Cisco SD-Routing Secure WAN Edge Yang Commands

Secure WAN Edge Yang Commands

These secure WAN edge commands are qualified to use with Cisco SD-Routing devices on Cisco SD-WAN Manager.

Configuration example for secure WAN edge


sp2_ramones#sh run 
Building configuration...
    
Current configuration : 60158 bytes
!
! Last configuration change at 16:52:51 IST Wed Dec 4 2024 by admin
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
no service dhcp
service call-home
platform qfp utilization monitor load 60
no platform punt-keepalive disable-kernel-core
!
hostname sp2_ramones
!
boot-start-marker
boot system bootflash:c8000aep-universalk9.BLD_V1716_THROTTLE_LATEST_20241129_062507.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition dmvpn_parcel_vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition dmvpn_vrf
 !
 address-family ipv4
 exit-address-family
 !        
 address-family ipv6
 exit-address-family
!
vrf definition test_port_channel
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_eigrp
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_test_vnid
 vnid 10000
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_testyang
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_testyang_bgp
 rd 20:20
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_testyang_change
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging console
aaa new-model
!
!
aaa group server radius testyang
 ip radius source-interface Port-channel56
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local 
aaa authorization credential-download default if-authenticated 
aaa accounting connection testyang start-stop group testyang
!         
!
aaa server radius dynamic-author
 client 31.219.219.219
 client 31.218.218.218 server-key 6 cGCTVX_QAff_FRIALKPbN^E^_UeL_T`iJ
 client 31.218.218.220 server-key 6 M[XZFIIhUO\`ggfWRS\YIgGb`PiKZfCe[
!
aaa session-id common
clock timezone IST 5 30
!
!
subscriber templating
ip arp proxy disable
!
ip multicast-routing distributed
ip host A 100.100.100.4
ip host B 100.100.100.15
ip host C 100.100.100.25
ip host D 100.100.100.35
ip host E 100.100.100.45 100.100.100.55
ip host sp3_kahuna 75.75.1.2
ip host vbond1 70.70.70.125
ip name-server vrf Mgmt-intf 72.163.128.140 171.70.168.183
no ip domain lookup
ip domain lookup source-interface GigabitEthernet0
ip domain name cisco.com
!
!
!
!
!
ip nbar classification granularity fine-grain protocol http
!
!
!
!
!
ip bootp server
ip dhcp relay bootp ignore
ip dhcp excluded-address 191.191.191.191
!
ip dhcp pool yangtest
 network 191.191.191.0 255.255.255.0
 option 11 hex none
 default-router 191.191.191.191 
 dns-server 191.191.191.191 
 domain-name yangtest
!
!
!
ip wccp vrf vrf_testyang source-interface TenGigabitEthernet0/0/6
ip wccp vrf vrf_testyang web-cache redirect-list debug
login quiet-mode access-class debug
login on-success log
!
location civic-location identifier testyang
 building testyangtocheckthevmanage
!
!
!
!
!
fhrp version vrrp v3
ipv6 nd cache expire refresh
ipv6 unicast-routing
no ipv6 traffic interface-statistics
ipv6 spd queue max-threshold 65535
ipv6 spd queue min-threshold 65533
!
!         
! 
! 
! 
! 
mpls label mode all-vrfs protocol all-afs per-vrf
mpls ldp entropy-label
mpls traffic-eng trace buffer-size warning 231

parameter-map type inspect-global
 log flow-export v9 udp destination 12.13.14.1 2055
 log dropped-packets
 multi-tenancy
 alert on

parameter-map type inspect testyang
 tcp idle-time 10
  tcp idle reset off
!
flow record cts-record
 match flow cts destination group-tag
 match flow cts source group-tag
 match flow direction
 match interface input
 match interface output
 match ipv4 destination address
 match ipv4 protocol
 match ipv4 source address
 match transport destination-port
 match transport source-port
 collect counter packets
!
!
flow exporter EXPORTER-1
 destination 10.104.54.178
 transport udp 2055
!
!
flow monitor cts-monitor
 exporter EXPORTER-1
 cache timeout inactive 60
 cache entries 2000000
 record cts-record
!
sampler testyang
 description testyang
 mode random 1 out-of 10
!
device-tracking policy testyang
 security-level glean
 no protocol ndp
 no protocol dhcp6
 tracking enable reachable-lifetime infinite
!
!
!
key chain GCORE-MACSEC-PRIMARY macsec
 key 10
  cryptographic-algorithm aes-256-cmac
  lifetime 17:30:00 Jun 12 2019 infinite
 key 11
  cryptographic-algorithm aes-256-cmac
  lifetime 17:30:00 Jun 12 2019 infinite
key chain testyang
 key 12
  accept-lifetime local 17:30:00 Jun 12 2019 infinite
  send-lifetime 17:30:00 Jun 12 2019 infinite
password encryption aes
!
crypto pki trustpoint TP-self-signed-3498202562
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3498202562
 revocation-check none
 rsakeypair TP-self-signed-3498202562
 hash sha512
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha512
!
crypto pki trustpoint tp
 enrollment retry count 100
 enrollment retry period 2
 enrollment url http://110.110.110.110:80
 usage ike
 serial-number
 subject-name CN=radium-branch.scale.csco.com, ou=radium-branch
 subject-alt-name radium-branch.cisco.com,radium-branch.scale.csco.com
 revocation-check crl
 source interface TenGigabitEthernet0/0/7
 rsakeypair tp 4096
 hash sha256
!
crypto pki trustpoint testyang
 serial-number
 subject-name CN=testyang.cisco.com, ou=testyang
 subject-alt-name testyang.cisco.com, testyang.cisco.com
 revocation-check crl
 authorization username subjectname serialnumber 
 hash sha512
!
crypto pki trustpool policy
 revocation-check crl
!
!
!
crypto pki certificate map testyang 11
 name co testyang
 issuer-name co testyang
!
crypto pki certificate chain TP-self-signed-3498202562
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030 
  31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33343938 32303235 3632301E 170D3234 30393233 30383334 
  32395A17 0D333430 39323330 38333432 395A3031 312F302D 06035504 030C2649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34393832 
  30323536 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 
  0A028201 0100F1C8 2563BC24 FF06D1B9 AE694701 9925CE5B D4034840 D6FE6629 
  314529BE A2E031D8 5E742E12 529D0EF4 0686F67B 7C5B6324 37A5CA01 19DF9B09 
  0D9243F9 3DBAE939 158EBE8D D2DFACCA 8EEC8C44 ABFE9E3B 9E9523F1 622340CE 
  EE43A1D0 298CE705 C5D6B8D6 13EDF758 88C52B2B A001A491 A1B89FBC 6F896579 
  FE55CF77 A2FB4F20 54B00082 4FFB9A02 30CAD0F5 4B9A0DFA 1DBA7FBB C3D9E6E3 
  3F78ABAD 77C1894A 94426183 2D139888 31EED981 473C6D0B 660C97D1 CB5EAD66 
  67B714AC 8DB986D9 87A1BFDD A55E19E8 05FDA772 2CB337BB 40FC1C0E D78C05DF 
  D0589624 5D2665BB 0500947F CC6AC986 9D065FAF 89A09335 71A80819 79D17F51 
  830A9640 F9490203 010001A3 53305130 1D060355 1D0E0416 0414CC20 21010304 
  1A279640 018CB620 25E68CE5 72DA301F 0603551D 23041830 168014CC 20210103 
  041A2796 40018CB6 2025E68C E572DA30 0F060355 1D130101 FF040530 030101FF 
  300D0609 2A864886 F70D0101 0D050003 82010100 75890C58 87ACD470 F35BD477 
  CEABC76D BF7371FA F0DF8B21 C240252E 11A9C29C 387CF967 1C6A4662 B6CE339B 
  6BEC2166 A1D848C5 C9B2AA5A 92F2E6B2 4EB4DDDC 23083925 0211097C 85452AC3 
  26188B4D 566381C8 ED502012 5E18C29F 2D50D008 DF054419 66CE55EB CDBCC687 
  18CBF227 BC36E4D6 8A7BA599 874FAC42 EC7B09C1 C3A005A7 7F155C5A 42B33DA1 
  D31F48F9 844A71F1 83549F1F 9CCBD8AA E1940C9E CA8A0A9E B763795A B87EAEFE 
  8DE04845 6FCDD1B7 F47F92EB 7E46382B 45171027 3F29110F 6C554525 AF4822C2 
  2B86585F 047A8A43 76BA585B 42B8F413 324230A6 9F89C0F8 86FA4388 CA49A8FA 
  BFA7DF69 F13BDB18 65200612 EE8F315A 4AAA2164
  	quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D 
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B 
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 
  D697DF7F 28
  	quit
crypto pki certificate chain tp
 certificate 6E query
 certificate ca 01 query
 fingerprint  AE1B6022804E1E5C7408DAB8E5C0E1AC
crypto pki certificate chain testyang
!
cts logging verbose
!
!
!
!
!
!
!
!
license udi pid C8500-12X sn TTM23050SM5
license accept end user agreement
license boot level network-advantage
license smart url cslu testyang
!
!
!
!
!
object-group network dest-og 
 13.1.5.0 255.255.255.0
 host 12.1.1.2
 host 12.1.1.14
 host 12.1.1.15
 host 12.1.1.16
!
object-group network net-og2 
 host 12.1.1.63
 host 12.1.1.64
 host 12.1.1.65
 host 12.1.1.66
 host 12.1.1.67
 host 12.1.1.68
 host 12.1.1.69
 host 12.1.1.70
 host 12.1.1.71
 host 12.1.1.72
 host 12.1.1.73
 host 12.1.1.74
 host 12.1.1.75
 host 12.1.1.76
 host 12.1.1.77
 host 12.1.1.78
 host 12.1.1.79
 host 12.1.1.80
 host 12.1.1.81
 host 12.1.1.82
 host 12.1.1.83
 host 12.1.1.84
 host 12.1.1.85
 host 12.1.1.86
 host 12.1.1.87
 host 12.1.1.88
 host 12.1.1.89
 host 12.1.1.90
 host 12.1.1.91
 host 12.1.1.92
 host 12.1.1.93
 host 12.1.1.94
 host 12.1.1.95
 host 12.1.1.96
 host 12.1.1.97
 host 12.1.1.98
 host 12.1.1.99
 host 12.1.1.100
 host 12.1.1.101
 host 12.1.1.102
 host 12.1.1.103
 host 12.1.1.104
 host 12.1.1.105
 host 12.1.1.106
 host 12.1.1.107
 host 12.1.1.108
 host 12.1.1.109
 host 12.1.1.110
 host 12.1.1.111
 host 12.1.1.112
!
object-group network net-og1 
 13.1.5.0 255.255.255.0
 group-object net-og2
 host 12.1.1.2
 host 12.1.1.12
 host 12.1.1.13
 host 12.1.1.14
 host 12.1.1.15
 host 12.1.1.16
 host 12.1.1.17
 host 12.1.1.18
 host 12.1.1.19
 host 12.1.1.20
 host 12.1.1.21
 host 12.1.1.22
 host 12.1.1.23
 host 12.1.1.24
 host 12.1.1.25
 host 12.1.1.26
 host 12.1.1.27
 host 12.1.1.28
 host 12.1.1.29
 host 12.1.1.30
 host 12.1.1.31
 host 12.1.1.32
 host 12.1.1.33
 host 12.1.1.34
 host 12.1.1.35
 host 12.1.1.36
 host 12.1.1.37
 host 12.1.1.38
 host 12.1.1.39
 host 12.1.1.40
 host 12.1.1.41
 host 12.1.1.42
 host 12.1.1.43
 host 12.1.1.44
 host 12.1.1.45
 host 12.1.1.46
 host 12.1.1.47
 host 12.1.1.48
 host 12.1.1.49
 host 12.1.1.50
 host 12.1.1.51
 host 12.1.1.52
 host 12.1.1.53
 host 12.1.1.54
 host 12.1.1.55
 host 12.1.1.56
 host 12.1.1.57
 host 12.1.1.58
 host 12.1.1.59
 host 12.1.1.60
 host 12.1.1.61
!
object-group service service 
 udp range 1000 4000
!
object-group network sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-dstn_ 
 13.1.5.0 255.255.255.0
!
object-group network sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-src_ 
 12.1.1.0 255.255.255.0
!
object-group network udp_group 
 range 108.108.108.11 108.108.108.254
!
object-group service zbfw_svc 
 ip
!
file privilege 14
file prompt noisy
identity policy testyang
no memory lite
memory free low-watermark processor 683872
diagnostic bootup level minimal
!
spanning-tree extend system-id

et-analytics
 ip flow-export destination 10.104.54.178 2055
 ip flow-export destination 191.191.191.91 90
 whitelist acl debug
!
mka policy MACSEC-POLICY
 key-server priority 10
 macsec-cipher-suite gcm-aes-256 
 confidentiality-offset 30
 sak-rekey interval 60
 no include-icv-indicator
!
!
!
enable password 6 <removed>!
username admin privilege 15 secret 9 $9$PSlkFl7oqMoQBE$cpeqITQ6XgUkxXzR7dhCtqrXXGD/owBl/NRdvf6XZBo
username cisco password 6 <removed>username lab password 6 <removed>username rcpuse privilege 15 password 6 <removed>username scpuser privilege 15 password 6 <removed>username sdwan password 6 <removed>username sp3_kahuna privilege 15 password 6 <removed>username test privilege 15 password 6 <removed>username yang password 6 <removed>!
redundancy
 mode none
 application redundancy
  group 1
   name RG1
   preempt
   priority 250
   timers delay 10 reload 121
   control Port-channel64.100 protocol 4
   data Port-channel64.101
   asymmetric-routing interface Port-channel64.102
   asymmetric-routing always-divert enable
  group 2
   name NAT64
   preempt
   priority 250
   timers delay 10 reload 121
   control Port-channel64.200 protocol 4
   data Port-channel64.201
   asymmetric-routing always-divert enable
  protocol 4
   timers hellotime 1 holdtime 4
   authentication md5 key-string 7 05080F1C2243
bfd-template single-hop test
 interval min-tx 5000 min-rx 5000 multiplier 5
!
!
!
!
crypto ikev2 authorization policy testyang 
 route set access-list ipv6 V6_ACL
 route accept any tag 1000
!
crypto ikev2 proposal 1 
 encryption aes-cbc-256
 integrity sha512
 group 14
crypto ikev2 proposal p1-global 
 encryption aes-cbc-128 aes-cbc-192 aes-cbc-256
 integrity sha256 sha384 sha512
 group 14 15 16 19 20 21
crypto ikev2 proposal p2-global 
 encryption aes-gcm-128 aes-gcm-256
 prf sha256 sha384 sha512
 group 14 15 16 19 20 21
!
crypto ikev2 policy 1 
 proposal 1
no crypto ikev2 policy default
crypto ikev2 policy policy1-global 
 match fvrf any
 proposal p1-global
 proposal p2-global
crypto ikev2 policy testyang 
 ! Policy Incomplete(MUST have atleast one complete proposal attached)
 match address local 208.208.208.208
!
crypto ikev2 keyring dmvpn_parcel_ipsec
 peer any
  address 0.0.0.0 0.0.0.0
  pre-shared-key 6 NJ[I_VWZEJ`XcWB]RH_aJV_LFD\`dQRIX
 !
 peer any-ipv6
  address ::/0
  pre-shared-key 6 `]X\XBEbCKIcYGaZAFAVcMVK]QbPdeYCW
 !
!
crypto ikev2 keyring testyang
 peer testyang
  description testyang
  address 208.208.208.207
  pre-shared-key remote 6 IhQ^WBbGcZGbLfMPgLV_`H`MUX]UMKTBU
 !
 peer testyanghex
  address 208.209.208.207
  pre-shared-key hex 123123123123
 !
!
!
crypto ikev2 profile test_profile
 match address local 71.1.1.1
 match address local interface TenGigabitEthernet0/0/7
 match identity remote address 0.0.0.0 
 authentication remote rsa-sig
 authentication local rsa-sig
 pki trustpoint tp
!
crypto ikev2 profile dmvpn_parcel_ipsec
 match fvrf any
 match identity remote address 208.1.1.1 255.255.255.255 
 identity local address 207.1.1.1
 authentication remote pre-share
 authentication local pre-share
 keyring local dmvpn_parcel_ipsec
 dpd 10 3 on-demand
 no config-exchange request
!
crypto ikev2 profile testyang
 ! Profile incomplete (no match identity or match certificate statement)
 ! Profile incomplete (no local and/or remote authentication method specified)
 match address local 208.208.90.90
 identity local dn 
 aaa authorization group psk list local
 ivrf vrf_testyang
 reconnect timeout 901
!
crypto ikev2 dpd 30 5 on-demand
crypto ikev2 fragmentation mtu 1400
crypto ikev2 client flexvpn testyang
!
!
!
cdp run
!
lldp run
class-map type control match-all testyang
!
!
class-map match-all testyang
 match protocol sip
 match ip rtp 2001 1690
 match not security-group destination tag 40
class-map type inspect match-any cmap
 match access-group name OGACL
class-map match-any class-bfd
 match access-group name acl-bfd
class-map match-all t4
class-map match-any application_list-cm_
 match protocol attribute application-family application-service
 match protocol attribute application-family audio-video
 match protocol attribute application-family authentication
 match protocol attribute application-family encrypted
 match protocol attribute application-family instant-messaging
 match protocol attribute application-family microsoft-office
class-map type inspect match-any zone_cmap_new
 match protocol tcp
 match protocol udp
 match protocol icmp
 match protocol citrix
 match protocol http
 match protocol pop3
 match protocol rtsp
 match protocol ftp
 match protocol sip
 match protocol snmptrap
 match protocol smtp
 match protocol dns
 match protocol https
class-map type inspect match-any sp2_ramnoes_sec_pol_16_477639579-sRule1-l4-cm_
 match protocol citrix
 match protocol ftp
 match protocol http
 match protocol icmp
 match protocol pop3
 match protocol rtsp
 match protocol tcp
 match protocol udp
class-map type inspect match-all sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-cm_
 match class-map application_list-cm_
 match class-map sp2_ramnoes_sec_pol_16_477639579-sRule1-l4-cm_
 match access-group name sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-acl_
!
policy-map type inspect sp2_ramnoes_sec_pol_16_477639579
 class type inspect sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-cm_
  inspect
 class class-default
  drop
policy-map type inspect zone_pmap
 class type inspect cmap
  inspect
 class type inspect zone_cmap_new
  inspect
 class class-default
  pass
policy-map bfd-test-child
 class class-bfd
  shape average 100000   
  set cos 7
policy-map bfd-test-spoke
 class class-default
  shape average percent 100   
  service-policy bfd-test-child
policy-map type performance-monitor testy1
 class testyang
  react 1 media-stop
   description testyang
   action snmp
policy-map testyang
 class testyang
  set mpls experimental topmost 6
policy-map t4
 class t4
  bandwidth 100000
  random-detect precedence-based
  random-detect exponential-weighting-constant 10
policy-map bfd-test
 class class-default
  shape adaptive upper-bound 10000000000 lower-bound 1000000000   
  service-policy bfd-test-child
!
!
zone security lan_zone
zone security wan_zone
zone security sp2_ramnoes_destination_zone
zone security sp2_ramnoes_source_zone
zone security sp2_ramnoes_destination_zone_mod
zone-pair security ZP_sp2_ramnoes_sourc_-1225348416 source sp2_ramnoes_source_zone destination sp2_ramnoes_destination_zone_mod
 service-policy type inspect sp2_ramnoes_sec_pol_16_477639579
zone-pair security lan_zone-wan_zone source lan_zone destination wan_zone
 service-policy type inspect zone_pmap
zone-pair security wan_zone-lan_zone source wan_zone destination lan_zone
 service-policy type inspect zone_pmap
! 
crypto keyring testyang  
 local-address 208.208.208.208
 pre-shared-key address 208.208.207.209 key 6 `HgcQbYZYCFID_LaB[fJ`cAPSV[ZWgAAB
!
!
!
!
crypto isakmp aggressive-mode disable
crypto isakmp profile test
! This profile is incomplete (no match identity statement)
crypto isakmp profile yangtest
   keyring testyang
   match identity address ipv6 3FFE:2002::A8BB:CCFF:FE01:2C02/128 
   match identity address 208.208.208.208 255.255.255.255 
!
crypto ipsec security-association lifetime kilobytes disable
crypto ipsec security-association replay disable
!
crypto ipsec transform-set test_trans esp-gcm 
 mode tunnel
no crypto ipsec transform-set default
crypto ipsec transform-set IPSEC_TS1 esp-gcm 256 
 esn
 mode transport
crypto ipsec df-bit clear
!
!
crypto ipsec profile dmvpn_parcel_ipsec
 set security-association lifetime kilobytes disable
 set security-association replay window-size 64 
 set transform-set IPSEC_TS1 
 set ikev2-profile dmvpn_parcel_ipsec
!
crypto ipsec profile test_profile
 set transform-set test_trans 
 set ikev2-profile test_profile
!
crypto ipsec profile testyang
 description testyang
 set isakmp-profile test
 responder-only
!
!
crypto call admission limit all in-negotiation-sa 80
!
crypto map myikev2 20 ipsec-manual 
 set peer 191.191.191.191
 match address debug
 reverse-route static
!
crypto map myisa 20 ipsec-manual 
 set peer 191.191.191.191
 set isakmp-profile test
 match address debug
 reverse-route static
!
!
!
!
! 
! 
!
!
interface Loopback11
 no ip address
 ipv6 address <removed>
!
interface Loopback191
 vrf forwarding vrf_testyang
 no ip address
!
interface Loopback208
 ip address <removed>!
interface Loopback18990
 ip address <removed>!
interface Port-channel56
 ip address <removed> standby version 2
 no negotiation auto
 ipv6 address <removed>
 ipv6 address <removed>
 ipv6 address <removed>
 ipv6 address <removed>
!
interface Port-channel57
 no ip address
 no negotiation auto
!
interface Port-channel57.10
 encapsulation dot1Q 10
 vrf forwarding test_port_channel
 ipv6 address <removed>
 ipv6 address <removed>
!
interface Port-channel64
 no ip address
!
interface Port-channel64.100
 encapsulation dot1Q 100
 ip address <removed>!
interface Port-channel64.101
 encapsulation dot1Q 101
 ip address <removed>!
interface Port-channel64.102
 encapsulation dot1Q 102
 ip address <removed>!
interface Port-channel64.200
 encapsulation dot1Q 200
 ip address <removed>!
interface Port-channel64.201
 encapsulation dot1Q 201
 ip address <removed>!
interface Tunnel2
 bandwidth 200000000
 ip flow monitor cts-monitor input
 ip flow monitor cts-monitor output
 ip address <removed> no ip redirects
 ip mtu 9216
 ip pim nbma-mode
 ip pim sparse-mode
 ip nhrp authentication iplabs
 ip nhrp map 8.1.1.1 45.35.1.1
 ip nhrp map 8.1.1.10 1.200.1.1
 ip nhrp map 8.1.1.31 85.75.1.2
 ip nhrp map multicast 1.200.1.1
 ip nhrp map multicast 45.35.1.1
 ip nhrp map multicast 85.75.1.2
 ip nhrp summary-map 12.1.1.0/24 
 ip nhrp network-id 2
 ip nhrp holdtime 300
 ip nhrp nhs 8.1.1.1
 ip nhrp nhs 8.1.1.10
 ip nhrp nhs 8.1.1.31
 no ip nhrp record
 ip nhrp registration timeout 300
 ip access-group 179 in
 ip access-group 179 out
 zone-member security wan_zone
 ip tcp adjust-mss 1376
 load-interval 30
 ipv6 address <removed>
 ipv6 mtu 9960
 ipv6 nhrp authentication iplabs
 ipv6 nhrp map 8::1/128 45.35.1.1
 ipv6 nhrp map 8::10/128 1.200.1.1
 ipv6 nhrp map 8::22/128 85.75.1.2
 ipv6 nhrp map multicast 1.200.1.1
 ipv6 nhrp map multicast 45.35.1.1
 ipv6 nhrp map multicast 85.75.1.2
 ipv6 nhrp network-id 2
 ipv6 nhrp nhs 8::1
 ipv6 nhrp nhs 8::10
 ipv6 nhrp nhs 8::22
 nhrp group SPOKE_10G
 cts sgt inline
 et-analytics enable
 bfd template test
 tunnel source TenGigabitEthernet0/0/7
 tunnel mode gre multipoint
 tunnel key 200
 tunnel path-mtu-discovery
 tunnel bandwidth transmit 9000000
 tunnel bandwidth receive 9000000
 tunnel protection ipsec profile test_profile
!
interface Tunnel190
 bandwidth receive inherit
 no ip address
!
interface Tunnel191
 no ip address
 no ip redirects
 ip pim dr-priority 4294967294
 tunnel mode ipv6ip 6rd
 tunnel 6rd ipv4 prefix-len 20
!
interface Tunnel192
 no ip address
 tunnel mode rbscp
 tunnel rbscp window-stuff 1
 tunnel rbscp ack-split 4
!
interface Tunnel195
 no ip address
 tunnel fixup nat
!
interface Tunnel196
 no ip address
!
interface Tunnel197
 vrf forwarding vrf_testyang
 no ip address
 ip wccp vrf vrf_testyang web-cache redirect in
 ip wccp vrf vrf_testyang web-cache redirect out
!
interface Tunnel199
 no ip address
 ip helper-address 191.191.191.176
 ip helper-address 191.191.191.191
 no ip redirects
 ip local-proxy-arp
 ip wccp vrf vrf_testyang web-cache redirect in
 ip pim dr-priority 23456
 ip pim nbma-mode
 ip pim sparse-dense-mode
 ip nat inside
 ip nhrp summary-map 208.208.208.0/24 
 ip nhrp interest 90
 ip nhrp nhs cluster 9 max-connections 250
 ip nhrp use 100
 ip nhrp registration timeout 100
 ip verify unicast source reachable-via any allow-self-ping
 ip route-cache policy
 nat64 enable
 ipv6 nhrp nhs dynamic nbma 208.208.108.108
 ipv6 nhrp max-send 65000 every 10
 nhrp group testyang
 nhrp map group testyang service-policy output testyang
 qos pre-classify
 tunnel tos 10
 tunnel vrf vrf_testyang
 tunnel fixup nat
 service-policy input testyang
 service-policy output testyang
 ip virtual-reassembly
!
interface Tunnel60000111
 bandwidth 1400
 vrf forwarding dmvpn_parcel_vrf
 ip address <removed> no ip redirects
 ip mtu 1400
 ip nhrp network-id 110
 ip nhrp redirect
 ip tcp adjust-mss 1360
 delay 1000
 ipv6 mtu 1400
 ipv6 tcp adjust-mss 1360
 bfd interval 100 min_rx 120 multiplier 5
 tunnel source TenGigabitEthernet0/0/7
 tunnel mode gre multipoint
 tunnel key 110
 tunnel path-mtu-discovery
 tunnel protection ipsec profile dmvpn_parcel_ipsec
!
interface TenGigabitEthernet0/0/0
 description "to switch eth1/11"
 no ip address
 load-interval 30
 no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/0.20
 encapsulation dot1Q 10
 ip address <removed> ip nat inside
 zone-member security lan_zone
 redundancy rii 13
 redundancy group 1 ip 108.108.108.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/1
 ip address <removed> ip nbar protocol-discovery
 ip nat inside
 zone-member security lan_zone
 load-interval 30
 no negotiation auto
 cdp enable
 et-analytics enable
 redundancy rii 41
 redundancy group 1 ip 192.168.11.10 exclusive decrement 10
 ip virtual-reassembly
!
interface TenGigabitEthernet0/0/2
 no ip address
 ip verify unicast source reachable-via rx l2-src
 no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/2.500
 encapsulation dot1Q 500
 ip address <removed> ip nat inside
!
interface TenGigabitEthernet0/0/3
 ip address <removed> no negotiation auto
 cdp enable
 redundancy rii 33
 redundancy group 1 ip 109.109.109.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/4
 no ip address
 no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/5
 mtu 9216
 ip address <removed> ip pim sparse-mode
 zone-member security lan_zone
 ip igmp static-group 224.1.1.1
 standby version 2
 standby 10 ip 12.1.1.10
 standby 10 priority 20
 standby 10 preempt
 standby 20 ipv6 12::10/64
 standby 20 priority 10
 standby 20 preempt
 load-interval 30
 no negotiation auto
 cdp enable
 ipv6 address <removed>
 ipv6 mtu 9216
!
interface TenGigabitEthernet0/0/6
 vrf forwarding vrf_testyang
 no ip address
 ip pim sparse-dense-mode
 ip igmp version 1
 ip policy route-map testyangipv4
 no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/7
 description connected to core2-espx
 mtu 9216
 ip address <removed> ip nbar protocol-discovery
 ip nat outside
 zone-member security wan_zone
 load-interval 30
 no negotiation auto
 cdp enable
 redundancy rii 14
 redundancy asymmetric-routing enable
 redundancy group 1 decrement 20
 hold-queue 240000 in
 hold-queue 240000 out
!
interface TenGigabitEthernet0/0/8
 no ip address
 load-interval 30
 no negotiation auto
 cdp enable
 channel-group 64
!
interface TenGigabitEthernet0/0/9
 no ip address
 load-interval 30
 no negotiation auto
 cdp enable
 channel-group 64
!
interface TenGigabitEthernet0/0/10
 mtu 9216
 ip address <removed> ip mtu 9000
 ip nat outside
 no negotiation auto
 cdp enable
 redundancy rii 34
!
interface TenGigabitEthernet0/0/11
 ip address <removed> no negotiation auto
 cdp enable
 ipv6 address <removed>
 ipv6 ospf 100 area 100.200.100.200
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address <removed> negotiation auto
 cdp enable
 ipv6 address <removed>
!
interface Virtual-Template192 type tunnel
 ip unnumbered Loopback191
 ipv6 unnumbered Loopback191
 ipv6 tcp adjust-mss 149
 tunnel source Loopback191
 tunnel mode ipv6
 tunnel destination dynamic
 tunnel path-mtu-discovery
 tunnel path-mtu-discovery age-timer 30
!
interface Virtual-Template193 type tunnel
 no ip address
 tunnel mode gre ipv6
 tunnel path-mtu-discovery
 tunnel vrf vrf_testyang
!
interface Dialer10
!
l3vpn encapsulation ip testyang
!
router eigrp 100
 !
 address-family ipv4 vrf Mgmt-intf 
 exit-address-family
 network 3.3.3.0 0.0.0.255
 network 71.1.1.0 0.0.0.255
 network 108.108.108.0 0.0.0.255
 network 208.1.1.4 0.0.0.0
!
!
router eigrp test_vrf
 !
 address-family ipv4 unicast vrf vrf_eigrp autonomous-system 101
  !
  topology base
  exit-af-topology
  network 19.0.81.0 0.0.0.255
  metric rib-scale 30
  metric weights 0 10 22 254 0 0 0
 exit-address-family
!
!
router eigrp testyang
 shutdown
!
router ospfv3 200
 !
 address-family ipv6 unicast
  redistribute static
 exit-address-family
!
router ospfv3 2000
!
router ospf 20
!
router bgp 302
 bgp router-id 3.2.2.2
 bgp log-neighbor-changes
 bgp listen limit 10000
 bgp update-delay 5
 no bgp default ipv4-unicast
 neighbor 8::1 remote-as 101
 neighbor 8::10 remote-as 103
 neighbor 8.1.1.1 remote-as 101
 neighbor 8.1.1.10 remote-as 103
 neighbor 8.1.1.31 remote-as 4200003213
 neighbor 208.209.210.211 remote-as 302
 neighbor 208.209.210.211 transport path-mtu-discovery disable
 neighbor 208.209.210.211 transport connection-mode passive
 !
 address-family ipv4
  network 12.0.0.0
  network 12.1.1.0 mask 255.255.255.0
  network 16.0.0.0
  network 192.168.11.0
  redistribute static
  neighbor 8.1.1.1 activate
  neighbor 8.1.1.10 activate
  neighbor 8.1.1.10 route-map LOCAL-PREF in
  neighbor 8.1.1.31 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 208.209.210.211 activate
  neighbor 208.209.210.211 send-community extended
  neighbor 208.209.210.211 allow-policy
  neighbor 208.209.210.211 route-reflector-client
 exit-address-family
 !
 address-family ipv6
  redistribute connected
  network 12::/64
  neighbor 8::1 activate
  neighbor 8::1 route-map LOCAL-PREF in
  neighbor 8::10 activate
 exit-address-family
 !
 address-family ipv6 multicast
  redistribute static route-map testyang
 exit-address-family
 !
 address-family ipv4 vrf vrf_testyang_bgp
  bgp router-id auto-assign
  neighbor 208.208.208.208 remote-as 1200
  neighbor 208.208.208.208 password 7 <removed>  neighbor 208.208.208.208 fall-over bfd single-hop
  neighbor 208.208.208.208 activate
 exit-address-family
!
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host sp2_ramones 71.1.1.1 admin enable
ip rcmd remote-host sp3_kahuna 75.75.1.2 sp3_kahuna enable
ip rcmd remote-host sp2_ramones 70.70.70.177 test enable
ip rcmd remote-host test 70.70.70.177 test enable
ip rcmd remote-host test 75.75.1.2 test enable
ip rcmd remote-username test
ip rcmd source-interface TenGigabitEthernet0/0/7
ip forward-protocol nd
no ip forward-protocol udp
!
ip tcp selective-ack
ip tcp mss 1460
ip pim rp-address 100.100.100.100
ip pim vrf vrf_testyang rp-address 191.191.191.191 override
ip pim vrf vrf_testyang autorp listener
ip pim vrf vrf_testyang spt-threshold 0 group-list 99
ip pim vrf vrf_testyang_change autorp listener
ip msdp vrf vrf_testyang peer 191.191.191.191 connect-source Loopback191
ip msdp vrf vrf_testyang originator-id Loopback191
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
no ip ftp passive
ip ftp source-interface TenGigabitEthernet0/0/7
ip ftp username test
ip ftp password 7 <removed>ip dns server
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0
ip nat settings gatekeeper-size 512
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 180
ip nat pool p1 172.16.10.1 172.16.255.254 prefix-length 16
ip nat pool pat_pool1 40.1.1.1 40.1.255.254 prefix-length 16
ip nat inside source list 1 interface Tunnel199 overload
ip nat inside source list 2699 pool p1 redundancy 1 mapping-id 2147483647 overload
ip ospf name-lookup
ip ssh bulk-mode 131072
ip ssh source-interface TenGigabitEthernet0/0/7
ip ssh pubkey-chain
 username test
  key-hash ssh-rsa 62BD8FA843C9F4715D6185FA0FB02950 test@hmadrele-virtual-machine
ip ssh server algorithm encryption aes128-ctr
ip scp server enable
ip sftp username test
ip sftp password 7 <removed>ip route profile
ip route 16.0.0.0 255.0.0.0 192.168.11.2
ip route 23.0.0.0 255.0.0.0 71.1.1.2
ip route 81.0.0.0 255.0.0.0 109.109.109.3
ip route 82.0.0.0 255.0.0.0 71.1.1.2
ip route 109.110.110.0 255.255.255.0 71.1.1.2
ip route 172.10.1.1 255.255.255.255 71.1.1.2
ip route 172.10.1.11 255.255.255.255 71.1.1.2
ip route 172.10.1.12 255.255.255.255 71.1.1.2
ip route 172.10.1.13 255.255.255.255 71.1.1.2
ip route 172.10.1.20 255.255.255.255 71.1.1.2
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 9.44.0.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
ip route vrf vrf_eigrp 208.208.208.208 255.255.255.255 1.1.1.1
ip route vrf vrf_eigrp 208.208.208.208 255.255.255.255 71.1.1.2
ip route vrf vrf_eigrp 208.210.210.210 255.255.255.255 71.1.1.2 permanent
!
ip access-list standard SNMP_SDROUTING_FTP
 10 permit any
ip access-list standard SNMP_SDROUTING_RCP
 10 permit any log
ip access-list standard SNMP_SDROUTING_SCP
 10 permit any log
ip access-list standard SNMP_SDROUTING_SFTP
 10 permit any log
ip access-list standard SNMP_SDROUTING_TFTP
 10 permit any log
!
ip access-list extended BUF-FILTER
 10 permit ip host 75.75.1.2 host 3.3.3.1
ip access-list extended CONDITIONAL_ACL
 10 permit ip any any
ip access-list extended OGACL
 10 permit object-group service object-group net-og1 object-group dest-og
ip access-list extended acl-bfd
 10 permit udp any any eq 3784
 20 permit udp any any eq 3785
ip access-list extended cap
 10 permit ip any any
ip access-list extended debug
 10 permit ip any any
 20 permit gre any any
 30 remark to check the sd-routing behavior
 40 remark to check CRUD
 50 remark another remark to CRUD second time
ip access-list extended sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-acl_
 11 permit object-group zbfw_svc object-group sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-src_ object-group sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-dstn_
!
ip access-list role-based testyang
 10 permit ip
 20 permit gre
!
ip prefix-list testyang seq 5 permit 208.208.209.210/32
logging server-arp
ip access-list standard 1
 10 permit 22.0.0.0 0.255.255.255
ip access-list standard 90
 10 deny any
ip access-list extended 179
 10 deny udp any any eq 3785
 20 permit ip any any
ip access-list extended 2699
 10 permit ip 30.0.0.0 0.255.255.255 any
 20 permit udp object-group udp_group any
 30 permit ip 22.0.0.0 0.255.255.255 any
 40 permit ip 23.0.0.0 0.255.255.255 any
arp entries interface-limit 2147483647
ipv6 route 2001:DC8:8086:6502::/64 2001:DB8:8086:6502::1
ipv6 route 2002::/64 2001::2
ipv6 route 4000::/32 2001::2
ipv6 route 4001::/64 2001::2
ipv6 route 4002::/64 2001::2
ipv6 route 4003::/64 2001::2
ipv6 route 4004::/64 2001::2
ipv6 route 4005::/64 2001::2
ipv6 route 4006::/64 2001::2
ipv6 route 4007::/64 2001::2
ipv6 route 4008::/64 2001::2
ipv6 route 4009::/64 2001::2
ipv6 route 400A::/64 2001::2
ipv6 route 400B::/64 2001::2
ipv6 route 400C::/64 2001::2
ipv6 route 400D::/64 2001::2
ipv6 route 400E::/64 2001::2
ipv6 route 400F::/64 2001::2
ipv6 route 4010::/64 2001::2
ipv6 route 4011::/64 2001::2
ipv6 route 4012::/64 2001::2
ipv6 route 4013::/64 2001::2
ipv6 route 4014::/64 2001::2
ipv6 route 4015::/64 2001::2
ipv6 route 4016::/64 2001::2
ipv6 route 4017::/64 2001::2
ipv6 route 4018::/64 2001::2
ipv6 route 4019::/64 2001::2
ipv6 route 401A::/64 2001::2
ipv6 route 401B::/64 2001::2
ipv6 route 401C::/64 2001::2
ipv6 route 401D::/64 2001::2
ipv6 route 401E::/64 2001::2
ipv6 route 401F::/64 2001::2
ipv6 route 4020::/64 2001::2
ipv6 route 4021::/64 2001::2
ipv6 route 4022::/64 2001::2
ipv6 route 4023::/64 2001::2
ipv6 route 4024::/64 2001::2
ipv6 route 4025::/64 2001::2
ipv6 route 4026::/64 2001::2
ipv6 route 4027::/64 2001::2
ipv6 route 4028::/64 2001::2
ipv6 route 4029::/64 2001::2
ipv6 route 402A::/64 2001::2
ipv6 route 402B::/64 2001::2
ipv6 route 402C::/64 2001::2
ipv6 route 402D::/64 2001::2
ipv6 route 402E::/64 2001::2
ipv6 route 402F::/64 2001::2
ipv6 route 4030::/64 2001::2
ipv6 route 4031::/64 2001::2
ipv6 route 4032::/64 2001::2
ipv6 route 4033::/64 2001::2
ipv6 route 4034::/64 2001::2
ipv6 route 4035::/64 2001::2
ipv6 route 4036::/64 2001::2
ipv6 route 4037::/64 2001::2
ipv6 route 4038::/64 2001::2
ipv6 route 4039::/64 2001::2
ipv6 route 403A::/64 2001::2
ipv6 route 403B::/64 2001::2
ipv6 route 403C::/64 2001::2
ipv6 route 403D::/64 2001::2
ipv6 route 403E::/64 2001::2
ipv6 route 403F::/64 2001::2
ipv6 route 4040::/64 2001::2
ipv6 route 4041::/64 2001::2
ipv6 route 4042::/64 2001::2
ipv6 route 4043::/64 2001::2
ipv6 route 4044::/64 2001::2
ipv6 route 4045::/64 2001::2
ipv6 route 4046::/64 2001::2
ipv6 route 4047::/64 2001::2
ipv6 route 4048::/64 2001::2
ipv6 route 4049::/64 2001::2
ipv6 route 404A::/64 2001::2
ipv6 route 404B::/64 2001::2
ipv6 route 404C::/64 2001::2
ipv6 route 404D::/64 2001::2
ipv6 route 404E::/64 2001::2
ipv6 route 404F::/64 2001::2
ipv6 route 4050::/64 2001::2
ipv6 route 4051::/64 2001::2
ipv6 route 4052::/64 2001::2
ipv6 route 4053::/64 2001::2
ipv6 route 4054::/64 2001::2
ipv6 route 4055::/64 2001::2
ipv6 route 4056::/64 2001::2
ipv6 route 4057::/64 2001::2
ipv6 route 4058::/64 2001::2
ipv6 route 4059::/64 2001::2
ipv6 route 405A::/64 2001::2
ipv6 route 405B::/64 2001::2
ipv6 route 405C::/64 2001::2
ipv6 route 405D::/64 2001::2
ipv6 route 405E::/64 2001::2
ipv6 route 405F::/64 2001::2
ipv6 route 4060::/64 2001::2
ipv6 route 4061::/64 2001::2
ipv6 route 4062::/64 2001::2
ipv6 route 4063::/64 2001::2
ipv6 route 4064::/64 2001::2
ipv6 route 4065::/64 2001::2
ipv6 route 4066::/64 2001::2
ipv6 route 4067::/64 2001::2
ipv6 route 4068::/64 2001::2
ipv6 route 4069::/64 2001::2
ipv6 route 406A::/64 2001::2
ipv6 route 406B::/64 2001::2
ipv6 route 406C::/64 2001::2
ipv6 route 406D::/64 2001::2
ipv6 route 406E::/64 2001::2
ipv6 route 406F::/64 2001::2
ipv6 route 4070::/64 2001::2
ipv6 route 4071::/64 2001::2
ipv6 route 4072::/64 2001::2
ipv6 route 4073::/64 2001::2
ipv6 route 4074::/64 2001::2
ipv6 route 4075::/64 2001::2
ipv6 route 4076::/64 2001::2
ipv6 route 4077::/64 2001::2
ipv6 route 4078::/64 2001::2
ipv6 route 4079::/64 2001::2
ipv6 route 407A::/64 2001::2
ipv6 route 407B::/64 2001::2
ipv6 route 407C::/64 2001::2
ipv6 route 407D::/64 2001::2
ipv6 route 407E::/64 2001::2
ipv6 route 407F::/64 2001::2
ipv6 route 4080::/64 2001::2
ipv6 route 4081::/64 2001::2
ipv6 route 4082::/64 2001::2
ipv6 route 4083::/64 2001::2
ipv6 route 4084::/64 2001::2
ipv6 route 4085::/64 2001::2
ipv6 route 4086::/64 2001::2
ipv6 route 4087::/64 2001::2
ipv6 route 4088::/64 2001::2
ipv6 route 4089::/64 2001::2
ipv6 route 408A::/64 2001::2
ipv6 route 408B::/64 2001::2
ipv6 route 408C::/64 2001::2
ipv6 route 408D::/64 2001::2
ipv6 route 408E::/64 2001::2
ipv6 route 408F::/64 2001::2
ipv6 route 4090::/64 2001::2
ipv6 route 4091::/64 2001::2
ipv6 route 4092::/64 2001::2
ipv6 route 4093::/64 2001::2
ipv6 route 4094::/64 2001::2
ipv6 route 4095::/64 2001::2
ipv6 route 4096::/64 2001::2
ipv6 route 4097::/64 2001::2
ipv6 route 4098::/64 2001::2
ipv6 route 4099::/64 2001::2
ipv6 route 409A::/64 2001::2
ipv6 route 409B::/64 2001::2
ipv6 route 409C::/64 2001::2
ipv6 route 409D::/64 2001::2
ipv6 route 409E::/64 2001::2
ipv6 route 409F::/64 2001::2
ipv6 route 40A0::/64 2001::2
ipv6 route 40A1::/64 2001::2
ipv6 route 40A2::/64 2001::2
ipv6 route 40A3::/64 2001::2
ipv6 route 40A4::/64 2001::2
ipv6 route 40A5::/64 2001::2
ipv6 route 40A6::/64 2001::2
ipv6 route 40A7::/64 2001::2
ipv6 route 40A8::/64 2001::2
ipv6 route 40A9::/64 2001::2
ipv6 route 40AA::/64 2001::2
ipv6 route 40AB::/64 2001::2
ipv6 route 40AC::/64 2001::2
ipv6 route 40AD::/64 2001::2
ipv6 route 40AE::/64 2001::2
ipv6 route 40AF::/64 2001::2
ipv6 route 40B0::/64 2001::2
ipv6 route 40B1::/64 2001::2
ipv6 route 40B2::/64 2001::2
ipv6 route 40B3::/64 2001::2
ipv6 route 40B4::/64 2001::2
ipv6 route 40B5::/64 2001::2
ipv6 route 40B6::/64 2001::2
ipv6 route 40B7::/64 2001::2
ipv6 route 40B8::/64 2001::2
ipv6 route 40B9::/64 2001::2
ipv6 route 40BA::/64 2001::2
ipv6 route 40BB::/64 2001::2
ipv6 route 40BC::/64 2001::2
ipv6 route 40BD::/64 2001::2
ipv6 route 40BE::/64 2001::2
ipv6 route 40BF::/64 2001::2
ipv6 route 40C0::/64 2001::2
ipv6 route 40C1::/64 2001::2
ipv6 route 40C2::/64 2001::2
ipv6 route 40C3::/64 2001::2
ipv6 route 40C4::/64 2001::2
ipv6 route 40C5::/64 2001::2
ipv6 route 40C6::/64 2001::2
ipv6 route 40C7::/64 2001::2
ipv6 route 40C8::/64 2001::2
ipv6 route 40C9::/64 2001::2
ipv6 route 40CA::/64 2001::2
ipv6 route 40CB::/64 2001::2
ipv6 route 40CC::/64 2001::2
ipv6 route 40CD::/64 2001::2
ipv6 route 40CE::/64 2001::2
ipv6 route 40CF::/64 2001::2
ipv6 route 40D0::/64 2001::2
ipv6 route 40D1::/64 2001::2
ipv6 route 40D2::/64 2001::2
ipv6 route 40D3::/64 2001::2
ipv6 route 40D4::/64 2001::2
ipv6 route 40D5::/64 2001::2
ipv6 route 40D6::/64 2001::2
ipv6 route 40D7::/64 2001::2
ipv6 route 40D8::/64 2001::2
ipv6 route 40D9::/64 2001::2
ipv6 route 40DA::/64 2001::2
ipv6 route 40DB::/64 2001::2
ipv6 route 40DC::/64 2001::2
ipv6 route 40DD::/64 2001::2
ipv6 route 40DE::/64 2001::2
ipv6 route 40DF::/64 2001::2
ipv6 route 40E0::/64 2001::2
ipv6 route 40E1::/64 2001::2
ipv6 route 40E2::/64 2001::2
ipv6 route 40E3::/64 2001::2
ipv6 route 40E4::/64 2001::2
ipv6 route 40E5::/64 2001::2
ipv6 route 40E6::/64 2001::2
ipv6 route 40E7::/64 2001::2
ipv6 route 40E8::/64 2001::2
ipv6 route 40E9::/64 2001::2
ipv6 route 40EA::/64 2001::2
ipv6 route 40EB::/64 2001::2
ipv6 route 40EC::/64 2001::2
ipv6 route 40ED::/64 2001::2
ipv6 route 40EE::/64 2001::2
ipv6 route 40EF::/64 2001::2
ipv6 route 40F0::/64 2001::2
ipv6 route 40F1::/64 2001::2
ipv6 route 40F2::/64 2001::2
ipv6 route 40F3::/64 2001::2
ipv6 route 40F4::/64 2001::2
ipv6 route 40F5::/64 2001::2
ipv6 route 40F6::/64 2001::2
ipv6 route 40F7::/64 2001::2
ipv6 route 40F8::/64 2001::2
ipv6 route 40F9::/64 2001::2
ipv6 route 40FA::/64 2001::2
ipv6 route 40FB::/64 2001::2
ipv6 route 40FC::/64 2001::2
ipv6 route 40FD::/64 2001::2
ipv6 route 40FE::/64 2001::2
ipv6 route 40FF::/64 2001::2
ipv6 route 4100::/64 2001::2
ipv6 route 4101::/64 2001::2
ipv6 route 4102::/64 2001::2
ipv6 route 4103::/64 2001::2
ipv6 route 4104::/64 2001::2
ipv6 route 4105::/64 2001::2
ipv6 route 4106::/64 2001::2
ipv6 route 4107::/64 2001::2
ipv6 route 4108::/64 2001::2
ipv6 route 4109::/64 2001::2
ipv6 route 410A::/64 2001::2
ipv6 route 410B::/64 2001::2
ipv6 route 410C::/64 2001::2
ipv6 route 410D::/64 2001::2
ipv6 route 410E::/64 2001::2
ipv6 route 410F::/64 2001::2
ipv6 route 4110::/64 2001::2
ipv6 route 4111::/64 2001::2
ipv6 route 4112::/64 2001::2
ipv6 route 4113::/64 2001::2
ipv6 route 4114::/64 2001::2
ipv6 route 4115::/64 2001::2
ipv6 route 4116::/64 2001::2
ipv6 route 4117::/64 2001::2
ipv6 route 4118::/64 2001::2
ipv6 route 4119::/64 2001::2
ipv6 route 411A::/64 2001::2
ipv6 route 411B::/64 2001::2
ipv6 route 411C::/64 2001::2
ipv6 route 411D::/64 2001::2
ipv6 route 411E::/64 2001::2
ipv6 route 411F::/64 2001::2
ipv6 route 4120::/64 2001::2
ipv6 route 4121::/64 2001::2
ipv6 route 4122::/64 2001::2
ipv6 route 4123::/64 2001::2
ipv6 route 4124::/64 2001::2
ipv6 route 4125::/64 2001::2
ipv6 route 4126::/64 2001::2
ipv6 route 4127::/64 2001::2
ipv6 route 4128::/64 2001::2
ipv6 route 4129::/64 2001::2
ipv6 route 412A::/64 2001::2
ipv6 route 412B::/64 2001::2
ipv6 route 412C::/64 2001::2
ipv6 route 412D::/64 2001::2
ipv6 route 412E::/64 2001::2
ipv6 route 412F::/64 2001::2
ipv6 route 4130::/64 2001::2
ipv6 route 4131::/64 2001::2
ipv6 route 4132::/64 2001::2
ipv6 route 4133::/64 2001::2
ipv6 route 4134::/64 2001::2
ipv6 route 4135::/64 2001::2
ipv6 route 4136::/64 2001::2
ipv6 route 4137::/64 2001::2
ipv6 route 4138::/64 2001::2
ipv6 route 4139::/64 2001::2
ipv6 route 413A::/64 2001::2
ipv6 route 413B::/64 2001::2
ipv6 route 413C::/64 2001::2
ipv6 route 413D::/64 2001::2
ipv6 route 413E::/64 2001::2
ipv6 route 413F::/64 2001::2
ipv6 route 4140::/64 2001::2
ipv6 route 4141::/64 2001::2
ipv6 route 4142::/64 2001::2
ipv6 route 4143::/64 2001::2
ipv6 route 4144::/64 2001::2
ipv6 route 4145::/64 2001::2
ipv6 route 4146::/64 2001::2
ipv6 route 4147::/64 2001::2
ipv6 route 4148::/64 2001::2
ipv6 route 4149::/64 2001::2
ipv6 route 414A::/64 2001::2
ipv6 route 414B::/64 2001::2
ipv6 route 414C::/64 2001::2
ipv6 route 414D::/64 2001::2
ipv6 route 414E::/64 2001::2
ipv6 route 414F::/64 2001::2
ipv6 route 4150::/64 2001::2
ipv6 route 4151::/64 2001::2
ipv6 route 4152::/64 2001::2
ipv6 route 4153::/64 2001::2
ipv6 route 4154::/64 2001::2
ipv6 route 4155::/64 2001::2
ipv6 route 4156::/64 2001::2
ipv6 route 4157::/64 2001::2
ipv6 route 4158::/64 2001::2
ipv6 route 4159::/64 2001::2
ipv6 route 415A::/64 2001::2
ipv6 route 415B::/64 2001::2
ipv6 route 415C::/64 2001::2
ipv6 route 415D::/64 2001::2
ipv6 route 415E::/64 2001::2
ipv6 route 415F::/64 2001::2
ipv6 route 4160::/64 2001::2
ipv6 route 4161::/64 2001::2
ipv6 route 4162::/64 2001::2
ipv6 route 4163::/64 2001::2
ipv6 route 4164::/64 2001::2
ipv6 route 4165::/64 2001::2
ipv6 route 4166::/64 2001::2
ipv6 route 4167::/64 2001::2
ipv6 route 4168::/64 2001::2
ipv6 route 4169::/64 2001::2
ipv6 route 416A::/64 2001::2
ipv6 route 416B::/64 2001::2
ipv6 route 416C::/64 2001::2
ipv6 route 416D::/64 2001::2
ipv6 route 416E::/64 2001::2
ipv6 route 416F::/64 2001::2
ipv6 route 4170::/64 2001::2
ipv6 route 4171::/64 2001::2
ipv6 route 4172::/64 2001::2
ipv6 route 4173::/64 2001::2
ipv6 route 4174::/64 2001::2
ipv6 route 4175::/64 2001::2
ipv6 route 4176::/64 2001::2
ipv6 route 4177::/64 2001::2
ipv6 route 4178::/64 2001::2
ipv6 route 4179::/64 2001::2
ipv6 route 417A::/64 2001::2
ipv6 route 417B::/64 2001::2
ipv6 route 417C::/64 2001::2
ipv6 route 417D::/64 2001::2
ipv6 route 417E::/64 2001::2
ipv6 route 417F::/64 2001::2
ipv6 route 4180::/64 2001::2
ipv6 route 4181::/64 2001::2
ipv6 route 4182::/64 2001::2
ipv6 route 4183::/64 2001::2
ipv6 route 4184::/64 2001::2
ipv6 route 4185::/64 2001::2
ipv6 route 4186::/64 2001::2
ipv6 route 4187::/64 2001::2
ipv6 route 4188::/64 2001::2
ipv6 route 4189::/64 2001::2
ipv6 route 418A::/64 2001::2
ipv6 route 418B::/64 2001::2
ipv6 route 418C::/64 2001::2
ipv6 route 418D::/64 2001::2
ipv6 route 418E::/64 2001::2
ipv6 route 418F::/64 2001::2
ipv6 route 4190::/64 2001::2
ipv6 route 4191::/64 2001::2
ipv6 route 4192::/64 2001::2
ipv6 route 4193::/64 2001::2
ipv6 route 4194::/64 2001::2
ipv6 route 4195::/64 2001::2
ipv6 route 4196::/64 2001::2
ipv6 route 4197::/64 2001::2
ipv6 route 4198::/64 2001::2
ipv6 route 4199::/64 2001::2
ipv6 route 419A::/64 2001::2
ipv6 route 419B::/64 2001::2
ipv6 route 419C::/64 2001::2
ipv6 route 419D::/64 2001::2
ipv6 route 419E::/64 2001::2
ipv6 route 419F::/64 2001::2
ipv6 route 41A0::/64 2001::2
ipv6 route 41A1::/64 2001::2
ipv6 route 41A2::/64 2001::2
ipv6 route 41A3::/64 2001::2
ipv6 route 41A4::/64 2001::2
ipv6 route 41A5::/64 2001::2
ipv6 route 41A6::/64 2001::2
ipv6 route 41A7::/64 2001::2
ipv6 route 41A8::/64 2001::2
ipv6 route 41A9::/64 2001::2
ipv6 route 41AA::/64 2001::2
ipv6 route 41AB::/64 2001::2
ipv6 route 41AC::/64 2001::2
ipv6 route 41AD::/64 2001::2
ipv6 route 41AE::/64 2001::2
ipv6 route 41AF::/64 2001::2
ipv6 route 41B0::/64 2001::2
ipv6 route 41B1::/64 2001::2
ipv6 route 41B2::/64 2001::2
ipv6 route 41B3::/64 2001::2
ipv6 route 41B4::/64 2001::2
ipv6 route 41B5::/64 2001::2
ipv6 route 41B6::/64 2001::2
ipv6 route 41B7::/64 2001::2
ipv6 route 41B8::/64 2001::2
ipv6 route 41B9::/64 2001::2
ipv6 route 41BA::/64 2001::2
ipv6 route 41BB::/64 2001::2
ipv6 route 41BC::/64 2001::2
ipv6 route 41BD::/64 2001::2
ipv6 route 41BE::/64 2001::2
ipv6 route 41BF::/64 2001::2
ipv6 route 41C0::/64 2001::2
ipv6 route 41C1::/64 2001::2
ipv6 route 5000::/96 2001::2
ipv6 router ospf 100
!
ipv6 router ospf 150
!
ipv6 router ospf 201
!
ipv6 ospf name-lookup
!
ipv6 prefix-list testyang seq 5 permit 8100::/24
route-map nap64 permit 1 ordering-seq 1
 match track  100
 set metric 10
!
route-map testyangipv4 permit 10 ordering-seq 10
 set local-preference 50
!
route-map testyang permit 10 ordering-seq 10
 match length 1000 2000
 match ipv6 route-source testyang23
 set local-preference 50
 set ipv6 next-hop peer-address
 set ipv6 default next-hop 8001::12
!
route-map testyang permit 30 ordering-seq 30
 match ipv6 address prefix-list testyang
!
route-map testyang permit 50 ordering-seq testyang2
 description testyangmodel
 match source-protocol rip
 match route-type external type-2
 match route-type external type-1
 match mpls-label
 match ipv6 next-hop V6_ACL
 set aigp-metric 30
 set traffic-index 10
!
route-map testyang permit 80 ordering-seq 80
 set ipv6 next-hop encapsulate l3vpn testyang
!
route-map LOCAL-PREF permit 10 ordering-seq 10
 set local-preference 50
!
named-ordering-route-map enable
snmp-server community DNAC RO RW
snmp-server community DNAC_SNMP RO RO
snmp-server community LIVE RO RO
snmp-server community com RO RO
snmp-server community public-read RO RO
snmp-server community public-rw RO RW
snmp-server community FILE RW
snmp-server trap-source Port-channel56
snmp-server source-interface informs Port-channel56
snmp-server enable logging getop
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps eigrp
snmp-server enable traps hsrp
snmp-server host 70.70.70.177 6 GYOIJO[`Uf__egFJBLPB[JaEFgV 
snmp-server file-transfer access-group SNMP_SDROUTING_TFTP protocol tftp
snmp-server file-transfer access-group SNMP_SDROUTING_FTP protocol ftp
snmp-server file-transfer access-group SNMP_SDROUTING_SFTP protocol sftp
snmp-server file-transfer access-group SNMP_SDROUTING_RCP protocol rcp
snmp-server file-transfer access-group SNMP_SDROUTING_SCP protocol scp
snmp-server manager
snmp-server dbal cache 
snmp-server subagent cache timeout 70
snmp-server subagent cache-stats 
snmp ifmib ifindex persist
snmp mib flash cache
snmp mib nhrp
snmp mib notification-log globalsize 200
snmp mib notification-log globalageout 23
tftp-server bootflash:imagefile
tftp-server bootflash:13march2023_pkionlysession.config
!
!
!
radius-server dead-criteria time 90
radius-server timeout 10
radius-server deadtime 1440
!
radius server testyang
 timeout 20
 retransmit 30
!
!
ipv6 access-list V6_ACL
 sequence 10 permit ipv6 any any
rmon event 10 log description testyang owner config
control-plane host
 management-interface TenGigabitEthernet0/0/2 allow ftp 
!
!
control-plane
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
line vty 0 4
 length 0
 transport input all
 transport output all
line vty 5 15
 transport input all
 transport output all
!
monitor event-trace tunnel size 8888
monitor event-trace dmvpn tunnel size 8888
monitor event-trace ipv6 static
monitor event-trace flexvpn tunnel size 8888
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  destination address http https://tools-stage.cisco.com/its/service/oddce/services/DDCEService 
  no destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService 
nat64 translation timeout udp 300
nat64 translation timeout tcp 3600
ntp server 110.110.110.110
ntp server time.google.com
!
!
netconf ssh
!
!
!
!
!
telemetry ietf subscription 294967225
 filter xpath /crypto-ios-xe-events:nhrp-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967226
 filter xpath /crypto-ios-xe-events:nhrp-alarm
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967227
 filter xpath /crypto-ios-xe-events:ike-ipsec-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967228
 filter xpath /crypto-ios-xe-events:ike-ipsec-alarm
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967229
 filter xpath /qfp-resource-ios-xe-events:qfp-exmem-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967232
 filter xpath /utd-ios-xe-events:utd-con
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967233
 filter xpath /red-app-events:red-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967234
 filter xpath /sse-ios-xe-events:sse-tunnel-params-absent
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967240
 filter xpath /crypto-pki-ios-xe-events:pki-certificate-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967243
 filter xpath /crypto-pki-ios-xe-events:pki-certificate-expiry
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967244
 filter xpath /line-ios-xe-events:line-state-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967245
 filter xpath /ospf-ios-xe-events:ospfv3-nbr-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967246
 filter xpath /ospf-ios-xe-events:ospfv3-if-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967258
 filter xpath /ios-events-ios-xe-oper:usb-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967259
 filter xpath /ios-events-ios-xe-oper:tempsensor-state
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967260
 filter xpath /ios-events-ios-xe-oper:tempsensor-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967261
 filter xpath /ios-events-ios-xe-oper:system-reboot-issued
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967262
 filter xpath /ios-events-ios-xe-oper:system-reboot-complete
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967263
 filter xpath /ios-events-ios-xe-oper:system-logout-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967264
 filter xpath /ios-events-ios-xe-oper:system-login-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967265
 filter xpath /ios-events-ios-xe-oper:system-aaa-login-fail
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967267
 filter xpath /ios-events-ios-xe-oper:sfp-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967271
 filter xpath /ios-events-ios-xe-oper:pem-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967272
 filter xpath /ios-events-ios-xe-oper:pem-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967273
 filter xpath /ios-events-ios-xe-oper:ospf-neighbor-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967274
 filter xpath /ios-events-ios-xe-oper:ospf-interface-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967275
 filter xpath /ios-events-ios-xe-oper:memory-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967276
 filter xpath /ios-events-ios-xe-oper:interface-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967277
 filter xpath /ios-events-ios-xe-oper:interface-admin-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967280
 filter xpath /ios-events-ios-xe-oper:fantray-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967281
 filter xpath /ios-events-ios-xe-oper:fan-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967283
 filter xpath /ios-events-ios-xe-oper:disk-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967289
 filter xpath /ios-events-ios-xe-oper:cpu-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967293
 filter xpath /ios-events-ios-xe-oper:bgp-peer-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967295
 filter xpath /ios-events-ios-xe-oper:aaa-admin-pwd-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967244
 filter xpath /ios-events-ios-xe-oper:utd-file-analysis-status-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967245
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-status-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967246
 filter xpath /ios-events-ios-xe-oper:utd-file-analysis-file-upload-state
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967247
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-retrospective-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967248
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967253
 filter xpath /im-events-ios-xe-oper:im-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967255
 filter xpath /ios-events-ios-xe-oper:utd-version-mismatch
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967256
 filter xpath /ios-events-ios-xe-oper:utd-update
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967257
 filter xpath /ios-events-ios-xe-oper:utd-ips-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry receiver protocol confd-rfc5277
 host ip-address 0.0.0.0 0
 protocol rfc5277
netconf-yang
netconf-yang feature candidate-datastore
yang-interfaces feature deprecated disable
sd-routing
 no ipv6-strict-control
 organization-name vmng-scale-ind-swe
 site-id 109
 sp-organization-name vmng-scale-ind
 system-ip 209.134.0.3
 vbond name vbond1
 vbond port 12346
 wan-interface TenGigabitEthernet0/0/7
end

sp2_ramones#



























spk-Elixir#sh run   
Building configuration...

Current configuration : 30533 bytes
!
! Last configuration change at 10:18:17 UTC Wed Dec 4 2024 by system
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
service call-home
platform qfp utilization monitor load 80
platform hardware throughput crypto 50000
!
hostname spk-Elixir
!
boot-start-marker
boot system bootflash:c1100-universalk9.BLD_V1716_THROTTLE_LATEST_20241129_062507.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition dmvpn_elixir_parcel
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition test_yang
 !
 address-family ipv4
  maximum routes 1000 10 reinstall 10
 exit-address-family
!
vrf definition vrf1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf2
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_testyang
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_testyang_change
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging console
ethernet lmi ce
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local 
aaa accounting connection test start-stop group test
!
!
aaa attribute list testyang1
!
aaa attribute list testyang2
!
aaa attribute list testyang3
!
aaa session-id common
ip arp proxy disable
!
ip vrf Mgmt-intf
!
ip host vbond1 70.70.70.125
ip name-server 27.1.0.8
no ip domain lookup
ip domain name cisco.com
ip bootp server
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!         
!
!
!
subscriber templating
! 
! 
! 
! 
!
udld enable

udld message time 80

!
mpls label range 49 100
!
flow record cts-record
 match flow cts destination group-tag
 match flow cts source group-tag
 match flow direction
 match interface input
 match interface output
 match ipv4 destination address
 match ipv4 protocol
 match ipv4 source address
 match transport destination-port
 match transport source-port
 collect counter packets
!
!
flow exporter EXPORTER-1
 destination 10.104.54.178
 transport udp 2044
!
!
flow monitor cts-monitor
 exporter EXPORTER-1
 cache timeout inactive 60
 record cts-record
!
device-tracking tracking auto-source override
!
!
!
!
!         
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1090845565
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1090845565
 revocation-check none
 rsakeypair TP-self-signed-1090845565
 hash sha256
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha256
!
crypto pki trustpoint tp
 enrollment url http://110.110.110.110:80
 usage ike
 serial-number
 fingerprint 4145B0549AFD4AC347D8E711567478F353747A5C
 subject-name CN=elixir.cisco.com,ou=elixir
 subject-alt-name ramones1.cisco.com,elixir.cisco.com
 revocation-check crl
 rsakeypair tp 4096
 auto-trigger
 auto-enroll regenerate
 hash sha256
!
!
crypto pki certificate chain TP-self-signed-1090845565
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 
  31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31303930 38343535 3635301E 170D3234 30363138 30353039 
  33395A17 0D333430 36313830 35303933 395A3031 312F302D 06035504 030C2649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30393038 
  34353536 35308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 
  0A028201 01009E8A CE40DEE4 0CC912D2 C5DA0EBE E674A745 59FC226E 2A920C0F 
  13339036 D6251E14 B8CEA3FB 27E95333 26C211AA D4A1A664 8301EF74 D35E3158 
  DDE50DC6 F1EB8E86 84EEDEC3 7024B7EE 43142ADE 71410479 CA11F068 1B72911F 
  E81196C5 FD4D745F 2F00F217 F46F4EEB 6F307B94 66207B44 B53258FF EC4F7512 
  9C4935D0 BF1FCB73 723BB929 2E65B5F8 5BD2060A 0E4DF22F E8DC1A79 F2B58383 
  0B8AF8DE 88B04726 C8F8907C 514F1BB4 1C520B9E 00C05E3A F550A229 2E2AE7AD 
  3F42E9CA B39E9F49 B9537949 CAA34397 59F3DDED 80121553 0FA0CEE2 0449EDEA 
  2A545FA4 323239D9 39604531 06953B21 FB1FB7A8 12077306 FE4BDB32 EC7EE395 
  092C6DFE BEC50203 010001A3 53305130 1D060355 1D0E0416 04142AE7 377BA94F 
  A7C2C408 01DD66FE D5E8D36B 01BC301F 0603551D 23041830 1680142A E7377BA9 
  4FA7C2C4 0801DD66 FED5E8D3 6B01BC30 0F060355 1D130101 FF040530 030101FF 
  300D0609 2A864886 F70D0101 0B050003 82010100 3D86E3C5 94DF7EEB 9F3717F7 
  A033A0E7 A1A78E54 B01FAE57 ED15E2AF 24E898CC 0D2E9B2A B323A469 CD57389E 
  1A1F05F3 59FF31E5 653DF8D6 255F9AAA A46516B3 321EE657 35668487 9594C1EC 
  B0B85D51 A7A4357E AEAFFC21 DE46B762 9B015713 DC7793EC 10CA23C3 EE56E783 
  E0EE06FA 0F6021AC 393C3FB0 0FF1CCB4 018F0E44 CFAA2CE2 D7BA038A 88D39938 
  459D4713 32C966B3 5096C9F3 89A22A48 2C9CE07D 1F308E95 C7651002 42283FFA 
  4D832457 7AD1AEFE BB216905 5ECC0F2B FD24868C 8F614180 B69459B3 A518806E 
  3C166879 392DF91C 772BD3B7 02203FEC 2C9D67FA BBB074E0 7A058DEA D30706C1 
  6210E604 2919550D 7522A893 D4138395 B9E1EFF8
  	quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D 
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B 
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 
  D697DF7F 28
  	quit
crypto pki certificate chain tp
 certificate 6F
  30820576 3082035E A0030201 0202016F 300D0609 2A864886 F70D0101 05050030 
  15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3234 31313137 
  31363237 32365A17 0D323531 31313731 36323732 365A3065 310F300D 06035504 
  0B130665 6C697869 72311930 17060355 04031310 656C6978 69722E63 6973636F 
  2E636F6D 31373012 06035504 05130B46 474C3235 31374C33 56333021 06092A86 
  4886F70D 01090216 1473706B 2D456C69 7869722E 63697363 6F2E636F 6D308202 
  22300D06 092A8648 86F70D01 01010500 0382020F 00308202 0A028202 0100B784 
  F5634559 687F1325 B2865A0F 0E0CACC9 6F9D7032 C74DB52E FCB50923 15E2A6F7 
  CD7BD732 0568A278 0C1D7F10 F9F484A9 1D69B4DE A2FE0451 CA1CC059 FE818A47 
  F523AF31 2E079483 51875949 9B1F287A C4EBBCE3 774D82C7 279F9955 1A180822 
  554BCCDB ABB50DEC E0B52373 5105BA0B B0B5E196 95A5B637 9559FA00 7FD08462 
  B7059657 FF485233 783E8E91 2AEE5B01 1EA3BC24 627855B0 5EB6D806 765C3450 
  C7772768 BC35C791 C5947F56 6BCD3B22 D04832B9 6509E4ED 381F7FE4 88787D85 
  80680C7D BCECD811 23F671FC 4791F380 1760CA5C F249D4E4 9DACBEA9 702AC705 
  FF309932 091CE705 FE160C67 C6E08F17 56E171AB 06EDD7A7 F1A5AF9C 08FABA56 
  6548B901 235ED039 0980390B 61830BCC F443940E BC925694 A7CCFC9E F2D2D85F 
  9924473F D4AEF95E 48196CAF A543C532 38121124 D1885A90 FEF4A398 7A82635A 
  CCE79D94 5BC4D278 08800641 4A3CAD64 72608D92 82DFAFD6 13FB1004 78932612 
  17B54EE9 437670B9 1D4D5FCA CE22B79A 0C2600D0 771E93B5 F2981FFB 6D3A91F5 
  873915CB 58730804 225456A1 FE49F0BE 414B0209 AA96800E FEA51005 1C1BF75A 
  854C92DC ACF49725 726E0BAF 60307536 EE9F336E FE931B3E D3FE11C8 5CBAC1BB 
  43725DFF E71B4CEB 1CF2F450 5B251198 DE22E719 BC9EDFA7 5FB14EBE D9C2312A 
  D14B4AA6 EFF75797 76C2B07C BA68698D 39A3D934 24490689 24A2CB1C 912F0203 
  010001A3 8180307E 300B0603 551D0F04 04030205 A0302F06 03551D11 04283026 
  82127261 6D6F6E65 73312E63 6973636F 2E636F6D 8210656C 69786972 2E636973 
  636F2E63 6F6D301F 0603551D 23041830 1680146B 4F967033 62290FC1 7DCDB249 
  B039EA65 4F257530 1D060355 1D0E0416 04146086 71BC3B47 6B5E5437 FCB831B0 
  098DD875 D454300D 06092A86 4886F70D 01010505 00038202 01002F58 BF38C837 
  52C66A3E FCB5EE6C A33ABF44 0D7CA14C 400315F8 CFC7D614 D7420065 37018E8B 
  30A8AC36 8CC6CDDC B2B0576C 5B4FEA20 80285A07 7E8DAF8E F2439EF1 6E67C06A 
  C766C481 E5AC8FC9 3059806C 0A87EAAD 24C32CFC ADBAE7B7 4C053056 FAFCFDE3 
  7B750FAF CD5C3125 042B5292 4E1F0B2B 72748092 FE640A84 63274209 6E684468 
  74975912 D4F6EC2E 53574FA3 84A4BE50 F7ED744A 5EB3F536 BE8D4BB1 B64FC350 
  2D3A4448 C8B23BD6 84D25004 BE5FA889 83DB0D6A 8BA0D914 9EE37B3C 253670C4 
  B2ED8162 23D20C6C 811CC932 FFEF13F8 21DE8F39 D2BB79FF C7A02840 2346C763 
  9425B040 C6BB197D C1BE26C7 DF7F8B4C 2F1840DC 92DE3590 DA9C1683 8B6F1B66 
  7F24574B 0DA53D06 2E0DAC6C 31CA2D64 9750623A B515B5EA 04E33EE6 284C54AF 
  D64E9984 838E1273 707729F8 3F57C099 3D7A6C84 1B3F6883 01401690 C52A3083 
  78CCB94E 02D6EFC8 F656F7B1 F8C10C63 2F6F49EF 9FD850EC E968E26F 193FAEA0 
  4746519F 1CB37FD6 F9D3D1A4 B9A00DD5 A28E2681 22F67971 2ED05DA5 E441B0D6 
  95C15E0F 43495B70 1E121B24 10E0F5AB 751698DA DE9324D9 48550A8D 96472BA6 
  19013D78 F0DBA17E 0A5D1688 8FA74EDE F9286599 2D2AC05D 99851E24 28F531A9 
  25EBB7FA 7A8F2A7C B368637E 3A05F9A4 CBE9ACE3 6C3BCC20 41238D4B 5856F649 
  92E2085A E39F0E6E 70ED2E9E A93D9FCE CD8DCA20 D0085739 E201
  	quit
 certificate ca 01
  30820508 308202F0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3233 30343130 
  30353439 31305A17 0D323630 34303930 35343931 305A3015 31133011 06035504 
  03130A52 43413120 433D706B 69308202 22300D06 092A8648 86F70D01 01010500 
  0382020F 00308202 0A028202 010096CA DA16A51E 7A9D055E 2211EB4B 61581F41 
  4D1E7110 75841FC4 446B5AB4 5A299041 059E313C 52E1F684 A6C4481C 37BFD96D 
  B4B9A515 91B45C12 DED9B0E9 532ED4AD B7110BD2 6D6DBF01 038BEC7F 3B35C681 
  E42C9D44 23D11CE6 C57B055F EDF1D8DB 863DD488 DE90B591 78E2C655 A145F0B0 
  A0EA63BA B1E0CED1 6F241ADF 9CA6AF2C 50D06695 7DD90C72 16F7E23B A1CB88D0 
  19A04F26 B6EA97E7 A56868A9 E8D8F20E F721A3A9 B3DE59C0 3764B53D 57ECCCE4 
  F332A3F4 E81BA13E 232A50B0 0A612AAD 2C51BFEB 5069C9AF F9B838A6 C3CF2A88 
  30CD377A 61640158 5F584047 715F7D4C 946E500B 87FE987D 4D282B00 5AD1199F 
  2F335E43 9ADE5468 6710B75F 5F954B3C 48DFC60A 134CA615 3BEFE644 C312410A 
  52F060B0 97F4F0C1 7C4BB64F 505A74E4 C9BB1653 D765EF49 F4DB4B5E 38D97526 
  00D25ED8 86E6E72E 49C6353E F5F27101 0D1B9082 EDE2A221 A577B677 F4E1859A 
  91085B8C A1637A75 BCB345E0 805E88AF 47246DF9 24D80982 4E256103 AF51F1FA 
  A6FA2E25 FB122052 8B9106A7 D18354A1 CEB62E11 BEB19B6E 4F1E4CD5 6E457951 
  3D52CCB0 E34DD9DA 47187D67 67EF4263 2E5BD2CC 6E6F7EE2 E43B3A66 683C0174 
  D41A9BE5 223B0818 8098A5A9 5D897BFE 12A9412C 80DC208F 21544D9B B31DA1AC 
  48083C83 102EC464 D1DFD35A 03B9136A FF26E661 F5680A36 8F9D7759 D047A8B5 
  A252E340 315257DA 3770B9CE C9430203 010001A3 63306130 0F060355 1D130101 
  FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304 
  18301680 146B4F96 70336229 0FC17DCD B249B039 EA654F25 75301D06 03551D0E 
  04160414 6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 300D0609 2A864886 
  F70D0101 05050003 82020100 8E38A04E F2459B0F 80354958 51A460F1 3383B5C9 
  388D72E2 92463A18 9A1F5053 2D6DC8B7 429AE4DE FFF4FF15 51CE3F30 16403E92 
  A0ACD45C 27B22EAA 9266B3EF 14E30378 F9EB5F1B 78B73D34 7B686FD1 A97A966C 
  8BAB60E1 0740A9EE 3A8AE4F1 463CAFB4 35D04B51 96425A36 70BB805D 7D021CF3 
  13FF1094 54FC8513 E6B76060 FF845DE9 DEDDA149 C6700D84 9D6DEFD1 9D5D1F96 
  E2DB9B9C 09B451B4 ABBCFBA8 80F75A4E B91A6528 A7FCC705 C63EA2FA E799B24D 
  965E14D3 6E4DCDE1 60D3998B 90F91CC2 817241DC C5441B2A 7E2ED784 3FB74BB9 
  61A73F22 B39793E2 9CA7BB85 1A893E74 A312AE15 8790BE0E CFCC2ACF 1BFA3432 
  8F6B7C5F B10D349A FF538EE9 E13FEEF1 AB2EC4E5 A137B3A4 F4D1A52A CA0CBA98 
  957C2C95 4BB2F960 D78BE690 3591A343 1B1239FC C7BB7D0D 773AD9A6 46DD8202 
  CE9263DD DCBC0854 D25E2F09 F0688782 00DF57BE 2F3B87A0 52027F51 CBE80D5E 
  FF663943 F4001980 8514F9AC 1661C29C 8AFF271E 3FECA871 21C8732A A2A99725 
  A920962D 2190F66E 09031B4F 8879364A 540E5E57 0DDEF0A8 F0F469B8 B4609FE6 
  193E4416 C4E35CF8 CE55A5A2 4D931483 C9E98267 111B16B4 8A44EF88 301855EC 
  0F6E7C69 361F61A7 426FFDB1 14530B1B FE390BDA 5D5EECC9 9F7110FF 4600750E 
  6CA929CB 21DEE746 C6FD26E1 A0FA64DA 4F1E85B5 A2E65F2C D13C39E5 02AD67DB 
  31AC5AEF 8AC58041 127E738D
  	quit
!
!
!
!
!         
!
!
!
!
diagnostic bootup level minimal
!
no license feature hseck9
license udi pid C1131X-8PWB sn FGL2517L3V3
license accept end user agreement
license boot level appxk9
license boot level securityk9
memory free low-watermark processor 70676
!
spanning-tree extend system-id
spanning-tree vlan 115 priority 8192
spanning-tree vlan 115 hello-time 8
spanning-tree vlan 115 forward-time 14
spanning-tree vlan 115 max-age 17
!
!
enable password 7 <removed>!
username admin privilege 15 secret 9 $9$7RhKMgFeUoWYdu$N3buTpNmkxtTYt4MYpmWI17rci7e9crg0RxauGA9ZVo
username cisco password 7 <removed>username cts password 7 <removed>username lab password 7 <removed>username sdwan password 7 <removed>username wan password 7 <removed>!
redundancy
 mode none
!
!
!
crypto ikev2 proposal 1 
 encryption aes-cbc-256
 integrity sha512
 group 14
crypto ikev2 proposal p1-global 
 encryption aes-cbc-128 aes-cbc-192 aes-cbc-256
 integrity sha256 sha384 sha512
 group 14 15 16 19 20 21
crypto ikev2 proposal testyang 
 ! Proposal Incomplete(MUST have atleast an encryption algorithm, an integrity algorithm and a dh group configured)
 encryption aes-gcm-128
 prf sha512
!
!
crypto ikev2 keyring dmvpn_parcel_ipsec
 peer any
  address 0.0.0.0 0.0.0.0
  pre-shared-key cisco123
 !
 peer any-ipv6
  address ::/0
  pre-shared-key cisco123
 !
!
crypto ikev2 keyring testyang
 peer testyang
  address 208.208.208.208
  pre-shared-key local cisco123
  pre-shared-key remote cisco123
 !
!
!
crypto ikev2 profile test_profile
 match identity remote address 0.0.0.0 
 authentication remote rsa-sig
 authentication local rsa-sig
 pki trustpoint tp
!
crypto ikev2 profile dmvpn_parcel_ipsec
 match fvrf any
 match identity remote address 207.1.1.1 255.255.255.255 
 identity local address 208.1.1.1
 authentication remote pre-share
 authentication local pre-share
 keyring local dmvpn_parcel_ipsec
 dpd 10 3 on-demand
 no config-exchange request
!
crypto ikev2 dpd 30 5 on-demand
crypto ikev2 fragmentation mtu 1400
!
!
vlan internal allocation policy ascending
!
lldp run
track timer ipv6 route msec 700
track resolution ipv6 route EIGRP 300
!
class-map match-all testyang
 match protocol attribute category file-sharing
 match protocol attribute sub-category desktop-virtualization
 match protocol sip
class-map match-all test
 match not security-group destination tag 6000
class-map match-any class-bfd
 match access-group name acl-bfd
class-map match-all c1
class-map match-all c11
 match vlan  115
class-map type inspect match-any zone_cmap_new
 match protocol citrix
 match protocol dns
 match protocol ftp
 match protocol http
 match protocol https
 match protocol icmp
 match protocol pop3
 match protocol rtsp
 match protocol sip
 match protocol smtp
 match protocol snmptrap
 match protocol tcp
 match protocol udp
!
policy-map testyang
policy-map p11
 class c11
  set dscp af41
!
!
zone security lan_zone
! 
!
!
!
!
!
!
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set test_trans esp-gcm 
 mode tunnel
crypto ipsec transform-set IPSEC_TS1 esp-gcm 256 
 esn
 mode transport
!
!
crypto ipsec profile dmvpn_parcel_ipsec
 set security-association lifetime kilobytes disable
 set security-association replay window-size 64 
 set transform-set IPSEC_TS1 
 set ikev2-profile dmvpn_parcel_ipsec
!
crypto ipsec profile test_profile
 set security-association replay disable 
 set transform-set test_trans 
 set ikev2-profile test_profile
!
!
!
!
!
! 
! 
!         
!
interface Loopback191
 no ip address
!
interface Loopback193
 no ip address
!
interface Port-channel1
 switchport
 switchport trunk allowed vlan 3800-3802
!
interface Port-channel2
 switchport
!
interface Tunnel2
 bandwidth 1000
 ip flow monitor cts-monitor input
 ip flow monitor cts-monitor output
 ip address <removed> no ip redirects
 ip nbar protocol-discovery
 ip nhrp authentication iplabs
 ip nhrp map 8.1.1.1 45.35.1.1
 ip nhrp map 8.1.1.10 1.200.1.1
 ip nhrp map 8.1.1.31 85.75.1.2
 ip nhrp map multicast 1.200.1.1
 ip nhrp map multicast 45.35.1.1
 ip nhrp map multicast 85.75.1.2
 ip nhrp network-id 2
 ip nhrp holdtime 300
 ip nhrp nhs 8.1.1.1
 ip nhrp nhs 8.1.1.10
 ip nhrp nhs 8.1.1.31
 ip tcp adjust-mss 1376
 load-interval 30
 nhrp group SPOKE_1G
 cts sgt inline
 bfd interval 5000 min_rx 5000 multiplier 5
 tunnel source GigabitEthernet0/1/6
 tunnel mode gre multipoint
 tunnel key 200
 tunnel path-mtu-discovery
 tunnel protection ipsec profile test_profile
!
interface Tunnel197
 vrf forwarding vrf_testyang
 no ip address
 ip wccp vrf vrf_testyang web-cache redirect in
 ip wccp vrf vrf_testyang web-cache redirect out
!
interface Tunnel198
 no ip address
!
interface Tunnel199
 no ip address
 ip mux
 ipv6 mux
 nhrp group testyang
!
interface Tunnel60000111
 bandwidth 1400
 vrf forwarding dmvpn_elixir_parcel
 ip address <removed> no ip redirects
 ip mtu 1400
 ip nhrp network-id 110
 ip nhrp nhs 206.1.1.1 nbma 71.1.1.1 multicast
 ip tcp adjust-mss 1360
 delay 1000
 ipv6 mtu 1400
 ipv6 tcp adjust-mss 1360
 bfd interval 100 min_rx 120 multiplier 5
 tunnel source GigabitEthernet0/1/6
 tunnel mode gre multipoint
 tunnel key 110
 tunnel path-mtu-discovery
 tunnel protection ipsec profile dmvpn_parcel_ipsec
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 utd enable
!
interface GigabitEthernet0/0/1
 ip vrf forwarding Mgmt-intf
 ip address <removed> negotiation auto
 vlan-id dot1q 954
 !
!
interface GigabitEthernet0/1/0
 switchport trunk allowed vlan 3800-3802
 channel-group 1 mode active
!
interface GigabitEthernet0/1/1
 switchport trunk allowed vlan 3800-3802
 channel-group 1 mode active
!
interface GigabitEthernet0/1/2
 switchport access vlan 90
 switchport mode access
!
interface GigabitEthernet0/1/3
 switchport access vlan 90
 switchport mode access
!
interface GigabitEthernet0/1/4
 switchport access vlan 90
 switchport mode access
!
interface GigabitEthernet0/1/5
 switchport access vlan 90
 switchport mode access
!
interface GigabitEthernet0/1/6
 no switchport
 ip address <removed> negotiation auto
!
interface GigabitEthernet0/1/7
 no switchport
 no ip address
 negotiation auto
 ospfv3 bfd disable
!
interface GigabitEthernet0/1/7.3800
 encapsulation dot1Q 3800
 ip address <removed>!
interface Wlan-GigabitEthernet0/1/8
 shutdown
!
interface Vlan1
 no ip address
!
interface Vlan10
 no ip address
!         
interface Vlan115
 ip address <removed> zone-member security lan_zone
 service-policy input p11
!
interface vasiright20
 ip dhcp relay information trusted
 no ip address
 no keepalive
!
interface BDI200
 no ip address
 zone-member security lan_zone
 ipv6 ospf network manet
!
interface nve1
 no ip address
 host-reachability protocol bgp
!
!
router eigrp 100
 network 12.12.12.0 0.0.0.255
!         
ip forward-protocol nd
no ip forward-protocol udp
ip tcp selective-ack
ip tcp mss 1460
ip tftp source-interface GigabitEthernet0/0/1
ip tftp blocksize 8192
no ip ftp passive
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/1/6
!
ip as-path access-list 11 permit ^$
ip as-path access-list 13 permit ^$
ip route 202.153.144.25 255.255.255.255 11.4.0.1
ip route vrf Mgmt-intf 9.45.0.0 255.255.0.0 9.44.0.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
ip ssh bulk-mode 131072
!
ip access-list extended acl-bfd
 10 permit udp any any eq 3784
 20 permit udp any any eq 3785
ip access-list extended debug
 20 permit ip any any
ip access-list extended 179
 10 deny udp any any eq 3785
 20 permit ip any any
dialer-list 12 protocol ip permit
dialer-list 13 protocol bridge deny
dialer-list 14 protocol decnet list 309
!
arp access-list testyang54
 deny ip host 191.1.1.191 mac host d0dc.2c78.4040 
 permit response ip host 191.1.1.1 any mac any any 
 permit response ip 191.1.1.1 191.1.1.2 host 191.1.1.3 mac any any 
snmp-server community snmp RO
snmp-server source-interface informs Vlan115
snmp ifmib ifindex persist
!
!
!
!
!
ipv6 access-list testipv6acl
 sequence 10 permit ipv6 any any
!         
ipv6 access-list testipv6acl_change
 sequence 10 permit ipv6 any any
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
parser config cache interface
!
line con 0
 exec-timeout 0 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password 7 <removed> length 0
 transport input all
 transport output all
line vty 5 14
 exec-timeout 0 0
 password 7 <removed> transport input all
 transport output all
!
ntp server 110.110.110.110
ntp server time.google.com
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!         
!
!
!
!
!
!
telemetry ietf subscription 294967224
 filter xpath /crypto-ios-xe-events:nhrp-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967225
 filter xpath /crypto-ios-xe-events:nhrp-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967226
 filter xpath /crypto-ios-xe-events:nhrp-alarm
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967227
 filter xpath /crypto-ios-xe-events:ike-ipsec-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967228
 filter xpath /crypto-ios-xe-events:ike-ipsec-alarm
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967229
 filter xpath /qfp-resource-ios-xe-events:qfp-exmem-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967232
 filter xpath /utd-ios-xe-events:utd-con
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967233
 filter xpath /red-app-events:red-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967234
 filter xpath /sse-ios-xe-events:sse-tunnel-params-absent
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967240
 filter xpath /crypto-pki-ios-xe-events:pki-certificate-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967243
 filter xpath /crypto-pki-ios-xe-events:pki-certificate-expiry
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967244
 filter xpath /line-ios-xe-events:line-state-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967245
 filter xpath /ospf-ios-xe-events:ospfv3-nbr-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967246
 filter xpath /ospf-ios-xe-events:ospfv3-if-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967258
 filter xpath /ios-events-ios-xe-oper:usb-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967259
 filter xpath /ios-events-ios-xe-oper:tempsensor-state
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967260
 filter xpath /ios-events-ios-xe-oper:tempsensor-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967261
 filter xpath /ios-events-ios-xe-oper:system-reboot-issued
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967262
 filter xpath /ios-events-ios-xe-oper:system-reboot-complete
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967263
 filter xpath /ios-events-ios-xe-oper:system-logout-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967264
 filter xpath /ios-events-ios-xe-oper:system-login-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967265
 filter xpath /ios-events-ios-xe-oper:system-aaa-login-fail
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967267
 filter xpath /ios-events-ios-xe-oper:sfp-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967271
 filter xpath /ios-events-ios-xe-oper:pem-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967272
 filter xpath /ios-events-ios-xe-oper:pem-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967273
 filter xpath /ios-events-ios-xe-oper:ospf-neighbor-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967274
 filter xpath /ios-events-ios-xe-oper:ospf-interface-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967275
 filter xpath /ios-events-ios-xe-oper:memory-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967276
 filter xpath /ios-events-ios-xe-oper:interface-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967277
 filter xpath /ios-events-ios-xe-oper:interface-admin-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967280
 filter xpath /ios-events-ios-xe-oper:fantray-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967281
 filter xpath /ios-events-ios-xe-oper:fan-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967283
 filter xpath /ios-events-ios-xe-oper:disk-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967289
 filter xpath /ios-events-ios-xe-oper:cpu-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967293
 filter xpath /ios-events-ios-xe-oper:bgp-peer-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967295
 filter xpath /ios-events-ios-xe-oper:aaa-admin-pwd-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967244
 filter xpath /ios-events-ios-xe-oper:utd-file-analysis-status-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967245
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-status-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967246
 filter xpath /ios-events-ios-xe-oper:utd-file-analysis-file-upload-state
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967247
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-retrospective-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967248
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967253
 filter xpath /im-events-ios-xe-oper:im-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967255
 filter xpath /ios-events-ios-xe-oper:utd-version-mismatch
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967256
 filter xpath /ios-events-ios-xe-oper:utd-update
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967257
 filter xpath /ios-events-ios-xe-oper:utd-ips-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry receiver protocol confd-rfc5277
 host ip-address 0.0.0.0 0
 protocol rfc5277
netconf-yang
netconf-yang feature candidate-datastore
yang-interfaces feature deprecated disable
sd-routing
 no ipv6-strict-control
 organization-name vmng-scale-ind-swe
 site-id 124
 sp-organization-name vmng-scale-ind
 system-ip 209.134.0.1
 vbond name vbond1
 vbond port 12346
 wan-interface GigabitEthernet0/1/6
end

spk-Elixir#   

























bender_1#show run
Building configuration...

Current configuration : 23490 bytes
!
! Last configuration change at 11:27:00 UTC Wed Dec 4 2024
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
!
hostname bender_1
!
boot-start-marker
boot system bootflash:c8k30aes-universalk9.17.16.01.0.1538.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition VRF90
 rd 90:90
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition VRF_CLOUD_89
 rd 89:89
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf2
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging console
ethernet lmi ce
aaa new-model
!
!
aaa authorization credential-download default if-authenticated 
!
!
aaa attribute list testyang3
!
aaa attribute list testyang2
!
aaa attribute list testyang
!
aaa session-id common
!
!
subscriber templating
!
ip host vbond1 70.70.70.125
ip name-server 27.1.0.8
no ip domain lookup
ip domain name cisco.com
!
!
!
!
!
!
ip bootp server
!
!
!
login on-success log
!
!
!
!
!
ipv6 nd cache expire refresh
ipv6 unicast-routing
ipv6 spd queue max-threshold 65535
ipv6 spd queue min-threshold 65533
!
!
! 
! 
! 
! 
mpls label range 32 56

parameter-map type inspect test
 tcp idle-time 21000
  tcp idle reset off
!
!
flow record cts-record
 match flow cts destination group-tag
 match flow cts source group-tag
 match flow direction
 match interface input
 match interface output
 match ipv4 destination address
 match ipv4 protocol
 match ipv4 source address
 match transport destination-port
 match transport source-port
 collect counter packets
!
!
flow exporter EXPORTER-1
 destination 10.104.54.178
 transport udp 2044
!
!
flow monitor cts-monitor
 exporter EXPORTER-1
 cache timeout inactive 60
 record cts-record
!
access-session mac-move deny
!
chat-script flow cts source group-tag
!
key chain MY_KEY_CHAIN
 key 1
  key-string 7 010703174F
 key 2
  key-string 7 071B245F5A5B
 key 3
  key-string 7 0835495D1D4A
!
crypto pki trustpoint TP-self-signed-376606419
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-376606419
 revocation-check none
 rsakeypair TP-self-signed-376606419
 hash sha256
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha256
!
crypto pki trustpoint tp
 enrollment url http://110.110.110.110:80
 usage ike
 serial-number
 fingerprint 4145B0549AFD4AC347D8E711567478F353747A5C
 subject-name CN=bender.cisco.com,ou=elixir
 subject-alt-name bender1.cisco.com,bender.cisco.com
 revocation-check crl
 rsakeypair tp 4096
 hash sha256
!
crypto pki trustpool policy
 revocation-check none
!
!
!
crypto pki certificate map testmap 10
 issuer-name co testname
!
crypto pki certificate chain TP-self-signed-376606419
 certificate self-signed 01
  3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 
  30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33373636 30363431 39301E17 0D323430 34313731 31343832 
  365A170D 33343034 31373131 34383236 5A303031 2E302C06 03550403 0C25494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 36363036 
  34313930 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 
  82010100 EE86EB77 899C3320 2E4C76F6 4012D824 D3112A61 FD7BB995 0E86BD2E 
  AEB4AD19 CF98B43B 9DF7A571 CEEB087A 2A67EF56 1E7DD7F5 917CFE0D A8ECA9B4 
  7A85848D C08AE9FD E7565F84 577D619A 58B4CF0F 1C3B3E0E 1FC33E61 83126147 
  EE796450 B27F3881 6E08CF5E BF09C689 93ECB791 6E6E10B2 18A2712C FE1722F1 
  2EFE53C2 7ED9ADE6 445AA823 F11AB55B F475F167 BFCD81B2 83D97CA1 11FBB6DB 
  348EB25F 5F10CA3A AD8B0FAC 2916F5F2 0A7E4508 ABC0F8EF 14EDDF88 228D3243 
  7770C0D5 6340E9ED CC2B6730 E68D2B7D 67447EE9 C836D983 D19050F4 2A8A4FC0 
  D9A8EDE3 8AD9A8A7 350532EC 12499210 1CF08D0E 3DDB2276 DD627CB6 E2989719 
  A201F1DF 02030100 01A35330 51301D06 03551D0E 04160414 24837B2B C1543578 
  62DCEB3D 091285EE 32AA9283 301F0603 551D2304 18301680 1424837B 2BC15435 
  7862DCEB 3D091285 EE32AA92 83300F06 03551D13 0101FF04 05300301 01FF300D 
  06092A86 4886F70D 01010B05 00038201 0100E75F 2024EE5B 93E8F0DB AB89C1BF 
  C467F8A4 31EFEC29 1F61C047 F83B2451 0C87F9FC 121CE7D6 C60AD11D 9471ACF2 
  A75AD1DA 5C97A471 F69DEE4E 00F511E4 82B05821 E2FCC430 39E23F51 D53EDB97 
  4B11EC39 88EA0EC2 05BC49C0 274B1B18 0166E818 A0BD3842 123FE771 190D609E 
  927168B1 0F0329A3 7A1A4674 AB27DB72 D0FA805B 65FB1E93 A56126FA 8B1E8BFD 
  7A530DAF 42ABA98E EF6FB29B EB8D326E F88983B9 ACE8DF76 D5BF81DC 93477CA0 
  79ECF05D D7D3824C CCCBC144 67F339C6 B6C5CE42 A8011C33 ADD37F16 CBC09D77 
  C9511CC8 45ACFA39 1C9427D1 A41FA427 B145420D 5E3E07CA 97403689 9B3688AF 
  4E84BA3A C46E5697 4ACB1AF8 E3A9D844 C074
  	quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D 
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B 
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 
  D697DF7F 28
  	quit
crypto pki certificate chain tp
 certificate 70
  30820572 3082035A A0030201 02020170 300D0609 2A864886 F70D0101 05050030 
  15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3234 31313234 
  30373530 32325A17 0D323531 31323430 37353032 325A3063 310F300D 06035504 
  0B130665 6C697869 72311930 17060355 04031310 62656E64 65722E63 6973636F 
  2E636F6D 31353012 06035504 05130B46 444F3237 33334D31 314D301F 06092A86 
  4886F70D 01090216 1262656E 6465725F 312E6369 73636F2E 636F6D30 82022230 
  0D06092A 864886F7 0D010101 05000382 020F0030 82020A02 82020100 A79DEC67 
  2969348A 65268D3B 76324D91 E3EEC980 A988B7A3 4E2FB815 6B2501AE 59CE190A 
  CD13831C 4AD9CAFA BF28FD7C C112C796 D1FFF5DD 01F7D8F9 E782B553 92146BB3 
  AE60ED18 76AB2D09 F389F556 EA70C3C0 027892BE 809F1E14 33897C43 E15FAD7F 
  C5B06D8C A9856B9A AF5100B2 BA8596E5 C8B2660B 173CA4F7 FB5C07F2 A5F6410C 
  1556EEF9 B6D8A693 5A6E391B B4A73E92 14C022FD D4F70282 E9E7B00E 414C8A67 
  0DC2F943 447EC10D DE27214B 246C3D43 C4A3461D C294BB39 7DD69930 7550923E 
  F1556D53 A1E9D2A3 306E1775 59F9C7E0 77DC819D 882AA19A F5AA0A69 5377BCE4 
  D91FB615 1C92277C 72D71D7D B777FC67 54B7B4A9 1A27A8C9 F555028B C0B98FF4 
  11F9826A F4D21B80 346C111C 3D7AA9B1 A86C1A62 7F5F3024 8619E08B 7E4666E9 
  CF6957A7 2FC4F54E C7BC60B9 07550CBD 8FCADFB9 89111E12 39908FC1 9B94E844 
  C2971AA2 42A1F12D E5CCBD01 0E21D594 68AF9BA9 573533EE 1CF9D42D E8CBC64E 
  2EA08A7F 4C4FCB77 25EA681E 1A697415 B400589C C7945675 FFCA7981 85D50E33 
  EA923925 5CE33207 D167A236 A4559717 89383563 3BFC6018 C0533BF8 4C8E97D8 
  193A80DA 63CC042D 90C573F4 03275237 6477812B A7F17E66 D62C2659 CD080FBC 
  39EF68B9 6E8246A3 CD5FD17E A511B569 2F01CFE1 28B178BA 7FF304C0 06BB15D3 
  EABC9447 CADA67EA 25BD320B 58635D0D E62153D3 CCABB487 2AE6A8F5 02030100 
  01A37F30 7D300B06 03551D0F 04040302 05A0302E 0603551D 11042730 25821162 
  656E6465 72312E63 6973636F 2E636F6D 82106265 6E646572 2E636973 636F2E63 
  6F6D301F 0603551D 23041830 1680146B 4F967033 62290FC1 7DCDB249 B039EA65 
  4F257530 1D060355 1D0E0416 04145DAD 6A5A33E4 136622A0 1892A609 B07DB0F2 
  B335300D 06092A86 4886F70D 01010505 00038202 01007309 E0BC8E6F F085CA74 
  D2A0D403 C7F3DC00 CA178D32 FBE8E437 6D63FECD B88EB1E0 88683090 800C2CD9 
  AC5D1B52 4E4242DB 0E2C093E 9F374EED 51F02038 21BBDAC1 DAC5C714 5307ABD7 
  9CFC5449 449F2861 77D167CD C5411238 DBA48C75 413DC135 7F996481 8A6B51E3 
  4605CD21 FB5B4313 1DE7BFDC 982D4C78 9B5CE54F 453D8616 BD95B5F4 0460F1D0 
  1BBDD5B3 23DA8C30 17502CCA F98B51A6 1EAC9A0D 11F9D702 FFFAC390 C8BE6E79 
  67C2E38D 41F1180A 4A44FAED 9EF618C1 95DE22C9 D9B25F02 53D00CFB 7FB9F963 
  88FAFE40 786EBFCF 300E1556 1E64F6AE 6483A468 0C2024C8 4F486538 E0DF4B94 
  46AAEF77 95EA3BD5 1FAF1604 7534F84B 3CA25CAC D41BB28E 20A9892D 1ECE441E 
  6DBFD300 29F4691B 1EEBFE24 062AD072 0F3964B4 33109C9B F5B43ABA 29B9DFB0 
  BF4DE855 E73377D8 48DE5F47 B9266C86 D65EB17C DF4AC987 A9FFB398 4D447B68 
  F8879DDB 87FD0BE4 55529945 3F6D7A80 3CA7D847 683B71A4 3A787D73 FFA9932A 
  512076E1 E80583CD 20FBA426 6528E1A4 4FA711A6 80D892F6 4CF07F61 0C47C60F 
  6C0EBBF5 4E2E6EDE 44063435 F4599670 6673B6C9 568BEE7C 8CDD1EC5 63F11D55 
  1678F58B F8750AC1 11335781 0DE734F7 91E3AEB5 E2FB4184 858E495C 8173D847 
  9EDAB43F D69A69C9 98D8A839 30FE19BD DA8B4CD7 D87FAEB2 0179FA18 C9E7583D 
  07CA85C9 77C36AB1 7EF15D46 D20110AC D71186A0 0ED9
  	quit
 certificate ca 01
  30820508 308202F0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3233 30343130 
  30353439 31305A17 0D323630 34303930 35343931 305A3015 31133011 06035504 
  03130A52 43413120 433D706B 69308202 22300D06 092A8648 86F70D01 01010500 
  0382020F 00308202 0A028202 010096CA DA16A51E 7A9D055E 2211EB4B 61581F41 
  4D1E7110 75841FC4 446B5AB4 5A299041 059E313C 52E1F684 A6C4481C 37BFD96D 
  B4B9A515 91B45C12 DED9B0E9 532ED4AD B7110BD2 6D6DBF01 038BEC7F 3B35C681 
  E42C9D44 23D11CE6 C57B055F EDF1D8DB 863DD488 DE90B591 78E2C655 A145F0B0 
  A0EA63BA B1E0CED1 6F241ADF 9CA6AF2C 50D06695 7DD90C72 16F7E23B A1CB88D0 
  19A04F26 B6EA97E7 A56868A9 E8D8F20E F721A3A9 B3DE59C0 3764B53D 57ECCCE4 
  F332A3F4 E81BA13E 232A50B0 0A612AAD 2C51BFEB 5069C9AF F9B838A6 C3CF2A88 
  30CD377A 61640158 5F584047 715F7D4C 946E500B 87FE987D 4D282B00 5AD1199F 
  2F335E43 9ADE5468 6710B75F 5F954B3C 48DFC60A 134CA615 3BEFE644 C312410A 
  52F060B0 97F4F0C1 7C4BB64F 505A74E4 C9BB1653 D765EF49 F4DB4B5E 38D97526 
  00D25ED8 86E6E72E 49C6353E F5F27101 0D1B9082 EDE2A221 A577B677 F4E1859A 
  91085B8C A1637A75 BCB345E0 805E88AF 47246DF9 24D80982 4E256103 AF51F1FA 
  A6FA2E25 FB122052 8B9106A7 D18354A1 CEB62E11 BEB19B6E 4F1E4CD5 6E457951 
  3D52CCB0 E34DD9DA 47187D67 67EF4263 2E5BD2CC 6E6F7EE2 E43B3A66 683C0174 
  D41A9BE5 223B0818 8098A5A9 5D897BFE 12A9412C 80DC208F 21544D9B B31DA1AC 
  48083C83 102EC464 D1DFD35A 03B9136A FF26E661 F5680A36 8F9D7759 D047A8B5 
  A252E340 315257DA 3770B9CE C9430203 010001A3 63306130 0F060355 1D130101 
  FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304 
  18301680 146B4F96 70336229 0FC17DCD B249B039 EA654F25 75301D06 03551D0E 
  04160414 6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 300D0609 2A864886 
  F70D0101 05050003 82020100 8E38A04E F2459B0F 80354958 51A460F1 3383B5C9 
  388D72E2 92463A18 9A1F5053 2D6DC8B7 429AE4DE FFF4FF15 51CE3F30 16403E92 
  A0ACD45C 27B22EAA 9266B3EF 14E30378 F9EB5F1B 78B73D34 7B686FD1 A97A966C 
  8BAB60E1 0740A9EE 3A8AE4F1 463CAFB4 35D04B51 96425A36 70BB805D 7D021CF3 
  13FF1094 54FC8513 E6B76060 FF845DE9 DEDDA149 C6700D84 9D6DEFD1 9D5D1F96 
  E2DB9B9C 09B451B4 ABBCFBA8 80F75A4E B91A6528 A7FCC705 C63EA2FA E799B24D 
  965E14D3 6E4DCDE1 60D3998B 90F91CC2 817241DC C5441B2A 7E2ED784 3FB74BB9 
  61A73F22 B39793E2 9CA7BB85 1A893E74 A312AE15 8790BE0E CFCC2ACF 1BFA3432 
  8F6B7C5F B10D349A FF538EE9 E13FEEF1 AB2EC4E5 A137B3A4 F4D1A52A CA0CBA98 
  957C2C95 4BB2F960 D78BE690 3591A343 1B1239FC C7BB7D0D 773AD9A6 46DD8202 
  CE9263DD DCBC0854 D25E2F09 F0688782 00DF57BE 2F3B87A0 52027F51 CBE80D5E 
  FF663943 F4001980 8514F9AC 1661C29C 8AFF271E 3FECA871 21C8732A A2A99725 
  A920962D 2190F66E 09031B4F 8879364A 540E5E57 0DDEF0A8 F0F469B8 B4609FE6 
  193E4416 C4E35CF8 CE55A5A2 4D931483 C9E98267 111B16B4 8A44EF88 301855EC 
  0F6E7C69 361F61A7 426FFDB1 14530B1B FE390BDA 5D5EECC9 9F7110FF 4600750E 
  6CA929CB 21DEE746 C6FD26E1 A0FA64DA 4F1E85B5 A2E65F2C D13C39E5 02AD67DB 
  31AC5AEF 8AC58041 127E738D
  	quit
!
!
!
!
!
!
!
!
!
license udi pid C8530L-8S8X4Y sn FDO2733M11M
license accept end user agreement
license boot level advantage
!
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
 linksec policy must-secure
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
 linksec policy should-secure
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
 voice vlan
service-template DEFAULT_CRITICAL_DATA_TEMPLATE
service-template webauth-global-inactive
 inactivity-timer 3600 
memory free low-watermark processor 64278
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username admin privilege 15 secret 9 $9$PbGC30K7dnC6sk$BV2D8qlJjPRwKlHAO3TaqxbUKe3oRnIM.kDly3PYHJg
username cisco password 7 <removed>username cts password 7 <removed>username lab password 7 <removed>username sdwan password 7 <removed>username wan password 7 <removed>!
redundancy
 mode none
!
!
!
crypto key pubkey-chain rsa
 named-key testyang
  key-string
   
  quit
!
crypto ikev2 proposal 1 
 encryption aes-cbc-256
 integrity sha512
 group 14
!
crypto ikev2 policy 1 
 proposal 1
!
!
crypto ikev2 profile test_profile
 match identity remote address 0.0.0.0 
 authentication remote rsa-sig
 authentication local rsa-sig
 pki trustpoint tp
!
crypto ikev2 profile test123
 ! Profile incomplete (no match identity or match certificate statement)
 ! Profile incomplete (no local and/or remote authentication method specified)
 aaa authorization group psk list local
!
crypto ikev2 dpd 30 5 on-demand
crypto ikev2 fragmentation
crypto ikev2 client flexvpn test
  peer 10 4.4.4.4
!
!
!
cdp run
!
track timer ipv6 route msec 700
track resolution ipv6 route EIGRP 300
!
track 10 ip route 191.1.1.1 255.255.255.0 metric threshold
class-map type multicast-flows testy6
!
class-map type traffic match-any testy9
!
class-map type control subscriber match-all testy
!
class-map type control match-all t2
!
class-map type control match-all testyang
!
class-map type control match-all testy4
!
!
class-map match-all testyang
 match protocol http
class-map match-all we
class-map match-any class-bfd
 match access-group name acl-bfd
class-map match-all t4
class-map match-all t5
class-map match-all t1
 match any 
 match protocol telepresence-control
class-map match-all t2
class-map type access-control match-all c2
class-map match-all c1
class-map type appnav match-all c6
class-map type stack match-all testy8
class-map type site-manager match-all testy7
class-map match-all c9
class-map type inspect match-all testy5
class-map type appnav match-all testy3
class-map type access-control match-all testy2
class-map match-all y
 match ip rtp 2300 2400
class-map type inspect match-any zone_cmap_new
 match protocol citrix
 match protocol dns
 match protocol ftp
 match protocol http
 match protocol https
 match protocol icmp
 match protocol pop3
 match protocol rtsp
 match protocol sip
 match protocol smtp
 match protocol snmptrap
 match protocol tcp
 match protocol udp
class-map match-all c3
 match class-map testyang
!
!
policy-map type control subscriber testy
!
policy-map type control subscriber yang1
policy-map type control yang2
 class type control t2 event session-start
 !
!
!
policy-map type performance-monitor testy1
 class testyang
  react 1 media-stop
   description testyang
   action snmp
policy-map testyang
 class testyang
  police rate percent 80
   violate-action drop 
policy-map type performance-monitor p5
 class c1
policy-map type packet-service p4
 class c1
policy-map type appnav p6
 class c6
policy-map p1
 class t1
  priority level 2
 class t2
 class c1
policy-map type inspect p3
 class c1
 class class-default
policy-map type access-control p2
 class c2
   log
policy-map wep
 class we
  police rate percent 10
policy-map t4
 class t4
  bandwidth 100000
  random-detect precedence-based
  random-detect exponential-weighting-constant 10
policy-map type access-control p11
 class testy2
!
!
zone security wan_zone
zone security lan_zone
! 
!
!
!
!
!
!
crypto ipsec transform-set test_trans esp-gcm 
 mode tunnel
!
!
crypto ipsec profile test_profile
 set security-association replay disable 
 set transform-set test_trans 
 set ikev2-profile test_profile
!
!
!
!
!
! 
! 
!
!
interface Loopback45
 no ip address
!
interface Loopback199
 no ip address
 ip rsvp bandwidth 100000
!
interface Port-channel32
 no ip address
 no negotiation auto
!
interface Tunnel2
 bandwidth 1000
 ip flow monitor cts-monitor input
 ip flow monitor cts-monitor output
 ip address <removed> no ip redirects
 ip nbar protocol-discovery
 ip nhrp authentication iplabs
 ip nhrp map 8.1.1.1 45.35.1.1
 ip nhrp map 8.1.1.10 1.200.1.1
 ip nhrp map 8.1.1.31 85.75.1.2
 ip nhrp map multicast 1.200.1.1
 ip nhrp map multicast 45.35.1.1
 ip nhrp map multicast 85.75.1.2
 ip nhrp network-id 2
 ip nhrp holdtime 300
 ip nhrp nhs 8.1.1.1
 ip nhrp nhs 8.1.1.10
 ip nhrp nhs 8.1.1.31
 ip tcp adjust-mss 1376
 load-interval 30
 nhrp group SPOKE_1G
 cts sgt inline
 bfd interval 5000 min_rx 5000 multiplier 5
 tunnel source GigabitEthernet0/0/0
 tunnel mode gre multipoint
 tunnel key 200
 tunnel path-mtu-discovery
 tunnel protection ipsec profile test_profile
!
interface Tunnel4
 no ip address
 shutdown
 tunnel mode rbscp
 tunnel rbscp window-stuff 1
 tunnel rbscp ack-split 4
!
interface Tunnel5
 no ip address
 shutdown
!
interface Tunnel601
 no ip address
 shutdown
!
interface Tunnel640
 no ip address
 shutdown
!
interface GigabitEthernet0/0/0
 ip address <removed> negotiation auto
 cdp enable
!
interface GigabitEthernet0/0/1
 no ip address
 ip nat inside
 negotiation auto
 cdp enable
 ospfv3 network broadcast
!
interface GigabitEthernet0/0/1.3801
 encapsulation dot1Q 3801
 ip flow monitor cts-monitor input
 ip flow monitor cts-monitor output
 ip address <removed> ip nbar protocol-discovery
!
interface GigabitEthernet0/0/2
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/4
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/5
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/6
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/7
 no ip address
 negotiation auto
!
interface TenGigabitEthernet0/0/8
 no ip address
!
interface TenGigabitEthernet0/0/9
 no ip address
!
interface TenGigabitEthernet0/0/10
 no ip address
 negotiation auto
 cts role-based sgt-map sgt 10
!
interface TenGigabitEthernet0/0/11
 no ip address
 negotiation auto
!
interface TenGigabitEthernet0/0/12
 no ip address
 negotiation auto
!
interface TenGigabitEthernet0/0/13
 no ip address
 negotiation auto
!
interface TenGigabitEthernet0/0/14
 ip address <removed> negotiation auto
!
interface TenGigabitEthernet0/0/15
 no ip address
 negotiation auto
!
interface TwentyFiveGigE0/0/16
 bandwidth 20000
 no ip address
!
interface TwentyFiveGigE0/0/17
 no ip address
!
interface TwentyFiveGigE0/0/18
 no ip address
!
interface TwentyFiveGigE0/0/19
 no ip address
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address <removed> negotiation auto
 vlan-id dot1q 954
 !
!
interface Virtual-Template1000 type tunnel
 vrf forwarding VRF90
 ip unnumbered Loopback45
 ipv6 unnumbered Tunnel640
 ipv6 tcp adjust-mss 1300
 tunnel source Loopback45
 tunnel mode ipv6
 tunnel destination dynamic
 tunnel path-mtu-discovery
 tunnel path-mtu-discovery age-timer 15
 tunnel udlr receive-only Tunnel601
 tunnel vrf VRF90
!
interface BDI12
 no ip address
 shutdown
!
interface BDI115
 no ip address
 zone-member security lan_zone
 shutdown
!
interface BDI200
 no ip address
 shutdown
!
!
router eigrp 100
 network 13.1.1.0 0.0.0.255
!
router isis
 mpls ldp sync
!
router bgp 242
 bgp router-id 2.4.2.4
 bgp log-neighbor-changes
 bgp update-delay 3200
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 242
 neighbor 8.1.1.1 remote-as 101
 neighbor 8.1.1.10 remote-as 103
 neighbor 8.1.1.31 remote-as 4200003213
 neighbor 8.1.1.31 fall-over bfd single-hop
 !
 address-family ipv4
  network 13.101.1.0 mask 255.255.255.0
  redistribute static
  neighbor 8.1.1.1 activate
  neighbor 8.1.1.10 activate
  neighbor 8.1.1.31 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 allow-policy
 exit-address-family
 !
 address-family ipv6
  redistribute static route-map qwe
 exit-address-family
 !
 address-family ipv4 vrf VRF90
  bgp router-id auto-assign
  neighbor 1.1.1.1 remote-as 7000
  neighbor 1.1.1.1 password 7 <removed>  neighbor 1.1.1.1 activate
 exit-address-family
!
ip forward-protocol nd
ip forward-protocol udp
!
ip extcommunity-list expanded yangcommunity permit ^$
ip as-path access-list 11 permit ^$
ip as-path access-list 11 deny _200$
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
ip http server
ip http authentication local
ip http secure-server
no ip nat service all-algs
ip ospf name-lookup
ip ssh bulk-mode 131072
ip route vrf Mgmt-intf 9.45.0.0 255.255.0.0 9.44.0.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
!
dialer-list 12 protocol ip permit
dialer-list 13 protocol bridge deny
dialer-list 14 protocol decnet list 309
route-map testyang permit 50 
 description testyangmodel
 set aigp-metric 30
!
route-map qwe permit 10 
 match tag 12
!
snmp-server community snmp RO
snmp ifmib ifindex persist
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
 speed 115200
line aux 0
line vty 0 4
 exec-timeout 0 0
 password 7 <removed> length 0
 transport input all
 transport output all
line vty 5 14
 exec-timeout 0 0
 password 7 <removed> transport input all
 transport output all
!
ntp server 110.110.110.110
ntp server time.google.com
!
!
!
!
!
!
!
netconf-yang
netconf-yang feature candidate-datastore
end

bender_1#  





























greenday_hub#sh run int HundredGigE0/2/0
Building configuration...

Current configuration : 348 bytes
!
interface HundredGigE0/2/0
 mtu 9216
 ip address <removed> ip nbar protocol-discovery
 zone-member security wan_zone
 ip summary-address eigrp 100 1.200.1.0 255.255.255.0
 load-interval 30
 negotiation auto
 cdp enable
 macsec dot1q-in-clear 1
 macsec access-control should-secure
 hold-queue 240000 in
 hold-queue 240000 out
end















accoladenobf1714#sh run
Building configuration...

Current configuration : 46203 bytes
!
! Last configuration change at 14:06:18 IST Wed Dec 4 2024 by admin
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform punt-policer acl-log 10 10
platform shell
!
hostname accoladenobf1714
!
boot-start-marker
boot system bootflash:c8000aep-universalk9.BLD_V1716_THROTTLE_LATEST_20241129_062507.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition MPN00043
 description CITY_OF_VIRGINIA_BEACH
 rd 22394:133000
 route-target export 22394:31100043
 route-target import 22394:31100043
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition cust451
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
no logging on
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local 
aaa authorization network default local 
!
!
aaa server radius dynamic-author
!
aaa session-id common
clock timezone IST 5 30
clock calendar-valid
!
!
subscriber templating
ip arp proxy disable
!
ip multicast-routing distributed
ip host A 100.209.1.1
ip host B 100.209.1.2
ip host C 100.209.1.3
ip host E 100.100.100.45 8191::2 8191::3 8191::1
ip host ipv6 13:1:5:1::3
ip host vbond1 70.70.70.125
ip name-server vrf Mgmt-intf 64.104.128.236 171.70.168.183 72.163.128.140
no ip domain lookup
ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0
ip domain name vrf Mgmt-intf cisco.com
!
!
!
!
!
!
!
!
ip bootp server
!
!
!
login on-success log
!
!
!
!
!
ipv6 nd cache expire refresh
ipv6 unicast-routing
no ipv6 traffic interface-statistics
!
!
! 
! 
! 
! 

parameter-map type inspect-global
 log flow-export v9 udp destination 12.13.14.1 2055
 log dropped-packets
 multi-tenancy
 alert on

parameter-map type inspect test_param
!
flow record cts-record
 match transport source-port
 match transport destination-port
 match interface input
 match interface output
 match flow direction
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match flow cts source group-tag
 match flow cts destination group-tag
 collect counter packets
!
!
flow exporter EXPORTER-1
 destination 10.104.54.178
 transport udp 2055
!
!
flow monitor cts-monitor
 exporter EXPORTER-1
 cache timeout inactive 60
 cache entries 2000000
 record cts-record
!
!
!
key chain GCORE-MACSEC-PRIMARY macsec
 key 10
  cryptographic-algorithm aes-256-cmac
  lifetime 17:30:00 Jun 12 2019 infinite
 key 11
  cryptographic-algorithm aes-256-cmac
  lifetime 17:30:00 Jun 12 2019 infinite
key chain testyang
 key 12
  accept-lifetime local 17:30:00 Jun 12 2019 infinite
password encryption aes
!
crypto pki trustpoint TP-self-signed-3270682853
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3270682853
 revocation-check none
 rsakeypair TP-self-signed-3270682853
 hash sha512
!
crypto pki trustpoint SLA-TrustPoint
 enrollment terminal
 revocation-check crl
 hash sha256
!
crypto pki trustpoint TP-self-signed-1952847123
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1952847123
 revocation-check none
 rsakeypair TP-self-signed-1952847123
 hash sha256
!
crypto pki trustpoint TP-self-signed-4126410992
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4126410992
 revocation-check none
 rsakeypair TP-self-signed-4126410992
 hash sha256
!
crypto pki trustpoint TP-self-signed-1504753420
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1504753420
 revocation-check none
 rsakeypair TP-self-signed-1504753420
 hash sha256
!
crypto pki trustpoint w
 revocation-check crl
 hash sha256
!
crypto pki trustpoint DNAC-CA
 enrollment mode ra
 enrollment terminal
 usage ssl-client
 revocation-check crl none
 source interface GigabitEthernet0
 hash sha256
!
crypto pki trustpoint tp
 enrollment url http://110.110.110.110:80
 usage ike
 serial-number
 subject-name CN=ramones1.cisco.com, ou=ramones1
 subject-alt-name ramones1.cisco.com
 revocation-check crl
 rsakeypair tp 4096
 hash sha256
!
!
crypto pki certificate chain TP-self-signed-3270682853
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030 
  31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33323730 36383238 3533301E 170D3234 30383139 31303338 
  33355A17 0D333430 38313931 30333833 355A3031 312F302D 06035504 030C2649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32373036 
  38323835 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 
  0A028201 0100B350 4E585443 E7868A28 097AEE5D 27D470A5 84390385 393BFBEF 
  F5552347 FA390E78 41562496 991117C6 18E9AD6C 5A4CE7DF 80A54841 04D0DD8A 
  12EC5B1D 50656669 9CDC1941 10FA960B 05172BF5 41D4FE8F 078C7B74 86D94240 
  8F6237F1 562251D0 3DE8A638 6867BCA0 FBB969D8 88A945C7 D1A4560D 164A079B 
  29FBCB30 B674796B 1E60C18C C3386854 E29E13FF 2557E982 E4AE4893 DA200F3D 
  DF75B893 FE79785F 71AEA993 BEFED18D DBA30F23 7A3CF5F4 49A381A6 B0A1AC80 
  13E1082C 1293F587 C3E02624 10514298 E68F74B7 6D459428 3BEF7F76 C07A0BCD 
  33B1E7A9 633CDEDF D94E8AF0 1EDB95C2 9857064E 6D58D6EA C5F889D9 CA57082D 
  57E78C44 F3CF0203 010001A3 53305130 1D060355 1D0E0416 04147323 0B663BAE 
  A0B9D963 1977837C DC9B5BEF FEC2301F 0603551D 23041830 16801473 230B663B 
  AEA0B9D9 63197783 7CDC9B5B EFFEC230 0F060355 1D130101 FF040530 030101FF 
  300D0609 2A864886 F70D0101 0D050003 82010100 69D0D29B BED954E9 6C6DE8B0 
  B128A37C 18FF67EE 38518DA2 7388FFF2 49560C86 B1061725 57C56E79 EC035D52 
  7BA42361 B03630E8 5C2FBAE7 0594A8B9 9C657041 27569EDD CD58C3D1 E8D52A39 
  4E441DAD 72BF38FE 32520524 85E7FA86 2FED658F 985EBAF5 8895F8F0 A062FCC3 
  5F3B75C6 440F0880 EF8BD916 EFBB9F56 76DFA909 55730104 792EAC2C 37779623 
  44463B7F 306495E3 D3E2C744 8173EBF0 5E1B2F8F EAB6BC6F FD681A32 90CADBB7 
  D9D6E3F4 AB38BD54 A9286C4E 684C011D 4BB26284 FA52AA28 BA9E7738 4CB28791 
  98E2B6CA 21187157 25F9B855 2858D843 B4FD1B8A 59E27344 0573CACB 445FF5EE 
  93484F96 105AA7CA 8CCD4346 312569E7 B7EDD085
  	quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D 
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B 
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 
  D697DF7F 28
  	quit
crypto pki certificate chain TP-self-signed-1952847123
crypto pki certificate chain TP-self-signed-4126410992
crypto pki certificate chain TP-self-signed-1504753420
crypto pki certificate chain w
crypto pki certificate chain DNAC-CA
crypto pki certificate chain tp
 certificate 59
  30820563 3082034B A0030201 02020159 300D0609 2A864886 F70D0101 05050030 
  15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3234 30383139 
  31363137 33395A17 0D323530 38313931 36313733 395A3065 3111300F 06035504 
  0B130872 616D6F6E 65733131 1B301906 03550403 13127261 6D6F6E65 73312E63 
  6973636F 2E636F6D 31333012 06035504 05130B46 4C583237 32363030 4453301D 
  06092A86 4886F70D 01090216 10616363 6F6C6164 656E6F62 66313731 34308202 
  22300D06 092A8648 86F70D01 01010500 0382020F 00308202 0A028202 0100CC8B 
  4CF8B3A5 71C6E83E F879F492 0FE0C459 18AC1656 B7DF159B 0207595A A14143DB 
  81571DEA DA90048A 8C6573F5 D09109DD AC08E14F B747A14D 9BD86229 8DCBA48D 
  3A002775 72A9642B E128A067 612FC28F BBC50097 E04DA45A 4BA8B85A 2F31FF74 
  398A91E1 5D81FA30 D8819D7F 84935167 436EF5BD E6552FA0 86C0F10C 3D9929A3 
  81E23C3C 0170474E 346D702A C5BE1F57 0EBDF418 0D43671E EBDC95A0 E362A767 
  0C477D67 1F4ACED4 0D324443 E71255BB 8F448EF8 80998332 35D029B2 4F7498E9 
  EACD8EB9 AD8CE5D6 BF9DBD7A 49E5701B 76F38228 FE8950BF 5F5DA4FC 46B675A7 
  A257920A D5ABC775 409ED331 2FF058FC 73C31B37 45C96D0D E87F460B A7166367 
  BE73A08D 2621FBDD 348BD5E3 1CA0D309 E0C4DFE6 D764361B 3A250ADE 6CC62985 
  ADCF3B0F 27243342 4AE2DD9F A426FD68 0D89CDAC 45BFCDB9 0C064FBD 197B3FD9 
  203D58B4 BA3B0480 624D98E0 4C2A438B 7FB7883D 3FB7BB74 AF889178 10BFEF68 
  3D70F5D2 AA952B0C 73C2F0C6 FB6C847E 9C7AC621 C9B0FE92 F11723D3 7B9DD735 
  AAC0F17F BFB97876 346EA146 3A0EE375 28C825A9 2BC981E3 5BB642E6 985E5E94 
  63F98260 CBE0F60B E51A9E57 ED8CD1F0 975D4088 CEE48254 7E77885A E49E391B 
  821B401F C0A66F09 0286E814 76CAA451 88194384 76BAB627 64A1104B 20AE97D2 
  E8FF7282 1559845D E7AA5079 D1F22A09 319A53B0 20F0B0D3 A29CE319 63790203 
  010001A3 6E306C30 0B060355 1D0F0404 030205A0 301D0603 551D1104 16301482 
  1272616D 6F6E6573 312E6369 73636F2E 636F6D30 1F060355 1D230418 30168014 
  6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 301D0603 551D0E04 160414B4 
  40124737 DD05A633 5627CA7E E8505FCC 9D297630 0D06092A 864886F7 0D010105 
  05000382 0201006C D8AF19B0 6671AB3B 11B01A0C 30BF0803 7773B064 DEC75B76 
  AB4F8A1E B87FEA2B F2F34929 157511C5 F2E18DAC 35A32189 94E4CF00 0217CECC 
  403EDB65 193D3C3F 4FE8D4D9 97FB8954 32B6B3EE 7C4E8A2E 174915E7 58A295DE 
  4057B516 6A3BC995 2C4FDC98 111C3C17 8DE9245B 174CA815 A5C97AAD 3F86EEAA 
  E59240FA 50BA49D5 B6CA6924 76D0496B 76AE3851 70A74298 05FB1D26 5E0DDA6D 
  2B28700A 9FDED9EC 6CFF4BAA 0E44665B 0FF40814 8989AE53 4D847726 3C20F5BC 
  3BF20D7C 8E8EBC60 B4181CF8 01A4CDC4 234F8B1D B70FD3E5 F20F39E4 7A76F265 
  4B4A5C74 C5191F45 4BBE0688 8D6D11A3 651774F1 24F805A7 03DBCCE5 A080FB99 
  5F76C5E1 21A9C8BF 273746CE CA0A149A FDA9BA27 53E02DB6 16C0BF23 3BA53348 
  33B0CB25 B52AE609 F713EB66 D543788D A03A8CC9 09AC1AB5 E19BAB4F 15E59F7B 
  16E5F116 71913A3D D9DCBA5D C910ED4A 8E48F911 8CC42969 C4764210 F3358E80 
  5B69AF1C A39EFBA9 670FF074 EAF15F4C 2A5021F5 A071A728 606056ED A648554D 
  84A00460 7938AE50 12C4CB46 42E7A371 78813F60 27E344C7 E9BF9F4C 4EC33596 
  883D8726 8525B79D DBAD534C ABEFFEF7 1E92C045 C6442AEB 09FEE26F A66D6C0D 
  D01ADFFC 5C6B8563 DD17F30B ECC2ABE4 9C576758 44D5C05E 9F19C258 0DE4C215 
  CDCD3844 B718A32C 6C65A32D AAD9C1E0 AD67712B D7243D48 6F23AFA7 E011199C 
  4B8A100F 26C772
  	quit
 certificate ca 01
  30820508 308202F0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3233 30343130 
  30353439 31305A17 0D323630 34303930 35343931 305A3015 31133011 06035504 
  03130A52 43413120 433D706B 69308202 22300D06 092A8648 86F70D01 01010500 
  0382020F 00308202 0A028202 010096CA DA16A51E 7A9D055E 2211EB4B 61581F41 
  4D1E7110 75841FC4 446B5AB4 5A299041 059E313C 52E1F684 A6C4481C 37BFD96D 
  B4B9A515 91B45C12 DED9B0E9 532ED4AD B7110BD2 6D6DBF01 038BEC7F 3B35C681 
  E42C9D44 23D11CE6 C57B055F EDF1D8DB 863DD488 DE90B591 78E2C655 A145F0B0 
  A0EA63BA B1E0CED1 6F241ADF 9CA6AF2C 50D06695 7DD90C72 16F7E23B A1CB88D0 
  19A04F26 B6EA97E7 A56868A9 E8D8F20E F721A3A9 B3DE59C0 3764B53D 57ECCCE4 
  F332A3F4 E81BA13E 232A50B0 0A612AAD 2C51BFEB 5069C9AF F9B838A6 C3CF2A88 
  30CD377A 61640158 5F584047 715F7D4C 946E500B 87FE987D 4D282B00 5AD1199F 
  2F335E43 9ADE5468 6710B75F 5F954B3C 48DFC60A 134CA615 3BEFE644 C312410A 
  52F060B0 97F4F0C1 7C4BB64F 505A74E4 C9BB1653 D765EF49 F4DB4B5E 38D97526 
  00D25ED8 86E6E72E 49C6353E F5F27101 0D1B9082 EDE2A221 A577B677 F4E1859A 
  91085B8C A1637A75 BCB345E0 805E88AF 47246DF9 24D80982 4E256103 AF51F1FA 
  A6FA2E25 FB122052 8B9106A7 D18354A1 CEB62E11 BEB19B6E 4F1E4CD5 6E457951 
  3D52CCB0 E34DD9DA 47187D67 67EF4263 2E5BD2CC 6E6F7EE2 E43B3A66 683C0174 
  D41A9BE5 223B0818 8098A5A9 5D897BFE 12A9412C 80DC208F 21544D9B B31DA1AC 
  48083C83 102EC464 D1DFD35A 03B9136A FF26E661 F5680A36 8F9D7759 D047A8B5 
  A252E340 315257DA 3770B9CE C9430203 010001A3 63306130 0F060355 1D130101 
  FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304 
  18301680 146B4F96 70336229 0FC17DCD B249B039 EA654F25 75301D06 03551D0E 
  04160414 6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 300D0609 2A864886 
  F70D0101 05050003 82020100 8E38A04E F2459B0F 80354958 51A460F1 3383B5C9 
  388D72E2 92463A18 9A1F5053 2D6DC8B7 429AE4DE FFF4FF15 51CE3F30 16403E92 
  A0ACD45C 27B22EAA 9266B3EF 14E30378 F9EB5F1B 78B73D34 7B686FD1 A97A966C 
  8BAB60E1 0740A9EE 3A8AE4F1 463CAFB4 35D04B51 96425A36 70BB805D 7D021CF3 
  13FF1094 54FC8513 E6B76060 FF845DE9 DEDDA149 C6700D84 9D6DEFD1 9D5D1F96 
  E2DB9B9C 09B451B4 ABBCFBA8 80F75A4E B91A6528 A7FCC705 C63EA2FA E799B24D 
  965E14D3 6E4DCDE1 60D3998B 90F91CC2 817241DC C5441B2A 7E2ED784 3FB74BB9 
  61A73F22 B39793E2 9CA7BB85 1A893E74 A312AE15 8790BE0E CFCC2ACF 1BFA3432 
  8F6B7C5F B10D349A FF538EE9 E13FEEF1 AB2EC4E5 A137B3A4 F4D1A52A CA0CBA98 
  957C2C95 4BB2F960 D78BE690 3591A343 1B1239FC C7BB7D0D 773AD9A6 46DD8202 
  CE9263DD DCBC0854 D25E2F09 F0688782 00DF57BE 2F3B87A0 52027F51 CBE80D5E 
  FF663943 F4001980 8514F9AC 1661C29C 8AFF271E 3FECA871 21C8732A A2A99725 
  A920962D 2190F66E 09031B4F 8879364A 540E5E57 0DDEF0A8 F0F469B8 B4609FE6 
  193E4416 C4E35CF8 CE55A5A2 4D931483 C9E98267 111B16B4 8A44EF88 301855EC 
  0F6E7C69 361F61A7 426FFDB1 14530B1B FE390BDA 5D5EECC9 9F7110FF 4600750E 
  6CA929CB 21DEE746 C6FD26E1 A0FA64DA 4F1E85B5 A2E65F2C D13C39E5 02AD67DB 
  31AC5AEF 8AC58041 127E738D
  	quit
!
!
!
!
!
!
!
!
!
license udi pid C8530-12X sn FLX272600DS
license accept end user agreement
license boot level advantage
license smart url https://smartreceiver-stage.cisco.com/licservice/license
license smart url smart https://smartreceiver-stage.cisco.com/licservice/license
!
!
!
!
!
object-group network dest-og 
 13.1.5.0 255.255.255.0
 host 12.1.1.14
 host 12.1.1.15
 host 12.1.1.16
 host 12.1.1.2
!
object-group network net-og1 
 host 12.1.1.12
 host 12.1.1.13
 host 12.1.1.14
 host 12.1.1.15
 host 12.1.1.16
 host 12.1.1.17
 host 12.1.1.18
 host 12.1.1.19
 host 12.1.1.20
 host 12.1.1.21
 host 12.1.1.22
 host 12.1.1.23
 host 12.1.1.24
 host 12.1.1.25
 host 12.1.1.26
 host 12.1.1.27
 host 12.1.1.28
 host 12.1.1.29
 host 12.1.1.30
 host 12.1.1.31
 host 12.1.1.32
 host 12.1.1.33
 host 12.1.1.34
 host 12.1.1.35
 host 12.1.1.36
 host 12.1.1.37
 host 12.1.1.38
 host 12.1.1.39
 host 12.1.1.40
 host 12.1.1.41
 host 12.1.1.42
 host 12.1.1.43
 host 12.1.1.44
 host 12.1.1.45
 host 12.1.1.46
 host 12.1.1.47
 host 12.1.1.48
 host 12.1.1.49
 host 12.1.1.50
 host 12.1.1.51
 host 12.1.1.52
 host 12.1.1.53
 host 12.1.1.54
 host 12.1.1.55
 host 12.1.1.56
 host 12.1.1.57
 host 12.1.1.58
 host 12.1.1.59
 host 12.1.1.60
 host 12.1.1.61
 13.1.5.0 255.255.255.0
!
object-group v6-network ogv6 
 13:1:5:1::3/64
 13:1:5:1::4/64
!
object-group service service 
 udp range 1000 4000
!
object-group network udp_group 
 range 108.108.108.11 108.108.108.254
!
file privilege 10
file prompt quiet
no memory lite
memory free low-watermark processor 683825
diagnostic bootup level minimal
!
spanning-tree extend system-id

et-analytics
 ip flow-export destination 10.104.54.178 2055
!
mka policy MACSEC-POLICY
 key-server priority 10
 macsec-cipher-suite gcm-aes-256 
 confidentiality-offset 30
 sak-rekey interval 60
 no include-icv-indicator
!
!
!
enable secret 9 $9$tHyhz9y6HCuBVk$HvTBWSGvPHK5OAYB5n51YQqcbYkiOsO0U2gPujdcuMk
enable password 7 <removed>!
username admin privilege 15 secret 9 $9$PSlkFl7oqMoQBE$cpeqITQ6XgUkxXzR7dhCtqrXXGD/owBl/NRdvf6XZBo
username cisco password 7 <removed>username lab password 7 <removed>username sdwan password 7 <removed>!
redundancy
 mode none
 application redundancy
  group 1
   name RG1
   preempt
   priority 245
   timers delay 10 reload 121
   control Port-channel64.100 protocol 4
   data Port-channel64.101
   asymmetric-routing interface Port-channel64.102
  group 2
   name NAT64
   preempt
   priority 250
   timers delay 10 reload 121
   control Port-channel64.200 protocol 4
   data Port-channel64.201
  protocol 4
   timers hellotime 1 holdtime 4
   authentication md5 key-string 7 00071A150754
bfd-template single-hop test
 interval min-tx 5000 min-rx 5000 multiplier 5
!
!
!
crypto ikev2 authorization policy default
 route set interface
!
crypto ikev2 proposal 1 
 encryption aes-cbc-256
 integrity sha512
 group 14
!
crypto ikev2 policy 1 
 proposal 1
no crypto ikev2 policy default
!
!
crypto ikev2 profile test_profile
 match identity remote address 0.0.0.0 
 authentication remote rsa-sig
 authentication local rsa-sig
 pki trustpoint tp
!
crypto ikev2 diagnose error 100
crypto ikev2 dpd 30 5 on-demand
!
!
cdp run
!
lldp run
!
class-map match-all testyang
 match protocol attribute category file-sharing
 match protocol attribute sub-category desktop-virtualization
class-map match-all test
class-map type inspect match-any cmap
 match access-group name OGACL
class-map match-any class-bfd
 match access-group name acl-bfd
class-map type inspect match-any zone_cmap
 match protocol icmp
 match protocol http
 match protocol https
 match protocol dns
 match protocol ftp
 match protocol snmp
 match protocol snmptrap
 match protocol sip
 match protocol pop3
 match protocol rtsp
 match protocol smtp
 match protocol imap
 match protocol udp
 match protocol tcp
class-map type inspect match-any branch_ramnoes1_102020_210640388-sRule1-l4-cm_
 match protocol http
 match protocol https
 match protocol pop3
 match protocol pop3s
 match protocol rtsp
 match protocol sip
 match protocol smtp
 match protocol snmp
 match protocol snmptrap
class-map match-all t23
class-map match-all y
 match ip rtp 2300 2400
class-map type inspect match-any zone_cmap_new
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all branch_ramnoes1_102020_210640388-seq-Rule1-cm_
 match class-map branch_ramnoes1_102020_210640388-sRule1-l4-cm_
!
policy-map type inspect zone_pmap
 class type inspect zone_cmap_new
  inspect
 class class-default
  pass
policy-map bfd-test-child
 class class-bfd
  shape average 100000000000   
  set cos 7
policy-map bfd-test
 class class-default
  shape average percent 100   
  service-policy bfd-test-child
policy-map test
 class test
!
!
zone security branch_lan_zone
zone security branch_wan_zone
zone security lan_zone
zone security wan_zone
zone-pair security lan_zone-wan_zone source lan_zone destination wan_zone
 service-policy type inspect zone_pmap
zone-pair security wan_zone-lan_zone source wan_zone destination lan_zone
 service-policy type inspect zone_pmap
! 
!
!
!
!
!
crypto ipsec security-association lifetime kilobytes disable
!
crypto ipsec transform-set test_trans esp-gcm 
 mode tunnel
crypto ipsec transform-set IKEv2 esp-gcm 
 mode transport
no crypto ipsec transform-set default
crypto ipsec df-bit clear
!
crypto ipsec profile MPN00043_Profile
!
no crypto ipsec profile default
!
crypto ipsec profile test_profile
 description "ipsec profile"
 set security-association replay disable 
 set transform-set test_trans 
 set ikev2-profile test_profile
!
!
!
!
!
! 
! 
!
!
interface Loopback1
 ip address <removed>!
interface Loopback11
 no ip address
 ipv6 address <removed>
!
interface Loopback12
 ip address <removed>!
interface Loopback50
 ip address <removed>!
interface Loopback208
 ip address <removed>!
interface Port-channel56
 no ip address
 standby version 2
 no negotiation auto
 ipv6 address <removed>
 ipv6 enable
!
interface Port-channel57
 no ip address
 no negotiation auto
!
interface Port-channel57.10
 encapsulation dot1Q 10
 vrf forwarding MPN00043
 ipv6 address <removed>
!
interface Port-channel64
 no ip address
!
interface Port-channel64.100
 encapsulation dot1Q 100
 ip address <removed>!
interface Port-channel64.101
 encapsulation dot1Q 101
 ip address <removed>!
interface Port-channel64.102
 encapsulation dot1Q 102
 ip address <removed> ipv6 address <removed>
 ipv6 enable
!
interface Port-channel64.200
 encapsulation dot1Q 200
 ip address <removed>!
interface Port-channel64.201
 encapsulation dot1Q 201
 ip address <removed>!
interface Tunnel1
 no ip address
!
interface Tunnel2
 bandwidth 200000000
 bandwidth receive 30000000
 ip flow monitor cts-monitor input
 ip flow monitor cts-monitor output
 ip address <removed> no ip redirects
 ip mtu 1400
 ip pim nbma-mode
 ip pim sparse-mode
 ip hello-interval eigrp 100 20
 ip hold-time eigrp 100 60
 ip nhrp authentication iplabs
 ip nhrp map multicast 45.35.1.1
 ip nhrp map 8.1.1.1 45.35.1.1
 ip nhrp map 8.1.1.31 85.75.1.2
 ip nhrp map multicast 85.75.1.2
 ip nhrp map 8.1.1.10 1.200.1.1
 ip nhrp map multicast 1.200.1.1
 ip nhrp network-id 2
 ip nhrp holdtime 300
 ip nhrp nhs 8.1.1.1
 ip nhrp nhs 8.1.1.10
 ip nhrp nhs 8.1.1.31
 no ip nhrp record
 zone-member security wan_zone
 ip tcp adjust-mss 1376
 load-interval 30
 ipv6 address <removed>
 ipv6 mtu 9960
 ipv6 nhrp authentication iplabs
 ipv6 nhrp map 8::10/128 1.200.1.1
 ipv6 nhrp map multicast 45.35.1.1
 ipv6 nhrp map 8::1/128 45.35.1.1
 ipv6 nhrp map 8::22/128 85.75.1.2
 ipv6 nhrp map multicast 85.75.1.2
 ipv6 nhrp map multicast 1.200.1.1
 ipv6 nhrp network-id 2
 ipv6 nhrp nhs 8::10
 ipv6 nhrp nhs 8::1
 ipv6 nhrp nhs 8::22
 nhrp group SPOKE_10G
 nhrp map group HUB service-policy output bfd-test
 cts sgt inline
 cts role-based enforcement
 et-analytics enable
 bfd interval 5000 min_rx 5000 multiplier 5
 no bfd echo
 tunnel source TenGigabitEthernet0/0/4
 tunnel mode gre multipoint
 tunnel key 200
 tunnel path-mtu-discovery
 tunnel protection ipsec profile test_profile
!
interface Tunnel4
 no ip address
 tunnel mode rbscp
 tunnel rbscp window-stuff 1
 tunnel rbscp ack-split 4
!
interface Tunnel11
 no ip address
!
interface Tunnel32
 no ip address
!
interface Tunnel199
 no ip address
!
interface Tunnel430
 description E0000514940-City of Virginia Beach
 vrf forwarding MPN00043
 ip address <removed> no ip unreachables
 shutdown
 tunnel source 67.174.161.38
 tunnel destination 66.174.161.38
 tunnel protection ipsec profile MPN00043_Profile
!
interface Tunnel432
 no ip address
!
interface Tunnel2112
 vrf forwarding cust451
 no ip address
 nat64 enable
 ipv6 address <removed>
 tunnel mode ipv6ip
 tunnel destination 45.1.1.1
 tunnel key 100
 tunnel vrf cust451
!
interface Tunnel21112
 no ip address
!
interface TenGigabitEthernet0/0/0
 ip address <removed> no negotiation auto
 redundancy rii 33
 redundancy group 1 ip 109.109.109.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/1
 no ip address
 no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/1.10
 encapsulation dot1Q 10
 ip nat inside
!
interface TenGigabitEthernet0/0/2
 description connected to te-2/1/1 on asr9x-core 
 ip address <removed> ip nbar protocol-discovery
 ip nat inside
 zone-member security lan_zone
 no negotiation auto
 cdp enable
 redundancy rii 41
 redundancy group 1 ip 192.168.11.10 exclusive decrement 10
 ip virtual-reassembly
!
interface TenGigabitEthernet0/0/3
 ip address <removed> no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/3.100
 encapsulation dot1Q 100
 ip address <removed> nat64 enable
!
interface TenGigabitEthernet0/0/4
 description connected-to-asr1k-core2
 mtu 9216
 ip address <removed> ip accounting mac-address input
 ip accounting mac-address output
 ip mtu 9184
 ip nbar protocol-discovery
 ip nat outside
 zone-member security wan_zone
 load-interval 30
 no negotiation auto
 cdp enable
 mka policy MACSEC-POLICY
 mka pre-shared-key key-chain GCORE-MACSEC-PRIMARY
 redundancy rii 14
 redundancy asymmetric-routing enable
 redundancy group 1 decrement 20
 hold-queue 240000 in
 hold-queue 240000 out
!
interface TenGigabitEthernet0/0/5
 ip address <removed> no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/6
 description "to switch eth1/41"
 ip dhcp client client-id ascii cisco-cc36.cf6a.8700-Te0/0/0
 no ip address
 ip accounting mac-address input
 ip accounting mac-address output
 load-interval 30
 no negotiation auto
 cdp enable
!
interface TenGigabitEthernet0/0/6.7
!
interface TenGigabitEthernet0/0/6.20
 encapsulation dot1Q 10
 ip address <removed> ip nat inside
 redundancy rii 13
 redundancy group 1 ip 108.108.108.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/6.550
 encapsulation dot1Q 550
 vrf forwarding cust451
 ip address <removed> nat64 enable
 redundancy rii 550
 redundancy group 2 ip 135.2.195.4 exclusive decrement 10
!
interface TenGigabitEthernet0/0/7
 mtu 2000
 ip address <removed> ip accounting mac-address input
 ip accounting mac-address output
 ip pim sparse-mode
 ip nat inside
 zone-member security lan_zone
 ip igmp static-group 224.1.1.1
 standby version 2
 standby 10 ip 12.1.1.10
 standby 10 priority 10
 standby 10 preempt
 standby 20 ipv6 12::10/64
 standby 20 priority 20
 standby 20 preempt
 load-interval 30
 no negotiation auto
 cdp enable
 ipv6 address <removed>
!
interface TenGigabitEthernet0/0/8
 no ip address
 load-interval 30
 no negotiation auto
 cdp enable
 channel-group 64
!
interface TenGigabitEthernet0/0/9
 no ip address
 load-interval 30
 no negotiation auto
 cdp enable
 channel-group 64
!
interface TenGigabitEthernet0/0/10
 description connected-to-asr1-core
 ip address <removed> ip nat outside
 no negotiation auto
 cdp enable
 redundancy rii 34
!
interface TenGigabitEthernet0/0/11
 ip address <removed> no negotiation auto
 cdp enable
 ipv6 address <removed>
 ipv6 enable
 ipv6 ospf 100 area 0
 et-analytics enable
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address <removed> negotiation auto
!
!
router eigrp 100
 network 2.2.2.0 0.0.0.255
 network 20.30.40.0 0.0.0.255
 network 30.30.30.30 0.0.0.0
 network 40.40.40.40 0.0.0.0
 network 50.50.50.50 0.0.0.0
 network 61.1.1.0 0.0.0.255
 network 67.0.0.0
 network 67.174.161.38 0.0.0.0
 network 108.108.108.0 0.0.0.255
 network 208.1.1.3 0.0.0.0
!
router ospf 71 vrf cust451
!
router bgp 202
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 8::1 remote-as 101
 neighbor 8::10 remote-as 103
 neighbor 8.1.1.1 remote-as 101
 neighbor 8.1.1.10 remote-as 103
 neighbor 8.1.1.31 remote-as 4200003213
 !
 address-family ipv4
  network 12.0.0.0
  network 12.1.1.0 mask 255.255.255.0
  network 16.0.0.0
  network 192.168.11.0
  network 192.168.11.1 mask 255.255.255.255
  network 211.0.0.0 mask 255.0.0.0
  redistribute static
  neighbor 8.1.1.1 activate
  neighbor 8.1.1.10 activate
  neighbor 8.1.1.10 route-map LOCAL-PREF in
  neighbor 8.1.1.31 activate
 exit-address-family
 !
 address-family ipv6
  redistribute connected
  network 12::/64
  neighbor 8::1 activate
  neighbor 8::1 route-map LOCAL-PREF in
  neighbor 8::10 activate
 exit-address-family
!
ip forward-protocol nd
no ip forward-protocol udp
!
ip extcommunity-list expanded yangcommunity
 10 permit ^$
ip tcp selective-ack
ip tcp mss 1280
ip pim rp-address 100.100.100.100
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
no ip ftp passive
ip dns server
ip http server
ip http authentication aaa
ip http secure-server
ip http secure-trustpoint TP-self-signed-1504753420
ip http client source-interface GigabitEthernet0
ip http client secure-trustpoint TP-self-signed-1504753420
ip nat settings gatekeeper-size 512
ip nat translation udp-timeout 180
ip nat pool p1 172.16.10.1 172.16.255.254 prefix-length 16
ip nat pool pat_pool1 40.1.1.1 40.1.255.254 prefix-length 16
ip nat inside source list 2699 pool p1 redundancy 1 mapping-id 2147483647 overload
ip ssh bulk-mode 131072
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh source-interface GigabitEthernet0
ip ssh pubkey-chain
 username admin
ip ssh server peruser session limit 16
ip ssh server certificate profile
 server
  ocsp-response include
ip ssh server algorithm encryption aes128-gcm
ip ssh server algorithm authentication password keyboard
ip route 16.0.0.0 255.0.0.0 192.168.11.2
ip route 22.0.0.0 255.0.0.0 192.168.11.2
ip route 23.0.0.0 255.0.0.0 61.1.1.1
ip route 81.0.0.0 255.0.0.0 109.109.109.3
ip route 82.0.0.0 255.0.0.0 61.1.1.1
ip route 109.110.110.0 255.255.255.0 61.1.1.1
ip route 145.0.0.0 255.0.0.0 61.1.1.2
ip route 146.0.0.0 255.0.0.0 61.1.1.2
ip route 147.0.0.0 255.0.0.0 61.1.1.2
ip route 148.0.0.0 255.0.0.0 61.1.1.2
ip route 149.0.0.0 255.0.0.0 61.1.1.2
ip route 211.0.0.0 255.0.0.0 192.168.11.2
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.104.45.1
ip route vrf Mgmt-intf 10.64.62.25 255.255.255.255 10.104.45.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
!
ip access-list extended OGACL
 10 permit object-group service object-group net-og1 object-group dest-og
ip access-list extended acl-bfd
 10 permit udp any any eq 3784
 20 permit udp any any eq 3785
ip access-list extended icmp_block
 10 deny ip host 61.1.1.2 any log
 20 permit ip any any
ip access-list extended icmp_block1
 10 permit ip any any
!
ip access-list role-based allow_webtraff
 10 permit tcp dst eq www
 20 permit tcp dst eq 443
ip sla responder
logging host 10.64.67.49 vrf Mgmt-intf
ip access-list standard 1
 10 permit 22.0.0.0 0.255.255.255
ip access-list extended 2699
 10 permit ip 30.0.0.0 0.255.255.255 any
 20 permit udp object-group udp_group any
 30 permit ip 81.0.0.0 0.255.255.255 any
 40 permit ip 22.0.0.0 0.255.255.255 any
 50 permit ip 23.0.0.0 0.255.255.255 any
arp entries interface-limit 2147483647
ipv6 route 2001:DD8:8086:6502::/64 2001:DB8:8086:6502::2
ipv6 route vrf cust451 41C2::/64 Tunnel2112
ipv6 route vrf cust451 6000::/64 Tunnel2112
ipv6 router eigrp 100
!
ipv6 router ospf 100
 timers pacing flood 5
!
route-map test1 permit 60000 
!
route-map LOCAL-PREF permit 10 
 set local-preference 50
!
snmp-server community DNAC RO RW
snmp-server community DNAC_SNMP RO RO
snmp-server community LIVE RO RO
snmp-server community com RO RO
snmp-server community public-read RO RO
snmp-server community public-rw RO RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps pfr
snmp-server enable traps flowmon
snmp-server enable traps ds1
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps casa
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps aaa_server
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps atm subif
snmp-server enable traps sonet
snmp-server enable traps srp
snmp-server enable traps memory bufferpeak
snmp-server enable traps fru-ctrl
snmp-server enable traps entity-qfp mem-res-thresh throughput-notif
snmp-server enable traps entity-sensor
snmp-server enable traps entity-state
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ether-oam
snmp-server enable traps resource-policy
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps dlsw
snmp-server enable traps bgp state-changes all backward-trans limited updown-limited
snmp-server enable traps bgp threshold prefix
snmp-server enable traps bgp cbgp2 state-changes all backward-trans limited updown-limited
snmp-server enable traps bgp cbgp2 threshold prefix
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps rsvp
snmp-server enable traps isis
snmp-server enable traps dhcp
snmp-server enable traps ip local pool
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps pki
snmp-server enable traps flash insertion removal lowspace
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps config-copy
snmp-server enable traps syslog
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc down
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps cnpd
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps pppoe
snmp-server enable traps ipsla
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
snmp-server enable traps netsync
snmp-server enable traps ptp
snmp-server enable traps lost-ptp-slave
snmp-server enable traps breach-ptp-offset-threshold
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps smart-license
snmp-server enable traps bfd
snmp-server enable traps diameter
snmp-server enable traps lisp
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps mpls rfc traffic-eng
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps otn
snmp-server enable traps pw vc
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps dsp video-usage
snmp-server enable traps dsp video-out-of-resource
snmp-server enable traps sbc adj-status
snmp-server enable traps sbc blacklist
snmp-server enable traps sbc congestion-alarm
snmp-server enable traps sbc h248-ctrlr-status
snmp-server enable traps sbc media-source
snmp-server enable traps sbc radius-conn-status
snmp-server enable traps sbc sla-violation
snmp-server enable traps sbc sla-violation-rev1
snmp-server enable traps sbc svc-state
snmp-server enable traps sbc qos-statistics
snmp-server enable traps firewall serverstatus
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps gdoi gm-start-registration
snmp-server enable traps gdoi gm-registration-complete
snmp-server enable traps gdoi gm-re-register
snmp-server enable traps gdoi gm-rekey-rcvd
snmp-server enable traps gdoi gm-rekey-fail
snmp-server enable traps gdoi ks-rekey-pushed
snmp-server enable traps gdoi gm-incomplete-cfg
snmp-server enable traps gdoi ks-no-rsa-keys
snmp-server enable traps gdoi ks-new-registration
snmp-server enable traps gdoi ks-reg-complete
snmp-server enable traps gdoi ks-role-change
snmp-server enable traps gdoi ks-gm-deleted
snmp-server enable traps gdoi ks-peer-reachable
snmp-server enable traps gdoi ks-peer-unreachable
snmp-server dbal cache 
snmp-server subagent cache-stats 
no snmp-server subagent enable 
snmp mib flash cache
snmp mib nhrp
snmp mib notification-log globalsize 400
snmp mib notification-log globalageout 25
!
!
!
!
!
ipv6 access-list ogacl
 sequence 10 permit ipv6 object-group ogv6 any
!
control-plane
!
cts role-based permissions from 55 to 66 allow_webtraff
cts role-based monitor permissions default ipv4
!
!
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
line vty 0 4
 privilege level 15
 transport input ssh
!
!
!
!
!
!
!
!
telemetry ietf subscription 294967225
 filter xpath /crypto-ios-xe-events:nhrp-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967226
 filter xpath /crypto-ios-xe-events:nhrp-alarm
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967227
 filter xpath /crypto-ios-xe-events:ike-ipsec-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967228
 filter xpath /crypto-ios-xe-events:ike-ipsec-alarm
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967229
 filter xpath /qfp-resource-ios-xe-events:qfp-exmem-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967232
 filter xpath /utd-ios-xe-events:utd-con
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967233
 filter xpath /red-app-events:red-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967234
 filter xpath /sse-ios-xe-events:sse-tunnel-params-absent
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967240
 filter xpath /crypto-pki-ios-xe-events:pki-certificate-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967243
 filter xpath /crypto-pki-ios-xe-events:pki-certificate-expiry
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967244
 filter xpath /line-ios-xe-events:line-state-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967245
 filter xpath /ospf-ios-xe-events:ospfv3-nbr-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967246
 filter xpath /ospf-ios-xe-events:ospfv3-if-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967258
 filter xpath /ios-events-ios-xe-oper:usb-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967259
 filter xpath /ios-events-ios-xe-oper:tempsensor-state
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967260
 filter xpath /ios-events-ios-xe-oper:tempsensor-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967261
 filter xpath /ios-events-ios-xe-oper:system-reboot-issued
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967262
 filter xpath /ios-events-ios-xe-oper:system-reboot-complete
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967263
 filter xpath /ios-events-ios-xe-oper:system-logout-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967264
 filter xpath /ios-events-ios-xe-oper:system-login-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967265
 filter xpath /ios-events-ios-xe-oper:system-aaa-login-fail
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967267
 filter xpath /ios-events-ios-xe-oper:sfp-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967271
 filter xpath /ios-events-ios-xe-oper:pem-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967272
 filter xpath /ios-events-ios-xe-oper:pem-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967273
 filter xpath /ios-events-ios-xe-oper:ospf-neighbor-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967274
 filter xpath /ios-events-ios-xe-oper:ospf-interface-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967275
 filter xpath /ios-events-ios-xe-oper:memory-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967276
 filter xpath /ios-events-ios-xe-oper:interface-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967277
 filter xpath /ios-events-ios-xe-oper:interface-admin-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967280
 filter xpath /ios-events-ios-xe-oper:fantray-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967281
 filter xpath /ios-events-ios-xe-oper:fan-fault
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967283
 filter xpath /ios-events-ios-xe-oper:disk-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967289
 filter xpath /ios-events-ios-xe-oper:cpu-usage
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967293
 filter xpath /ios-events-ios-xe-oper:bgp-peer-state-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 294967295
 filter xpath /ios-events-ios-xe-oper:aaa-admin-pwd-change
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967244
 filter xpath /ios-events-ios-xe-oper:utd-file-analysis-status-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967245
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-status-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967246
 filter xpath /ios-events-ios-xe-oper:utd-file-analysis-file-upload-state
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967247
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-retrospective-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967248
 filter xpath /ios-events-ios-xe-oper:utd-file-reputation-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967253
 filter xpath /im-events-ios-xe-oper:im-event
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967255
 filter xpath /ios-events-ios-xe-oper:utd-version-mismatch
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967256
 filter xpath /ios-events-ios-xe-oper:utd-update
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry ietf subscription 2094967257
 filter xpath /ios-events-ios-xe-oper:utd-ips-alert
 stream rfc5277
 update-policy on-change
 receiver name confd-rfc5277
telemetry receiver protocol confd-rfc5277
 host ip-address 0.0.0.0 0
 protocol rfc5277
netconf-yang
netconf-yang feature candidate-datastore
yang-interfaces feature deprecated disable
sd-routing
 no ipv6-strict-control
 organization-name vmng-scale-ind-swe
 site-id 115
 sp-organization-name vmng-scale-ind
 system-ip 209.134.0.2
 vbond name vbond1
 vbond port 12346
 wan-interface TenGigabitEthernet0/0/4
end

accoladenobf1714#