sd-ar1.router.fr.clara.net spawn ssh -c 3des -x -l rancid_user sd-ar1.router.fr.clara.net rancid_user@sd-ar1.router.fr.clara.net's password: ####################################### ### Unauthorised access prohibited ### ####################################### ### Disconnect now if you are not ### ### an authorised user. ### ####################################### ### All connection attempts are ### ### logged. ### ####################################### sd-ar1>enable Password: sd-ar1# sd-ar1#term length 0 sd-ar1#sh run Building configuration... Current configuration : 45934 bytes ! ! Last configuration change at 11:15:13 CET Fri Mar 13 2009 by benj ! NVRAM config last updated at 11:15:19 CET Fri Mar 13 2009 by benj ! upgrade fpd auto version 12.2 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service counters max age 10 ! hostname sd-ar1 ! boot system disk0:s72033-advipservicesk9_wan-mz.122-18.SXF6.bin boot system sup-bootflash:s72033-ipservicesk9-mz.122-18.SXE1.bin logging snmp-authfail logging rate-limit all 200 no logging console enable secret 5 $1$13HI$CdLaXL1zAiiT3Fht6BymZ1 ! aaa new-model aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa accounting commands 15 default start-stop group tacacs+ ! aaa session-id common clock timezone CET 1 ip subnet-zero no ip source-route ! ! ! ip dhcp pool PORTABLE-SRI network 89.185.48.192 255.255.255.248 domain-name fr.clara.net dns-server 212.43.194.2 212.43.194.3 default-router 89.185.48.193 ! ip tftp source-interface Loopback0 no ip bootp server ip vrf CLFR10005 description GLB rd 8975:10005 vpn id 8975:10005 route-target export 8975:10005 route-target import 8975:10005 route-target import 8975:1000 ! ip vrf CLFR10006 description iBrowse / NetQuarks rd 8975:10006 vpn id 8975:10006 route-target export 8975:10006 route-target import 8975:10006 ! ip multicast-routing ip tcp path-mtu-discovery ip scp server enable ip domain-name router.fr.clara.net ip name-server 212.43.194.3 ip name-server 212.43.194.2 ip slb probe IMAP_PROBE tcp address 89.185.48.150 port 143 interval 1 ! ip slb probe KEEPALIVE tcp port 110 ! ip slb probe MYSQL tcp address 89.185.48.150 port 3306 interval 1 ! ip slb probe MYSQL_EB tcp port 3306 interval 1 ! ip slb probe POP3S_PROBE tcp address 89.185.48.150 port 995 interval 1 ! ip slb probe POP_PROBE tcp address 89.185.48.150 port 110 interval 1 ! ip slb serverfarm IMAP probe IMAP_PROBE ! real 89.185.48.145 reassign 2 faildetect numconns 4 retry 20 inservice ! real 89.185.48.146 reassign 2 faildetect numconns 4 retry 20 inservice ! ip slb serverfarm IMAPS real 89.185.48.146 reassign 2 faildetect numconns 4 retry 20 inservice ! ip slb serverfarm POP probe POP_PROBE ! real 89.185.48.145 reassign 2 faildetect numconns 4 retry 20 inservice ! real 89.185.48.146 inservice ! ip slb serverfarm POP3S probe POP3S_PROBE ! real 89.185.48.145 inservice ! real 89.185.48.146 inservice ! ip slb serverfarm PROBE probe POP_PROBE ! ip slb serverfarm WEBWAG_FARM real 89.185.50.245 weight 1 reassign 2 faildetect numconns 4 retry 20 inservice ! real 89.185.50.246 weight 1 reassign 2 faildetect numconns 4 retry 20 inservice ! ip slb vserver IMAPS_PROXY virtual 89.185.48.150 tcp 993 serverfarm IMAPS inservice ! ip slb vserver IMAP_PROXY virtual 89.185.48.150 tcp 143 serverfarm IMAP inservice ! ip slb vserver POPS_PROXY virtual 89.185.48.150 tcp 995 serverfarm POP3S inservice ! ip slb vserver POP_PROXY virtual 89.185.48.150 tcp pop3 serverfarm POP inservice ! ip slb vserver WEBWAG virtual 89.185.50.242 tcp www serverfarm WEBWAG_FARM inservice ! ipv6 unicast-routing ipv6 mfib hardware-switching replication-mode ingress ipv6 multicast-routing vtp mode transparent mpls label protocol ldp mpls traffic-eng tunnels mpls traffic-eng logging tunnel path change tag-switching tdp router-id Loopback0 force mls ip multicast flow-stat-timer 9 mls aging fast time 4 threshold 2 mls aging long 900 mls aging normal 32 mls netflow usage notify 60 120 mls flow ip interface-full mls flow ipv6 interface-full no mls acl tcam share-global mls cef error action freeze ! key chain is-is-key-chain key 1 key-string 7 1043080B0B12435F ! ! ! ! ! ! ! ! redundancy mode sso main-cpu auto-sync running-config ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id no spanning-tree vlan 2301-2302,3001 diagnostic cns publish cisco.cns.device.diag_results diagnostic cns subscribe cisco.cns.device.diag_commands ! vlan internal allocation policy ascending vlan access-log ratelimit 2000 ! vlan 100 name PC SRI ! vlan 101 name Installation TIG ! vlan 2000 name Primary VLAN BACKUP NETWORK private-vlan primary private-vlan association 2001 ! vlan 2001 name Isolated VLAN BACKUP NETWORK private-vlan isolated ! vlan 2100 name Primary VLAN APC NETWORK private-vlan primary private-vlan association 2101 ! vlan 2101 name Isolated VLAN APC NETWORK private-vlan isolated ! vlan 2102 name DRAC NETWORK 1 ! vlan 2104 name DRAC NETWORK 2 ! vlan 2106 name DRAC NETWORK 3 ! vlan 2200 name Primary VLAN CFN 89.185.49.0/25 ! vlan 2300 name SD Server subnet 1 ! vlan 2301 name SD Server subnet 2 ! vlan 2302 name SD Server subnet 3 ! vlan 3000 name NOTREFAMILLE-NETS_NOTREFAMILLE-N ! vlan 3001 name MOBIQUID-NETS ! vlan 3002 name IFRESEARCH-NETS-5 ! vlan 3003 name IFRESEARCH-NETS-4 ! vlan 3004 name ABSCISSE-NETS-2 ! vlan 4000 name TEST-CAMA ! ! ! ! interface Loopback0 description IPv4 Loopback ip address 212.43.193.38 255.255.255.255 ! interface Loopback1 description VPNv4 Loopback ip address 212.43.193.39 255.255.255.255 ! interface Loopback2 description IPv6 Loopback ip address 62.240.250.10 255.255.255.255 ipv6 address 2001:A70:FF::11/128 ! interface Null0 no ip unreachables ! interface Port-channel1 description SD-CR1 dampening mtu 4470 ip address 62.240.250.222 255.255.255.252 no ip redirects no ip proxy-arp ip router isis mpls traffic-eng tunnels tag-switching ip isis network point-to-point isis hello-interval minimal ! interface Port-channel2 description SD-CR2 dampening mtu 4470 ip address 62.240.250.230 255.255.255.252 no ip redirects no ip proxy-arp ip router isis mpls traffic-eng tunnels tag-switching ip isis network point-to-point isis hello-interval minimal ! interface Port-channel3 description CR1-IX.ARTFUL ip address 212.43.225.9 255.255.255.252 ip access-group artful20080903 out ip flow ingress ip route-cache flow ! interface GigabitEthernet1/1 description CR1-IX.ARTFUL LACP1 no ip address no ip redirects no ip proxy-arp no ipv6 redirects no ipv6 mfib forwarding channel-group 3 mode active ! interface GigabitEthernet1/2 description CR1-IX.ARTFUL LACP2 no ip address no ip redirects no ip proxy-arp no ipv6 redirects no ipv6 mfib forwarding channel-group 3 mode active ! interface GigabitEthernet1/3 description SD-CR1 LACP1 mtu 4470 no ip address channel-group 1 mode passive ! interface GigabitEthernet1/4 description SD-CR1 LACP2 mtu 4470 no ip address channel-group 1 mode passive ! interface GigabitEthernet1/5 description SD-CR2 LACP1 mtu 4470 no ip address channel-group 2 mode passive ! interface GigabitEthernet1/6 description SD-CR2 LACP2 mtu 4470 no ip address channel-group 2 mode passive ! interface GigabitEthernet1/7 description CORE2.AMEN ip address 212.43.225.1 255.255.255.252 no ip redirects no ip proxy-arp ip route-cache flow ipv6 address 2001:A70:F0::1/126 ipv6 enable no ipv6 redirects ipv6 nd suppress-ra ipv6 cef ! interface GigabitEthernet1/7.61 encapsulation dot1Q 61 ipv6 enable no ipv6 redirects ipv6 nd suppress-ra ! interface GigabitEthernet1/8 description CR1-IX.ARTFUL no ip address ip access-group artful20080903 out ip flow ingress ip route-cache flow shutdown ! interface GigabitEthernet3/1 description LAPTOP (NEW 2008/12/17) ip address 89.185.52.193 255.255.255.252 shutdown no cdp enable ! interface GigabitEthernet3/2 description DRAC NETWORK 3 - test-ix.drac switchport switchport access vlan 2106 switchport mode access no ip address no cdp enable spanning-tree portfast ! interface GigabitEthernet3/3 description TEST-CAMA switchport switchport access vlan 4000 switchport mode access no ip address no cdp enable ! interface GigabitEthernet3/4 description TEST-APC-DAVID switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/5 description TEST-CAMA (NEW 2008/04/01) switchport switchport access vlan 4000 switchport mode access no ip address shutdown no cdp enable ! interface GigabitEthernet3/6 description SIMPLEREZO-NET-2 switchport switchport access vlan 2200 switchport mode access no ip address no cdp enable ! interface GigabitEthernet3/7 description ATCI-NETS ip address 89.185.50.193 255.255.255.224 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/8 description ATCI-BACKUP switchport switchport access vlan 2001 switchport private-vlan mapping 2000 2001 switchport mode private-vlan host no ip address shutdown no cdp enable ! interface GigabitEthernet3/9 description GLB-MPLS ip vrf forwarding CLFR10005 ip address 10.0.1.1 255.255.255.0 no cdp enable ! interface GigabitEthernet3/10 description GLB-SD ip address 89.185.50.225 255.255.255.252 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/11 description Interlan NETQUARKS Circuit-Ref:9069 ip vrf forwarding CLFR10006 ip address 10.7.68.240 255.255.255.224 speed 100 duplex full no cdp enable ! interface GigabitEthernet3/12 description GLB-Backup-Data-1 switchport switchport access vlan 2001 switchport private-vlan host-association 2000 2001 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/13 description GLB-Backup-Data-2 switchport switchport access vlan 2001 switchport private-vlan host-association 2000 2001 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/14 description Interlan-FBG-GLB-Backup no ip address no cdp enable xconnect 212.43.193.131 400 encapsulation mpls ! interface GigabitEthernet3/15 description IFRESEARCH-NETS-6 switchport switchport access vlan 2200 switchport mode access no ip address no cdp enable ! interface GigabitEthernet3/16 description Drac-blade1.dell switchport switchport access vlan 2106 switchport mode access no ip address no cdp enable ! interface GigabitEthernet3/17 description Kvm-blade1.dell switchport switchport access vlan 2106 switchport mode access no ip address no cdp enable ! interface GigabitEthernet3/18 description Uplink-blade1.dell switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 2301,2302 switchport mode trunk no ip address no cdp enable ! interface GigabitEthernet3/19 description WEBWAG-NETS ip address 89.185.50.241 255.255.255.240 no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/20 description baieJ02 no ip address shutdown no cdp enable ! interface GigabitEthernet3/21 description baieJ03 no ip address shutdown no cdp enable ! interface GigabitEthernet3/22 description baieJ04 no ip address shutdown no cdp enable ! interface GigabitEthernet3/23 description HOMELIDAYS-NETS-7 & HOMELIDAYS-NETS-9 switchport switchport access vlan 2200 switchport mode access no ip address no mdix auto no cdp enable ! interface GigabitEthernet3/24 description HOMELIDAYS-NETS-8 switchport switchport access vlan 2200 switchport mode access no ip address no mdix auto no cdp enable ! interface GigabitEthernet3/25 description MATPHOT-NETS ip address 89.185.52.33 255.255.255.248 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/26 description BLUEACACIA-NETS-2 ip address 212.43.227.161 255.255.255.224 secondary ip address 89.185.52.65 255.255.255.192 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/27 description BUYAGIFT-NETS-2 ip address 89.185.51.209 255.255.255.240 ip access-group BUYAGIFT-NETS-2-access-out out ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/28 description Buy.a.Gift-Backup (NEW 2009/02/25) switchport switchport access vlan 2001 switchport private-vlan host-association 2000 2001 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/29 description Tig-Wifi-Routeur ip address 89.185.48.217 255.255.255.252 no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/30 description NETPARTAGE-NETS ip address 89.185.52.241 255.255.255.240 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp no cdp enable ! interface GigabitEthernet3/31 description ABSCISSE-NETS-2 switchport switchport access vlan 3004 switchport mode access no ip address no cdp enable ! interface GigabitEthernet3/32 no ip address shutdown no cdp enable ! interface GigabitEthernet3/33 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/34 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/35 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/36 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/37 switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/38 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/39 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/40 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/41 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/42 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/43 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/44 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/45 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/46 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/47 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet3/48 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address no cdp enable ! interface GigabitEthernet5/1 no ip address shutdown ! interface GigabitEthernet5/2 no ip address shutdown ! interface GigabitEthernet6/1 description PC SRI switchport switchport access vlan 100 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/2 description PC PINGBOY ip address 89.185.48.201 255.255.255.252 ip access-group to_pingboy_access out no ip redirects no ip proxy-arp spanning-tree portfast ! interface GigabitEthernet6/3 description console server (was PC SRI) switchport switchport access vlan 2104 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/4 description TELECOM-ITALIA-NETS ip address 89.185.51.129 255.255.255.224 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface GigabitEthernet6/5 description clarawatch2.fr.clara.net switchport switchport access vlan 2300 switchport mode access no ip address ! interface GigabitEthernet6/6 description SFIG-NETS switchport switchport access vlan 2200 switchport mode access no ip address ! interface GigabitEthernet6/7 description SPARE 6500 switchport switchport access vlan 2300 switchport mode access no ip address ! interface GigabitEthernet6/8 description BACKUP NETWORK Artful Server switchport switchport access vlan 2001 switchport private-vlan mapping 2000 2001 switchport mode private-vlan promiscuous no ip address spanning-tree portfast ! interface GigabitEthernet6/9 description clarawatch2.fr.clara.net Labo Backup TEST IP:62.240.231.139 switchport switchport access vlan 2001 switchport private-vlan host-association 2000 2001 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/10 description MYELOME-NETS switchport switchport access vlan 2200 switchport mode access no ip address no mdix auto ! interface GigabitEthernet6/11 no ip address ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp shutdown ! interface GigabitEthernet6/12 description NOTREFAMILLE-NETS & NOTREFAMILLE-NETS-2 switchport switchport access vlan 3000 switchport mode access no ip address ! interface GigabitEthernet6/13 description Switch RASPAIL switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 2301,2302 switchport mode trunk no ip address no cdp enable ! interface GigabitEthernet6/14 description MOBIQUID-NETS (NEW 2009/02/19) switchport switchport access vlan 3001 switchport mode access no ip address ! interface GigabitEthernet6/15 description IFRESEARCH-NETS-5 switchport switchport access vlan 3002 switchport mode access no ip address ! interface GigabitEthernet6/16 description old sw-sd-cwdm ip address 89.185.48.205 255.255.255.252 no ip redirects no ip proxy-arp shutdown spanning-tree portfast ! interface GigabitEthernet6/17 description NOTREFAMILLE-NETS & NOTREFAMILLE-NETS-2 2eme uplink switchport switchport access vlan 3000 switchport mode access no ip address ! interface GigabitEthernet6/18 description VOIP PHONE SKYPE switchport switchport access vlan 2300 switchport mode access no ip address ! interface GigabitEthernet6/19 description CBC-NETS-4 switchport switchport access vlan 2200 switchport mode access no ip address no mdix auto ! interface GigabitEthernet6/20 description DRAC NETWORK 1 (NEW 2007/09/26) switchport switchport access vlan 2102 switchport mode access no ip address ! interface GigabitEthernet6/21 description DRAC NETWORK 2 switchport switchport access vlan 2104 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/22 description DRAC NETWORK 3 switchport switchport access vlan 2106 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/23 description DRAC NETWORK 2 switchport switchport access vlan 2104 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/24 description DRAC NETWORK 3 switchport switchport access vlan 2106 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/25 description Installations TIG (NEW 2008/11/23) switchport switchport access vlan 101 switchport mode access no ip address shutdown spanning-tree portfast ! interface GigabitEthernet6/26 description Interlan PRISMA PRESSE no ip address xconnect 212.43.193.131 200 encapsulation mpls ! interface GigabitEthernet6/27 description PRISMA-PRESSE-NETS ip address 212.43.239.97 255.255.255.224 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface GigabitEthernet6/28 description SUNCARD-NETS ip address 89.185.50.129 255.255.255.240 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface GigabitEthernet6/29 description DRAC NETWORK 3 switchport switchport access vlan 2106 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/30 description DRAC NETWORK 3 switchport switchport access vlan 2106 switchport mode access no ip address spanning-tree portfast ! interface GigabitEthernet6/31 description OMNIKLES-NETS ip address 89.185.52.1 255.255.255.224 secondary ip address 89.185.51.161 255.255.255.224 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface GigabitEthernet6/32 description IFRESEARCH-NETS-4 switchport switchport access vlan 3003 switchport mode access no ip address ! interface GigabitEthernet6/33 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/34 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/35 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/36 description PORT MORT switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address shutdown ! interface GigabitEthernet6/37 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/38 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/39 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/40 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/41 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/42 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/43 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/44 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/45 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/46 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/47 description APC switchport switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address ! interface GigabitEthernet6/48 description APC switchport switchport access vlan 100 switchport private-vlan host-association 2100 2101 switchport mode private-vlan host no ip address spanning-tree portfast ! interface Vlan1 no ip address shutdown ! interface Vlan100 description PC SRI ip address 89.185.48.193 255.255.255.248 no ip redirects no ip proxy-arp isis metric 10 ! interface Vlan101 description Installations TIG (NEW 2008/12/17) ip address 89.185.48.209 255.255.255.248 no ip redirects no ip proxy-arp shutdown ! interface Vlan220 no ip address shutdown ! interface Vlan300 no ip address shutdown ! interface Vlan2000 description BACKUP NETWORK ip address 62.240.231.129 255.255.255.128 ip access-group backup-network-access out no ip redirects no ip proxy-arp private-vlan mapping 2001 ! interface Vlan2100 description APC NETWORK ip address 62.240.231.1 255.255.255.192 no ip redirects no ip proxy-arp private-vlan mapping 2101 ! interface Vlan2102 description DRAC NETWORK 1 (NEW 2007/08/09) ip address 89.185.48.33 255.255.255.224 shutdown ! interface Vlan2104 description DRAC NETWORK 2 ip address 89.185.48.65 255.255.255.224 ip access-group vlan2104-out out ! interface Vlan2106 description DRAC NETWORK 3 ip address 89.185.48.97 255.255.255.224 ! interface Vlan2200 description CFN 89.185.49.0/25 ip address 89.185.49.1 255.255.255.128 ip verify unicast source reachable-via rx no ip redirects ip sticky-arp ignore no ip proxy-arp ! interface Vlan2300 description SD Server subnet 1 ip address 89.185.48.1 255.255.255.224 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface Vlan2301 description SD Server subnet 2 ip address 89.185.48.129 255.255.255.224 no ip redirects no ip proxy-arp ipv6 address 2001:A70:FD::12:1/112 vrrp 1 ip 89.185.48.129 vrrp 1 priority 250 ! interface Vlan2302 description SD Server subnet 3 ip address 89.185.48.161 255.255.255.224 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp vrrp 1 ip 89.185.48.161 vrrp 1 priority 250 ! interface Vlan3000 description NOTREFAMILLE-NETS & NOTREFAMILLE-NETS-2 ip address 89.185.50.161 255.255.255.248 no ip redirects no ip proxy-arp ! interface Vlan3001 description MOBIQUID-NETS (NEW 2009/02/19) ip address 89.185.51.65 255.255.255.192 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface Vlan3002 description IFRESEARCH-NETS-5 ip address 89.185.51.193 255.255.255.240 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface Vlan3003 description IFRESEARCH-NETS-4 ip address 89.185.50.145 255.255.255.240 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! interface Vlan3004 description ABSCISSE-NETS-2 ip address 89.185.51.33 255.255.255.240 ip verify unicast source reachable-via rx allow-self-ping no ip redirects no ip proxy-arp ! router isis mpls traffic-eng router-id Loopback0 mpls traffic-eng level-2 net 49.8975.0000.2120.4319.3038.00 is-type level-2-only authentication mode md5 authentication key-chain is-is-key-chain ispf level-1-2 metric-style wide set-overload-bit on-startup wait-for-bgp spf-interval 5 5 50 prc-interval 5 5 50 lsp-gen-interval 5 5 50 no hello padding log-adjacency-changes all passive-interface Vlan100 passive-interface Loopback0 passive-interface Loopback1 passive-interface Loopback2 ! router bgp 8975 template peer-policy RR-IPv4 inherit peer-policy RR 10 exit-peer-policy ! template peer-policy AS-28677 route-map amen-in in route-map amen-out out filter-list 401 in prefix-list AS-28677 in prefix-list bogons out remove-private-as maximum-prefix 5 send-community exit-peer-policy ! template peer-policy AS-15489 route-map artful-in in route-map artful-out out filter-list 402 in prefix-list AS-15489 in prefix-list bogons out remove-private-as maximum-prefix 10 send-community exit-peer-policy ! template peer-policy RR next-hop-self send-community both exit-peer-policy ! template peer-policy RR-IPv6 next-hop-self send-community send-label exit-peer-policy ! template peer-policy RR-VPNv4 inherit peer-policy RR 10 exit-peer-policy ! template peer-session Internal remote-as 8975 password 7 011E0716550E575A exit-peer-session ! template peer-session Internal-IPv4 update-source Loopback0 inherit peer-session Internal exit-peer-session ! template peer-session AS-28677 remote-as 28677 exit-peer-session ! template peer-session AS-15489 remote-as 15489 exit-peer-session ! template peer-session Internal-IPv6 password 7 121404051C0E5D51 update-source Loopback2 inherit peer-session Internal exit-peer-session ! template peer-session Internal-VPNv4 update-source Loopback1 inherit peer-session Internal exit-peer-session ! bgp router-id 212.43.193.38 no bgp default ipv4-unicast bgp log-neighbor-changes bgp confederation identifier 8426 bgp confederation peers 8426 bgp deterministic-med bgp bestpath compare-routerid bgp maxas-limit 50 timers bgp 30 90 neighbor AMEN-v6-CORE2 peer-group neighbor 2001:A70:F0::2 remote-as 28677 neighbor 2001:A70:F0::2 description AMEN neighbor 62.240.250.3 inherit peer-session Internal-IPv6 neighbor 62.240.250.8 inherit peer-session Internal-IPv6 neighbor 212.43.193.49 inherit peer-session Internal-IPv4 neighbor 212.43.193.51 inherit peer-session Internal-IPv4 neighbor 212.43.193.59 inherit peer-session Internal-VPNv4 neighbor 212.43.193.65 inherit peer-session Internal-VPNv4 neighbor 212.43.225.2 inherit peer-session AS-28677 neighbor 212.43.225.2 description Amen 1 neighbor 212.43.225.10 inherit peer-session AS-15489 neighbor 212.43.225.10 description Artful 1 ! address-family ipv4 redistribute connected route-map ipv4-bgp-redistributed-out redistribute static route-map ipv4-bgp-redistributed-out neighbor 212.43.193.49 activate neighbor 212.43.193.49 inherit peer-policy RR-IPv4 neighbor 212.43.193.51 activate neighbor 212.43.193.51 inherit peer-policy RR-IPv4 neighbor 212.43.225.2 activate neighbor 212.43.225.2 inherit peer-policy AS-28677 neighbor 212.43.225.10 activate neighbor 212.43.225.10 inherit peer-policy AS-15489 no auto-summary no synchronization bgp dampening exit-address-family ! address-family vpnv4 neighbor 212.43.193.59 activate neighbor 212.43.193.59 send-community extended neighbor 212.43.193.65 activate neighbor 212.43.193.65 send-community extended neighbor 212.43.193.65 inherit peer-policy RR-VPNv4 exit-address-family ! address-family ipv6 neighbor 2001:A70:F0::2 activate neighbor 2001:A70:F0::2 next-hop-self neighbor 2001:A70:F0::2 send-community neighbor 2001:A70:F0::2 soft-reconfiguration inbound neighbor 2001:A70:F0::2 inherit peer-policy AS-28677 neighbor 62.240.250.3 activate neighbor 62.240.250.3 soft-reconfiguration inbound neighbor 62.240.250.3 inherit peer-policy RR-IPv6 neighbor 62.240.250.8 activate neighbor 62.240.250.8 inherit peer-policy RR-IPv6 no synchronization redistribute connected route-map ipv6-bgp-redistributed-out redistribute static route-map ipv6-bgp-redistributed-out exit-address-family ! address-family ipv4 vrf CLFR10006 redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf CLFR10005 redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! ip default-gateway 194.146.173.4 ip classless ip route 10.66.66.66 255.255.255.255 Null0 ip route 89.185.50.0 255.255.255.192 89.185.49.5 ip route 89.185.50.64 255.255.255.192 89.185.50.162 ip route 89.185.50.176 255.255.255.240 89.185.49.7 ip route 89.185.51.0 255.255.255.240 89.185.49.6 ip route 89.185.51.16 255.255.255.240 89.185.49.10 ip route 89.185.51.224 255.255.255.224 89.185.49.8 ip route 89.185.53.0 255.255.255.224 89.185.49.11 ip route 89.185.53.64 255.255.255.224 89.185.49.12 ip route 89.185.53.128 255.255.255.224 89.185.49.11 ip route 212.43.218.80 255.255.255.240 89.185.49.11 ip route 212.43.222.64 255.255.255.240 89.185.49.12 ip route 212.43.226.192 255.255.255.240 89.185.49.11 ip route 212.43.227.16 255.255.255.240 89.185.49.12 ip route 212.43.239.192 255.255.255.240 89.185.49.12 ip route 212.43.240.176 255.255.255.240 89.185.49.11 ip route vrf CLFR10005 212.43.234.161 255.255.255.255 10.0.1.253 ! ip extcommunity-list 99 permit rt 8426:1 ip extcommunity-list 99 permit rt 8426:9998 ip extcommunity-list 99 permit rt 8975:100 ip extcommunity-list 99 permit rt 8426:10018 ip extcommunity-list 99 permit rt 8196:100 ip extcommunity-list 99 permit rt 8196:200 ip extcommunity-list 99 permit rt 8426:10031 ip extcommunity-list 99 permit rt 8426:10044 ip extcommunity-list 99 permit rt 8426:10040 ip extcommunity-list 99 permit rt 8196:3900 ip extcommunity-list 99 permit rt 8483:14200 ip extcommunity-list 99 permit rt 8196:4300 ip extcommunity-list 99 permit rt 20869:10001 ip extcommunity-list 99 permit rt 8426:10099 ip extcommunity-list 99 permit rt 8426:10106 ip extcommunity-list 99 permit rt 5533:20000 ip extcommunity-list 99 permit rt 5533:20001 ip extcommunity-list 99 permit rt 5533:20002 ip extcommunity-list 99 permit rt 5533:20003 ip extcommunity-list 99 permit rt 5533:20004 ip extcommunity-list 99 permit rt 5533:20005 ip extcommunity-list 99 permit rt 5533:20006 ip extcommunity-list 99 permit rt 5533:20007 ip extcommunity-list 99 permit rt 5533:20008 ip extcommunity-list 99 permit rt 5533:20009 ip bgp-community new-format ip community-list standard FR:artful permit 8975:50054 ip community-list standard UK:UK permit 8426:100 ip community-list standard UK:UK-peerings permit 8426:799 ip community-list standard UK:UK-transit permit 8426:599 ip community-list standard ES:ES permit 20869:100 ip community-list standard ES:ES-peerings permit 20869:799 ip community-list standard NL:NL permit 8483:100 ip community-list standard NL:NL-peerings permit 8483:799 ip community-list standard DE:DE permit 8196:14010 ip community-list standard DE:DE-peerings permit 8196:13000 ip community-list standard DE:DE-peerings permit 8196:15000 ip community-list standard DE:DE-transit permit 8196:12000 ip community-list standard DE:UK permit 8196:14020 ip community-list standard FR:FR permit 8975:14010 ip community-list standard FR:FR-transit permit 8975:12000 ip community-list standard FR:FR-peerings permit 8975:13000 ip community-list standard FR:UK permit 8975:14020 ip community-list standard FR:UK-peerings permit 8975:15020 ip community-list standard FR:DE permit 8975:14030 ip community-list standard FR:DE-peerings permit 8975:15030 ip community-list standard FR:ES permit 8975:14040 ip community-list standard FR:ES-peerings permit 8975:15040 ip community-list standard FR:NL permit 8975:14050 ip community-list standard FR:NL-peerings permit 8975:15050 ip community-list standard FR:CLARANET permit 8975:14000 ip community-list standard FR:CLARANET-confederation permit 8426:101 8975:14000 ip community-list standard FR:CLARANET-peerings permit 8975:15000 ip community-list standard FR:CLARANET-confederation-peerings permit 8426:101 8975:15000 ip community-list standard EU:FR-AS permit 8975:1 ip community-list standard EU:FR-other-AS permit 8975:2000 ip community-list standard EU:FR permit 8975:100 ip community-list standard EU:FR-peerings permit 8975:799 ip community-list standard EU:FR-transit permit 8975:599 ip community-list standard EU:AMEN-AS permit 28677:1 ip community-list standard EU:AMEN-other-AS permit 28677:2000 ip community-list standard EU:AMEN permit 28677:100 ip community-list standard EU:AMEN-peerings permit 28677:799 ip community-list standard EU:AMEN-transit permit 28677:599 ip community-list standard EU:UK-AS permit 8426:1 ip community-list standard EU:UK-other-AS permit 8426:2000 ip community-list standard EU:UK permit 8426:100 ip community-list standard EU:UK-peerings permit 8426:799 ip community-list standard EU:UK-transit permit 8426:599 ip community-list standard EU:CONFEDERATION permit 8426:101 ip community-list standard EU:DE-AS permit 8196:1 ip community-list standard EU:DE-other-AS permit 8196:2000 ip community-list standard EU:DE permit 8196:100 ip community-list standard EU:DE-peerings permit 8196:799 ip community-list standard EU:DE-transit permit 8196:599 ip community-list standard FR:internal permit 8975:50000 ip community-list standard AMEN:internal permit 28677:50000 ip community-list standard FR:neuf-bas-radius permit 8975:50051 ip community-list standard FR:sfr-claranet-lns-radius permit 8975:50052 ip community-list standard FR:sfr-customers permit 8975:50053 ip community-list standard FR:hosting-customers permit 8975:50055 ip community-list standard FR:fb-hosting-customers permit 8975:50056 ip community-list standard FR:sd-hosting-customers permit 8975:50057 ip as-path access-list 401 permit ^28677$ ip as-path access-list 402 permit ^15489$ ip flow-export source Loopback0 ip flow-export version 5 no ip http server ip pim rp-address 212.43.247.132 override ip tacacs source-interface Loopback0 ! ip access-list standard backup-network-access permit 62.240.231.128 0.0.0.127 ip access-list standard noc-access permit 212.43.194.38 permit 212.43.194.17 permit 213.253.16.104 permit 212.43.194.108 permit 195.157.6.1 permit 62.193.206.162 permit 62.193.206.153 permit 212.43.195.0 0.0.0.31 permit 212.43.232.64 0.0.0.31 permit 212.43.232.96 0.0.0.7 permit 212.43.232.32 0.0.0.31 permit 212.43.232.104 0.0.0.7 permit 212.43.193.0 0.0.0.255 permit 212.43.247.0 0.0.0.255 permit 212.43.225.0 0.0.0.3 permit 212.43.225.4 0.0.0.3 permit 212.43.225.8 0.0.0.3 permit 212.43.225.12 0.0.0.3 permit 195.8.68.0 0.0.0.255 permit 195.8.69.0 0.0.0.255 permit 195.8.70.0 0.0.0.255 permit 195.157.3.0 0.0.0.255 permit 212.82.224.0 0.0.1.255 permit 80.67.96.64 0.0.0.31 permit 62.193.207.192 0.0.0.31 permit 62.193.223.0 0.0.0.255 deny any log ip access-list standard snmp-access permit 212.43.194.38 permit 212.43.194.17 permit 212.43.194.117 permit 213.253.16.104 permit 212.43.194.108 permit 195.8.69.211 permit 89.185.48.165 permit 195.8.71.57 permit 212.43.195.0 0.0.0.31 deny any log ! ip access-list extended BUYAGIFT-NETS-2-access-out permit tcp any 89.185.51.208 0.0.0.15 established permit udp any eq domain 89.185.51.208 0.0.0.15 permit ip host 81.144.223.64 89.185.51.208 0.0.0.15 permit ip host 81.144.223.65 89.185.51.208 0.0.0.15 permit ip host 81.144.223.66 89.185.51.208 0.0.0.15 permit ip host 87.86.101.81 89.185.51.208 0.0.0.15 permit ip host 87.86.101.82 89.185.51.208 0.0.0.15 permit ip host 87.86.101.83 89.185.51.208 0.0.0.15 permit ip host 87.86.101.84 89.185.51.208 0.0.0.15 permit ip host 87.86.101.85 89.185.51.208 0.0.0.15 permit ip host 87.86.101.86 89.185.51.208 0.0.0.15 permit ip host 217.39.124.233 89.185.51.208 0.0.0.15 permit tcp any 89.185.51.208 0.0.0.15 eq 22 permit tcp any 89.185.51.208 0.0.0.15 eq www permit tcp any 89.185.51.208 0.0.0.15 eq 443 permit tcp any 89.185.51.208 0.0.0.15 range ftp-data ftp deny ip any 89.185.51.208 0.0.0.15 ip access-list extended SFIG-NETS-g-6-6-in permit ip 89.185.50.0 0.0.0.63 any permit ip host 89.185.49.5 any deny ip any any ip access-list extended artful20080816-out permit tcp any host 89.185.33.53 eq www deny icmp any host 89.185.33.53 log deny udp any host 89.185.33.53 log permit ip any any ip access-list extended artful20080816_02-out permit tcp any host 89.185.33.53 eq www deny icmp any host 89.185.33.53 log deny udp any host 89.185.33.53 permit ip any any ip access-list extended artful20080816_03 deny udp any host 89.185.33.53 permit tcp any host 89.185.33.53 eq www deny ip any host 89.185.33.53 permit ip any any ip access-list extended artful20080903 deny udp any host 89.185.33.53 permit tcp any host 89.185.33.53 eq www permit tcp any host 89.185.33.53 eq ftp permit tcp any host 89.185.33.53 eq 3389 deny ip any host 89.185.33.53 permit ip any any ip access-list extended deny_artful_20080418_01 deny ip host 89.185.33.42 any deny ip any host 89.185.33.42 permit ip any any ip access-list extended to_pingboy_access permit icmp any any permit tcp any any established permit udp any eq domain any permit ip host 89.185.48.202 host 212.43.247.140 permit udp host 89.185.48.202 host 212.43.247.140 permit tcp host 89.185.48.202 host 212.43.247.140 permit ip any any ip access-list extended vlan2104-out permit ip 212.43.195.0 0.0.0.255 host 89.185.48.73 permit ip 212.43.232.32 0.0.0.31 host 89.185.48.73 permit ip host 194.146.175.252 host 89.185.48.73 permit ip host 62.240.254.57 host 89.185.48.73 permit ip host 82.236.143.53 host 89.185.48.73 permit ip 212.43.232.64 0.0.0.31 any ! ! ip prefix-list AS-15489 seq 5 permit 89.185.32.0/23 ip prefix-list AS-15489 seq 10 permit 89.185.34.0/24 ip prefix-list AS-15489 seq 15 permit 89.185.36.0/23 ip prefix-list AS-15489 seq 20 permit 193.111.14.0/23 ip prefix-list AS-15489 seq 25 permit 194.146.172.0/22 ip prefix-list AS-15489 seq 30 permit 89.185.38.0/24 ! ip prefix-list AS-15489-customer seq 10 permit 193.111.14.0/23 ip prefix-list AS-15489-customer seq 15 permit 194.146.172.0/22 ! ip prefix-list AS-15489-internal seq 5 permit 89.185.32.0/23 ip prefix-list AS-15489-internal seq 10 permit 89.185.34.0/24 ip prefix-list AS-15489-internal seq 15 permit 89.185.36.0/23 ip prefix-list AS-15489-internal seq 20 permit 89.185.38.0/24 ! ip prefix-list AS-28677 seq 5 permit 62.193.192.0/18 ! ip prefix-list cyrealis seq 5 permit 193.22.143.0/24 ! ip prefix-list ipv4-assignment seq 20 permit 212.43.192.0/18 ge 19 ip prefix-list ipv4-assignment seq 40 permit 62.240.224.0/19 ge 20 ip prefix-list ipv4-assignment seq 60 permit 89.185.32.0/19 ge 20 ! ip prefix-list ipv4-ebgp-filter description External peerings should only pass up to /24 length ip prefix-list ipv4-ebgp-filter seq 5 deny 0.0.0.0/8 le 32 ip prefix-list ipv4-ebgp-filter seq 10 deny 10.0.0.0/8 le 32 ip prefix-list ipv4-ebgp-filter seq 15 deny 127.0.0.0/8 le 32 ip prefix-list ipv4-ebgp-filter seq 20 deny 172.16.0.0/12 le 32 ip prefix-list ipv4-ebgp-filter seq 25 deny 169.254.0.0/16 le 32 ip prefix-list ipv4-ebgp-filter seq 30 deny 192.168.0.0/16 le 32 ip prefix-list ipv4-ebgp-filter seq 35 deny 192.0.2.0/24 le 32 ip prefix-list ipv4-ebgp-filter seq 40 deny 224.0.0.0/3 le 32 ip prefix-list ipv4-ebgp-filter seq 45 permit 0.0.0.0/0 le 24 ! ip prefix-list ipv4-network-infra seq 20 permit 212.43.193.0/24 le 32 ip prefix-list ipv4-network-infra seq 40 permit 212.43.247.0/24 le 32 ip prefix-list ipv4-network-infra seq 60 permit 62.240.250.0/24 le 32 logging history informational logging facility local3 logging source-interface Loopback0 logging 212.43.194.17 access-list 2 permit 212.43.194.38 access-list 2 permit 212.43.194.17 access-list 2 permit 212.43.194.117 access-list 2 permit 213.253.16.104 access-list 2 permit 212.43.194.108 access-list 2 permit 195.8.69.211 access-list 2 permit 89.185.48.165 access-list 2 permit 195.8.71.57 access-list 2 permit 212.43.195.0 0.0.0.31 access-list 2 deny any log access-list 10 deny 62.193.208.61 access-list 10 deny 62.193.204.123 access-list 10 deny 62.193.204.110 access-list 10 deny 62.193.206.133 access-list 10 deny 62.193.199.236 access-list 10 permit any access-list 100 deny ip host 62.193.205.209 any access-list 100 deny udp any eq 80 any access-list 100 deny udp any any eq 80 access-list 100 permit ip any any no cdp run ! ! ipv6 prefix-list AS-28677 seq 5 permit 2A02:2B8::/32 route-map ipv4-bgp-redistributed-out deny 20 match ip address prefix-list ipv4-network-infra ! route-map ipv4-bgp-redistributed-out permit 40 match ip address prefix-list ipv4-assignment set local-preference 10000 set community 8975:50000 8975:50055 8975:50057 no-export local-AS ! route-map ipv6-bgp-redistributed-out permit 40 set local-preference 10000 set community 8975:50000 8975:50055 8975:50057 no-export local-AS ! route-map amen-in permit 10 set local-preference 10000 set community 8975:100 8975:2000 8975:10000 8975:14000 8975:14010 ! route-map artful-in permit 10 match ip address prefix-list AS-15489-internal set local-preference 10000 set community 8975:50000 8975:50054 no-export local-AS ! route-map artful-in permit 20 match ip address prefix-list AS-15489-customer set local-preference 10000 set community 8975:100 8975:2000 8975:10000 8975:14000 8975:14010 ! route-map amen-out permit 10 ! route-map artful-out permit 50 ! route-map BGP-Customer-in permit 10 set local-preference 10000 set community 8975:100 8975:2000 8975:10000 8975:14000 8975:14010 ! snmp-server community passwordsnmp RO 2 snmp-server community ilmppIII RO snmp-server trap-source Loopback0 snmp-server enable traps tty snmp-server enable traps sonet snmp-server host 212.43.194.17 passwordsnmp tty bgp config envmon tacacs-server host 212.43.194.17 tacacs-server directed-request tacacs-server key 7 121A0916000A02573E ! radius-server source-ports 1645-1646 ! control-plane ! ! ! dial-peer cor custom ! ! ! banner motd ^C ####################################### ### Unauthorised access prohibited ### ####################################### ### Disconnect now if you are not ### ### an authorised user. ### ####################################### ### All connection attempts are ### ### logged. ### ####################################### ^C ! line con 0 line vty 0 4 access-class noc-access in exec-timeout 35791 0 logging synchronous transport input telnet ssh line vty 5 10 access-class noc-access in exec-timeout 35791 0 logging synchronous transport input telnet ssh ! ntp clock-period 17179988 ntp server 212.43.194.2 no cns aaa enable end sd-ar1#exit Connection to sd-ar1.router.fr.clara.net closed by remote host. Connection to sd-ar1.router.fr.clara.net closed.