version 15.2 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers service counters max age 5 ! hostname JANOG-GW ! boot-start-marker boot-end-marker ! ! enable password 7 ****** ! no aaa new-model clock timezone JST 9 0 ! no ip source-route ip cef ! ! ! ! ! no ip dhcp conflict logging ip dhcp excluded-address 192.168.0.0 192.168.0.99 ip dhcp excluded-address 192.168.0.200 192.168.0.255 ip dhcp excluded-address 172.16.0.1 172.16.0.255 ip dhcp excluded-address 172.16.9.1 172.16.255.255 ip dhcp excluded-address 192.168.255.1 192.168.255.199 ! ip dhcp pool Staff-VLAN151 network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 157.112.199.2 ! ip dhcp pool Stable-VLAN155 network 172.16.0.0 255.255.0.0 default-router 172.16.0.1 dns-server 157.112.199.2 ! ip dhcp pool MGMT-VLAN153 network 192.168.255.0 255.255.255.0 default-router 192.168.255.1 dns-server 157.112.199.2 ! ! ! ip flow-cache timeout active 1 no ip domain lookup l2tp-class R2signal ! ipv6 unicast-routing ipv6 dhcp pool Staff-VLAN151-v6 address prefix 2400:8700:31:C0DE::/64 dns-server 2400:8700:31:CA11::53 ! ipv6 dhcp pool Stable-VLAN155-v6 address prefix 2400:8700:31:91EE::/64 dns-server 2400:8700:31:CA11::53 ! ipv6 cef multilink bundle-name authenticated ! ! ! ! license udi pid C3900-SPE200/K9 sn ****** license boot module c3900e technology-package datak9 ! ! username janog privilege 15 secret 4 ****** ! redundancy ! ! csdb tcp synwait-time 30 csdb tcp idle-time 3600 csdb tcp finwait-time 5 csdb tcp reassembly max-memory 1024 csdb tcp reassembly max-queue-length 16 csdb udp idle-time 30 csdb icmp idle-time 10 csdb session max-session 65535 ! ! ! ! interface Tunnel0 no ip address ipv6 address 2400:8700:31:FFFE::1/126 ipv6 enable tunnel source Dialer1 tunnel mode ipv6ip tunnel destination 157.112.199.253 tunnel path-mtu-discovery ! interface Tunnel1 ip address 157.112.199.245 255.255.255.252 ip nat outside no ip virtual-reassembly in tunnel source Dialer1 tunnel destination 157.112.199.253 tunnel path-mtu-discovery ! interface GigabitEthernet0/0 description ### To Flet's ### no ip address no ip redirects no ip unreachables no ip proxy-arp no ip route-cache load-interval 30 duplex auto speed auto pppoe enable group global ipv6 enable pppoe-client dial-pool-number 1 no cdp enable ! interface GigabitEthernet0/1 description ### JANOG31-Meeting ### no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress no ip route-cache cef load-interval 30 duplex auto speed auto ipv6 enable ipv6 nd managed-config-flag no keepalive ! interface GigabitEthernet0/1.101 description ### To NOC-SW ### encapsulation dot1Q 101 ip address 157.112.199.126 255.255.255.252 ip flow ingress ip tcp adjust-mss 1390 ipv6 address 2400:8700:31:CFFF::1/126 ipv6 enable ! interface GigabitEthernet0/1.151 description ### Staff Network ### encapsulation dot1Q 151 ip address 192.168.0.1 255.255.255.0 ip flow ingress ip nat inside no ip virtual-reassembly in ip tcp adjust-mss 1390 ipv6 address 2400:8700:31:C0DE::1/64 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server Staff-VLAN151-v6 ! interface GigabitEthernet0/1.152 description ### Server Network ### encapsulation dot1Q 152 ip address 157.112.199.6 255.255.255.248 ip flow ingress ip tcp adjust-mss 1390 ipv6 address 2400:8700:31:CA11::1/64 ipv6 enable ipv6 nd prefix default no-advertise ipv6 nd ra suppress ipv6 nd ra lifetime 0 ! interface GigabitEthernet0/1.153 description ### Mgmt Network ### encapsulation dot1Q 153 ip address 192.168.255.1 255.255.255.0 ip flow ingress ip tcp adjust-mss 1390 ! interface GigabitEthernet0/1.155 description ### Stable Network ### encapsulation dot1Q 155 ip address 172.16.0.1 255.255.0.0 ip flow ingress ip nat inside no ip virtual-reassembly in ip tcp adjust-mss 1390 ipv6 address 2400:8700:31:91EE::1/64 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server Stable-VLAN155-v6 ! interface GigabitEthernet0/2 no ip address duplex auto speed auto ! interface GigabitEthernet0/3 no ip address shutdown duplex auto speed auto ! interface Dialer1 mtu 1454 ip address negotiated no ip redirects no ip proxy-arp encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname ****** ppp chap password 7 ****** ! ! ip forward-protocol nd ! no ip http server no ip http secure-server ip flow-export source GigabitEthernet0/1.153 ip flow-export version 5 ip flow-export destination 192.168.255.73 2055 ! ip nat translation tcp-timeout 300 ip nat translation udp-timeout 120 ip nat translation dns-timeout 10 ip nat translation icmp-timeout 5 ip nat pool general-NW 157.112.199.32 157.112.199.63 netmask 255.255.255.224 ip nat pool staff-NW 157.112.199.64 157.112.199.95 netmask 255.255.255.224 ip nat inside source list 1 pool staff-NW overload ip nat inside source list 2 pool general-NW overload ip route 0.0.0.0 0.0.0.0 Tunnel1 157.112.199.246 ip route 157.112.198.0 255.255.254.0 Null0 ip route 157.112.198.0 255.255.255.0 GigabitEthernet0/1.101 157.112.199.125 ip route 157.112.199.252 255.255.255.252 Dialer1 ! logging host 192.168.255.71 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 permit 192.168.255.0 0.0.0.255 access-list 2 permit 172.16.0.0 0.0.255.255 access-list 10 permit 116.93.153.221 access-list 10 remark === VTY-GREE === access-list 10 permit 116.93.149.54 access-list 10 permit 192.168.0.0 0.0.0.255 access-list 10 permit 192.168.255.0 0.0.0.255 access-list 20 remark === SNMP-GREE === access-list 20 permit 202.32.106.233 access-list 30 remark === NTP === access-list 30 permit 210.173.160.27 access-list 30 permit 210.173.160.57 dialer-list 1 protocol ip permit ipv6 route 2400:8700:31::/49 GigabitEthernet0/1.101 2400:8700:31:CFFF::2 ipv6 route 2400:8700:31::/48 Null0 ipv6 route ::/0 Tunnel0 2400:8700:31:FFFE::2 ! ! snmp-server community ****** RO 1 snmp-server ifindex persist snmp-server enable traps entity-sensor threshold ! control-plane ! ! ! line con 0 exec-timeout 5 0 login local line aux 0 line vty 0 4 access-class 10 in password 7 ****** login local transport input all ! scheduler allocate 20000 1000 ntp server 210.173.160.57 ntp server 210.173.160.27 ! end