core1.amen.router.fr.clara.net spawn ssh -c 3des -x -l rancid_user core1.amen.router.fr.clara.net rancid_user@core1.amen.router.fr.clara.net's password: cs-core1>enable Password: cs-core1# cs-core1#term length 0 cs-core1#sh run Building configuration... Current configuration : 29355 bytes ! ! Last configuration change at 10:19:16 CET Thu Mar 5 2009 by blaise ! NVRAM config last updated at 10:19:17 CET Thu Mar 5 2009 by blaise ! upgrade fpd auto version 12.2 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service counters max age 10 ! hostname cs-core1 ! boot system disk0:s72033-advipservicesk9_wan-mz.122-18.SXF6.bin boot system flash logging snmp-authfail logging rate-limit all 200 no logging console enable secret 5 $1$eR19$bShaZ7OYjvtXYSY/QfRd2. enable password 7 0813787A585D0647420757 ! aaa new-model aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ if-authenticated aaa authorization commands 15 default group tacacs+ if-authenticated aaa accounting commands 15 default start-stop group tacacs+ ! aaa session-id common clock timezone CET 1 ip subnet-zero no ip source-route ! ! ! ip flow-cache timeout active 5 ip tftp source-interface Loopback0 no ip bootp server ip tcp path-mtu-discovery ip domain-name amen.fr ip name-server 62.193.206.133 ip name-server 62.193.206.134 ipv6 unicast-routing ipv6 mfib hardware-switching replication-mode ingress vtp domain AMEN-VTP vtp mode transparent mls ip multicast flow-stat-timer 9 no mls flow ip no mls flow ipv6 no mls acl tcam share-global mls cef error action freeze ! ! ! ! ! ! ! ! redundancy mode sso main-cpu auto-sync running-config ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree vlan 1-800 priority 16384 diagnostic cns publish cisco.cns.device.diag_results diagnostic cns subscribe cisco.cns.device.diag_commands ! vlan internal allocation policy ascending vlan access-log ratelimit 2000 ! vlan 1 tb-vlan1 1002 tb-vlan2 1003 ! vlan 2-13,16 ! vlan 20 name Levallois_Servers ! vlan 31-39,179-181,183-190,192-207,212,221-222,302,306-307,406-407,507,555 ! vlan 607,666,800 ! vlan 1002 tb-vlan1 1 tb-vlan2 1003 ! vlan 1003 tb-vlan1 1 tb-vlan2 1002 parent 1005 ring 1 ! vlan 1004 bridge 1 ! vlan 1005 bridge 1 stp type ieee ! ! ! ! interface Loopback0 description IPv4 Loopback ip address 62.193.223.1 255.255.255.255 no ip redirects no ip proxy-arp no ipv6 redirects ! interface Loopback1 description IPv6 Loopback no ip address ipv6 address 2A02:2B8::1/128 ! interface Null0 no ip unreachables ! interface Port-channel1 switchport no ip address shutdown ! interface FastEthernet2/1 no ip address shutdown ! interface FastEthernet2/2 no ip address shutdown ! interface FastEthernet2/3 no ip address shutdown ! interface FastEthernet2/4 no ip address shutdown ! interface FastEthernet2/5 no ip address shutdown ! interface FastEthernet2/6 no ip address shutdown ! interface FastEthernet2/7 no ip address shutdown ! interface FastEthernet2/8 no ip address shutdown ! interface FastEthernet2/9 no ip address shutdown ! interface FastEthernet2/10 no ip address shutdown ! interface FastEthernet2/11 no ip address shutdown ! interface FastEthernet2/12 no ip address shutdown ! interface FastEthernet2/13 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/14 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/15 no ip address shutdown ! interface FastEthernet2/16 no ip address shutdown ! interface FastEthernet2/17 no ip address shutdown ! interface FastEthernet2/18 no ip address shutdown ! interface FastEthernet2/19 no ip address shutdown ! interface FastEthernet2/20 no ip address shutdown ! interface FastEthernet2/21 no ip address shutdown ! interface FastEthernet2/22 no ip address shutdown ! interface FastEthernet2/23 no ip address shutdown ! interface FastEthernet2/24 no ip address shutdown ! interface FastEthernet2/25 no ip address shutdown ! interface FastEthernet2/26 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/27 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/28 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/29 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/30 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/31 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/32 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/33 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/34 no ip address shutdown ! interface FastEthernet2/35 switchport switchport trunk encapsulation isl switchport mode trunk no ip address ! interface FastEthernet2/36 no ip address shutdown ! interface FastEthernet2/37 switchport switchport trunk encapsulation isl switchport mode trunk no ip address speed 100 duplex full ! interface FastEthernet2/38 no ip address shutdown ! interface FastEthernet2/39 no ip address shutdown ! interface FastEthernet2/40 no ip address shutdown ! interface FastEthernet2/41 no ip address shutdown ! interface FastEthernet2/42 no ip address shutdown ! interface FastEthernet2/43 no ip address shutdown ! interface FastEthernet2/44 no ip address shutdown ! interface FastEthernet2/45 switchport switchport access vlan 407 no ip address ! interface FastEthernet2/46 no ip address shutdown ! interface FastEthernet2/47 no ip address shutdown ! interface FastEthernet2/48 no ip address shutdown ! interface GigabitEthernet4/1 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/2 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/3 no ip address shutdown ! interface GigabitEthernet4/4 switchport switchport mode trunk no ip address shutdown ! interface GigabitEthernet4/5 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/6 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/7 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/8 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/9 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/10 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/11 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/12 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/13 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/14 switchport switchport mode trunk no ip address shutdown ! interface GigabitEthernet4/15 no ip address shutdown ! interface GigabitEthernet4/16 no ip address shutdown ! interface GigabitEthernet4/17 no ip address shutdown ! interface GigabitEthernet4/18 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/19 no ip address shutdown ! interface GigabitEthernet4/20 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/21 no ip address shutdown ! interface GigabitEthernet4/22 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/23 no ip address shutdown ! interface GigabitEthernet4/24 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/25 no ip address shutdown ! interface GigabitEthernet4/26 no ip address shutdown ! interface GigabitEthernet4/27 no ip address shutdown ! interface GigabitEthernet4/28 no ip address shutdown ! interface GigabitEthernet4/29 no ip address shutdown ! interface GigabitEthernet4/30 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/31 no ip address shutdown ! interface GigabitEthernet4/32 no ip address shutdown ! interface GigabitEthernet4/33 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/34 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/35 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/36 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/37 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/38 no ip address shutdown ! interface GigabitEthernet4/39 no ip address shutdown ! interface GigabitEthernet4/40 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/41 no ip address shutdown ! interface GigabitEthernet4/42 no ip address shutdown ! interface GigabitEthernet4/43 switchport switchport mode trunk no ip address ! interface GigabitEthernet4/44 no ip address shutdown ! interface GigabitEthernet4/45 no ip address shutdown ! interface GigabitEthernet4/46 no ip address shutdown ! interface GigabitEthernet4/47 no ip address shutdown ! interface GigabitEthernet4/48 no ip address shutdown ! interface GigabitEthernet6/1 no ip address shutdown ! interface GigabitEthernet6/2 no ip address shutdown ! interface GigabitEthernet8/1 description CLARANET SD-AR2 ip address 212.43.225.6 255.255.255.252 no ip redirects no ip proxy-arp ipv6 address 2001:A70:F0::6/126 no ipv6 redirects ipv6 cef ! interface GigabitEthernet8/1.61 encapsulation dot1Q 61 ipv6 enable no ipv6 redirects ! interface GigabitEthernet8/2 no ip address shutdown ! interface GigabitEthernet8/3 no ip address shutdown ! interface GigabitEthernet8/4 no ip address shutdown ! interface GigabitEthernet8/5 no ip address shutdown ! interface GigabitEthernet8/6 description Core-to-Core link switchport switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface GigabitEthernet8/7 no ip address shutdown ! interface GigabitEthernet8/8 no ip address shutdown ! interface Vlan1 no ip address shutdown ! interface Vlan20 description Levallois Servers no ip address ipv6 address 2A02:2B8:1:20::1/64 ipv6 enable ipv6 traffic-filter Levallois-filter-ipv6 in ! interface Vlan193 description Dedicated - RAQ4 ip address 62.193.193.253 255.255.255.0 vrrp 193 ip 62.193.193.254 vrrp 193 priority 150 vrrp 193 authentication text EeWie7ga ! interface Vlan194 description Dedicated - RAQ5 ip address 62.193.195.253 255.255.254.0 vrrp 194 ip 62.193.195.254 vrrp 194 priority 150 vrrp 194 authentication text EeWie7ga ! interface Vlan197 description Dedicated - Linux ip address 62.193.197.253 255.255.255.0 vrrp 197 ip 62.193.197.254 vrrp 197 priority 150 vrrp 197 authentication text EeWie7ga ! interface Vlan198 description Dedicated - Windows ip address 62.193.198.253 255.255.255.0 vrrp 198 ip 62.193.198.254 vrrp 198 priority 150 vrrp 198 authentication text EeWie7ga ! interface Vlan199 description Virtuozzo - Linux ip address 62.193.207.125 255.255.255.128 secondary ip address 62.193.196.253 255.255.255.0 secondary ip address 62.193.192.253 255.255.255.0 secondary ip address 62.193.204.253 255.255.255.0 secondary ip address 62.193.208.253 255.255.255.0 secondary ip address 62.193.209.253 255.255.255.0 secondary ip address 62.193.210.253 255.255.255.0 secondary ip address 62.193.211.253 255.255.255.0 secondary ip address 62.193.217.253 255.255.255.0 secondary ip address 62.193.218.253 255.255.255.0 secondary ip address 62.193.219.253 255.255.255.0 secondary ip address 62.193.220.253 255.255.255.0 secondary ip address 62.193.199.253 255.255.255.0 no ip redirects ipv6 address 2A02:2B8:1:199::1/64 ipv6 traffic-filter external-filter-ipv6 out no ipv6 redirects vrrp 10 ip 62.193.217.254 vrrp 10 priority 150 vrrp 10 authentication text EeWie7ga vrrp 11 ip 62.193.218.254 vrrp 11 priority 150 vrrp 11 authentication text EeWie7ga vrrp 12 ip 62.193.219.254 vrrp 12 priority 150 vrrp 12 authentication text EeWie7ga vrrp 13 ip 62.193.220.254 vrrp 13 priority 150 vrrp 13 authentication text EeWie7ga vrrp 192 ip 62.193.192.254 vrrp 192 priority 150 vrrp 192 authentication text EeWie7ga vrrp 196 ip 62.193.196.254 vrrp 196 priority 150 vrrp 196 authentication text EeWie7ga vrrp 199 ip 62.193.199.254 vrrp 199 priority 150 vrrp 199 authentication text EeWie7ga vrrp 204 ip 62.193.204.254 vrrp 204 priority 150 vrrp 204 authentication text EeWie7ga vrrp 207 ip 62.193.207.126 vrrp 207 priority 150 vrrp 207 authentication text EeWie7ga vrrp 208 ip 62.193.208.254 vrrp 208 priority 150 vrrp 208 authentication text EeWie7ga vrrp 209 ip 62.193.209.254 vrrp 209 priority 150 vrrp 209 authentication text EeWie7ga vrrp 210 ip 62.193.210.254 vrrp 210 priority 150 vrrp 210 authentication text EeWie7ga vrrp 211 ip 62.193.211.254 vrrp 211 priority 150 vrrp 211 authentication text EeWie7ga ! interface Vlan200 ip address 62.193.200.253 255.255.255.0 vrrp 200 ip 62.193.200.254 vrrp 200 priority 150 vrrp 200 authentication text EeWie7ga ! interface Vlan201 ip address 62.193.201.253 255.255.255.0 vrrp 201 ip 62.193.201.254 vrrp 201 priority 150 vrrp 201 authentication text EeWie7ga ! interface Vlan202 description Windows ip address 62.193.202.253 255.255.255.0 no ip redirects ipv6 address 2A02:2B8:1:202::1/64 ipv6 traffic-filter external-filter-ipv6 out no ipv6 redirects vrrp 202 ip 62.193.202.254 vrrp 202 priority 150 vrrp 202 authentication text EeWie7ga ! interface Vlan203 description Shared - Linux ip address 62.193.216.253 255.255.255.0 secondary ip address 62.193.203.253 255.255.255.0 no ip redirects ipv6 address 2A02:2B8:1:203::1/64 ipv6 traffic-filter external-filter-ipv6 out no ipv6 redirects vrrp 103 ip 62.193.216.254 vrrp 103 priority 150 vrrp 103 authentication text EeWie7ga vrrp 203 ip 62.193.203.254 vrrp 203 priority 150 vrrp 203 authentication text EeWie7ga ! interface Vlan205 description AMEN - Colloc ip address 62.193.205.253 255.255.255.0 ipv6 address 2A02:2B8:1:205::1/64 ipv6 traffic-filter external-filter-ipv6 out no ipv6 redirects vrrp 205 ip 62.193.205.254 vrrp 205 priority 150 vrrp 205 authentication text EeWie7ga ! interface Vlan206 description Shared - Webmail ip address 62.193.206.61 255.255.255.192 vrrp 206 ip 62.193.206.62 vrrp 206 priority 150 vrrp 206 authentication text EeWie7ga ! interface Vlan212 description Virtuozzo - Windows ip address 62.193.213.253 255.255.255.0 secondary ip address 62.193.214.253 255.255.255.0 secondary ip address 62.193.215.253 255.255.255.0 secondary ip address 62.193.221.253 255.255.255.0 secondary ip address 62.193.212.253 255.255.255.0 no ip redirects vrrp 212 ip 62.193.212.254 vrrp 212 priority 150 vrrp 212 authentication text EeWie7ga vrrp 213 ip 62.193.213.254 vrrp 213 priority 150 vrrp 213 authentication text EeWie7ga vrrp 214 ip 62.193.214.254 vrrp 214 priority 150 vrrp 214 authentication text EeWie7ga vrrp 215 ip 62.193.215.254 vrrp 215 priority 150 vrrp 215 authentication text EeWie7ga vrrp 221 ip 62.193.221.254 vrrp 221 priority 150 vrrp 221 authentication text EeWie7ga ! interface Vlan222 ip address 62.193.222.253 255.255.255.0 vrrp 222 ip 62.193.222.254 vrrp 222 priority 150 ! interface Vlan306 description Shared - MySQL ip address 62.193.206.125 255.255.255.192 vrrp 106 ip 62.193.206.126 vrrp 106 priority 150 vrrp 106 authentication text EeWie7ga ! interface Vlan307 description AMEN - Plateform ip address 62.193.207.189 255.255.255.192 vrrp 37 ip 62.193.207.190 vrrp 37 priority 150 vrrp 37 authentication text EeWie7ga ! interface Vlan406 description Amen Interne ip address 62.193.206.253 255.255.255.128 ipv6 address 2A02:2B8:1:406::1/64 ipv6 traffic-filter external-filter-ipv6 out no ipv6 redirects vrrp 107 ip 62.193.206.254 vrrp 107 priority 150 vrrp 107 authentication text EeWie7ga ! interface Vlan407 description AMEN - NOC ip address 62.193.207.221 255.255.255.224 vrrp 47 ip 62.193.207.222 vrrp 47 priority 150 vrrp 47 authentication text EeWie7ga ! interface Vlan507 description INSTALL - Windows ip address 62.193.207.237 255.255.255.240 vrrp 57 ip 62.193.207.238 vrrp 57 priority 150 vrrp 57 authentication text EeWie7ga ! interface Vlan666 description CORE-2 ip address 62.193.223.133 255.255.255.252 ipv6 address 2A02:2B8::1:1/126 ipv6 nd suppress-ra ! router bgp 28677 bgp router-id 62.193.223.1 no bgp default ipv4-unicast bgp log-neighbor-changes bgp deterministic-med bgp bestpath med missing-as-worst bgp bestpath compare-routerid bgp maxas-limit 50 neighbor IBGP peer-group neighbor IBGP remote-as 28677 neighbor CLARANET-v6 peer-group neighbor CLARANET-v6 remote-as 8426 neighbor IBGP-v6 peer-group neighbor IBGP-v6 remote-as 28677 neighbor 2001:A70:F0::5 remote-as 8426 neighbor 2001:A70:F0::5 peer-group CLARANET-v6 neighbor 2001:A70:F0::5 description CLARANET-SD-AR2 neighbor 2A02:2B8::2 peer-group IBGP-v6 neighbor 2A02:2B8::2 description CS-CORE2 neighbor 2A02:2B8::2 password 7 051E000E30591A391C neighbor 2A02:2B8::2 update-source Loopback1 neighbor 62.193.223.2 peer-group IBGP neighbor 62.193.223.2 description cs-core2 neighbor 62.193.223.2 password 7 051E000E30591A391C neighbor 212.43.225.5 remote-as 8426 neighbor 212.43.225.5 description CLARANET ! address-family ipv4 redistribute connected route-map connected-routes-bgp redistribute static neighbor IBGP activate neighbor IBGP next-hop-self neighbor IBGP send-community neighbor 62.193.223.2 peer-group IBGP neighbor 212.43.225.5 activate neighbor 212.43.225.5 soft-reconfiguration inbound neighbor 212.43.225.5 prefix-list bogons in neighbor 212.43.225.5 prefix-list bogons out neighbor 212.43.225.5 route-map CLARANET-in in neighbor 212.43.225.5 route-map CLARANET-out out no auto-summary no synchronization network 62.193.192.0 mask 255.255.192.0 route-map AS28677 exit-address-family ! address-family ipv6 neighbor CLARANET-v6 activate neighbor CLARANET-v6 next-hop-self neighbor CLARANET-v6 send-community neighbor IBGP-v6 activate neighbor IBGP-v6 next-hop-self neighbor IBGP-v6 send-community neighbor 2001:A70:F0::5 peer-group CLARANET-v6 neighbor 2001:A70:F0::5 soft-reconfiguration inbound neighbor 2001:A70:F0::5 prefix-list bogons-ipv6 in neighbor 2001:A70:F0::5 route-map CLARANET-in in neighbor 2A02:2B8::2 peer-group IBGP-v6 neighbor 2A02:2B8::2 soft-reconfiguration inbound network 2A02:2B8::/32 route-map AS28677 no synchronization redistribute connected exit-address-family ! ip classless ip route 62.193.192.0 255.255.192.0 Null0 200 ip route 62.193.223.2 255.255.255.255 62.193.223.134 ! ip bgp-community new-format ip community-list standard AMEN:internal permit 28677:50000 ip community-list standard EU:AMEN-AS permit 28677:1 ip community-list standard EU:AMEN-other-AS permit 28677:2000 ip community-list standard EU:AMEN permit 28677:100 ip community-list standard EU:AMEN-peerings permit 28677:799 ip community-list standard EU:AMEN-transit permit 28677:599 ip as-path access-list 1 permit ^$ ip as-path access-list 200 permit .* (21163|28855|16276|8839|12670|8975|15557|21502|12876|15436|5410|21409|6678|12322|13193|4589|29075|25593|15557|8304|8784|15557|24702|8527|28877|29215|15403|8586|16174|20782|21251|21433|20766|5669|5436|15826) .* ip as-path access-list 301 permit .* [1-173] ip as-path access-list 304 permit .* [3221-5510] ip as-path access-list 305 permit .* [5512-9000] ip as-path access-list 306 permit .* [9001-12000] ip as-path access-list 307 permit .* [12001-14000] ip as-path access-list 308 permit .* [14001-16000] ip as-path access-list 309 permit .* [16001-18000] ip as-path access-list 310 permit .* [18001-20000] ip flow-export source Loopback0 ip flow-export version 5 peer-as no ip http server ip tacacs source-interface Loopback0 ! ip access-list standard noc-access permit 212.43.194.38 permit 212.43.194.17 permit 213.253.16.104 permit 195.157.6.1 permit 62.193.206.162 permit 62.193.206.153 permit 212.43.195.0 0.0.0.31 permit 212.43.232.64 0.0.0.31 permit 212.43.232.96 0.0.0.7 permit 212.43.232.32 0.0.0.31 permit 212.43.232.104 0.0.0.7 permit 212.43.193.0 0.0.0.255 permit 212.43.247.0 0.0.0.255 permit 212.43.225.0 0.0.0.3 permit 212.43.225.4 0.0.0.3 permit 212.43.225.8 0.0.0.3 permit 212.43.225.12 0.0.0.3 permit 195.8.68.0 0.0.0.255 permit 195.8.69.0 0.0.0.255 permit 195.8.70.0 0.0.0.255 permit 212.82.224.0 0.0.1.255 permit 80.67.96.64 0.0.0.31 permit 62.193.207.192 0.0.0.31 permit 62.193.223.0 0.0.0.255 deny any log ip access-list standard uk-snmp-access permit 212.43.194.17 permit 195.157.6.0 0.0.0.7 permit 212.43.232.64 0.0.0.31 ! ip access-list extended external-filter permit tcp 62.193.224.0 0.0.31.255 62.193.224.0 0.0.31.255 range 135 139 permit udp 62.193.224.0 0.0.31.255 62.193.224.0 0.0.31.255 range 135 netbios-ss permit tcp 62.193.224.0 0.0.31.255 range 135 139 62.193.224.0 0.0.31.255 permit udp 62.193.224.0 0.0.31.255 range 135 netbios-ss 62.193.224.0 0.0.31.255 permit tcp 62.193.224.0 0.0.31.255 62.193.224.0 0.0.31.255 eq 445 permit tcp 62.193.224.0 0.0.31.255 eq 445 62.193.224.0 0.0.31.255 permit udp 62.193.224.0 0.0.31.255 62.193.224.0 0.0.31.255 eq 445 permit udp 62.193.224.0 0.0.31.255 eq 445 62.193.224.0 0.0.31.255 deny tcp any 62.193.203.0 0.0.0.255 eq 6667 deny tcp any 62.193.203.0 0.0.0.255 eq 7000 deny udp any 62.193.203.0 0.0.0.255 eq 6667 deny udp any 62.193.203.0 0.0.0.255 eq 7000 deny tcp any 62.193.192.0 0.0.63.255 eq 161 deny tcp any 62.193.192.0 0.0.63.255 eq 162 deny tcp any 62.193.192.0 0.0.63.255 eq sunrpc deny tcp any 62.193.192.0 0.0.63.255 eq 138 deny tcp any 62.193.192.0 0.0.63.255 eq 137 deny tcp any 62.193.192.0 0.0.63.255 eq 139 deny tcp any 62.193.192.0 0.0.63.255 eq 2049 deny tcp any 62.193.192.0 0.0.63.255 eq 69 deny tcp any 62.193.192.0 0.0.63.255 eq 135 deny tcp any 62.193.192.0 0.0.63.255 eq 199 deny tcp any 62.193.192.0 0.0.63.255 eq 391 deny tcp any 62.193.192.0 0.0.63.255 eq 705 deny tcp any 62.193.192.0 0.0.63.255 eq 1993 deny tcp any 62.193.192.0 0.0.63.255 eq gopher deny tcp any 62.193.192.0 0.0.63.255 eq 6051 deny tcp any 62.193.192.0 0.0.63.255 eq 1035 deny tcp any 62.193.192.0 0.0.63.255 eq 1039 deny tcp any 62.193.192.0 0.0.63.255 eq 1047 deny tcp any 62.193.192.0 0.0.63.255 eq 1048 deny tcp any 62.193.192.0 0.0.63.255 eq 445 deny tcp any 62.193.192.0 0.0.63.255 eq 5308 deny tcp any 62.193.192.0 0.0.63.255 eq 8350 deny udp any 62.193.192.0 0.0.63.255 eq snmp deny udp any 62.193.192.0 0.0.63.255 eq snmptrap deny udp any 62.193.192.0 0.0.63.255 eq sunrpc deny udp any 62.193.192.0 0.0.63.255 eq netbios-dgm deny udp any 62.193.192.0 0.0.63.255 eq netbios-ns deny udp any 62.193.192.0 0.0.63.255 eq netbios-ss deny udp any 62.193.192.0 0.0.63.255 eq 2049 deny udp any 62.193.192.0 0.0.63.255 eq tftp deny udp any 62.193.192.0 0.0.63.255 eq 135 deny udp any 62.193.192.0 0.0.63.255 eq 199 deny udp any 62.193.192.0 0.0.63.255 eq 391 deny udp any 62.193.192.0 0.0.63.255 eq 705 deny udp any 62.193.192.0 0.0.63.255 eq 1993 deny udp any 62.193.192.0 0.0.63.255 eq 70 deny udp any 62.193.192.0 0.0.63.255 eq 6051 deny udp any 62.193.192.0 0.0.63.255 eq 1035 deny udp any 62.193.192.0 0.0.63.255 eq 1039 deny udp any 62.193.192.0 0.0.63.255 eq 1047 deny udp any 62.193.192.0 0.0.63.255 eq 1048 deny udp any 62.193.192.0 0.0.63.255 eq 445 deny udp any 62.193.192.0 0.0.63.255 eq 5308 deny udp any 62.193.192.0 0.0.63.255 eq 8350 permit ip any any ! ! ip prefix-list bogons seq 1 deny 0.0.0.0/0 ip prefix-list bogons seq 5 deny 0.0.0.0/8 le 32 ip prefix-list bogons seq 10 deny 10.0.0.0/8 le 32 ip prefix-list bogons seq 15 deny 127.0.0.0/8 le 32 ip prefix-list bogons seq 20 deny 172.16.0.0/12 le 32 ip prefix-list bogons seq 25 deny 169.254.0.0/16 le 32 ip prefix-list bogons seq 30 deny 192.168.0.0/16 le 32 ip prefix-list bogons seq 35 deny 192.0.2.0/24 le 32 ip prefix-list bogons seq 40 deny 224.0.0.0/3 le 32 ip prefix-list bogons seq 45 permit 0.0.0.0/0 le 32 ! ip prefix-list infrastructure seq 5 permit 62.193.223.0/24 le 32 ! ip prefix-list superblocks-more-specific seq 5 permit 62.193.192.0/18 ge 19 logging history informational logging facility local3 logging source-interface Loopback0 logging 212.43.194.17 logging 62.193.206.249 access-list 2 permit 212.43.194.38 access-list 2 permit 212.43.194.21 access-list 2 permit 212.43.194.17 access-list 2 permit 212.43.194.117 access-list 2 permit 213.253.16.104 access-list 2 permit 195.8.69.211 access-list 2 permit 195.8.71.57 access-list 2 permit 212.43.195.0 0.0.0.31 access-list 2 permit 212.43.232.64 0.0.0.31 access-list 2 permit 212.43.232.96 0.0.0.7 access-list 12 permit 212.43.194.17 access-list 12 permit 195.157.6.0 0.0.0.7 access-list 12 permit 212.43.232.64 0.0.0.31 ipv6 route 2A02:2B8::2/128 2A02:2B8::1:2 ipv6 route 2A02:2B8:1:21::/64 2A02:2B8:1:20::254 ipv6 route 2A02:2B8::/32 Null0 210 ! ! ipv6 prefix-list bogons-ipv6 seq 5 deny 3FFE::/16 le 128 ipv6 prefix-list bogons-ipv6 seq 10 deny 2001:DB8::/32 le 128 ipv6 prefix-list bogons-ipv6 seq 15 permit 2001::/32 ipv6 prefix-list bogons-ipv6 seq 20 deny 2001::/32 le 128 ipv6 prefix-list bogons-ipv6 seq 25 permit 2002::/16 ipv6 prefix-list bogons-ipv6 seq 30 deny 2002::/16 le 128 ipv6 prefix-list bogons-ipv6 seq 35 deny ::/8 le 128 ipv6 prefix-list bogons-ipv6 seq 40 deny FE00::/9 le 128 ipv6 prefix-list bogons-ipv6 seq 45 deny FF00::/8 le 128 ipv6 prefix-list bogons-ipv6 seq 50 permit ::/0 le 48 ipv6 prefix-list bogons-ipv6 seq 55 deny ::/0 le 128 ! ipv6 prefix-list superblocks-more-specific seq 6 permit 2A02:2B8::/32 route-map connected-routes-bgp deny 20 match ip address prefix-list infrastructure ! route-map connected-routes-bgp permit 40 match ip address prefix-list superblocks-more-specific set community 8975:50000 no-export local-AS ! route-map ipv6-bgp-redistributed-out permit 40 set local-preference 10000 set community 8975:50000 8975:50055 8975:50057 no-export local-AS ! route-map CLARANET-in permit 60 set local-preference 400 set community 28677:599 additive ! route-map AS28677 permit 10 set community 28677:1 28677:100 ! route-map CLARANET-out permit 20 match as-path 1 match community EU:AMEN ! snmp-server group claranet-snmp-group v3 auth read claranet-snmp-view snmp-server view claranet-snmp-view internet included snmp-server community amenstat RO snmp-server community chu3Boote RO 2 snmp-server community ilmppIII RO 12 snmp-server ifindex persist snmp-server trap-source Loopback0 snmp-server location FR-SD-b1005 snmp-server contact noc@amen.fr tacacs-server host 212.43.194.17 tacacs-server directed-request tacacs-server key 7 110A15040513055F10 ! radius-server source-ports 1645-1646 ! ipv6 access-list noc-access-ipv6 sequence 20 permit ipv6 2A02:2B8::/32 host 2A02:2B8::1 deny ipv6 any any ! ipv6 access-list external-filter-ipv6 remark allow BGP traffic between routers permit ipv6 2001:A70:F0::/126 2001:A70:F0::/126 permit ipv6 2A02:2B8::/112 2A02:2B8::/112 remark Allow ICMP everywhere permit icmp any any remark Allow DNS port 53 on VLAN 406 permit tcp any 2A02:2B8:1:406::/64 eq domain permit udp any 2A02:2B8:1:406::/64 eq domain remark Allow HTTP and FTP in VLANs 202 and 203 (Windows and Linux shared hosting) permit tcp any 2A02:2B8:1:202::/63 eq www permit tcp any 2A02:2B8:1:202::/63 range ftp-data ftp permit tcp any 2A02:2B8:1:202::/63 range 50000 55000 deny ipv6 any any ! ipv6 access-list Levallois-filter-ipv6 remark ICMP is allowed for all of Levallois (mandatory for ARP like functions) permit icmp 2A02:2B8:1:20::/63 any permit ipv6 FE80::/64 any permit ipv6 FF00::/8 any remark Levallois servers are not supposed to do IPV6 with the outside world permit ipv6 2A02:2B8:1:20::/64 2A02:2B8:1:20::/63 deny ipv6 2A02:2B8:1:20::/64 any log remark Levallois users are only entitled to a few standard services permit tcp 2A02:2B8:1:21::/64 any eq 22 permit tcp 2A02:2B8:1:21::/64 any eq telnet permit tcp 2A02:2B8:1:21::/64 any eq domain permit udp 2A02:2B8:1:21::/64 any eq domain permit tcp 2A02:2B8:1:21::/64 any eq pop3 permit tcp 2A02:2B8:1:21::/64 any eq smtp permit tcp 2A02:2B8:1:21::/64 any eq 587 permit tcp 2A02:2B8:1:21::/64 any eq 143 permit tcp 2A02:2B8:1:21::/64 any eq www permit tcp 2A02:2B8:1:21::/64 any eq 443 permit tcp 2A02:2B8:1:21::/64 any range ftp-data ftp permit tcp 2A02:2B8:1:21::/64 any range 10000 10500 deny ipv6 any any log ! control-plane ! ! ! dial-peer cor custom ! ! ! ! line con 0 logging synchronous line vty 0 4 access-class noc-access in exec-timeout 35791 0 password 7 051B4756794D4C235A ipv6 access-class noc-access-ipv6 in logging synchronous transport input telnet ssh line vty 5 10 access-class noc-access in exec-timeout 35791 0 password 7 051B4756794D4C235A ipv6 access-class noc-access-ipv6 in logging synchronous transport input telnet ssh ! ntp clock-period 17179835 ntp server 212.43.194.2 no cns aaa enable end cs-core1#exit Connection to core1.amen.router.fr.clara.net closed by remote host. Connection to core1.amen.router.fr.clara.net closed.