sd-cr1.router.fr.clara.net spawn ssh -c 3des -x -l rancid_user sd-cr1.router.fr.clara.net rancid_user@sd-cr1.router.fr.clara.net's password: ####################################### ### Unauthorised access prohibited ### ####################################### ### Disconnect now if you are not ### ### an authorised user. ### ####################################### ### All connection attempts are ### ### logged. ### ####################################### sd-cr1>enable Password: sd-cr1# sd-cr1#term length 0 sd-cr1#sh run Building configuration... Current configuration : 16841 bytes ! ! Last configuration change at 10:09:07 CET Wed Jan 21 2009 by benj ! NVRAM config last updated at 10:09:10 CET Wed Jan 21 2009 by benj ! upgrade fpd auto version 12.2 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service counters max age 10 no service dhcp ! hostname sd-cr1 ! boot system disk0:s72033-advipservicesk9_wan-mz.122-18.SXF6.bin boot system sup-bootflash:s72033-psv-mz.122-18.SXD7.bin logging snmp-authfail logging rate-limit all 200 no logging console enable secret 5 $1$1NOz$W9M8o9xtGx/5X4PSdWnzW0 ! aaa new-model aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa accounting commands 15 default start-stop group tacacs+ ! aaa session-id common clock timezone CET 1 ip subnet-zero no ip source-route ! ! ! ip tftp source-interface Loopback0 no ip bootp server ip multicast-routing ip tcp path-mtu-discovery ip scp server enable ip domain-name router.fr.clara.net ip name-server 212.43.194.3 ip name-server 212.43.194.2 ipv6 unicast-routing ipv6 mfib hardware-switching replication-mode ingress mpls label protocol ldp mpls traffic-eng tunnels mpls traffic-eng logging tunnel path change tag-switching tdp router-id Loopback0 force mls ip multicast flow-stat-timer 9 no mls flow ip no mls flow ipv6 no mls acl tcam share-global mls cef error action freeze ! key chain is-is-key-chain key 1 key-string 7 1043080B0B12435F ! ! ! ! ! ! ! ! redundancy mode sso main-cpu auto-sync running-config spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id diagnostic cns publish cisco.cns.device.diag_results diagnostic cns subscribe cisco.cns.device.diag_commands fabric buffer-reserve queue ! vlan internal allocation policy ascending vlan access-log ratelimit 2000 ! ! ! ! interface Loopback0 ip address 212.43.193.36 255.255.255.255 ! interface Loopback2 ip address 62.240.250.14 255.255.255.255 ipv6 address 2001:A70:FF::16/128 ! interface Null0 no ip unreachables ! interface Port-channel1 description SD-AR1 dampening mtu 4470 ip address 62.240.250.221 255.255.255.252 no ip redirects no ip proxy-arp ip router isis mpls traffic-eng tunnels tag-switching ip isis network point-to-point isis hello-interval minimal ! interface Port-channel2 description SD-AR2 dampening mtu 4470 ip address 62.240.250.225 255.255.255.252 no ip redirects no ip proxy-arp ip router isis mpls traffic-eng tunnels tag-switching ip isis network point-to-point isis hello-interval minimal ! interface GigabitEthernet1/1 no ip address no ip redirects no ip proxy-arp shutdown no ipv6 redirects ! interface GigabitEthernet1/2 no ip address no ip redirects no ip proxy-arp shutdown no ipv6 redirects ! interface GigabitEthernet2/1 description admin switch Redbus 3750 dampening ip address 212.43.193.121 255.255.255.248 no ip redirects no ip proxy-arp no ipv6 redirects isis metric 10 ! interface GigabitEthernet2/2 description ABOVE dampening ip address 83.167.40.117 255.255.255.248 no ip redirects no ip proxy-arp no ipv6 redirects ! interface GigabitEthernet2/3 description SD-AR1 LACP1 mtu 4470 no ip address channel-group 1 mode active ! interface GigabitEthernet2/4 description SD-AR1 LACP2 mtu 4470 no ip address channel-group 1 mode active ! interface GigabitEthernet2/5 description SD-AR2 LACP1 mtu 4470 no ip address channel-group 2 mode active ! interface GigabitEthernet2/6 description SD-AR2 LACP2 mtu 4470 no ip address channel-group 2 mode active ! interface GigabitEthernet2/7 no ip address no ip redirects no ip proxy-arp shutdown no ipv6 redirects ! interface GigabitEthernet2/8 no ip address no ip redirects no ip proxy-arp shutdown no ipv6 redirects ! interface TenGigabitEthernet3/1 description SD-CR2 dampening mtu 4470 ip address 62.240.250.201 255.255.255.252 no ip redirects no ip proxy-arp ip router isis mpls traffic-eng tunnels tag-switching ip no cdp enable isis network point-to-point isis hello-interval minimal ! interface TenGigabitEthernet3/2 description TH1-CR2 via NEO dampening mtu 4470 ip address 62.240.250.198 255.255.255.252 no ip redirects no ip proxy-arp ip router isis mpls traffic-eng tunnels tag-switching ip no cdp enable isis network point-to-point isis hello-interval minimal ! interface TenGigabitEthernet3/3 description (NEW 2008/12/17) no ip address shutdown ! interface TenGigabitEthernet3/4 description (NEW 2008/12/17) no ip address shutdown ! interface Vlan1 no ip address shutdown ! router isis mpls traffic-eng router-id Loopback0 mpls traffic-eng level-2 net 49.8975.0000.2120.4319.3036.00 is-type level-2-only authentication mode md5 authentication key-chain is-is-key-chain ispf level-1-2 metric-style wide set-overload-bit on-startup wait-for-bgp spf-interval 5 5 50 prc-interval 5 5 50 lsp-gen-interval 5 5 50 no hello padding log-adjacency-changes all passive-interface GigabitEthernet2/1 passive-interface Loopback0 passive-interface Loopback2 ! router bgp 8975 template peer-policy RR-IPv4 prefix-list bogons in prefix-list bogons out next-hop-self send-community exit-peer-policy ! template peer-policy Above-IPv4 route-map Above-IPv4-in in route-map Above-IPv4-out out prefix-list bogons in prefix-list bogons out send-community exit-peer-policy ! template peer-session Internal remote-as 8975 password 7 011E0716550E575A exit-peer-session ! template peer-session Internal-IPv4 update-source Loopback0 inherit peer-session Internal exit-peer-session ! template peer-session Above-IPv4 remote-as 6461 ebgp-multihop 3 update-source Loopback0 exit-peer-session ! bgp router-id 212.43.193.36 no bgp default ipv4-unicast bgp log-neighbor-changes bgp confederation identifier 8426 bgp confederation peers 8426 bgp deterministic-med bgp bestpath compare-routerid bgp maxas-limit 50 timers bgp 30 90 neighbor RR-IPv6 peer-group neighbor RR-IPv6 remote-as 8975 neighbor RR-IPv6 password 7 020B054905035E74 neighbor RR-IPv6 update-source Loopback2 neighbor 62.240.250.3 peer-group RR-IPv6 neighbor 62.240.250.3 update-source Loopback2 neighbor 62.240.250.8 peer-group RR-IPv6 neighbor 62.240.250.8 update-source Loopback2 neighbor 64.125.0.147 inherit peer-session Above-IPv4 neighbor 64.125.0.147 description ABOVE neighbor 64.125.0.147 shutdown neighbor 64.125.0.149 inherit peer-session Above-IPv4 neighbor 64.125.0.149 description ABOVE neighbor 64.125.0.149 shutdown neighbor 212.43.193.49 inherit peer-session Internal-IPv4 neighbor 212.43.193.51 inherit peer-session Internal-IPv4 ! address-family ipv4 neighbor 64.125.0.147 activate neighbor 64.125.0.147 inherit peer-policy Above-IPv4 neighbor 64.125.0.149 activate neighbor 64.125.0.149 inherit peer-policy Above-IPv4 neighbor 212.43.193.49 activate neighbor 212.43.193.49 inherit peer-policy RR-IPv4 neighbor 212.43.193.51 activate neighbor 212.43.193.51 inherit peer-policy RR-IPv4 no auto-summary no synchronization bgp dampening exit-address-family ! address-family ipv6 neighbor RR-IPv6 activate neighbor RR-IPv6 next-hop-self neighbor RR-IPv6 send-community neighbor RR-IPv6 send-label neighbor 62.240.250.3 peer-group RR-IPv6 neighbor 62.240.250.8 peer-group RR-IPv6 no synchronization redistribute connected route-map ipv6-bgp-redistributed-out redistribute static route-map ipv6-bgp-redistributed-out exit-address-family ! ip classless ip route 10.66.66.66 255.255.255.255 Null0 ip route 64.125.0.147 255.255.255.255 83.167.40.114 ip route 64.125.0.149 255.255.255.255 83.167.40.115 ! ip extcommunity-list 99 permit rt 8426:1 ip extcommunity-list 99 permit rt 8426:9998 ip extcommunity-list 99 permit rt 8975:100 ip extcommunity-list 99 permit rt 8426:10018 ip extcommunity-list 99 permit rt 8196:100 ip extcommunity-list 99 permit rt 8196:200 ip extcommunity-list 99 permit rt 8426:10031 ip extcommunity-list 99 permit rt 8426:10044 ip extcommunity-list 99 permit rt 8426:10040 ip extcommunity-list 99 permit rt 8426:10125 ip extcommunity-list 99 permit rt 8196:3900 ip extcommunity-list 99 permit rt 8483:14200 ip extcommunity-list 99 permit rt 8196:4300 ip extcommunity-list 99 permit rt 20869:10001 ip extcommunity-list 99 permit rt 8426:10099 ip extcommunity-list 99 permit rt 8426:10106 ip extcommunity-list 99 permit rt 5533:20000 ip extcommunity-list 99 permit rt 5533:20001 ip extcommunity-list 99 permit rt 5533:20002 ip extcommunity-list 99 permit rt 5533:20003 ip extcommunity-list 99 permit rt 5533:20004 ip extcommunity-list 99 permit rt 5533:20005 ip extcommunity-list 99 permit rt 5533:20006 ip extcommunity-list 99 permit rt 5533:20007 ip extcommunity-list 99 permit rt 5533:20008 ip extcommunity-list 99 permit rt 5533:20009 ip bgp-community new-format ip community-list standard UK:UK permit 8426:100 ip community-list standard UK:UK-peerings permit 8426:799 ip community-list standard UK:UK-transit permit 8426:599 ip community-list standard ES:ES permit 20869:100 ip community-list standard ES:ES-peerings permit 20869:799 ip community-list standard NL:NL permit 8483:100 ip community-list standard NL:NL-peerings permit 8483:799 ip community-list standard DE:DE permit 8196:14010 ip community-list standard DE:DE-peerings permit 8196:13000 ip community-list standard DE:DE-peerings permit 8196:15000 ip community-list standard DE:DE-transit permit 8196:12000 ip community-list standard DE:UK permit 8196:14020 ip community-list standard FR:FR permit 8975:14010 ip community-list standard FR:FR-transit permit 8975:12000 ip community-list standard FR:FR-peerings permit 8975:13000 ip community-list standard FR:UK permit 8975:14020 ip community-list standard FR:UK-peerings permit 8975:15020 ip community-list standard FR:DE permit 8975:14030 ip community-list standard FR:DE-peerings permit 8975:15030 ip community-list standard FR:ES permit 8975:14040 ip community-list standard FR:ES-peerings permit 8975:15040 ip community-list standard FR:NL permit 8975:14050 ip community-list standard FR:NL-peerings permit 8975:15050 ip community-list standard FR:CLARANET permit 8975:14000 ip community-list standard FR:CLARANET-confederation permit 8426:101 8975:14000 ip community-list standard FR:CLARANET-peerings permit 8975:15000 ip community-list standard FR:CLARANET-confederation-peerings permit 8426:101 8975:15000 ip community-list standard EU:FR-AS permit 8975:1 ip community-list standard EU:FR-other-AS permit 8975:2000 ip community-list standard EU:FR permit 8975:100 ip community-list standard EU:FR-peerings permit 8975:799 ip community-list standard EU:FR-transit permit 8975:599 ip community-list standard EU:AMEN-AS permit 28677:1 ip community-list standard EU:AMEN-other-AS permit 28677:2000 ip community-list standard EU:AMEN permit 28677:100 ip community-list standard EU:AMEN-peerings permit 28677:799 ip community-list standard EU:AMEN-transit permit 28677:599 ip community-list standard EU:UK-AS permit 8426:1 ip community-list standard EU:UK-other-AS permit 8426:2000 ip community-list standard EU:UK permit 8426:100 ip community-list standard EU:UK-peerings permit 8426:799 ip community-list standard EU:UK-transit permit 8426:599 ip community-list standard EU:CONFEDERATION permit 8426:101 ip community-list standard EU:DE-AS permit 8196:1 ip community-list standard EU:DE-other-AS permit 8196:2000 ip community-list standard EU:DE permit 8196:100 ip community-list standard EU:DE-peerings permit 8196:799 ip community-list standard EU:DE-transit permit 8196:599 ip community-list standard FR:internal permit 8975:50000 ip community-list standard AMEN:internal permit 28677:50000 ip community-list standard FR:neuf-bas-radius permit 8975:50051 ip community-list standard FR:sfr-claranet-lns-radius permit 8975:50052 ip community-list standard FR:sfr-customers permit 8975:50053 ip community-list standard FR:artful permit 8975:50054 ip community-list standard FR:hosting-customers permit 8975:50055 ip community-list standard FR:fb-hosting-customers permit 8975:50056 ip community-list standard FR:sd-hosting-customers permit 8975:50057 ip community-list standard Above-Blackhole permit 6461:5990 no ip http server ip pim rp-address 212.43.247.132 override ip tacacs source-interface Loopback0 ! ip access-list standard noc-access permit 212.43.194.38 permit 212.43.194.17 permit 213.253.16.104 permit 195.157.6.1 permit 62.193.206.162 permit 62.193.206.153 permit 212.43.195.0 0.0.0.31 permit 212.43.232.64 0.0.0.31 permit 212.43.232.96 0.0.0.7 permit 212.43.232.32 0.0.0.31 permit 212.43.232.104 0.0.0.7 permit 212.43.193.0 0.0.0.255 permit 212.43.247.0 0.0.0.255 permit 212.43.225.0 0.0.0.3 permit 212.43.225.4 0.0.0.3 permit 212.43.225.8 0.0.0.3 permit 212.43.225.12 0.0.0.3 permit 195.8.68.0 0.0.0.255 permit 195.8.69.0 0.0.0.255 permit 195.8.70.0 0.0.0.255 permit 195.157.3.0 0.0.0.255 permit 212.82.224.0 0.0.1.255 permit 80.67.96.64 0.0.0.31 permit 62.193.207.192 0.0.0.31 permit 62.193.223.0 0.0.0.255 deny any log ip access-list standard snmp-access permit 212.43.194.38 permit 212.43.194.17 permit 212.43.194.8 permit 212.43.194.117 permit 213.253.16.104 permit 195.8.69.211 permit 89.185.48.165 permit 195.8.71.57 permit 212.43.195.0 0.0.0.31 deny any log ip access-list standard uk-snmp-access permit 212.43.194.17 permit 195.157.6.0 0.0.0.7 permit 212.43.232.64 0.0.0.31 ! ! ip prefix-list SD-BLOCK seq 5 permit 89.185.32.0/19 ! ip prefix-list Witbe-Washington seq 5 permit 193.201.6.0/24 ! ip prefix-list bogons description Bogus routes ip prefix-list bogons seq 5 deny 0.0.0.0/8 le 32 ip prefix-list bogons seq 10 deny 10.0.0.0/8 le 32 ip prefix-list bogons seq 15 deny 127.0.0.0/8 le 32 ip prefix-list bogons seq 20 deny 172.16.0.0/12 le 32 ip prefix-list bogons seq 25 deny 169.254.0.0/16 le 32 ip prefix-list bogons seq 30 deny 192.168.0.0/16 le 32 ip prefix-list bogons seq 35 deny 192.0.2.0/24 le 32 ip prefix-list bogons seq 40 deny 224.0.0.0/3 le 32 ip prefix-list bogons seq 45 permit 0.0.0.0/0 le 32 ! ip prefix-list deny-parix seq 5 permit 198.32.247.0/24 ! ip prefix-list test_ge_25_le_32 seq 5 permit 0.0.0.0/0 ge 25 logging history informational logging facility local3 logging source-interface Loopback0 logging 212.43.194.17 access-list 2 permit 212.43.194.38 access-list 2 permit 212.43.194.17 access-list 2 permit 212.43.194.8 access-list 2 permit 212.43.194.117 access-list 2 permit 213.253.16.104 access-list 2 permit 195.8.69.211 access-list 2 permit 89.185.48.165 access-list 2 permit 195.8.71.57 access-list 2 permit 212.43.195.0 0.0.0.31 access-list 2 deny any log access-list 12 permit 212.43.194.17 access-list 12 permit 195.157.6.0 0.0.0.7 access-list 12 permit 212.43.232.64 0.0.0.31 access-list 150 permit tcp any any access-list 150 permit udp any any access-list 150 permit icmp any any access-list 150 permit ip any any access-list 151 permit ip any any log ! route-map Above-IPv4-in deny 10 match ip address prefix-list deny-parix ! route-map Above-IPv4-in permit 40 match ip address prefix-list Witbe-Washington set local-preference 700 set community 8975:599 8975:10000 8975:12000 8975:12030 ! route-map Above-IPv4-in permit 60 set local-preference 400 set community 8975:599 8975:10000 8975:12000 8975:12030 ! route-map ipv6-bgp-redistributed-out permit 40 set local-preference 10000 set community 8975:50000 8975:50055 8975:50056 no-export local-AS ! route-map Above-IPv4-out permit 20 match community FR:FR set metric-type internal ! route-map Above-IPv4-out permit 40 match community Above-Blackhole ! snmp-server community passwordsnmp RO 2 snmp-server community ilmppIII RO 12 snmp-server trap-source Loopback0 snmp-server enable traps tty snmp-server enable traps sonet snmp-server host 212.43.194.17 passwordsnmp tty bgp config envmon tacacs-server host 212.43.194.17 tacacs-server directed-request tacacs-server key 7 121A0916000A02573E ! radius-server source-ports 1645-1646 ! control-plane ! ! ! dial-peer cor custom ! ! ! banner motd ^C ####################################### ### Unauthorised access prohibited ### ####################################### ### Disconnect now if you are not ### ### an authorised user. ### ####################################### ### All connection attempts are ### ### logged. ### ####################################### ^C ! line con 0 line vty 0 4 access-class noc-access in exec-timeout 35791 0 logging synchronous transport input telnet ssh line vty 5 10 access-class noc-access in ! ntp clock-period 17180031 ntp server 212.43.194.2 no cns aaa enable end sd-cr1#exit Connection to sd-cr1.router.fr.clara.net closed by remote host. Connection to sd-cr1.router.fr.clara.net closed.