip pim sparse-mode load-interval 30 service-module t1 timeslots 1-24 crypto map CRYPTO service-policy output QOS-WAN-M ! interface FastEthernet0/2/0 no ip address ! interface FastEthernet0/2/1 no ip address ! interface FastEthernet0/2/2 no ip address ! interface FastEthernet0/2/3 no ip address ! interface Vlan1 no ip address ! router bgp 65004 bgp router-id 15.15.15.15 bgp log-neighbor-changes network 10.4.1.0 mask 255.255.255.0 network 15.15.15.15 mask 255.255.255.255 redistribute connected route-map IXIA neighbor 192.168.8.2 remote-as 65001 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip pim autorp listener ip route 10.15.0.0 255.255.0.0 10.15.115.1 ! ip access-list extended GM-LOCAL-ACL deny esp any any deny udp any eq isakmp any eq isakmp deny udp any eq 848 any eq 848 remark Exclude Multicast Auto-RP deny ip any host 224.0.1.39 deny ip any host 224.0.1.40 deny ip any 224.0.0.0 0.0.0.255 remark *** Already encrypted SSH deny tcp any eq 22 any deny tcp any any eq 22 remark ***Do not encrypt critical control traffic deny tcp any host 128.207.92.29 eq tacacs deny tcp any host 130.38.206.16 eq tacacs deny tcp any host 130.42.5.57 eq tacacs deny tcp any host 192.124.88.5 eq tacacs deny tcp host 128.207.92.29 eq tacacs any deny tcp host 130.38.206.16 eq tacacs any deny tcp host 130.42.5.57 eq tacacs any deny tcp host 192.124.88.5 eq tacacs any deny udp any host 192.124.84.23 eq syslog deny udp any host 192.42.234.113 eq syslog deny udp any host 192.124.87.65 eq syslog deny udp any host 192.124.87.4 eq snmptrap deny udp any host 192.124.87.5 eq snmptrap deny udp any host 192.42.234.19 eq snmptrap deny udp any host 192.42.234.43 eq snmptrap remark ***Exclude encryption of BGP deny tcp any any eq bgp deny tcp any eq bgp any ! ! ip prefix-list IXIA seq 5 permit 10.4.0.0/16 le 24 logging source-interface Loopback0 logging host 10.10.10.14 ! route-map IXIA permit 10 match ip address prefix-list IXIA ! ! snmp-server community nmr_rw RW snmp-server packetsize 4000 snmp-server host 10.10.10.248 cisco ! control-plane service-policy input SYSTEM-CPP-POLICY ! ! ! ! ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! gatekeeper shutdown ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input all line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login transport input all ! scheduler allocate 20000 1000 ntp server 10.15.115.67 ! end GM-1#