Secure WAN Edge Yang Commands
These secure WAN edge commands are qualified to use with Cisco SD-Routing devices on Cisco SD-WAN Manager.
Configuration example for secure WAN edge
sp2_ramones#sh run
Building configuration...
Current configuration : 60158 bytes
!
! Last configuration change at 16:52:51 IST Wed Dec 4 2024 by admin
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
no service dhcp
service call-home
platform qfp utilization monitor load 60
no platform punt-keepalive disable-kernel-core
!
hostname sp2_ramones
!
boot-start-marker
boot system bootflash:c8000aep-universalk9.BLD_V1716_THROTTLE_LATEST_20241129_062507.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition dmvpn_parcel_vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition dmvpn_vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition test_port_channel
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_eigrp
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_test_vnid
vnid 10000
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_testyang
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_testyang_bgp
rd 20:20
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_testyang_change
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging console
aaa new-model
!
!
aaa group server radius testyang
ip radius source-interface Port-channel56
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local
aaa authorization credential-download default if-authenticated
aaa accounting connection testyang start-stop group testyang
!
!
aaa server radius dynamic-author
client 31.219.219.219
client 31.218.218.218 server-key 6 cGCTVX_QAff_FRIALKPbN^E^_UeL_T`iJ
client 31.218.218.220 server-key 6 M[XZFIIhUO\`ggfWRS\YIgGb`PiKZfCe[
!
aaa session-id common
clock timezone IST 5 30
!
!
subscriber templating
ip arp proxy disable
!
ip multicast-routing distributed
ip host A 100.100.100.4
ip host B 100.100.100.15
ip host C 100.100.100.25
ip host D 100.100.100.35
ip host E 100.100.100.45 100.100.100.55
ip host sp3_kahuna 75.75.1.2
ip host vbond1 70.70.70.125
ip name-server vrf Mgmt-intf 72.163.128.140 171.70.168.183
no ip domain lookup
ip domain lookup source-interface GigabitEthernet0
ip domain name cisco.com
!
!
!
!
!
ip nbar classification granularity fine-grain protocol http
!
!
!
!
!
ip bootp server
ip dhcp relay bootp ignore
ip dhcp excluded-address 191.191.191.191
!
ip dhcp pool yangtest
network 191.191.191.0 255.255.255.0
option 11 hex none
default-router 191.191.191.191
dns-server 191.191.191.191
domain-name yangtest
!
!
!
ip wccp vrf vrf_testyang source-interface TenGigabitEthernet0/0/6
ip wccp vrf vrf_testyang web-cache redirect-list debug
login quiet-mode access-class debug
login on-success log
!
location civic-location identifier testyang
building testyangtocheckthevmanage
!
!
!
!
!
fhrp version vrrp v3
ipv6 nd cache expire refresh
ipv6 unicast-routing
no ipv6 traffic interface-statistics
ipv6 spd queue max-threshold 65535
ipv6 spd queue min-threshold 65533
!
!
!
!
!
!
mpls label mode all-vrfs protocol all-afs per-vrf
mpls ldp entropy-label
mpls traffic-eng trace buffer-size warning 231
parameter-map type inspect-global
log flow-export v9 udp destination 12.13.14.1 2055
log dropped-packets
multi-tenancy
alert on
parameter-map type inspect testyang
tcp idle-time 10
tcp idle reset off
!
flow record cts-record
match flow cts destination group-tag
match flow cts source group-tag
match flow direction
match interface input
match interface output
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match transport destination-port
match transport source-port
collect counter packets
!
!
flow exporter EXPORTER-1
destination 10.104.54.178
transport udp 2055
!
!
flow monitor cts-monitor
exporter EXPORTER-1
cache timeout inactive 60
cache entries 2000000
record cts-record
!
sampler testyang
description testyang
mode random 1 out-of 10
!
device-tracking policy testyang
security-level glean
no protocol ndp
no protocol dhcp6
tracking enable reachable-lifetime infinite
!
!
!
key chain GCORE-MACSEC-PRIMARY macsec
key 10
cryptographic-algorithm aes-256-cmac
lifetime 17:30:00 Jun 12 2019 infinite
key 11
cryptographic-algorithm aes-256-cmac
lifetime 17:30:00 Jun 12 2019 infinite
key chain testyang
key 12
accept-lifetime local 17:30:00 Jun 12 2019 infinite
send-lifetime 17:30:00 Jun 12 2019 infinite
password encryption aes
!
crypto pki trustpoint TP-self-signed-3498202562
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3498202562
revocation-check none
rsakeypair TP-self-signed-3498202562
hash sha512
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
hash sha512
!
crypto pki trustpoint tp
enrollment retry count 100
enrollment retry period 2
enrollment url http://110.110.110.110:80
usage ike
serial-number
subject-name CN=radium-branch.scale.csco.com, ou=radium-branch
subject-alt-name radium-branch.cisco.com,radium-branch.scale.csco.com
revocation-check crl
source interface TenGigabitEthernet0/0/7
rsakeypair tp 4096
hash sha256
!
crypto pki trustpoint testyang
serial-number
subject-name CN=testyang.cisco.com, ou=testyang
subject-alt-name testyang.cisco.com, testyang.cisco.com
revocation-check crl
authorization username subjectname serialnumber
hash sha512
!
crypto pki trustpool policy
revocation-check crl
!
!
!
crypto pki certificate map testyang 11
name co testyang
issuer-name co testyang
!
crypto pki certificate chain TP-self-signed-3498202562
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343938 32303235 3632301E 170D3234 30393233 30383334
32395A17 0D333430 39323330 38333432 395A3031 312F302D 06035504 030C2649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34393832
30323536 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100F1C8 2563BC24 FF06D1B9 AE694701 9925CE5B D4034840 D6FE6629
314529BE A2E031D8 5E742E12 529D0EF4 0686F67B 7C5B6324 37A5CA01 19DF9B09
0D9243F9 3DBAE939 158EBE8D D2DFACCA 8EEC8C44 ABFE9E3B 9E9523F1 622340CE
EE43A1D0 298CE705 C5D6B8D6 13EDF758 88C52B2B A001A491 A1B89FBC 6F896579
FE55CF77 A2FB4F20 54B00082 4FFB9A02 30CAD0F5 4B9A0DFA 1DBA7FBB C3D9E6E3
3F78ABAD 77C1894A 94426183 2D139888 31EED981 473C6D0B 660C97D1 CB5EAD66
67B714AC 8DB986D9 87A1BFDD A55E19E8 05FDA772 2CB337BB 40FC1C0E D78C05DF
D0589624 5D2665BB 0500947F CC6AC986 9D065FAF 89A09335 71A80819 79D17F51
830A9640 F9490203 010001A3 53305130 1D060355 1D0E0416 0414CC20 21010304
1A279640 018CB620 25E68CE5 72DA301F 0603551D 23041830 168014CC 20210103
041A2796 40018CB6 2025E68C E572DA30 0F060355 1D130101 FF040530 030101FF
300D0609 2A864886 F70D0101 0D050003 82010100 75890C58 87ACD470 F35BD477
CEABC76D BF7371FA F0DF8B21 C240252E 11A9C29C 387CF967 1C6A4662 B6CE339B
6BEC2166 A1D848C5 C9B2AA5A 92F2E6B2 4EB4DDDC 23083925 0211097C 85452AC3
26188B4D 566381C8 ED502012 5E18C29F 2D50D008 DF054419 66CE55EB CDBCC687
18CBF227 BC36E4D6 8A7BA599 874FAC42 EC7B09C1 C3A005A7 7F155C5A 42B33DA1
D31F48F9 844A71F1 83549F1F 9CCBD8AA E1940C9E CA8A0A9E B763795A B87EAEFE
8DE04845 6FCDD1B7 F47F92EB 7E46382B 45171027 3F29110F 6C554525 AF4822C2
2B86585F 047A8A43 76BA585B 42B8F413 324230A6 9F89C0F8 86FA4388 CA49A8FA
BFA7DF69 F13BDB18 65200612 EE8F315A 4AAA2164
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain tp
certificate 6E query
certificate ca 01 query
fingerprint AE1B6022804E1E5C7408DAB8E5C0E1AC
crypto pki certificate chain testyang
!
cts logging verbose
!
!
!
!
!
!
!
!
license udi pid C8500-12X sn TTM23050SM5
license accept end user agreement
license boot level network-advantage
license smart url cslu testyang
!
!
!
!
!
object-group network dest-og
13.1.5.0 255.255.255.0
host 12.1.1.2
host 12.1.1.14
host 12.1.1.15
host 12.1.1.16
!
object-group network net-og2
host 12.1.1.63
host 12.1.1.64
host 12.1.1.65
host 12.1.1.66
host 12.1.1.67
host 12.1.1.68
host 12.1.1.69
host 12.1.1.70
host 12.1.1.71
host 12.1.1.72
host 12.1.1.73
host 12.1.1.74
host 12.1.1.75
host 12.1.1.76
host 12.1.1.77
host 12.1.1.78
host 12.1.1.79
host 12.1.1.80
host 12.1.1.81
host 12.1.1.82
host 12.1.1.83
host 12.1.1.84
host 12.1.1.85
host 12.1.1.86
host 12.1.1.87
host 12.1.1.88
host 12.1.1.89
host 12.1.1.90
host 12.1.1.91
host 12.1.1.92
host 12.1.1.93
host 12.1.1.94
host 12.1.1.95
host 12.1.1.96
host 12.1.1.97
host 12.1.1.98
host 12.1.1.99
host 12.1.1.100
host 12.1.1.101
host 12.1.1.102
host 12.1.1.103
host 12.1.1.104
host 12.1.1.105
host 12.1.1.106
host 12.1.1.107
host 12.1.1.108
host 12.1.1.109
host 12.1.1.110
host 12.1.1.111
host 12.1.1.112
!
object-group network net-og1
13.1.5.0 255.255.255.0
group-object net-og2
host 12.1.1.2
host 12.1.1.12
host 12.1.1.13
host 12.1.1.14
host 12.1.1.15
host 12.1.1.16
host 12.1.1.17
host 12.1.1.18
host 12.1.1.19
host 12.1.1.20
host 12.1.1.21
host 12.1.1.22
host 12.1.1.23
host 12.1.1.24
host 12.1.1.25
host 12.1.1.26
host 12.1.1.27
host 12.1.1.28
host 12.1.1.29
host 12.1.1.30
host 12.1.1.31
host 12.1.1.32
host 12.1.1.33
host 12.1.1.34
host 12.1.1.35
host 12.1.1.36
host 12.1.1.37
host 12.1.1.38
host 12.1.1.39
host 12.1.1.40
host 12.1.1.41
host 12.1.1.42
host 12.1.1.43
host 12.1.1.44
host 12.1.1.45
host 12.1.1.46
host 12.1.1.47
host 12.1.1.48
host 12.1.1.49
host 12.1.1.50
host 12.1.1.51
host 12.1.1.52
host 12.1.1.53
host 12.1.1.54
host 12.1.1.55
host 12.1.1.56
host 12.1.1.57
host 12.1.1.58
host 12.1.1.59
host 12.1.1.60
host 12.1.1.61
!
object-group service service
udp range 1000 4000
!
object-group network sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-dstn_
13.1.5.0 255.255.255.0
!
object-group network sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-src_
12.1.1.0 255.255.255.0
!
object-group network udp_group
range 108.108.108.11 108.108.108.254
!
object-group service zbfw_svc
ip
!
file privilege 14
file prompt noisy
identity policy testyang
no memory lite
memory free low-watermark processor 683872
diagnostic bootup level minimal
!
spanning-tree extend system-id
et-analytics
ip flow-export destination 10.104.54.178 2055
ip flow-export destination 191.191.191.91 90
whitelist acl debug
!
mka policy MACSEC-POLICY
key-server priority 10
macsec-cipher-suite gcm-aes-256
confidentiality-offset 30
sak-rekey interval 60
no include-icv-indicator
!
!
!
enable password 6 <removed>!
username admin privilege 15 secret 9 $9$PSlkFl7oqMoQBE$cpeqITQ6XgUkxXzR7dhCtqrXXGD/owBl/NRdvf6XZBo
username cisco password 6 <removed>username lab password 6 <removed>username rcpuse privilege 15 password 6 <removed>username scpuser privilege 15 password 6 <removed>username sdwan password 6 <removed>username sp3_kahuna privilege 15 password 6 <removed>username test privilege 15 password 6 <removed>username yang password 6 <removed>!
redundancy
mode none
application redundancy
group 1
name RG1
preempt
priority 250
timers delay 10 reload 121
control Port-channel64.100 protocol 4
data Port-channel64.101
asymmetric-routing interface Port-channel64.102
asymmetric-routing always-divert enable
group 2
name NAT64
preempt
priority 250
timers delay 10 reload 121
control Port-channel64.200 protocol 4
data Port-channel64.201
asymmetric-routing always-divert enable
protocol 4
timers hellotime 1 holdtime 4
authentication md5 key-string 7 05080F1C2243
bfd-template single-hop test
interval min-tx 5000 min-rx 5000 multiplier 5
!
!
!
!
crypto ikev2 authorization policy testyang
route set access-list ipv6 V6_ACL
route accept any tag 1000
!
crypto ikev2 proposal 1
encryption aes-cbc-256
integrity sha512
group 14
crypto ikev2 proposal p1-global
encryption aes-cbc-128 aes-cbc-192 aes-cbc-256
integrity sha256 sha384 sha512
group 14 15 16 19 20 21
crypto ikev2 proposal p2-global
encryption aes-gcm-128 aes-gcm-256
prf sha256 sha384 sha512
group 14 15 16 19 20 21
!
crypto ikev2 policy 1
proposal 1
no crypto ikev2 policy default
crypto ikev2 policy policy1-global
match fvrf any
proposal p1-global
proposal p2-global
crypto ikev2 policy testyang
! Policy Incomplete(MUST have atleast one complete proposal attached)
match address local 208.208.208.208
!
crypto ikev2 keyring dmvpn_parcel_ipsec
peer any
address 0.0.0.0 0.0.0.0
pre-shared-key 6 NJ[I_VWZEJ`XcWB]RH_aJV_LFD\`dQRIX
!
peer any-ipv6
address ::/0
pre-shared-key 6 `]X\XBEbCKIcYGaZAFAVcMVK]QbPdeYCW
!
!
crypto ikev2 keyring testyang
peer testyang
description testyang
address 208.208.208.207
pre-shared-key remote 6 IhQ^WBbGcZGbLfMPgLV_`H`MUX]UMKTBU
!
peer testyanghex
address 208.209.208.207
pre-shared-key hex 123123123123
!
!
!
crypto ikev2 profile test_profile
match address local 71.1.1.1
match address local interface TenGigabitEthernet0/0/7
match identity remote address 0.0.0.0
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint tp
!
crypto ikev2 profile dmvpn_parcel_ipsec
match fvrf any
match identity remote address 208.1.1.1 255.255.255.255
identity local address 207.1.1.1
authentication remote pre-share
authentication local pre-share
keyring local dmvpn_parcel_ipsec
dpd 10 3 on-demand
no config-exchange request
!
crypto ikev2 profile testyang
! Profile incomplete (no match identity or match certificate statement)
! Profile incomplete (no local and/or remote authentication method specified)
match address local 208.208.90.90
identity local dn
aaa authorization group psk list local
ivrf vrf_testyang
reconnect timeout 901
!
crypto ikev2 dpd 30 5 on-demand
crypto ikev2 fragmentation mtu 1400
crypto ikev2 client flexvpn testyang
!
!
!
cdp run
!
lldp run
class-map type control match-all testyang
!
!
class-map match-all testyang
match protocol sip
match ip rtp 2001 1690
match not security-group destination tag 40
class-map type inspect match-any cmap
match access-group name OGACL
class-map match-any class-bfd
match access-group name acl-bfd
class-map match-all t4
class-map match-any application_list-cm_
match protocol attribute application-family application-service
match protocol attribute application-family audio-video
match protocol attribute application-family authentication
match protocol attribute application-family encrypted
match protocol attribute application-family instant-messaging
match protocol attribute application-family microsoft-office
class-map type inspect match-any zone_cmap_new
match protocol tcp
match protocol udp
match protocol icmp
match protocol citrix
match protocol http
match protocol pop3
match protocol rtsp
match protocol ftp
match protocol sip
match protocol snmptrap
match protocol smtp
match protocol dns
match protocol https
class-map type inspect match-any sp2_ramnoes_sec_pol_16_477639579-sRule1-l4-cm_
match protocol citrix
match protocol ftp
match protocol http
match protocol icmp
match protocol pop3
match protocol rtsp
match protocol tcp
match protocol udp
class-map type inspect match-all sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-cm_
match class-map application_list-cm_
match class-map sp2_ramnoes_sec_pol_16_477639579-sRule1-l4-cm_
match access-group name sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-acl_
!
policy-map type inspect sp2_ramnoes_sec_pol_16_477639579
class type inspect sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-cm_
inspect
class class-default
drop
policy-map type inspect zone_pmap
class type inspect cmap
inspect
class type inspect zone_cmap_new
inspect
class class-default
pass
policy-map bfd-test-child
class class-bfd
shape average 100000
set cos 7
policy-map bfd-test-spoke
class class-default
shape average percent 100
service-policy bfd-test-child
policy-map type performance-monitor testy1
class testyang
react 1 media-stop
description testyang
action snmp
policy-map testyang
class testyang
set mpls experimental topmost 6
policy-map t4
class t4
bandwidth 100000
random-detect precedence-based
random-detect exponential-weighting-constant 10
policy-map bfd-test
class class-default
shape adaptive upper-bound 10000000000 lower-bound 1000000000
service-policy bfd-test-child
!
!
zone security lan_zone
zone security wan_zone
zone security sp2_ramnoes_destination_zone
zone security sp2_ramnoes_source_zone
zone security sp2_ramnoes_destination_zone_mod
zone-pair security ZP_sp2_ramnoes_sourc_-1225348416 source sp2_ramnoes_source_zone destination sp2_ramnoes_destination_zone_mod
service-policy type inspect sp2_ramnoes_sec_pol_16_477639579
zone-pair security lan_zone-wan_zone source lan_zone destination wan_zone
service-policy type inspect zone_pmap
zone-pair security wan_zone-lan_zone source wan_zone destination lan_zone
service-policy type inspect zone_pmap
!
crypto keyring testyang
local-address 208.208.208.208
pre-shared-key address 208.208.207.209 key 6 `HgcQbYZYCFID_LaB[fJ`cAPSV[ZWgAAB
!
!
!
!
crypto isakmp aggressive-mode disable
crypto isakmp profile test
! This profile is incomplete (no match identity statement)
crypto isakmp profile yangtest
keyring testyang
match identity address ipv6 3FFE:2002::A8BB:CCFF:FE01:2C02/128
match identity address 208.208.208.208 255.255.255.255
!
crypto ipsec security-association lifetime kilobytes disable
crypto ipsec security-association replay disable
!
crypto ipsec transform-set test_trans esp-gcm
mode tunnel
no crypto ipsec transform-set default
crypto ipsec transform-set IPSEC_TS1 esp-gcm 256
esn
mode transport
crypto ipsec df-bit clear
!
!
crypto ipsec profile dmvpn_parcel_ipsec
set security-association lifetime kilobytes disable
set security-association replay window-size 64
set transform-set IPSEC_TS1
set ikev2-profile dmvpn_parcel_ipsec
!
crypto ipsec profile test_profile
set transform-set test_trans
set ikev2-profile test_profile
!
crypto ipsec profile testyang
description testyang
set isakmp-profile test
responder-only
!
!
crypto call admission limit all in-negotiation-sa 80
!
crypto map myikev2 20 ipsec-manual
set peer 191.191.191.191
match address debug
reverse-route static
!
crypto map myisa 20 ipsec-manual
set peer 191.191.191.191
set isakmp-profile test
match address debug
reverse-route static
!
!
!
!
!
!
!
!
interface Loopback11
no ip address
ipv6 address <removed>
!
interface Loopback191
vrf forwarding vrf_testyang
no ip address
!
interface Loopback208
ip address <removed>!
interface Loopback18990
ip address <removed>!
interface Port-channel56
ip address <removed> standby version 2
no negotiation auto
ipv6 address <removed>
ipv6 address <removed>
ipv6 address <removed>
ipv6 address <removed>
!
interface Port-channel57
no ip address
no negotiation auto
!
interface Port-channel57.10
encapsulation dot1Q 10
vrf forwarding test_port_channel
ipv6 address <removed>
ipv6 address <removed>
!
interface Port-channel64
no ip address
!
interface Port-channel64.100
encapsulation dot1Q 100
ip address <removed>!
interface Port-channel64.101
encapsulation dot1Q 101
ip address <removed>!
interface Port-channel64.102
encapsulation dot1Q 102
ip address <removed>!
interface Port-channel64.200
encapsulation dot1Q 200
ip address <removed>!
interface Port-channel64.201
encapsulation dot1Q 201
ip address <removed>!
interface Tunnel2
bandwidth 200000000
ip flow monitor cts-monitor input
ip flow monitor cts-monitor output
ip address <removed> no ip redirects
ip mtu 9216
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication iplabs
ip nhrp map 8.1.1.1 45.35.1.1
ip nhrp map 8.1.1.10 1.200.1.1
ip nhrp map 8.1.1.31 85.75.1.2
ip nhrp map multicast 1.200.1.1
ip nhrp map multicast 45.35.1.1
ip nhrp map multicast 85.75.1.2
ip nhrp summary-map 12.1.1.0/24
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 8.1.1.1
ip nhrp nhs 8.1.1.10
ip nhrp nhs 8.1.1.31
no ip nhrp record
ip nhrp registration timeout 300
ip access-group 179 in
ip access-group 179 out
zone-member security wan_zone
ip tcp adjust-mss 1376
load-interval 30
ipv6 address <removed>
ipv6 mtu 9960
ipv6 nhrp authentication iplabs
ipv6 nhrp map 8::1/128 45.35.1.1
ipv6 nhrp map 8::10/128 1.200.1.1
ipv6 nhrp map 8::22/128 85.75.1.2
ipv6 nhrp map multicast 1.200.1.1
ipv6 nhrp map multicast 45.35.1.1
ipv6 nhrp map multicast 85.75.1.2
ipv6 nhrp network-id 2
ipv6 nhrp nhs 8::1
ipv6 nhrp nhs 8::10
ipv6 nhrp nhs 8::22
nhrp group SPOKE_10G
cts sgt inline
et-analytics enable
bfd template test
tunnel source TenGigabitEthernet0/0/7
tunnel mode gre multipoint
tunnel key 200
tunnel path-mtu-discovery
tunnel bandwidth transmit 9000000
tunnel bandwidth receive 9000000
tunnel protection ipsec profile test_profile
!
interface Tunnel190
bandwidth receive inherit
no ip address
!
interface Tunnel191
no ip address
no ip redirects
ip pim dr-priority 4294967294
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 20
!
interface Tunnel192
no ip address
tunnel mode rbscp
tunnel rbscp window-stuff 1
tunnel rbscp ack-split 4
!
interface Tunnel195
no ip address
tunnel fixup nat
!
interface Tunnel196
no ip address
!
interface Tunnel197
vrf forwarding vrf_testyang
no ip address
ip wccp vrf vrf_testyang web-cache redirect in
ip wccp vrf vrf_testyang web-cache redirect out
!
interface Tunnel199
no ip address
ip helper-address 191.191.191.176
ip helper-address 191.191.191.191
no ip redirects
ip local-proxy-arp
ip wccp vrf vrf_testyang web-cache redirect in
ip pim dr-priority 23456
ip pim nbma-mode
ip pim sparse-dense-mode
ip nat inside
ip nhrp summary-map 208.208.208.0/24
ip nhrp interest 90
ip nhrp nhs cluster 9 max-connections 250
ip nhrp use 100
ip nhrp registration timeout 100
ip verify unicast source reachable-via any allow-self-ping
ip route-cache policy
nat64 enable
ipv6 nhrp nhs dynamic nbma 208.208.108.108
ipv6 nhrp max-send 65000 every 10
nhrp group testyang
nhrp map group testyang service-policy output testyang
qos pre-classify
tunnel tos 10
tunnel vrf vrf_testyang
tunnel fixup nat
service-policy input testyang
service-policy output testyang
ip virtual-reassembly
!
interface Tunnel60000111
bandwidth 1400
vrf forwarding dmvpn_parcel_vrf
ip address <removed> no ip redirects
ip mtu 1400
ip nhrp network-id 110
ip nhrp redirect
ip tcp adjust-mss 1360
delay 1000
ipv6 mtu 1400
ipv6 tcp adjust-mss 1360
bfd interval 100 min_rx 120 multiplier 5
tunnel source TenGigabitEthernet0/0/7
tunnel mode gre multipoint
tunnel key 110
tunnel path-mtu-discovery
tunnel protection ipsec profile dmvpn_parcel_ipsec
!
interface TenGigabitEthernet0/0/0
description "to switch eth1/11"
no ip address
load-interval 30
no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/0.20
encapsulation dot1Q 10
ip address <removed> ip nat inside
zone-member security lan_zone
redundancy rii 13
redundancy group 1 ip 108.108.108.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/1
ip address <removed> ip nbar protocol-discovery
ip nat inside
zone-member security lan_zone
load-interval 30
no negotiation auto
cdp enable
et-analytics enable
redundancy rii 41
redundancy group 1 ip 192.168.11.10 exclusive decrement 10
ip virtual-reassembly
!
interface TenGigabitEthernet0/0/2
no ip address
ip verify unicast source reachable-via rx l2-src
no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/2.500
encapsulation dot1Q 500
ip address <removed> ip nat inside
!
interface TenGigabitEthernet0/0/3
ip address <removed> no negotiation auto
cdp enable
redundancy rii 33
redundancy group 1 ip 109.109.109.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/4
no ip address
no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/5
mtu 9216
ip address <removed> ip pim sparse-mode
zone-member security lan_zone
ip igmp static-group 224.1.1.1
standby version 2
standby 10 ip 12.1.1.10
standby 10 priority 20
standby 10 preempt
standby 20 ipv6 12::10/64
standby 20 priority 10
standby 20 preempt
load-interval 30
no negotiation auto
cdp enable
ipv6 address <removed>
ipv6 mtu 9216
!
interface TenGigabitEthernet0/0/6
vrf forwarding vrf_testyang
no ip address
ip pim sparse-dense-mode
ip igmp version 1
ip policy route-map testyangipv4
no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/7
description connected to core2-espx
mtu 9216
ip address <removed> ip nbar protocol-discovery
ip nat outside
zone-member security wan_zone
load-interval 30
no negotiation auto
cdp enable
redundancy rii 14
redundancy asymmetric-routing enable
redundancy group 1 decrement 20
hold-queue 240000 in
hold-queue 240000 out
!
interface TenGigabitEthernet0/0/8
no ip address
load-interval 30
no negotiation auto
cdp enable
channel-group 64
!
interface TenGigabitEthernet0/0/9
no ip address
load-interval 30
no negotiation auto
cdp enable
channel-group 64
!
interface TenGigabitEthernet0/0/10
mtu 9216
ip address <removed> ip mtu 9000
ip nat outside
no negotiation auto
cdp enable
redundancy rii 34
!
interface TenGigabitEthernet0/0/11
ip address <removed> no negotiation auto
cdp enable
ipv6 address <removed>
ipv6 ospf 100 area 100.200.100.200
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address <removed> negotiation auto
cdp enable
ipv6 address <removed>
!
interface Virtual-Template192 type tunnel
ip unnumbered Loopback191
ipv6 unnumbered Loopback191
ipv6 tcp adjust-mss 149
tunnel source Loopback191
tunnel mode ipv6
tunnel destination dynamic
tunnel path-mtu-discovery
tunnel path-mtu-discovery age-timer 30
!
interface Virtual-Template193 type tunnel
no ip address
tunnel mode gre ipv6
tunnel path-mtu-discovery
tunnel vrf vrf_testyang
!
interface Dialer10
!
l3vpn encapsulation ip testyang
!
router eigrp 100
!
address-family ipv4 vrf Mgmt-intf
exit-address-family
network 3.3.3.0 0.0.0.255
network 71.1.1.0 0.0.0.255
network 108.108.108.0 0.0.0.255
network 208.1.1.4 0.0.0.0
!
!
router eigrp test_vrf
!
address-family ipv4 unicast vrf vrf_eigrp autonomous-system 101
!
topology base
exit-af-topology
network 19.0.81.0 0.0.0.255
metric rib-scale 30
metric weights 0 10 22 254 0 0 0
exit-address-family
!
!
router eigrp testyang
shutdown
!
router ospfv3 200
!
address-family ipv6 unicast
redistribute static
exit-address-family
!
router ospfv3 2000
!
router ospf 20
!
router bgp 302
bgp router-id 3.2.2.2
bgp log-neighbor-changes
bgp listen limit 10000
bgp update-delay 5
no bgp default ipv4-unicast
neighbor 8::1 remote-as 101
neighbor 8::10 remote-as 103
neighbor 8.1.1.1 remote-as 101
neighbor 8.1.1.10 remote-as 103
neighbor 8.1.1.31 remote-as 4200003213
neighbor 208.209.210.211 remote-as 302
neighbor 208.209.210.211 transport path-mtu-discovery disable
neighbor 208.209.210.211 transport connection-mode passive
!
address-family ipv4
network 12.0.0.0
network 12.1.1.0 mask 255.255.255.0
network 16.0.0.0
network 192.168.11.0
redistribute static
neighbor 8.1.1.1 activate
neighbor 8.1.1.10 activate
neighbor 8.1.1.10 route-map LOCAL-PREF in
neighbor 8.1.1.31 activate
exit-address-family
!
address-family vpnv4
neighbor 208.209.210.211 activate
neighbor 208.209.210.211 send-community extended
neighbor 208.209.210.211 allow-policy
neighbor 208.209.210.211 route-reflector-client
exit-address-family
!
address-family ipv6
redistribute connected
network 12::/64
neighbor 8::1 activate
neighbor 8::1 route-map LOCAL-PREF in
neighbor 8::10 activate
exit-address-family
!
address-family ipv6 multicast
redistribute static route-map testyang
exit-address-family
!
address-family ipv4 vrf vrf_testyang_bgp
bgp router-id auto-assign
neighbor 208.208.208.208 remote-as 1200
neighbor 208.208.208.208 password 7 <removed> neighbor 208.208.208.208 fall-over bfd single-hop
neighbor 208.208.208.208 activate
exit-address-family
!
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host sp2_ramones 71.1.1.1 admin enable
ip rcmd remote-host sp3_kahuna 75.75.1.2 sp3_kahuna enable
ip rcmd remote-host sp2_ramones 70.70.70.177 test enable
ip rcmd remote-host test 70.70.70.177 test enable
ip rcmd remote-host test 75.75.1.2 test enable
ip rcmd remote-username test
ip rcmd source-interface TenGigabitEthernet0/0/7
ip forward-protocol nd
no ip forward-protocol udp
!
ip tcp selective-ack
ip tcp mss 1460
ip pim rp-address 100.100.100.100
ip pim vrf vrf_testyang rp-address 191.191.191.191 override
ip pim vrf vrf_testyang autorp listener
ip pim vrf vrf_testyang spt-threshold 0 group-list 99
ip pim vrf vrf_testyang_change autorp listener
ip msdp vrf vrf_testyang peer 191.191.191.191 connect-source Loopback191
ip msdp vrf vrf_testyang originator-id Loopback191
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
no ip ftp passive
ip ftp source-interface TenGigabitEthernet0/0/7
ip ftp username test
ip ftp password 7 <removed>ip dns server
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0
ip nat settings gatekeeper-size 512
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 180
ip nat pool p1 172.16.10.1 172.16.255.254 prefix-length 16
ip nat pool pat_pool1 40.1.1.1 40.1.255.254 prefix-length 16
ip nat inside source list 1 interface Tunnel199 overload
ip nat inside source list 2699 pool p1 redundancy 1 mapping-id 2147483647 overload
ip ospf name-lookup
ip ssh bulk-mode 131072
ip ssh source-interface TenGigabitEthernet0/0/7
ip ssh pubkey-chain
username test
key-hash ssh-rsa 62BD8FA843C9F4715D6185FA0FB02950 test@hmadrele-virtual-machine
ip ssh server algorithm encryption aes128-ctr
ip scp server enable
ip sftp username test
ip sftp password 7 <removed>ip route profile
ip route 16.0.0.0 255.0.0.0 192.168.11.2
ip route 23.0.0.0 255.0.0.0 71.1.1.2
ip route 81.0.0.0 255.0.0.0 109.109.109.3
ip route 82.0.0.0 255.0.0.0 71.1.1.2
ip route 109.110.110.0 255.255.255.0 71.1.1.2
ip route 172.10.1.1 255.255.255.255 71.1.1.2
ip route 172.10.1.11 255.255.255.255 71.1.1.2
ip route 172.10.1.12 255.255.255.255 71.1.1.2
ip route 172.10.1.13 255.255.255.255 71.1.1.2
ip route 172.10.1.20 255.255.255.255 71.1.1.2
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 9.44.0.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
ip route vrf vrf_eigrp 208.208.208.208 255.255.255.255 1.1.1.1
ip route vrf vrf_eigrp 208.208.208.208 255.255.255.255 71.1.1.2
ip route vrf vrf_eigrp 208.210.210.210 255.255.255.255 71.1.1.2 permanent
!
ip access-list standard SNMP_SDROUTING_FTP
10 permit any
ip access-list standard SNMP_SDROUTING_RCP
10 permit any log
ip access-list standard SNMP_SDROUTING_SCP
10 permit any log
ip access-list standard SNMP_SDROUTING_SFTP
10 permit any log
ip access-list standard SNMP_SDROUTING_TFTP
10 permit any log
!
ip access-list extended BUF-FILTER
10 permit ip host 75.75.1.2 host 3.3.3.1
ip access-list extended CONDITIONAL_ACL
10 permit ip any any
ip access-list extended OGACL
10 permit object-group service object-group net-og1 object-group dest-og
ip access-list extended acl-bfd
10 permit udp any any eq 3784
20 permit udp any any eq 3785
ip access-list extended cap
10 permit ip any any
ip access-list extended debug
10 permit ip any any
20 permit gre any any
30 remark to check the sd-routing behavior
40 remark to check CRUD
50 remark another remark to CRUD second time
ip access-list extended sp2_ramnoes_sec_pol_16_477639579-seq-Rule1-acl_
11 permit object-group zbfw_svc object-group sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-src_ object-group sp2_ramnoes_sec_pol_16_477639579-Rule1-nw-dstn_
!
ip access-list role-based testyang
10 permit ip
20 permit gre
!
ip prefix-list testyang seq 5 permit 208.208.209.210/32
logging server-arp
ip access-list standard 1
10 permit 22.0.0.0 0.255.255.255
ip access-list standard 90
10 deny any
ip access-list extended 179
10 deny udp any any eq 3785
20 permit ip any any
ip access-list extended 2699
10 permit ip 30.0.0.0 0.255.255.255 any
20 permit udp object-group udp_group any
30 permit ip 22.0.0.0 0.255.255.255 any
40 permit ip 23.0.0.0 0.255.255.255 any
arp entries interface-limit 2147483647
ipv6 route 2001:DC8:8086:6502::/64 2001:DB8:8086:6502::1
ipv6 route 2002::/64 2001::2
ipv6 route 4000::/32 2001::2
ipv6 route 4001::/64 2001::2
ipv6 route 4002::/64 2001::2
ipv6 route 4003::/64 2001::2
ipv6 route 4004::/64 2001::2
ipv6 route 4005::/64 2001::2
ipv6 route 4006::/64 2001::2
ipv6 route 4007::/64 2001::2
ipv6 route 4008::/64 2001::2
ipv6 route 4009::/64 2001::2
ipv6 route 400A::/64 2001::2
ipv6 route 400B::/64 2001::2
ipv6 route 400C::/64 2001::2
ipv6 route 400D::/64 2001::2
ipv6 route 400E::/64 2001::2
ipv6 route 400F::/64 2001::2
ipv6 route 4010::/64 2001::2
ipv6 route 4011::/64 2001::2
ipv6 route 4012::/64 2001::2
ipv6 route 4013::/64 2001::2
ipv6 route 4014::/64 2001::2
ipv6 route 4015::/64 2001::2
ipv6 route 4016::/64 2001::2
ipv6 route 4017::/64 2001::2
ipv6 route 4018::/64 2001::2
ipv6 route 4019::/64 2001::2
ipv6 route 401A::/64 2001::2
ipv6 route 401B::/64 2001::2
ipv6 route 401C::/64 2001::2
ipv6 route 401D::/64 2001::2
ipv6 route 401E::/64 2001::2
ipv6 route 401F::/64 2001::2
ipv6 route 4020::/64 2001::2
ipv6 route 4021::/64 2001::2
ipv6 route 4022::/64 2001::2
ipv6 route 4023::/64 2001::2
ipv6 route 4024::/64 2001::2
ipv6 route 4025::/64 2001::2
ipv6 route 4026::/64 2001::2
ipv6 route 4027::/64 2001::2
ipv6 route 4028::/64 2001::2
ipv6 route 4029::/64 2001::2
ipv6 route 402A::/64 2001::2
ipv6 route 402B::/64 2001::2
ipv6 route 402C::/64 2001::2
ipv6 route 402D::/64 2001::2
ipv6 route 402E::/64 2001::2
ipv6 route 402F::/64 2001::2
ipv6 route 4030::/64 2001::2
ipv6 route 4031::/64 2001::2
ipv6 route 4032::/64 2001::2
ipv6 route 4033::/64 2001::2
ipv6 route 4034::/64 2001::2
ipv6 route 4035::/64 2001::2
ipv6 route 4036::/64 2001::2
ipv6 route 4037::/64 2001::2
ipv6 route 4038::/64 2001::2
ipv6 route 4039::/64 2001::2
ipv6 route 403A::/64 2001::2
ipv6 route 403B::/64 2001::2
ipv6 route 403C::/64 2001::2
ipv6 route 403D::/64 2001::2
ipv6 route 403E::/64 2001::2
ipv6 route 403F::/64 2001::2
ipv6 route 4040::/64 2001::2
ipv6 route 4041::/64 2001::2
ipv6 route 4042::/64 2001::2
ipv6 route 4043::/64 2001::2
ipv6 route 4044::/64 2001::2
ipv6 route 4045::/64 2001::2
ipv6 route 4046::/64 2001::2
ipv6 route 4047::/64 2001::2
ipv6 route 4048::/64 2001::2
ipv6 route 4049::/64 2001::2
ipv6 route 404A::/64 2001::2
ipv6 route 404B::/64 2001::2
ipv6 route 404C::/64 2001::2
ipv6 route 404D::/64 2001::2
ipv6 route 404E::/64 2001::2
ipv6 route 404F::/64 2001::2
ipv6 route 4050::/64 2001::2
ipv6 route 4051::/64 2001::2
ipv6 route 4052::/64 2001::2
ipv6 route 4053::/64 2001::2
ipv6 route 4054::/64 2001::2
ipv6 route 4055::/64 2001::2
ipv6 route 4056::/64 2001::2
ipv6 route 4057::/64 2001::2
ipv6 route 4058::/64 2001::2
ipv6 route 4059::/64 2001::2
ipv6 route 405A::/64 2001::2
ipv6 route 405B::/64 2001::2
ipv6 route 405C::/64 2001::2
ipv6 route 405D::/64 2001::2
ipv6 route 405E::/64 2001::2
ipv6 route 405F::/64 2001::2
ipv6 route 4060::/64 2001::2
ipv6 route 4061::/64 2001::2
ipv6 route 4062::/64 2001::2
ipv6 route 4063::/64 2001::2
ipv6 route 4064::/64 2001::2
ipv6 route 4065::/64 2001::2
ipv6 route 4066::/64 2001::2
ipv6 route 4067::/64 2001::2
ipv6 route 4068::/64 2001::2
ipv6 route 4069::/64 2001::2
ipv6 route 406A::/64 2001::2
ipv6 route 406B::/64 2001::2
ipv6 route 406C::/64 2001::2
ipv6 route 406D::/64 2001::2
ipv6 route 406E::/64 2001::2
ipv6 route 406F::/64 2001::2
ipv6 route 4070::/64 2001::2
ipv6 route 4071::/64 2001::2
ipv6 route 4072::/64 2001::2
ipv6 route 4073::/64 2001::2
ipv6 route 4074::/64 2001::2
ipv6 route 4075::/64 2001::2
ipv6 route 4076::/64 2001::2
ipv6 route 4077::/64 2001::2
ipv6 route 4078::/64 2001::2
ipv6 route 4079::/64 2001::2
ipv6 route 407A::/64 2001::2
ipv6 route 407B::/64 2001::2
ipv6 route 407C::/64 2001::2
ipv6 route 407D::/64 2001::2
ipv6 route 407E::/64 2001::2
ipv6 route 407F::/64 2001::2
ipv6 route 4080::/64 2001::2
ipv6 route 4081::/64 2001::2
ipv6 route 4082::/64 2001::2
ipv6 route 4083::/64 2001::2
ipv6 route 4084::/64 2001::2
ipv6 route 4085::/64 2001::2
ipv6 route 4086::/64 2001::2
ipv6 route 4087::/64 2001::2
ipv6 route 4088::/64 2001::2
ipv6 route 4089::/64 2001::2
ipv6 route 408A::/64 2001::2
ipv6 route 408B::/64 2001::2
ipv6 route 408C::/64 2001::2
ipv6 route 408D::/64 2001::2
ipv6 route 408E::/64 2001::2
ipv6 route 408F::/64 2001::2
ipv6 route 4090::/64 2001::2
ipv6 route 4091::/64 2001::2
ipv6 route 4092::/64 2001::2
ipv6 route 4093::/64 2001::2
ipv6 route 4094::/64 2001::2
ipv6 route 4095::/64 2001::2
ipv6 route 4096::/64 2001::2
ipv6 route 4097::/64 2001::2
ipv6 route 4098::/64 2001::2
ipv6 route 4099::/64 2001::2
ipv6 route 409A::/64 2001::2
ipv6 route 409B::/64 2001::2
ipv6 route 409C::/64 2001::2
ipv6 route 409D::/64 2001::2
ipv6 route 409E::/64 2001::2
ipv6 route 409F::/64 2001::2
ipv6 route 40A0::/64 2001::2
ipv6 route 40A1::/64 2001::2
ipv6 route 40A2::/64 2001::2
ipv6 route 40A3::/64 2001::2
ipv6 route 40A4::/64 2001::2
ipv6 route 40A5::/64 2001::2
ipv6 route 40A6::/64 2001::2
ipv6 route 40A7::/64 2001::2
ipv6 route 40A8::/64 2001::2
ipv6 route 40A9::/64 2001::2
ipv6 route 40AA::/64 2001::2
ipv6 route 40AB::/64 2001::2
ipv6 route 40AC::/64 2001::2
ipv6 route 40AD::/64 2001::2
ipv6 route 40AE::/64 2001::2
ipv6 route 40AF::/64 2001::2
ipv6 route 40B0::/64 2001::2
ipv6 route 40B1::/64 2001::2
ipv6 route 40B2::/64 2001::2
ipv6 route 40B3::/64 2001::2
ipv6 route 40B4::/64 2001::2
ipv6 route 40B5::/64 2001::2
ipv6 route 40B6::/64 2001::2
ipv6 route 40B7::/64 2001::2
ipv6 route 40B8::/64 2001::2
ipv6 route 40B9::/64 2001::2
ipv6 route 40BA::/64 2001::2
ipv6 route 40BB::/64 2001::2
ipv6 route 40BC::/64 2001::2
ipv6 route 40BD::/64 2001::2
ipv6 route 40BE::/64 2001::2
ipv6 route 40BF::/64 2001::2
ipv6 route 40C0::/64 2001::2
ipv6 route 40C1::/64 2001::2
ipv6 route 40C2::/64 2001::2
ipv6 route 40C3::/64 2001::2
ipv6 route 40C4::/64 2001::2
ipv6 route 40C5::/64 2001::2
ipv6 route 40C6::/64 2001::2
ipv6 route 40C7::/64 2001::2
ipv6 route 40C8::/64 2001::2
ipv6 route 40C9::/64 2001::2
ipv6 route 40CA::/64 2001::2
ipv6 route 40CB::/64 2001::2
ipv6 route 40CC::/64 2001::2
ipv6 route 40CD::/64 2001::2
ipv6 route 40CE::/64 2001::2
ipv6 route 40CF::/64 2001::2
ipv6 route 40D0::/64 2001::2
ipv6 route 40D1::/64 2001::2
ipv6 route 40D2::/64 2001::2
ipv6 route 40D3::/64 2001::2
ipv6 route 40D4::/64 2001::2
ipv6 route 40D5::/64 2001::2
ipv6 route 40D6::/64 2001::2
ipv6 route 40D7::/64 2001::2
ipv6 route 40D8::/64 2001::2
ipv6 route 40D9::/64 2001::2
ipv6 route 40DA::/64 2001::2
ipv6 route 40DB::/64 2001::2
ipv6 route 40DC::/64 2001::2
ipv6 route 40DD::/64 2001::2
ipv6 route 40DE::/64 2001::2
ipv6 route 40DF::/64 2001::2
ipv6 route 40E0::/64 2001::2
ipv6 route 40E1::/64 2001::2
ipv6 route 40E2::/64 2001::2
ipv6 route 40E3::/64 2001::2
ipv6 route 40E4::/64 2001::2
ipv6 route 40E5::/64 2001::2
ipv6 route 40E6::/64 2001::2
ipv6 route 40E7::/64 2001::2
ipv6 route 40E8::/64 2001::2
ipv6 route 40E9::/64 2001::2
ipv6 route 40EA::/64 2001::2
ipv6 route 40EB::/64 2001::2
ipv6 route 40EC::/64 2001::2
ipv6 route 40ED::/64 2001::2
ipv6 route 40EE::/64 2001::2
ipv6 route 40EF::/64 2001::2
ipv6 route 40F0::/64 2001::2
ipv6 route 40F1::/64 2001::2
ipv6 route 40F2::/64 2001::2
ipv6 route 40F3::/64 2001::2
ipv6 route 40F4::/64 2001::2
ipv6 route 40F5::/64 2001::2
ipv6 route 40F6::/64 2001::2
ipv6 route 40F7::/64 2001::2
ipv6 route 40F8::/64 2001::2
ipv6 route 40F9::/64 2001::2
ipv6 route 40FA::/64 2001::2
ipv6 route 40FB::/64 2001::2
ipv6 route 40FC::/64 2001::2
ipv6 route 40FD::/64 2001::2
ipv6 route 40FE::/64 2001::2
ipv6 route 40FF::/64 2001::2
ipv6 route 4100::/64 2001::2
ipv6 route 4101::/64 2001::2
ipv6 route 4102::/64 2001::2
ipv6 route 4103::/64 2001::2
ipv6 route 4104::/64 2001::2
ipv6 route 4105::/64 2001::2
ipv6 route 4106::/64 2001::2
ipv6 route 4107::/64 2001::2
ipv6 route 4108::/64 2001::2
ipv6 route 4109::/64 2001::2
ipv6 route 410A::/64 2001::2
ipv6 route 410B::/64 2001::2
ipv6 route 410C::/64 2001::2
ipv6 route 410D::/64 2001::2
ipv6 route 410E::/64 2001::2
ipv6 route 410F::/64 2001::2
ipv6 route 4110::/64 2001::2
ipv6 route 4111::/64 2001::2
ipv6 route 4112::/64 2001::2
ipv6 route 4113::/64 2001::2
ipv6 route 4114::/64 2001::2
ipv6 route 4115::/64 2001::2
ipv6 route 4116::/64 2001::2
ipv6 route 4117::/64 2001::2
ipv6 route 4118::/64 2001::2
ipv6 route 4119::/64 2001::2
ipv6 route 411A::/64 2001::2
ipv6 route 411B::/64 2001::2
ipv6 route 411C::/64 2001::2
ipv6 route 411D::/64 2001::2
ipv6 route 411E::/64 2001::2
ipv6 route 411F::/64 2001::2
ipv6 route 4120::/64 2001::2
ipv6 route 4121::/64 2001::2
ipv6 route 4122::/64 2001::2
ipv6 route 4123::/64 2001::2
ipv6 route 4124::/64 2001::2
ipv6 route 4125::/64 2001::2
ipv6 route 4126::/64 2001::2
ipv6 route 4127::/64 2001::2
ipv6 route 4128::/64 2001::2
ipv6 route 4129::/64 2001::2
ipv6 route 412A::/64 2001::2
ipv6 route 412B::/64 2001::2
ipv6 route 412C::/64 2001::2
ipv6 route 412D::/64 2001::2
ipv6 route 412E::/64 2001::2
ipv6 route 412F::/64 2001::2
ipv6 route 4130::/64 2001::2
ipv6 route 4131::/64 2001::2
ipv6 route 4132::/64 2001::2
ipv6 route 4133::/64 2001::2
ipv6 route 4134::/64 2001::2
ipv6 route 4135::/64 2001::2
ipv6 route 4136::/64 2001::2
ipv6 route 4137::/64 2001::2
ipv6 route 4138::/64 2001::2
ipv6 route 4139::/64 2001::2
ipv6 route 413A::/64 2001::2
ipv6 route 413B::/64 2001::2
ipv6 route 413C::/64 2001::2
ipv6 route 413D::/64 2001::2
ipv6 route 413E::/64 2001::2
ipv6 route 413F::/64 2001::2
ipv6 route 4140::/64 2001::2
ipv6 route 4141::/64 2001::2
ipv6 route 4142::/64 2001::2
ipv6 route 4143::/64 2001::2
ipv6 route 4144::/64 2001::2
ipv6 route 4145::/64 2001::2
ipv6 route 4146::/64 2001::2
ipv6 route 4147::/64 2001::2
ipv6 route 4148::/64 2001::2
ipv6 route 4149::/64 2001::2
ipv6 route 414A::/64 2001::2
ipv6 route 414B::/64 2001::2
ipv6 route 414C::/64 2001::2
ipv6 route 414D::/64 2001::2
ipv6 route 414E::/64 2001::2
ipv6 route 414F::/64 2001::2
ipv6 route 4150::/64 2001::2
ipv6 route 4151::/64 2001::2
ipv6 route 4152::/64 2001::2
ipv6 route 4153::/64 2001::2
ipv6 route 4154::/64 2001::2
ipv6 route 4155::/64 2001::2
ipv6 route 4156::/64 2001::2
ipv6 route 4157::/64 2001::2
ipv6 route 4158::/64 2001::2
ipv6 route 4159::/64 2001::2
ipv6 route 415A::/64 2001::2
ipv6 route 415B::/64 2001::2
ipv6 route 415C::/64 2001::2
ipv6 route 415D::/64 2001::2
ipv6 route 415E::/64 2001::2
ipv6 route 415F::/64 2001::2
ipv6 route 4160::/64 2001::2
ipv6 route 4161::/64 2001::2
ipv6 route 4162::/64 2001::2
ipv6 route 4163::/64 2001::2
ipv6 route 4164::/64 2001::2
ipv6 route 4165::/64 2001::2
ipv6 route 4166::/64 2001::2
ipv6 route 4167::/64 2001::2
ipv6 route 4168::/64 2001::2
ipv6 route 4169::/64 2001::2
ipv6 route 416A::/64 2001::2
ipv6 route 416B::/64 2001::2
ipv6 route 416C::/64 2001::2
ipv6 route 416D::/64 2001::2
ipv6 route 416E::/64 2001::2
ipv6 route 416F::/64 2001::2
ipv6 route 4170::/64 2001::2
ipv6 route 4171::/64 2001::2
ipv6 route 4172::/64 2001::2
ipv6 route 4173::/64 2001::2
ipv6 route 4174::/64 2001::2
ipv6 route 4175::/64 2001::2
ipv6 route 4176::/64 2001::2
ipv6 route 4177::/64 2001::2
ipv6 route 4178::/64 2001::2
ipv6 route 4179::/64 2001::2
ipv6 route 417A::/64 2001::2
ipv6 route 417B::/64 2001::2
ipv6 route 417C::/64 2001::2
ipv6 route 417D::/64 2001::2
ipv6 route 417E::/64 2001::2
ipv6 route 417F::/64 2001::2
ipv6 route 4180::/64 2001::2
ipv6 route 4181::/64 2001::2
ipv6 route 4182::/64 2001::2
ipv6 route 4183::/64 2001::2
ipv6 route 4184::/64 2001::2
ipv6 route 4185::/64 2001::2
ipv6 route 4186::/64 2001::2
ipv6 route 4187::/64 2001::2
ipv6 route 4188::/64 2001::2
ipv6 route 4189::/64 2001::2
ipv6 route 418A::/64 2001::2
ipv6 route 418B::/64 2001::2
ipv6 route 418C::/64 2001::2
ipv6 route 418D::/64 2001::2
ipv6 route 418E::/64 2001::2
ipv6 route 418F::/64 2001::2
ipv6 route 4190::/64 2001::2
ipv6 route 4191::/64 2001::2
ipv6 route 4192::/64 2001::2
ipv6 route 4193::/64 2001::2
ipv6 route 4194::/64 2001::2
ipv6 route 4195::/64 2001::2
ipv6 route 4196::/64 2001::2
ipv6 route 4197::/64 2001::2
ipv6 route 4198::/64 2001::2
ipv6 route 4199::/64 2001::2
ipv6 route 419A::/64 2001::2
ipv6 route 419B::/64 2001::2
ipv6 route 419C::/64 2001::2
ipv6 route 419D::/64 2001::2
ipv6 route 419E::/64 2001::2
ipv6 route 419F::/64 2001::2
ipv6 route 41A0::/64 2001::2
ipv6 route 41A1::/64 2001::2
ipv6 route 41A2::/64 2001::2
ipv6 route 41A3::/64 2001::2
ipv6 route 41A4::/64 2001::2
ipv6 route 41A5::/64 2001::2
ipv6 route 41A6::/64 2001::2
ipv6 route 41A7::/64 2001::2
ipv6 route 41A8::/64 2001::2
ipv6 route 41A9::/64 2001::2
ipv6 route 41AA::/64 2001::2
ipv6 route 41AB::/64 2001::2
ipv6 route 41AC::/64 2001::2
ipv6 route 41AD::/64 2001::2
ipv6 route 41AE::/64 2001::2
ipv6 route 41AF::/64 2001::2
ipv6 route 41B0::/64 2001::2
ipv6 route 41B1::/64 2001::2
ipv6 route 41B2::/64 2001::2
ipv6 route 41B3::/64 2001::2
ipv6 route 41B4::/64 2001::2
ipv6 route 41B5::/64 2001::2
ipv6 route 41B6::/64 2001::2
ipv6 route 41B7::/64 2001::2
ipv6 route 41B8::/64 2001::2
ipv6 route 41B9::/64 2001::2
ipv6 route 41BA::/64 2001::2
ipv6 route 41BB::/64 2001::2
ipv6 route 41BC::/64 2001::2
ipv6 route 41BD::/64 2001::2
ipv6 route 41BE::/64 2001::2
ipv6 route 41BF::/64 2001::2
ipv6 route 41C0::/64 2001::2
ipv6 route 41C1::/64 2001::2
ipv6 route 5000::/96 2001::2
ipv6 router ospf 100
!
ipv6 router ospf 150
!
ipv6 router ospf 201
!
ipv6 ospf name-lookup
!
ipv6 prefix-list testyang seq 5 permit 8100::/24
route-map nap64 permit 1 ordering-seq 1
match track 100
set metric 10
!
route-map testyangipv4 permit 10 ordering-seq 10
set local-preference 50
!
route-map testyang permit 10 ordering-seq 10
match length 1000 2000
match ipv6 route-source testyang23
set local-preference 50
set ipv6 next-hop peer-address
set ipv6 default next-hop 8001::12
!
route-map testyang permit 30 ordering-seq 30
match ipv6 address prefix-list testyang
!
route-map testyang permit 50 ordering-seq testyang2
description testyangmodel
match source-protocol rip
match route-type external type-2
match route-type external type-1
match mpls-label
match ipv6 next-hop V6_ACL
set aigp-metric 30
set traffic-index 10
!
route-map testyang permit 80 ordering-seq 80
set ipv6 next-hop encapsulate l3vpn testyang
!
route-map LOCAL-PREF permit 10 ordering-seq 10
set local-preference 50
!
named-ordering-route-map enable
snmp-server community DNAC RO RW
snmp-server community DNAC_SNMP RO RO
snmp-server community LIVE RO RO
snmp-server community com RO RO
snmp-server community public-read RO RO
snmp-server community public-rw RO RW
snmp-server community FILE RW
snmp-server trap-source Port-channel56
snmp-server source-interface informs Port-channel56
snmp-server enable logging getop
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps eigrp
snmp-server enable traps hsrp
snmp-server host 70.70.70.177 6 GYOIJO[`Uf__egFJBLPB[JaEFgV
snmp-server file-transfer access-group SNMP_SDROUTING_TFTP protocol tftp
snmp-server file-transfer access-group SNMP_SDROUTING_FTP protocol ftp
snmp-server file-transfer access-group SNMP_SDROUTING_SFTP protocol sftp
snmp-server file-transfer access-group SNMP_SDROUTING_RCP protocol rcp
snmp-server file-transfer access-group SNMP_SDROUTING_SCP protocol scp
snmp-server manager
snmp-server dbal cache
snmp-server subagent cache timeout 70
snmp-server subagent cache-stats
snmp ifmib ifindex persist
snmp mib flash cache
snmp mib nhrp
snmp mib notification-log globalsize 200
snmp mib notification-log globalageout 23
tftp-server bootflash:imagefile
tftp-server bootflash:13march2023_pkionlysession.config
!
!
!
radius-server dead-criteria time 90
radius-server timeout 10
radius-server deadtime 1440
!
radius server testyang
timeout 20
retransmit 30
!
!
ipv6 access-list V6_ACL
sequence 10 permit ipv6 any any
rmon event 10 log description testyang owner config
control-plane host
management-interface TenGigabitEthernet0/0/2 allow ftp
!
!
control-plane
!
!
!
!
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
line vty 0 4
length 0
transport input all
transport output all
line vty 5 15
transport input all
transport output all
!
monitor event-trace tunnel size 8888
monitor event-trace dmvpn tunnel size 8888
monitor event-trace ipv6 static
monitor event-trace flexvpn tunnel size 8888
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
destination address http https://tools-stage.cisco.com/its/service/oddce/services/DDCEService
no destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
nat64 translation timeout udp 300
nat64 translation timeout tcp 3600
ntp server 110.110.110.110
ntp server time.google.com
!
!
netconf ssh
!
!
!
!
!
telemetry ietf subscription 294967225
filter xpath /crypto-ios-xe-events:nhrp-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967226
filter xpath /crypto-ios-xe-events:nhrp-alarm
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967227
filter xpath /crypto-ios-xe-events:ike-ipsec-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967228
filter xpath /crypto-ios-xe-events:ike-ipsec-alarm
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967229
filter xpath /qfp-resource-ios-xe-events:qfp-exmem-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967232
filter xpath /utd-ios-xe-events:utd-con
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967233
filter xpath /red-app-events:red-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967234
filter xpath /sse-ios-xe-events:sse-tunnel-params-absent
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967240
filter xpath /crypto-pki-ios-xe-events:pki-certificate-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967243
filter xpath /crypto-pki-ios-xe-events:pki-certificate-expiry
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967244
filter xpath /line-ios-xe-events:line-state-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967245
filter xpath /ospf-ios-xe-events:ospfv3-nbr-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967246
filter xpath /ospf-ios-xe-events:ospfv3-if-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967258
filter xpath /ios-events-ios-xe-oper:usb-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967259
filter xpath /ios-events-ios-xe-oper:tempsensor-state
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967260
filter xpath /ios-events-ios-xe-oper:tempsensor-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967261
filter xpath /ios-events-ios-xe-oper:system-reboot-issued
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967262
filter xpath /ios-events-ios-xe-oper:system-reboot-complete
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967263
filter xpath /ios-events-ios-xe-oper:system-logout-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967264
filter xpath /ios-events-ios-xe-oper:system-login-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967265
filter xpath /ios-events-ios-xe-oper:system-aaa-login-fail
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967267
filter xpath /ios-events-ios-xe-oper:sfp-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967271
filter xpath /ios-events-ios-xe-oper:pem-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967272
filter xpath /ios-events-ios-xe-oper:pem-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967273
filter xpath /ios-events-ios-xe-oper:ospf-neighbor-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967274
filter xpath /ios-events-ios-xe-oper:ospf-interface-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967275
filter xpath /ios-events-ios-xe-oper:memory-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967276
filter xpath /ios-events-ios-xe-oper:interface-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967277
filter xpath /ios-events-ios-xe-oper:interface-admin-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967280
filter xpath /ios-events-ios-xe-oper:fantray-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967281
filter xpath /ios-events-ios-xe-oper:fan-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967283
filter xpath /ios-events-ios-xe-oper:disk-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967289
filter xpath /ios-events-ios-xe-oper:cpu-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967293
filter xpath /ios-events-ios-xe-oper:bgp-peer-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967295
filter xpath /ios-events-ios-xe-oper:aaa-admin-pwd-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967244
filter xpath /ios-events-ios-xe-oper:utd-file-analysis-status-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967245
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-status-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967246
filter xpath /ios-events-ios-xe-oper:utd-file-analysis-file-upload-state
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967247
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-retrospective-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967248
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967253
filter xpath /im-events-ios-xe-oper:im-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967255
filter xpath /ios-events-ios-xe-oper:utd-version-mismatch
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967256
filter xpath /ios-events-ios-xe-oper:utd-update
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967257
filter xpath /ios-events-ios-xe-oper:utd-ips-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry receiver protocol confd-rfc5277
host ip-address 0.0.0.0 0
protocol rfc5277
netconf-yang
netconf-yang feature candidate-datastore
yang-interfaces feature deprecated disable
sd-routing
no ipv6-strict-control
organization-name vmng-scale-ind-swe
site-id 109
sp-organization-name vmng-scale-ind
system-ip 209.134.0.3
vbond name vbond1
vbond port 12346
wan-interface TenGigabitEthernet0/0/7
end
sp2_ramones#
spk-Elixir#sh run
Building configuration...
Current configuration : 30533 bytes
!
! Last configuration change at 10:18:17 UTC Wed Dec 4 2024 by system
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
service call-home
platform qfp utilization monitor load 80
platform hardware throughput crypto 50000
!
hostname spk-Elixir
!
boot-start-marker
boot system bootflash:c1100-universalk9.BLD_V1716_THROTTLE_LATEST_20241129_062507.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition dmvpn_elixir_parcel
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition test_yang
!
address-family ipv4
maximum routes 1000 10 reinstall 10
exit-address-family
!
vrf definition vrf1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf2
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_testyang
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_testyang_change
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging console
ethernet lmi ce
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local
aaa accounting connection test start-stop group test
!
!
aaa attribute list testyang1
!
aaa attribute list testyang2
!
aaa attribute list testyang3
!
aaa session-id common
ip arp proxy disable
!
ip vrf Mgmt-intf
!
ip host vbond1 70.70.70.125
ip name-server 27.1.0.8
no ip domain lookup
ip domain name cisco.com
ip bootp server
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
udld enable
udld message time 80
!
mpls label range 49 100
!
flow record cts-record
match flow cts destination group-tag
match flow cts source group-tag
match flow direction
match interface input
match interface output
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match transport destination-port
match transport source-port
collect counter packets
!
!
flow exporter EXPORTER-1
destination 10.104.54.178
transport udp 2044
!
!
flow monitor cts-monitor
exporter EXPORTER-1
cache timeout inactive 60
record cts-record
!
device-tracking tracking auto-source override
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1090845565
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1090845565
revocation-check none
rsakeypair TP-self-signed-1090845565
hash sha256
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
hash sha256
!
crypto pki trustpoint tp
enrollment url http://110.110.110.110:80
usage ike
serial-number
fingerprint 4145B0549AFD4AC347D8E711567478F353747A5C
subject-name CN=elixir.cisco.com,ou=elixir
subject-alt-name ramones1.cisco.com,elixir.cisco.com
revocation-check crl
rsakeypair tp 4096
auto-trigger
auto-enroll regenerate
hash sha256
!
!
crypto pki certificate chain TP-self-signed-1090845565
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303930 38343535 3635301E 170D3234 30363138 30353039
33395A17 0D333430 36313830 35303933 395A3031 312F302D 06035504 030C2649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30393038
34353536 35308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 01009E8A CE40DEE4 0CC912D2 C5DA0EBE E674A745 59FC226E 2A920C0F
13339036 D6251E14 B8CEA3FB 27E95333 26C211AA D4A1A664 8301EF74 D35E3158
DDE50DC6 F1EB8E86 84EEDEC3 7024B7EE 43142ADE 71410479 CA11F068 1B72911F
E81196C5 FD4D745F 2F00F217 F46F4EEB 6F307B94 66207B44 B53258FF EC4F7512
9C4935D0 BF1FCB73 723BB929 2E65B5F8 5BD2060A 0E4DF22F E8DC1A79 F2B58383
0B8AF8DE 88B04726 C8F8907C 514F1BB4 1C520B9E 00C05E3A F550A229 2E2AE7AD
3F42E9CA B39E9F49 B9537949 CAA34397 59F3DDED 80121553 0FA0CEE2 0449EDEA
2A545FA4 323239D9 39604531 06953B21 FB1FB7A8 12077306 FE4BDB32 EC7EE395
092C6DFE BEC50203 010001A3 53305130 1D060355 1D0E0416 04142AE7 377BA94F
A7C2C408 01DD66FE D5E8D36B 01BC301F 0603551D 23041830 1680142A E7377BA9
4FA7C2C4 0801DD66 FED5E8D3 6B01BC30 0F060355 1D130101 FF040530 030101FF
300D0609 2A864886 F70D0101 0B050003 82010100 3D86E3C5 94DF7EEB 9F3717F7
A033A0E7 A1A78E54 B01FAE57 ED15E2AF 24E898CC 0D2E9B2A B323A469 CD57389E
1A1F05F3 59FF31E5 653DF8D6 255F9AAA A46516B3 321EE657 35668487 9594C1EC
B0B85D51 A7A4357E AEAFFC21 DE46B762 9B015713 DC7793EC 10CA23C3 EE56E783
E0EE06FA 0F6021AC 393C3FB0 0FF1CCB4 018F0E44 CFAA2CE2 D7BA038A 88D39938
459D4713 32C966B3 5096C9F3 89A22A48 2C9CE07D 1F308E95 C7651002 42283FFA
4D832457 7AD1AEFE BB216905 5ECC0F2B FD24868C 8F614180 B69459B3 A518806E
3C166879 392DF91C 772BD3B7 02203FEC 2C9D67FA BBB074E0 7A058DEA D30706C1
6210E604 2919550D 7522A893 D4138395 B9E1EFF8
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain tp
certificate 6F
30820576 3082035E A0030201 0202016F 300D0609 2A864886 F70D0101 05050030
15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3234 31313137
31363237 32365A17 0D323531 31313731 36323732 365A3065 310F300D 06035504
0B130665 6C697869 72311930 17060355 04031310 656C6978 69722E63 6973636F
2E636F6D 31373012 06035504 05130B46 474C3235 31374C33 56333021 06092A86
4886F70D 01090216 1473706B 2D456C69 7869722E 63697363 6F2E636F 6D308202
22300D06 092A8648 86F70D01 01010500 0382020F 00308202 0A028202 0100B784
F5634559 687F1325 B2865A0F 0E0CACC9 6F9D7032 C74DB52E FCB50923 15E2A6F7
CD7BD732 0568A278 0C1D7F10 F9F484A9 1D69B4DE A2FE0451 CA1CC059 FE818A47
F523AF31 2E079483 51875949 9B1F287A C4EBBCE3 774D82C7 279F9955 1A180822
554BCCDB ABB50DEC E0B52373 5105BA0B B0B5E196 95A5B637 9559FA00 7FD08462
B7059657 FF485233 783E8E91 2AEE5B01 1EA3BC24 627855B0 5EB6D806 765C3450
C7772768 BC35C791 C5947F56 6BCD3B22 D04832B9 6509E4ED 381F7FE4 88787D85
80680C7D BCECD811 23F671FC 4791F380 1760CA5C F249D4E4 9DACBEA9 702AC705
FF309932 091CE705 FE160C67 C6E08F17 56E171AB 06EDD7A7 F1A5AF9C 08FABA56
6548B901 235ED039 0980390B 61830BCC F443940E BC925694 A7CCFC9E F2D2D85F
9924473F D4AEF95E 48196CAF A543C532 38121124 D1885A90 FEF4A398 7A82635A
CCE79D94 5BC4D278 08800641 4A3CAD64 72608D92 82DFAFD6 13FB1004 78932612
17B54EE9 437670B9 1D4D5FCA CE22B79A 0C2600D0 771E93B5 F2981FFB 6D3A91F5
873915CB 58730804 225456A1 FE49F0BE 414B0209 AA96800E FEA51005 1C1BF75A
854C92DC ACF49725 726E0BAF 60307536 EE9F336E FE931B3E D3FE11C8 5CBAC1BB
43725DFF E71B4CEB 1CF2F450 5B251198 DE22E719 BC9EDFA7 5FB14EBE D9C2312A
D14B4AA6 EFF75797 76C2B07C BA68698D 39A3D934 24490689 24A2CB1C 912F0203
010001A3 8180307E 300B0603 551D0F04 04030205 A0302F06 03551D11 04283026
82127261 6D6F6E65 73312E63 6973636F 2E636F6D 8210656C 69786972 2E636973
636F2E63 6F6D301F 0603551D 23041830 1680146B 4F967033 62290FC1 7DCDB249
B039EA65 4F257530 1D060355 1D0E0416 04146086 71BC3B47 6B5E5437 FCB831B0
098DD875 D454300D 06092A86 4886F70D 01010505 00038202 01002F58 BF38C837
52C66A3E FCB5EE6C A33ABF44 0D7CA14C 400315F8 CFC7D614 D7420065 37018E8B
30A8AC36 8CC6CDDC B2B0576C 5B4FEA20 80285A07 7E8DAF8E F2439EF1 6E67C06A
C766C481 E5AC8FC9 3059806C 0A87EAAD 24C32CFC ADBAE7B7 4C053056 FAFCFDE3
7B750FAF CD5C3125 042B5292 4E1F0B2B 72748092 FE640A84 63274209 6E684468
74975912 D4F6EC2E 53574FA3 84A4BE50 F7ED744A 5EB3F536 BE8D4BB1 B64FC350
2D3A4448 C8B23BD6 84D25004 BE5FA889 83DB0D6A 8BA0D914 9EE37B3C 253670C4
B2ED8162 23D20C6C 811CC932 FFEF13F8 21DE8F39 D2BB79FF C7A02840 2346C763
9425B040 C6BB197D C1BE26C7 DF7F8B4C 2F1840DC 92DE3590 DA9C1683 8B6F1B66
7F24574B 0DA53D06 2E0DAC6C 31CA2D64 9750623A B515B5EA 04E33EE6 284C54AF
D64E9984 838E1273 707729F8 3F57C099 3D7A6C84 1B3F6883 01401690 C52A3083
78CCB94E 02D6EFC8 F656F7B1 F8C10C63 2F6F49EF 9FD850EC E968E26F 193FAEA0
4746519F 1CB37FD6 F9D3D1A4 B9A00DD5 A28E2681 22F67971 2ED05DA5 E441B0D6
95C15E0F 43495B70 1E121B24 10E0F5AB 751698DA DE9324D9 48550A8D 96472BA6
19013D78 F0DBA17E 0A5D1688 8FA74EDE F9286599 2D2AC05D 99851E24 28F531A9
25EBB7FA 7A8F2A7C B368637E 3A05F9A4 CBE9ACE3 6C3BCC20 41238D4B 5856F649
92E2085A E39F0E6E 70ED2E9E A93D9FCE CD8DCA20 D0085739 E201
quit
certificate ca 01
30820508 308202F0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3233 30343130
30353439 31305A17 0D323630 34303930 35343931 305A3015 31133011 06035504
03130A52 43413120 433D706B 69308202 22300D06 092A8648 86F70D01 01010500
0382020F 00308202 0A028202 010096CA DA16A51E 7A9D055E 2211EB4B 61581F41
4D1E7110 75841FC4 446B5AB4 5A299041 059E313C 52E1F684 A6C4481C 37BFD96D
B4B9A515 91B45C12 DED9B0E9 532ED4AD B7110BD2 6D6DBF01 038BEC7F 3B35C681
E42C9D44 23D11CE6 C57B055F EDF1D8DB 863DD488 DE90B591 78E2C655 A145F0B0
A0EA63BA B1E0CED1 6F241ADF 9CA6AF2C 50D06695 7DD90C72 16F7E23B A1CB88D0
19A04F26 B6EA97E7 A56868A9 E8D8F20E F721A3A9 B3DE59C0 3764B53D 57ECCCE4
F332A3F4 E81BA13E 232A50B0 0A612AAD 2C51BFEB 5069C9AF F9B838A6 C3CF2A88
30CD377A 61640158 5F584047 715F7D4C 946E500B 87FE987D 4D282B00 5AD1199F
2F335E43 9ADE5468 6710B75F 5F954B3C 48DFC60A 134CA615 3BEFE644 C312410A
52F060B0 97F4F0C1 7C4BB64F 505A74E4 C9BB1653 D765EF49 F4DB4B5E 38D97526
00D25ED8 86E6E72E 49C6353E F5F27101 0D1B9082 EDE2A221 A577B677 F4E1859A
91085B8C A1637A75 BCB345E0 805E88AF 47246DF9 24D80982 4E256103 AF51F1FA
A6FA2E25 FB122052 8B9106A7 D18354A1 CEB62E11 BEB19B6E 4F1E4CD5 6E457951
3D52CCB0 E34DD9DA 47187D67 67EF4263 2E5BD2CC 6E6F7EE2 E43B3A66 683C0174
D41A9BE5 223B0818 8098A5A9 5D897BFE 12A9412C 80DC208F 21544D9B B31DA1AC
48083C83 102EC464 D1DFD35A 03B9136A FF26E661 F5680A36 8F9D7759 D047A8B5
A252E340 315257DA 3770B9CE C9430203 010001A3 63306130 0F060355 1D130101
FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304
18301680 146B4F96 70336229 0FC17DCD B249B039 EA654F25 75301D06 03551D0E
04160414 6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 300D0609 2A864886
F70D0101 05050003 82020100 8E38A04E F2459B0F 80354958 51A460F1 3383B5C9
388D72E2 92463A18 9A1F5053 2D6DC8B7 429AE4DE FFF4FF15 51CE3F30 16403E92
A0ACD45C 27B22EAA 9266B3EF 14E30378 F9EB5F1B 78B73D34 7B686FD1 A97A966C
8BAB60E1 0740A9EE 3A8AE4F1 463CAFB4 35D04B51 96425A36 70BB805D 7D021CF3
13FF1094 54FC8513 E6B76060 FF845DE9 DEDDA149 C6700D84 9D6DEFD1 9D5D1F96
E2DB9B9C 09B451B4 ABBCFBA8 80F75A4E B91A6528 A7FCC705 C63EA2FA E799B24D
965E14D3 6E4DCDE1 60D3998B 90F91CC2 817241DC C5441B2A 7E2ED784 3FB74BB9
61A73F22 B39793E2 9CA7BB85 1A893E74 A312AE15 8790BE0E CFCC2ACF 1BFA3432
8F6B7C5F B10D349A FF538EE9 E13FEEF1 AB2EC4E5 A137B3A4 F4D1A52A CA0CBA98
957C2C95 4BB2F960 D78BE690 3591A343 1B1239FC C7BB7D0D 773AD9A6 46DD8202
CE9263DD DCBC0854 D25E2F09 F0688782 00DF57BE 2F3B87A0 52027F51 CBE80D5E
FF663943 F4001980 8514F9AC 1661C29C 8AFF271E 3FECA871 21C8732A A2A99725
A920962D 2190F66E 09031B4F 8879364A 540E5E57 0DDEF0A8 F0F469B8 B4609FE6
193E4416 C4E35CF8 CE55A5A2 4D931483 C9E98267 111B16B4 8A44EF88 301855EC
0F6E7C69 361F61A7 426FFDB1 14530B1B FE390BDA 5D5EECC9 9F7110FF 4600750E
6CA929CB 21DEE746 C6FD26E1 A0FA64DA 4F1E85B5 A2E65F2C D13C39E5 02AD67DB
31AC5AEF 8AC58041 127E738D
quit
!
!
!
!
!
!
!
!
!
diagnostic bootup level minimal
!
no license feature hseck9
license udi pid C1131X-8PWB sn FGL2517L3V3
license accept end user agreement
license boot level appxk9
license boot level securityk9
memory free low-watermark processor 70676
!
spanning-tree extend system-id
spanning-tree vlan 115 priority 8192
spanning-tree vlan 115 hello-time 8
spanning-tree vlan 115 forward-time 14
spanning-tree vlan 115 max-age 17
!
!
enable password 7 <removed>!
username admin privilege 15 secret 9 $9$7RhKMgFeUoWYdu$N3buTpNmkxtTYt4MYpmWI17rci7e9crg0RxauGA9ZVo
username cisco password 7 <removed>username cts password 7 <removed>username lab password 7 <removed>username sdwan password 7 <removed>username wan password 7 <removed>!
redundancy
mode none
!
!
!
crypto ikev2 proposal 1
encryption aes-cbc-256
integrity sha512
group 14
crypto ikev2 proposal p1-global
encryption aes-cbc-128 aes-cbc-192 aes-cbc-256
integrity sha256 sha384 sha512
group 14 15 16 19 20 21
crypto ikev2 proposal testyang
! Proposal Incomplete(MUST have atleast an encryption algorithm, an integrity algorithm and a dh group configured)
encryption aes-gcm-128
prf sha512
!
!
crypto ikev2 keyring dmvpn_parcel_ipsec
peer any
address 0.0.0.0 0.0.0.0
pre-shared-key cisco123
!
peer any-ipv6
address ::/0
pre-shared-key cisco123
!
!
crypto ikev2 keyring testyang
peer testyang
address 208.208.208.208
pre-shared-key local cisco123
pre-shared-key remote cisco123
!
!
!
crypto ikev2 profile test_profile
match identity remote address 0.0.0.0
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint tp
!
crypto ikev2 profile dmvpn_parcel_ipsec
match fvrf any
match identity remote address 207.1.1.1 255.255.255.255
identity local address 208.1.1.1
authentication remote pre-share
authentication local pre-share
keyring local dmvpn_parcel_ipsec
dpd 10 3 on-demand
no config-exchange request
!
crypto ikev2 dpd 30 5 on-demand
crypto ikev2 fragmentation mtu 1400
!
!
vlan internal allocation policy ascending
!
lldp run
track timer ipv6 route msec 700
track resolution ipv6 route EIGRP 300
!
class-map match-all testyang
match protocol attribute category file-sharing
match protocol attribute sub-category desktop-virtualization
match protocol sip
class-map match-all test
match not security-group destination tag 6000
class-map match-any class-bfd
match access-group name acl-bfd
class-map match-all c1
class-map match-all c11
match vlan 115
class-map type inspect match-any zone_cmap_new
match protocol citrix
match protocol dns
match protocol ftp
match protocol http
match protocol https
match protocol icmp
match protocol pop3
match protocol rtsp
match protocol sip
match protocol smtp
match protocol snmptrap
match protocol tcp
match protocol udp
!
policy-map testyang
policy-map p11
class c11
set dscp af41
!
!
zone security lan_zone
!
!
!
!
!
!
!
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set test_trans esp-gcm
mode tunnel
crypto ipsec transform-set IPSEC_TS1 esp-gcm 256
esn
mode transport
!
!
crypto ipsec profile dmvpn_parcel_ipsec
set security-association lifetime kilobytes disable
set security-association replay window-size 64
set transform-set IPSEC_TS1
set ikev2-profile dmvpn_parcel_ipsec
!
crypto ipsec profile test_profile
set security-association replay disable
set transform-set test_trans
set ikev2-profile test_profile
!
!
!
!
!
!
!
!
!
interface Loopback191
no ip address
!
interface Loopback193
no ip address
!
interface Port-channel1
switchport
switchport trunk allowed vlan 3800-3802
!
interface Port-channel2
switchport
!
interface Tunnel2
bandwidth 1000
ip flow monitor cts-monitor input
ip flow monitor cts-monitor output
ip address <removed> no ip redirects
ip nbar protocol-discovery
ip nhrp authentication iplabs
ip nhrp map 8.1.1.1 45.35.1.1
ip nhrp map 8.1.1.10 1.200.1.1
ip nhrp map 8.1.1.31 85.75.1.2
ip nhrp map multicast 1.200.1.1
ip nhrp map multicast 45.35.1.1
ip nhrp map multicast 85.75.1.2
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 8.1.1.1
ip nhrp nhs 8.1.1.10
ip nhrp nhs 8.1.1.31
ip tcp adjust-mss 1376
load-interval 30
nhrp group SPOKE_1G
cts sgt inline
bfd interval 5000 min_rx 5000 multiplier 5
tunnel source GigabitEthernet0/1/6
tunnel mode gre multipoint
tunnel key 200
tunnel path-mtu-discovery
tunnel protection ipsec profile test_profile
!
interface Tunnel197
vrf forwarding vrf_testyang
no ip address
ip wccp vrf vrf_testyang web-cache redirect in
ip wccp vrf vrf_testyang web-cache redirect out
!
interface Tunnel198
no ip address
!
interface Tunnel199
no ip address
ip mux
ipv6 mux
nhrp group testyang
!
interface Tunnel60000111
bandwidth 1400
vrf forwarding dmvpn_elixir_parcel
ip address <removed> no ip redirects
ip mtu 1400
ip nhrp network-id 110
ip nhrp nhs 206.1.1.1 nbma 71.1.1.1 multicast
ip tcp adjust-mss 1360
delay 1000
ipv6 mtu 1400
ipv6 tcp adjust-mss 1360
bfd interval 100 min_rx 120 multiplier 5
tunnel source GigabitEthernet0/1/6
tunnel mode gre multipoint
tunnel key 110
tunnel path-mtu-discovery
tunnel protection ipsec profile dmvpn_parcel_ipsec
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
utd enable
!
interface GigabitEthernet0/0/1
ip vrf forwarding Mgmt-intf
ip address <removed> negotiation auto
vlan-id dot1q 954
!
!
interface GigabitEthernet0/1/0
switchport trunk allowed vlan 3800-3802
channel-group 1 mode active
!
interface GigabitEthernet0/1/1
switchport trunk allowed vlan 3800-3802
channel-group 1 mode active
!
interface GigabitEthernet0/1/2
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/1/3
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/1/4
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/1/5
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/1/6
no switchport
ip address <removed> negotiation auto
!
interface GigabitEthernet0/1/7
no switchport
no ip address
negotiation auto
ospfv3 bfd disable
!
interface GigabitEthernet0/1/7.3800
encapsulation dot1Q 3800
ip address <removed>!
interface Wlan-GigabitEthernet0/1/8
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
!
interface Vlan115
ip address <removed> zone-member security lan_zone
service-policy input p11
!
interface vasiright20
ip dhcp relay information trusted
no ip address
no keepalive
!
interface BDI200
no ip address
zone-member security lan_zone
ipv6 ospf network manet
!
interface nve1
no ip address
host-reachability protocol bgp
!
!
router eigrp 100
network 12.12.12.0 0.0.0.255
!
ip forward-protocol nd
no ip forward-protocol udp
ip tcp selective-ack
ip tcp mss 1460
ip tftp source-interface GigabitEthernet0/0/1
ip tftp blocksize 8192
no ip ftp passive
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/1/6
!
ip as-path access-list 11 permit ^$
ip as-path access-list 13 permit ^$
ip route 202.153.144.25 255.255.255.255 11.4.0.1
ip route vrf Mgmt-intf 9.45.0.0 255.255.0.0 9.44.0.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
ip ssh bulk-mode 131072
!
ip access-list extended acl-bfd
10 permit udp any any eq 3784
20 permit udp any any eq 3785
ip access-list extended debug
20 permit ip any any
ip access-list extended 179
10 deny udp any any eq 3785
20 permit ip any any
dialer-list 12 protocol ip permit
dialer-list 13 protocol bridge deny
dialer-list 14 protocol decnet list 309
!
arp access-list testyang54
deny ip host 191.1.1.191 mac host d0dc.2c78.4040
permit response ip host 191.1.1.1 any mac any any
permit response ip 191.1.1.1 191.1.1.2 host 191.1.1.3 mac any any
snmp-server community snmp RO
snmp-server source-interface informs Vlan115
snmp ifmib ifindex persist
!
!
!
!
!
ipv6 access-list testipv6acl
sequence 10 permit ipv6 any any
!
ipv6 access-list testipv6acl_change
sequence 10 permit ipv6 any any
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
parser config cache interface
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password 7 <removed> length 0
transport input all
transport output all
line vty 5 14
exec-timeout 0 0
password 7 <removed> transport input all
transport output all
!
ntp server 110.110.110.110
ntp server time.google.com
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
!
telemetry ietf subscription 294967224
filter xpath /crypto-ios-xe-events:nhrp-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967225
filter xpath /crypto-ios-xe-events:nhrp-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967226
filter xpath /crypto-ios-xe-events:nhrp-alarm
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967227
filter xpath /crypto-ios-xe-events:ike-ipsec-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967228
filter xpath /crypto-ios-xe-events:ike-ipsec-alarm
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967229
filter xpath /qfp-resource-ios-xe-events:qfp-exmem-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967232
filter xpath /utd-ios-xe-events:utd-con
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967233
filter xpath /red-app-events:red-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967234
filter xpath /sse-ios-xe-events:sse-tunnel-params-absent
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967240
filter xpath /crypto-pki-ios-xe-events:pki-certificate-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967243
filter xpath /crypto-pki-ios-xe-events:pki-certificate-expiry
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967244
filter xpath /line-ios-xe-events:line-state-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967245
filter xpath /ospf-ios-xe-events:ospfv3-nbr-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967246
filter xpath /ospf-ios-xe-events:ospfv3-if-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967258
filter xpath /ios-events-ios-xe-oper:usb-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967259
filter xpath /ios-events-ios-xe-oper:tempsensor-state
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967260
filter xpath /ios-events-ios-xe-oper:tempsensor-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967261
filter xpath /ios-events-ios-xe-oper:system-reboot-issued
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967262
filter xpath /ios-events-ios-xe-oper:system-reboot-complete
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967263
filter xpath /ios-events-ios-xe-oper:system-logout-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967264
filter xpath /ios-events-ios-xe-oper:system-login-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967265
filter xpath /ios-events-ios-xe-oper:system-aaa-login-fail
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967267
filter xpath /ios-events-ios-xe-oper:sfp-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967271
filter xpath /ios-events-ios-xe-oper:pem-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967272
filter xpath /ios-events-ios-xe-oper:pem-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967273
filter xpath /ios-events-ios-xe-oper:ospf-neighbor-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967274
filter xpath /ios-events-ios-xe-oper:ospf-interface-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967275
filter xpath /ios-events-ios-xe-oper:memory-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967276
filter xpath /ios-events-ios-xe-oper:interface-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967277
filter xpath /ios-events-ios-xe-oper:interface-admin-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967280
filter xpath /ios-events-ios-xe-oper:fantray-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967281
filter xpath /ios-events-ios-xe-oper:fan-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967283
filter xpath /ios-events-ios-xe-oper:disk-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967289
filter xpath /ios-events-ios-xe-oper:cpu-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967293
filter xpath /ios-events-ios-xe-oper:bgp-peer-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967295
filter xpath /ios-events-ios-xe-oper:aaa-admin-pwd-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967244
filter xpath /ios-events-ios-xe-oper:utd-file-analysis-status-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967245
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-status-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967246
filter xpath /ios-events-ios-xe-oper:utd-file-analysis-file-upload-state
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967247
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-retrospective-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967248
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967253
filter xpath /im-events-ios-xe-oper:im-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967255
filter xpath /ios-events-ios-xe-oper:utd-version-mismatch
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967256
filter xpath /ios-events-ios-xe-oper:utd-update
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967257
filter xpath /ios-events-ios-xe-oper:utd-ips-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry receiver protocol confd-rfc5277
host ip-address 0.0.0.0 0
protocol rfc5277
netconf-yang
netconf-yang feature candidate-datastore
yang-interfaces feature deprecated disable
sd-routing
no ipv6-strict-control
organization-name vmng-scale-ind-swe
site-id 124
sp-organization-name vmng-scale-ind
system-ip 209.134.0.1
vbond name vbond1
vbond port 12346
wan-interface GigabitEthernet0/1/6
end
spk-Elixir#
bender_1#show run
Building configuration...
Current configuration : 23490 bytes
!
! Last configuration change at 11:27:00 UTC Wed Dec 4 2024
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
!
hostname bender_1
!
boot-start-marker
boot system bootflash:c8k30aes-universalk9.17.16.01.0.1538.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VRF90
rd 90:90
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VRF_CLOUD_89
rd 89:89
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf2
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging console
ethernet lmi ce
aaa new-model
!
!
aaa authorization credential-download default if-authenticated
!
!
aaa attribute list testyang3
!
aaa attribute list testyang2
!
aaa attribute list testyang
!
aaa session-id common
!
!
subscriber templating
!
ip host vbond1 70.70.70.125
ip name-server 27.1.0.8
no ip domain lookup
ip domain name cisco.com
!
!
!
!
!
!
ip bootp server
!
!
!
login on-success log
!
!
!
!
!
ipv6 nd cache expire refresh
ipv6 unicast-routing
ipv6 spd queue max-threshold 65535
ipv6 spd queue min-threshold 65533
!
!
!
!
!
!
mpls label range 32 56
parameter-map type inspect test
tcp idle-time 21000
tcp idle reset off
!
!
flow record cts-record
match flow cts destination group-tag
match flow cts source group-tag
match flow direction
match interface input
match interface output
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match transport destination-port
match transport source-port
collect counter packets
!
!
flow exporter EXPORTER-1
destination 10.104.54.178
transport udp 2044
!
!
flow monitor cts-monitor
exporter EXPORTER-1
cache timeout inactive 60
record cts-record
!
access-session mac-move deny
!
chat-script flow cts source group-tag
!
key chain MY_KEY_CHAIN
key 1
key-string 7 010703174F
key 2
key-string 7 071B245F5A5B
key 3
key-string 7 0835495D1D4A
!
crypto pki trustpoint TP-self-signed-376606419
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-376606419
revocation-check none
rsakeypair TP-self-signed-376606419
hash sha256
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
hash sha256
!
crypto pki trustpoint tp
enrollment url http://110.110.110.110:80
usage ike
serial-number
fingerprint 4145B0549AFD4AC347D8E711567478F353747A5C
subject-name CN=bender.cisco.com,ou=elixir
subject-alt-name bender1.cisco.com,bender.cisco.com
revocation-check crl
rsakeypair tp 4096
hash sha256
!
crypto pki trustpool policy
revocation-check none
!
!
!
crypto pki certificate map testmap 10
issuer-name co testname
!
crypto pki certificate chain TP-self-signed-376606419
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373636 30363431 39301E17 0D323430 34313731 31343832
365A170D 33343034 31373131 34383236 5A303031 2E302C06 03550403 0C25494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 36363036
34313930 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 EE86EB77 899C3320 2E4C76F6 4012D824 D3112A61 FD7BB995 0E86BD2E
AEB4AD19 CF98B43B 9DF7A571 CEEB087A 2A67EF56 1E7DD7F5 917CFE0D A8ECA9B4
7A85848D C08AE9FD E7565F84 577D619A 58B4CF0F 1C3B3E0E 1FC33E61 83126147
EE796450 B27F3881 6E08CF5E BF09C689 93ECB791 6E6E10B2 18A2712C FE1722F1
2EFE53C2 7ED9ADE6 445AA823 F11AB55B F475F167 BFCD81B2 83D97CA1 11FBB6DB
348EB25F 5F10CA3A AD8B0FAC 2916F5F2 0A7E4508 ABC0F8EF 14EDDF88 228D3243
7770C0D5 6340E9ED CC2B6730 E68D2B7D 67447EE9 C836D983 D19050F4 2A8A4FC0
D9A8EDE3 8AD9A8A7 350532EC 12499210 1CF08D0E 3DDB2276 DD627CB6 E2989719
A201F1DF 02030100 01A35330 51301D06 03551D0E 04160414 24837B2B C1543578
62DCEB3D 091285EE 32AA9283 301F0603 551D2304 18301680 1424837B 2BC15435
7862DCEB 3D091285 EE32AA92 83300F06 03551D13 0101FF04 05300301 01FF300D
06092A86 4886F70D 01010B05 00038201 0100E75F 2024EE5B 93E8F0DB AB89C1BF
C467F8A4 31EFEC29 1F61C047 F83B2451 0C87F9FC 121CE7D6 C60AD11D 9471ACF2
A75AD1DA 5C97A471 F69DEE4E 00F511E4 82B05821 E2FCC430 39E23F51 D53EDB97
4B11EC39 88EA0EC2 05BC49C0 274B1B18 0166E818 A0BD3842 123FE771 190D609E
927168B1 0F0329A3 7A1A4674 AB27DB72 D0FA805B 65FB1E93 A56126FA 8B1E8BFD
7A530DAF 42ABA98E EF6FB29B EB8D326E F88983B9 ACE8DF76 D5BF81DC 93477CA0
79ECF05D D7D3824C CCCBC144 67F339C6 B6C5CE42 A8011C33 ADD37F16 CBC09D77
C9511CC8 45ACFA39 1C9427D1 A41FA427 B145420D 5E3E07CA 97403689 9B3688AF
4E84BA3A C46E5697 4ACB1AF8 E3A9D844 C074
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain tp
certificate 70
30820572 3082035A A0030201 02020170 300D0609 2A864886 F70D0101 05050030
15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3234 31313234
30373530 32325A17 0D323531 31323430 37353032 325A3063 310F300D 06035504
0B130665 6C697869 72311930 17060355 04031310 62656E64 65722E63 6973636F
2E636F6D 31353012 06035504 05130B46 444F3237 33334D31 314D301F 06092A86
4886F70D 01090216 1262656E 6465725F 312E6369 73636F2E 636F6D30 82022230
0D06092A 864886F7 0D010101 05000382 020F0030 82020A02 82020100 A79DEC67
2969348A 65268D3B 76324D91 E3EEC980 A988B7A3 4E2FB815 6B2501AE 59CE190A
CD13831C 4AD9CAFA BF28FD7C C112C796 D1FFF5DD 01F7D8F9 E782B553 92146BB3
AE60ED18 76AB2D09 F389F556 EA70C3C0 027892BE 809F1E14 33897C43 E15FAD7F
C5B06D8C A9856B9A AF5100B2 BA8596E5 C8B2660B 173CA4F7 FB5C07F2 A5F6410C
1556EEF9 B6D8A693 5A6E391B B4A73E92 14C022FD D4F70282 E9E7B00E 414C8A67
0DC2F943 447EC10D DE27214B 246C3D43 C4A3461D C294BB39 7DD69930 7550923E
F1556D53 A1E9D2A3 306E1775 59F9C7E0 77DC819D 882AA19A F5AA0A69 5377BCE4
D91FB615 1C92277C 72D71D7D B777FC67 54B7B4A9 1A27A8C9 F555028B C0B98FF4
11F9826A F4D21B80 346C111C 3D7AA9B1 A86C1A62 7F5F3024 8619E08B 7E4666E9
CF6957A7 2FC4F54E C7BC60B9 07550CBD 8FCADFB9 89111E12 39908FC1 9B94E844
C2971AA2 42A1F12D E5CCBD01 0E21D594 68AF9BA9 573533EE 1CF9D42D E8CBC64E
2EA08A7F 4C4FCB77 25EA681E 1A697415 B400589C C7945675 FFCA7981 85D50E33
EA923925 5CE33207 D167A236 A4559717 89383563 3BFC6018 C0533BF8 4C8E97D8
193A80DA 63CC042D 90C573F4 03275237 6477812B A7F17E66 D62C2659 CD080FBC
39EF68B9 6E8246A3 CD5FD17E A511B569 2F01CFE1 28B178BA 7FF304C0 06BB15D3
EABC9447 CADA67EA 25BD320B 58635D0D E62153D3 CCABB487 2AE6A8F5 02030100
01A37F30 7D300B06 03551D0F 04040302 05A0302E 0603551D 11042730 25821162
656E6465 72312E63 6973636F 2E636F6D 82106265 6E646572 2E636973 636F2E63
6F6D301F 0603551D 23041830 1680146B 4F967033 62290FC1 7DCDB249 B039EA65
4F257530 1D060355 1D0E0416 04145DAD 6A5A33E4 136622A0 1892A609 B07DB0F2
B335300D 06092A86 4886F70D 01010505 00038202 01007309 E0BC8E6F F085CA74
D2A0D403 C7F3DC00 CA178D32 FBE8E437 6D63FECD B88EB1E0 88683090 800C2CD9
AC5D1B52 4E4242DB 0E2C093E 9F374EED 51F02038 21BBDAC1 DAC5C714 5307ABD7
9CFC5449 449F2861 77D167CD C5411238 DBA48C75 413DC135 7F996481 8A6B51E3
4605CD21 FB5B4313 1DE7BFDC 982D4C78 9B5CE54F 453D8616 BD95B5F4 0460F1D0
1BBDD5B3 23DA8C30 17502CCA F98B51A6 1EAC9A0D 11F9D702 FFFAC390 C8BE6E79
67C2E38D 41F1180A 4A44FAED 9EF618C1 95DE22C9 D9B25F02 53D00CFB 7FB9F963
88FAFE40 786EBFCF 300E1556 1E64F6AE 6483A468 0C2024C8 4F486538 E0DF4B94
46AAEF77 95EA3BD5 1FAF1604 7534F84B 3CA25CAC D41BB28E 20A9892D 1ECE441E
6DBFD300 29F4691B 1EEBFE24 062AD072 0F3964B4 33109C9B F5B43ABA 29B9DFB0
BF4DE855 E73377D8 48DE5F47 B9266C86 D65EB17C DF4AC987 A9FFB398 4D447B68
F8879DDB 87FD0BE4 55529945 3F6D7A80 3CA7D847 683B71A4 3A787D73 FFA9932A
512076E1 E80583CD 20FBA426 6528E1A4 4FA711A6 80D892F6 4CF07F61 0C47C60F
6C0EBBF5 4E2E6EDE 44063435 F4599670 6673B6C9 568BEE7C 8CDD1EC5 63F11D55
1678F58B F8750AC1 11335781 0DE734F7 91E3AEB5 E2FB4184 858E495C 8173D847
9EDAB43F D69A69C9 98D8A839 30FE19BD DA8B4CD7 D87FAEB2 0179FA18 C9E7583D
07CA85C9 77C36AB1 7EF15D46 D20110AC D71186A0 0ED9
quit
certificate ca 01
30820508 308202F0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3233 30343130
30353439 31305A17 0D323630 34303930 35343931 305A3015 31133011 06035504
03130A52 43413120 433D706B 69308202 22300D06 092A8648 86F70D01 01010500
0382020F 00308202 0A028202 010096CA DA16A51E 7A9D055E 2211EB4B 61581F41
4D1E7110 75841FC4 446B5AB4 5A299041 059E313C 52E1F684 A6C4481C 37BFD96D
B4B9A515 91B45C12 DED9B0E9 532ED4AD B7110BD2 6D6DBF01 038BEC7F 3B35C681
E42C9D44 23D11CE6 C57B055F EDF1D8DB 863DD488 DE90B591 78E2C655 A145F0B0
A0EA63BA B1E0CED1 6F241ADF 9CA6AF2C 50D06695 7DD90C72 16F7E23B A1CB88D0
19A04F26 B6EA97E7 A56868A9 E8D8F20E F721A3A9 B3DE59C0 3764B53D 57ECCCE4
F332A3F4 E81BA13E 232A50B0 0A612AAD 2C51BFEB 5069C9AF F9B838A6 C3CF2A88
30CD377A 61640158 5F584047 715F7D4C 946E500B 87FE987D 4D282B00 5AD1199F
2F335E43 9ADE5468 6710B75F 5F954B3C 48DFC60A 134CA615 3BEFE644 C312410A
52F060B0 97F4F0C1 7C4BB64F 505A74E4 C9BB1653 D765EF49 F4DB4B5E 38D97526
00D25ED8 86E6E72E 49C6353E F5F27101 0D1B9082 EDE2A221 A577B677 F4E1859A
91085B8C A1637A75 BCB345E0 805E88AF 47246DF9 24D80982 4E256103 AF51F1FA
A6FA2E25 FB122052 8B9106A7 D18354A1 CEB62E11 BEB19B6E 4F1E4CD5 6E457951
3D52CCB0 E34DD9DA 47187D67 67EF4263 2E5BD2CC 6E6F7EE2 E43B3A66 683C0174
D41A9BE5 223B0818 8098A5A9 5D897BFE 12A9412C 80DC208F 21544D9B B31DA1AC
48083C83 102EC464 D1DFD35A 03B9136A FF26E661 F5680A36 8F9D7759 D047A8B5
A252E340 315257DA 3770B9CE C9430203 010001A3 63306130 0F060355 1D130101
FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304
18301680 146B4F96 70336229 0FC17DCD B249B039 EA654F25 75301D06 03551D0E
04160414 6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 300D0609 2A864886
F70D0101 05050003 82020100 8E38A04E F2459B0F 80354958 51A460F1 3383B5C9
388D72E2 92463A18 9A1F5053 2D6DC8B7 429AE4DE FFF4FF15 51CE3F30 16403E92
A0ACD45C 27B22EAA 9266B3EF 14E30378 F9EB5F1B 78B73D34 7B686FD1 A97A966C
8BAB60E1 0740A9EE 3A8AE4F1 463CAFB4 35D04B51 96425A36 70BB805D 7D021CF3
13FF1094 54FC8513 E6B76060 FF845DE9 DEDDA149 C6700D84 9D6DEFD1 9D5D1F96
E2DB9B9C 09B451B4 ABBCFBA8 80F75A4E B91A6528 A7FCC705 C63EA2FA E799B24D
965E14D3 6E4DCDE1 60D3998B 90F91CC2 817241DC C5441B2A 7E2ED784 3FB74BB9
61A73F22 B39793E2 9CA7BB85 1A893E74 A312AE15 8790BE0E CFCC2ACF 1BFA3432
8F6B7C5F B10D349A FF538EE9 E13FEEF1 AB2EC4E5 A137B3A4 F4D1A52A CA0CBA98
957C2C95 4BB2F960 D78BE690 3591A343 1B1239FC C7BB7D0D 773AD9A6 46DD8202
CE9263DD DCBC0854 D25E2F09 F0688782 00DF57BE 2F3B87A0 52027F51 CBE80D5E
FF663943 F4001980 8514F9AC 1661C29C 8AFF271E 3FECA871 21C8732A A2A99725
A920962D 2190F66E 09031B4F 8879364A 540E5E57 0DDEF0A8 F0F469B8 B4609FE6
193E4416 C4E35CF8 CE55A5A2 4D931483 C9E98267 111B16B4 8A44EF88 301855EC
0F6E7C69 361F61A7 426FFDB1 14530B1B FE390BDA 5D5EECC9 9F7110FF 4600750E
6CA929CB 21DEE746 C6FD26E1 A0FA64DA 4F1E85B5 A2E65F2C D13C39E5 02AD67DB
31AC5AEF 8AC58041 127E738D
quit
!
!
!
!
!
!
!
!
!
license udi pid C8530L-8S8X4Y sn FDO2733M11M
license accept end user agreement
license boot level advantage
!
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
linksec policy must-secure
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
linksec policy should-secure
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
service-template DEFAULT_CRITICAL_DATA_TEMPLATE
service-template webauth-global-inactive
inactivity-timer 3600
memory free low-watermark processor 64278
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username admin privilege 15 secret 9 $9$PbGC30K7dnC6sk$BV2D8qlJjPRwKlHAO3TaqxbUKe3oRnIM.kDly3PYHJg
username cisco password 7 <removed>username cts password 7 <removed>username lab password 7 <removed>username sdwan password 7 <removed>username wan password 7 <removed>!
redundancy
mode none
!
!
!
crypto key pubkey-chain rsa
named-key testyang
key-string
quit
!
crypto ikev2 proposal 1
encryption aes-cbc-256
integrity sha512
group 14
!
crypto ikev2 policy 1
proposal 1
!
!
crypto ikev2 profile test_profile
match identity remote address 0.0.0.0
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint tp
!
crypto ikev2 profile test123
! Profile incomplete (no match identity or match certificate statement)
! Profile incomplete (no local and/or remote authentication method specified)
aaa authorization group psk list local
!
crypto ikev2 dpd 30 5 on-demand
crypto ikev2 fragmentation
crypto ikev2 client flexvpn test
peer 10 4.4.4.4
!
!
!
cdp run
!
track timer ipv6 route msec 700
track resolution ipv6 route EIGRP 300
!
track 10 ip route 191.1.1.1 255.255.255.0 metric threshold
class-map type multicast-flows testy6
!
class-map type traffic match-any testy9
!
class-map type control subscriber match-all testy
!
class-map type control match-all t2
!
class-map type control match-all testyang
!
class-map type control match-all testy4
!
!
class-map match-all testyang
match protocol http
class-map match-all we
class-map match-any class-bfd
match access-group name acl-bfd
class-map match-all t4
class-map match-all t5
class-map match-all t1
match any
match protocol telepresence-control
class-map match-all t2
class-map type access-control match-all c2
class-map match-all c1
class-map type appnav match-all c6
class-map type stack match-all testy8
class-map type site-manager match-all testy7
class-map match-all c9
class-map type inspect match-all testy5
class-map type appnav match-all testy3
class-map type access-control match-all testy2
class-map match-all y
match ip rtp 2300 2400
class-map type inspect match-any zone_cmap_new
match protocol citrix
match protocol dns
match protocol ftp
match protocol http
match protocol https
match protocol icmp
match protocol pop3
match protocol rtsp
match protocol sip
match protocol smtp
match protocol snmptrap
match protocol tcp
match protocol udp
class-map match-all c3
match class-map testyang
!
!
policy-map type control subscriber testy
!
policy-map type control subscriber yang1
policy-map type control yang2
class type control t2 event session-start
!
!
!
policy-map type performance-monitor testy1
class testyang
react 1 media-stop
description testyang
action snmp
policy-map testyang
class testyang
police rate percent 80
violate-action drop
policy-map type performance-monitor p5
class c1
policy-map type packet-service p4
class c1
policy-map type appnav p6
class c6
policy-map p1
class t1
priority level 2
class t2
class c1
policy-map type inspect p3
class c1
class class-default
policy-map type access-control p2
class c2
log
policy-map wep
class we
police rate percent 10
policy-map t4
class t4
bandwidth 100000
random-detect precedence-based
random-detect exponential-weighting-constant 10
policy-map type access-control p11
class testy2
!
!
zone security wan_zone
zone security lan_zone
!
!
!
!
!
!
!
crypto ipsec transform-set test_trans esp-gcm
mode tunnel
!
!
crypto ipsec profile test_profile
set security-association replay disable
set transform-set test_trans
set ikev2-profile test_profile
!
!
!
!
!
!
!
!
!
interface Loopback45
no ip address
!
interface Loopback199
no ip address
ip rsvp bandwidth 100000
!
interface Port-channel32
no ip address
no negotiation auto
!
interface Tunnel2
bandwidth 1000
ip flow monitor cts-monitor input
ip flow monitor cts-monitor output
ip address <removed> no ip redirects
ip nbar protocol-discovery
ip nhrp authentication iplabs
ip nhrp map 8.1.1.1 45.35.1.1
ip nhrp map 8.1.1.10 1.200.1.1
ip nhrp map 8.1.1.31 85.75.1.2
ip nhrp map multicast 1.200.1.1
ip nhrp map multicast 45.35.1.1
ip nhrp map multicast 85.75.1.2
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 8.1.1.1
ip nhrp nhs 8.1.1.10
ip nhrp nhs 8.1.1.31
ip tcp adjust-mss 1376
load-interval 30
nhrp group SPOKE_1G
cts sgt inline
bfd interval 5000 min_rx 5000 multiplier 5
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 200
tunnel path-mtu-discovery
tunnel protection ipsec profile test_profile
!
interface Tunnel4
no ip address
shutdown
tunnel mode rbscp
tunnel rbscp window-stuff 1
tunnel rbscp ack-split 4
!
interface Tunnel5
no ip address
shutdown
!
interface Tunnel601
no ip address
shutdown
!
interface Tunnel640
no ip address
shutdown
!
interface GigabitEthernet0/0/0
ip address <removed> negotiation auto
cdp enable
!
interface GigabitEthernet0/0/1
no ip address
ip nat inside
negotiation auto
cdp enable
ospfv3 network broadcast
!
interface GigabitEthernet0/0/1.3801
encapsulation dot1Q 3801
ip flow monitor cts-monitor input
ip flow monitor cts-monitor output
ip address <removed> ip nbar protocol-discovery
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
negotiation auto
!
interface GigabitEthernet0/0/5
no ip address
negotiation auto
!
interface GigabitEthernet0/0/6
no ip address
negotiation auto
!
interface GigabitEthernet0/0/7
no ip address
negotiation auto
!
interface TenGigabitEthernet0/0/8
no ip address
!
interface TenGigabitEthernet0/0/9
no ip address
!
interface TenGigabitEthernet0/0/10
no ip address
negotiation auto
cts role-based sgt-map sgt 10
!
interface TenGigabitEthernet0/0/11
no ip address
negotiation auto
!
interface TenGigabitEthernet0/0/12
no ip address
negotiation auto
!
interface TenGigabitEthernet0/0/13
no ip address
negotiation auto
!
interface TenGigabitEthernet0/0/14
ip address <removed> negotiation auto
!
interface TenGigabitEthernet0/0/15
no ip address
negotiation auto
!
interface TwentyFiveGigE0/0/16
bandwidth 20000
no ip address
!
interface TwentyFiveGigE0/0/17
no ip address
!
interface TwentyFiveGigE0/0/18
no ip address
!
interface TwentyFiveGigE0/0/19
no ip address
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address <removed> negotiation auto
vlan-id dot1q 954
!
!
interface Virtual-Template1000 type tunnel
vrf forwarding VRF90
ip unnumbered Loopback45
ipv6 unnumbered Tunnel640
ipv6 tcp adjust-mss 1300
tunnel source Loopback45
tunnel mode ipv6
tunnel destination dynamic
tunnel path-mtu-discovery
tunnel path-mtu-discovery age-timer 15
tunnel udlr receive-only Tunnel601
tunnel vrf VRF90
!
interface BDI12
no ip address
shutdown
!
interface BDI115
no ip address
zone-member security lan_zone
shutdown
!
interface BDI200
no ip address
shutdown
!
!
router eigrp 100
network 13.1.1.0 0.0.0.255
!
router isis
mpls ldp sync
!
router bgp 242
bgp router-id 2.4.2.4
bgp log-neighbor-changes
bgp update-delay 3200
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 242
neighbor 8.1.1.1 remote-as 101
neighbor 8.1.1.10 remote-as 103
neighbor 8.1.1.31 remote-as 4200003213
neighbor 8.1.1.31 fall-over bfd single-hop
!
address-family ipv4
network 13.101.1.0 mask 255.255.255.0
redistribute static
neighbor 8.1.1.1 activate
neighbor 8.1.1.10 activate
neighbor 8.1.1.31 activate
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 allow-policy
exit-address-family
!
address-family ipv6
redistribute static route-map qwe
exit-address-family
!
address-family ipv4 vrf VRF90
bgp router-id auto-assign
neighbor 1.1.1.1 remote-as 7000
neighbor 1.1.1.1 password 7 <removed> neighbor 1.1.1.1 activate
exit-address-family
!
ip forward-protocol nd
ip forward-protocol udp
!
ip extcommunity-list expanded yangcommunity permit ^$
ip as-path access-list 11 permit ^$
ip as-path access-list 11 deny _200$
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
ip http server
ip http authentication local
ip http secure-server
no ip nat service all-algs
ip ospf name-lookup
ip ssh bulk-mode 131072
ip route vrf Mgmt-intf 9.45.0.0 255.255.0.0 9.44.0.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
!
dialer-list 12 protocol ip permit
dialer-list 13 protocol bridge deny
dialer-list 14 protocol decnet list 309
route-map testyang permit 50
description testyangmodel
set aigp-metric 30
!
route-map qwe permit 10
match tag 12
!
snmp-server community snmp RO
snmp ifmib ifindex persist
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
exec-timeout 0 0
stopbits 1
speed 115200
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 <removed> length 0
transport input all
transport output all
line vty 5 14
exec-timeout 0 0
password 7 <removed> transport input all
transport output all
!
ntp server 110.110.110.110
ntp server time.google.com
!
!
!
!
!
!
!
netconf-yang
netconf-yang feature candidate-datastore
end
bender_1#
greenday_hub#sh run int HundredGigE0/2/0
Building configuration...
Current configuration : 348 bytes
!
interface HundredGigE0/2/0
mtu 9216
ip address <removed> ip nbar protocol-discovery
zone-member security wan_zone
ip summary-address eigrp 100 1.200.1.0 255.255.255.0
load-interval 30
negotiation auto
cdp enable
macsec dot1q-in-clear 1
macsec access-control should-secure
hold-queue 240000 in
hold-queue 240000 out
end
accoladenobf1714#sh run
Building configuration...
Current configuration : 46203 bytes
!
! Last configuration change at 14:06:18 IST Wed Dec 4 2024 by admin
!
version 17.16
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform punt-policer acl-log 10 10
platform shell
!
hostname accoladenobf1714
!
boot-start-marker
boot system bootflash:c8000aep-universalk9.BLD_V1716_THROTTLE_LATEST_20241129_062507.SSA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
vrf definition MPN00043
description CITY_OF_VIRGINIA_BEACH
rd 22394:133000
route-target export 22394:31100043
route-target import 22394:31100043
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition cust451
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no logging on
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
!
!
aaa server radius dynamic-author
!
aaa session-id common
clock timezone IST 5 30
clock calendar-valid
!
!
subscriber templating
ip arp proxy disable
!
ip multicast-routing distributed
ip host A 100.209.1.1
ip host B 100.209.1.2
ip host C 100.209.1.3
ip host E 100.100.100.45 8191::2 8191::3 8191::1
ip host ipv6 13:1:5:1::3
ip host vbond1 70.70.70.125
ip name-server vrf Mgmt-intf 64.104.128.236 171.70.168.183 72.163.128.140
no ip domain lookup
ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0
ip domain name vrf Mgmt-intf cisco.com
!
!
!
!
!
!
!
!
ip bootp server
!
!
!
login on-success log
!
!
!
!
!
ipv6 nd cache expire refresh
ipv6 unicast-routing
no ipv6 traffic interface-statistics
!
!
!
!
!
!
parameter-map type inspect-global
log flow-export v9 udp destination 12.13.14.1 2055
log dropped-packets
multi-tenancy
alert on
parameter-map type inspect test_param
!
flow record cts-record
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match flow cts source group-tag
match flow cts destination group-tag
collect counter packets
!
!
flow exporter EXPORTER-1
destination 10.104.54.178
transport udp 2055
!
!
flow monitor cts-monitor
exporter EXPORTER-1
cache timeout inactive 60
cache entries 2000000
record cts-record
!
!
!
key chain GCORE-MACSEC-PRIMARY macsec
key 10
cryptographic-algorithm aes-256-cmac
lifetime 17:30:00 Jun 12 2019 infinite
key 11
cryptographic-algorithm aes-256-cmac
lifetime 17:30:00 Jun 12 2019 infinite
key chain testyang
key 12
accept-lifetime local 17:30:00 Jun 12 2019 infinite
password encryption aes
!
crypto pki trustpoint TP-self-signed-3270682853
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3270682853
revocation-check none
rsakeypair TP-self-signed-3270682853
hash sha512
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
hash sha256
!
crypto pki trustpoint TP-self-signed-1952847123
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1952847123
revocation-check none
rsakeypair TP-self-signed-1952847123
hash sha256
!
crypto pki trustpoint TP-self-signed-4126410992
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4126410992
revocation-check none
rsakeypair TP-self-signed-4126410992
hash sha256
!
crypto pki trustpoint TP-self-signed-1504753420
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1504753420
revocation-check none
rsakeypair TP-self-signed-1504753420
hash sha256
!
crypto pki trustpoint w
revocation-check crl
hash sha256
!
crypto pki trustpoint DNAC-CA
enrollment mode ra
enrollment terminal
usage ssl-client
revocation-check crl none
source interface GigabitEthernet0
hash sha256
!
crypto pki trustpoint tp
enrollment url http://110.110.110.110:80
usage ike
serial-number
subject-name CN=ramones1.cisco.com, ou=ramones1
subject-alt-name ramones1.cisco.com
revocation-check crl
rsakeypair tp 4096
hash sha256
!
!
crypto pki certificate chain TP-self-signed-3270682853
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323730 36383238 3533301E 170D3234 30383139 31303338
33355A17 0D333430 38313931 30333833 355A3031 312F302D 06035504 030C2649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32373036
38323835 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100B350 4E585443 E7868A28 097AEE5D 27D470A5 84390385 393BFBEF
F5552347 FA390E78 41562496 991117C6 18E9AD6C 5A4CE7DF 80A54841 04D0DD8A
12EC5B1D 50656669 9CDC1941 10FA960B 05172BF5 41D4FE8F 078C7B74 86D94240
8F6237F1 562251D0 3DE8A638 6867BCA0 FBB969D8 88A945C7 D1A4560D 164A079B
29FBCB30 B674796B 1E60C18C C3386854 E29E13FF 2557E982 E4AE4893 DA200F3D
DF75B893 FE79785F 71AEA993 BEFED18D DBA30F23 7A3CF5F4 49A381A6 B0A1AC80
13E1082C 1293F587 C3E02624 10514298 E68F74B7 6D459428 3BEF7F76 C07A0BCD
33B1E7A9 633CDEDF D94E8AF0 1EDB95C2 9857064E 6D58D6EA C5F889D9 CA57082D
57E78C44 F3CF0203 010001A3 53305130 1D060355 1D0E0416 04147323 0B663BAE
A0B9D963 1977837C DC9B5BEF FEC2301F 0603551D 23041830 16801473 230B663B
AEA0B9D9 63197783 7CDC9B5B EFFEC230 0F060355 1D130101 FF040530 030101FF
300D0609 2A864886 F70D0101 0D050003 82010100 69D0D29B BED954E9 6C6DE8B0
B128A37C 18FF67EE 38518DA2 7388FFF2 49560C86 B1061725 57C56E79 EC035D52
7BA42361 B03630E8 5C2FBAE7 0594A8B9 9C657041 27569EDD CD58C3D1 E8D52A39
4E441DAD 72BF38FE 32520524 85E7FA86 2FED658F 985EBAF5 8895F8F0 A062FCC3
5F3B75C6 440F0880 EF8BD916 EFBB9F56 76DFA909 55730104 792EAC2C 37779623
44463B7F 306495E3 D3E2C744 8173EBF0 5E1B2F8F EAB6BC6F FD681A32 90CADBB7
D9D6E3F4 AB38BD54 A9286C4E 684C011D 4BB26284 FA52AA28 BA9E7738 4CB28791
98E2B6CA 21187157 25F9B855 2858D843 B4FD1B8A 59E27344 0573CACB 445FF5EE
93484F96 105AA7CA 8CCD4346 312569E7 B7EDD085
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain TP-self-signed-1952847123
crypto pki certificate chain TP-self-signed-4126410992
crypto pki certificate chain TP-self-signed-1504753420
crypto pki certificate chain w
crypto pki certificate chain DNAC-CA
crypto pki certificate chain tp
certificate 59
30820563 3082034B A0030201 02020159 300D0609 2A864886 F70D0101 05050030
15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3234 30383139
31363137 33395A17 0D323530 38313931 36313733 395A3065 3111300F 06035504
0B130872 616D6F6E 65733131 1B301906 03550403 13127261 6D6F6E65 73312E63
6973636F 2E636F6D 31333012 06035504 05130B46 4C583237 32363030 4453301D
06092A86 4886F70D 01090216 10616363 6F6C6164 656E6F62 66313731 34308202
22300D06 092A8648 86F70D01 01010500 0382020F 00308202 0A028202 0100CC8B
4CF8B3A5 71C6E83E F879F492 0FE0C459 18AC1656 B7DF159B 0207595A A14143DB
81571DEA DA90048A 8C6573F5 D09109DD AC08E14F B747A14D 9BD86229 8DCBA48D
3A002775 72A9642B E128A067 612FC28F BBC50097 E04DA45A 4BA8B85A 2F31FF74
398A91E1 5D81FA30 D8819D7F 84935167 436EF5BD E6552FA0 86C0F10C 3D9929A3
81E23C3C 0170474E 346D702A C5BE1F57 0EBDF418 0D43671E EBDC95A0 E362A767
0C477D67 1F4ACED4 0D324443 E71255BB 8F448EF8 80998332 35D029B2 4F7498E9
EACD8EB9 AD8CE5D6 BF9DBD7A 49E5701B 76F38228 FE8950BF 5F5DA4FC 46B675A7
A257920A D5ABC775 409ED331 2FF058FC 73C31B37 45C96D0D E87F460B A7166367
BE73A08D 2621FBDD 348BD5E3 1CA0D309 E0C4DFE6 D764361B 3A250ADE 6CC62985
ADCF3B0F 27243342 4AE2DD9F A426FD68 0D89CDAC 45BFCDB9 0C064FBD 197B3FD9
203D58B4 BA3B0480 624D98E0 4C2A438B 7FB7883D 3FB7BB74 AF889178 10BFEF68
3D70F5D2 AA952B0C 73C2F0C6 FB6C847E 9C7AC621 C9B0FE92 F11723D3 7B9DD735
AAC0F17F BFB97876 346EA146 3A0EE375 28C825A9 2BC981E3 5BB642E6 985E5E94
63F98260 CBE0F60B E51A9E57 ED8CD1F0 975D4088 CEE48254 7E77885A E49E391B
821B401F C0A66F09 0286E814 76CAA451 88194384 76BAB627 64A1104B 20AE97D2
E8FF7282 1559845D E7AA5079 D1F22A09 319A53B0 20F0B0D3 A29CE319 63790203
010001A3 6E306C30 0B060355 1D0F0404 030205A0 301D0603 551D1104 16301482
1272616D 6F6E6573 312E6369 73636F2E 636F6D30 1F060355 1D230418 30168014
6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 301D0603 551D0E04 160414B4
40124737 DD05A633 5627CA7E E8505FCC 9D297630 0D06092A 864886F7 0D010105
05000382 0201006C D8AF19B0 6671AB3B 11B01A0C 30BF0803 7773B064 DEC75B76
AB4F8A1E B87FEA2B F2F34929 157511C5 F2E18DAC 35A32189 94E4CF00 0217CECC
403EDB65 193D3C3F 4FE8D4D9 97FB8954 32B6B3EE 7C4E8A2E 174915E7 58A295DE
4057B516 6A3BC995 2C4FDC98 111C3C17 8DE9245B 174CA815 A5C97AAD 3F86EEAA
E59240FA 50BA49D5 B6CA6924 76D0496B 76AE3851 70A74298 05FB1D26 5E0DDA6D
2B28700A 9FDED9EC 6CFF4BAA 0E44665B 0FF40814 8989AE53 4D847726 3C20F5BC
3BF20D7C 8E8EBC60 B4181CF8 01A4CDC4 234F8B1D B70FD3E5 F20F39E4 7A76F265
4B4A5C74 C5191F45 4BBE0688 8D6D11A3 651774F1 24F805A7 03DBCCE5 A080FB99
5F76C5E1 21A9C8BF 273746CE CA0A149A FDA9BA27 53E02DB6 16C0BF23 3BA53348
33B0CB25 B52AE609 F713EB66 D543788D A03A8CC9 09AC1AB5 E19BAB4F 15E59F7B
16E5F116 71913A3D D9DCBA5D C910ED4A 8E48F911 8CC42969 C4764210 F3358E80
5B69AF1C A39EFBA9 670FF074 EAF15F4C 2A5021F5 A071A728 606056ED A648554D
84A00460 7938AE50 12C4CB46 42E7A371 78813F60 27E344C7 E9BF9F4C 4EC33596
883D8726 8525B79D DBAD534C ABEFFEF7 1E92C045 C6442AEB 09FEE26F A66D6C0D
D01ADFFC 5C6B8563 DD17F30B ECC2ABE4 9C576758 44D5C05E 9F19C258 0DE4C215
CDCD3844 B718A32C 6C65A32D AAD9C1E0 AD67712B D7243D48 6F23AFA7 E011199C
4B8A100F 26C772
quit
certificate ca 01
30820508 308202F0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
15311330 11060355 0403130A 52434131 20433D70 6B69301E 170D3233 30343130
30353439 31305A17 0D323630 34303930 35343931 305A3015 31133011 06035504
03130A52 43413120 433D706B 69308202 22300D06 092A8648 86F70D01 01010500
0382020F 00308202 0A028202 010096CA DA16A51E 7A9D055E 2211EB4B 61581F41
4D1E7110 75841FC4 446B5AB4 5A299041 059E313C 52E1F684 A6C4481C 37BFD96D
B4B9A515 91B45C12 DED9B0E9 532ED4AD B7110BD2 6D6DBF01 038BEC7F 3B35C681
E42C9D44 23D11CE6 C57B055F EDF1D8DB 863DD488 DE90B591 78E2C655 A145F0B0
A0EA63BA B1E0CED1 6F241ADF 9CA6AF2C 50D06695 7DD90C72 16F7E23B A1CB88D0
19A04F26 B6EA97E7 A56868A9 E8D8F20E F721A3A9 B3DE59C0 3764B53D 57ECCCE4
F332A3F4 E81BA13E 232A50B0 0A612AAD 2C51BFEB 5069C9AF F9B838A6 C3CF2A88
30CD377A 61640158 5F584047 715F7D4C 946E500B 87FE987D 4D282B00 5AD1199F
2F335E43 9ADE5468 6710B75F 5F954B3C 48DFC60A 134CA615 3BEFE644 C312410A
52F060B0 97F4F0C1 7C4BB64F 505A74E4 C9BB1653 D765EF49 F4DB4B5E 38D97526
00D25ED8 86E6E72E 49C6353E F5F27101 0D1B9082 EDE2A221 A577B677 F4E1859A
91085B8C A1637A75 BCB345E0 805E88AF 47246DF9 24D80982 4E256103 AF51F1FA
A6FA2E25 FB122052 8B9106A7 D18354A1 CEB62E11 BEB19B6E 4F1E4CD5 6E457951
3D52CCB0 E34DD9DA 47187D67 67EF4263 2E5BD2CC 6E6F7EE2 E43B3A66 683C0174
D41A9BE5 223B0818 8098A5A9 5D897BFE 12A9412C 80DC208F 21544D9B B31DA1AC
48083C83 102EC464 D1DFD35A 03B9136A FF26E661 F5680A36 8F9D7759 D047A8B5
A252E340 315257DA 3770B9CE C9430203 010001A3 63306130 0F060355 1D130101
FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304
18301680 146B4F96 70336229 0FC17DCD B249B039 EA654F25 75301D06 03551D0E
04160414 6B4F9670 3362290F C17DCDB2 49B039EA 654F2575 300D0609 2A864886
F70D0101 05050003 82020100 8E38A04E F2459B0F 80354958 51A460F1 3383B5C9
388D72E2 92463A18 9A1F5053 2D6DC8B7 429AE4DE FFF4FF15 51CE3F30 16403E92
A0ACD45C 27B22EAA 9266B3EF 14E30378 F9EB5F1B 78B73D34 7B686FD1 A97A966C
8BAB60E1 0740A9EE 3A8AE4F1 463CAFB4 35D04B51 96425A36 70BB805D 7D021CF3
13FF1094 54FC8513 E6B76060 FF845DE9 DEDDA149 C6700D84 9D6DEFD1 9D5D1F96
E2DB9B9C 09B451B4 ABBCFBA8 80F75A4E B91A6528 A7FCC705 C63EA2FA E799B24D
965E14D3 6E4DCDE1 60D3998B 90F91CC2 817241DC C5441B2A 7E2ED784 3FB74BB9
61A73F22 B39793E2 9CA7BB85 1A893E74 A312AE15 8790BE0E CFCC2ACF 1BFA3432
8F6B7C5F B10D349A FF538EE9 E13FEEF1 AB2EC4E5 A137B3A4 F4D1A52A CA0CBA98
957C2C95 4BB2F960 D78BE690 3591A343 1B1239FC C7BB7D0D 773AD9A6 46DD8202
CE9263DD DCBC0854 D25E2F09 F0688782 00DF57BE 2F3B87A0 52027F51 CBE80D5E
FF663943 F4001980 8514F9AC 1661C29C 8AFF271E 3FECA871 21C8732A A2A99725
A920962D 2190F66E 09031B4F 8879364A 540E5E57 0DDEF0A8 F0F469B8 B4609FE6
193E4416 C4E35CF8 CE55A5A2 4D931483 C9E98267 111B16B4 8A44EF88 301855EC
0F6E7C69 361F61A7 426FFDB1 14530B1B FE390BDA 5D5EECC9 9F7110FF 4600750E
6CA929CB 21DEE746 C6FD26E1 A0FA64DA 4F1E85B5 A2E65F2C D13C39E5 02AD67DB
31AC5AEF 8AC58041 127E738D
quit
!
!
!
!
!
!
!
!
!
license udi pid C8530-12X sn FLX272600DS
license accept end user agreement
license boot level advantage
license smart url https://smartreceiver-stage.cisco.com/licservice/license
license smart url smart https://smartreceiver-stage.cisco.com/licservice/license
!
!
!
!
!
object-group network dest-og
13.1.5.0 255.255.255.0
host 12.1.1.14
host 12.1.1.15
host 12.1.1.16
host 12.1.1.2
!
object-group network net-og1
host 12.1.1.12
host 12.1.1.13
host 12.1.1.14
host 12.1.1.15
host 12.1.1.16
host 12.1.1.17
host 12.1.1.18
host 12.1.1.19
host 12.1.1.20
host 12.1.1.21
host 12.1.1.22
host 12.1.1.23
host 12.1.1.24
host 12.1.1.25
host 12.1.1.26
host 12.1.1.27
host 12.1.1.28
host 12.1.1.29
host 12.1.1.30
host 12.1.1.31
host 12.1.1.32
host 12.1.1.33
host 12.1.1.34
host 12.1.1.35
host 12.1.1.36
host 12.1.1.37
host 12.1.1.38
host 12.1.1.39
host 12.1.1.40
host 12.1.1.41
host 12.1.1.42
host 12.1.1.43
host 12.1.1.44
host 12.1.1.45
host 12.1.1.46
host 12.1.1.47
host 12.1.1.48
host 12.1.1.49
host 12.1.1.50
host 12.1.1.51
host 12.1.1.52
host 12.1.1.53
host 12.1.1.54
host 12.1.1.55
host 12.1.1.56
host 12.1.1.57
host 12.1.1.58
host 12.1.1.59
host 12.1.1.60
host 12.1.1.61
13.1.5.0 255.255.255.0
!
object-group v6-network ogv6
13:1:5:1::3/64
13:1:5:1::4/64
!
object-group service service
udp range 1000 4000
!
object-group network udp_group
range 108.108.108.11 108.108.108.254
!
file privilege 10
file prompt quiet
no memory lite
memory free low-watermark processor 683825
diagnostic bootup level minimal
!
spanning-tree extend system-id
et-analytics
ip flow-export destination 10.104.54.178 2055
!
mka policy MACSEC-POLICY
key-server priority 10
macsec-cipher-suite gcm-aes-256
confidentiality-offset 30
sak-rekey interval 60
no include-icv-indicator
!
!
!
enable secret 9 $9$tHyhz9y6HCuBVk$HvTBWSGvPHK5OAYB5n51YQqcbYkiOsO0U2gPujdcuMk
enable password 7 <removed>!
username admin privilege 15 secret 9 $9$PSlkFl7oqMoQBE$cpeqITQ6XgUkxXzR7dhCtqrXXGD/owBl/NRdvf6XZBo
username cisco password 7 <removed>username lab password 7 <removed>username sdwan password 7 <removed>!
redundancy
mode none
application redundancy
group 1
name RG1
preempt
priority 245
timers delay 10 reload 121
control Port-channel64.100 protocol 4
data Port-channel64.101
asymmetric-routing interface Port-channel64.102
group 2
name NAT64
preempt
priority 250
timers delay 10 reload 121
control Port-channel64.200 protocol 4
data Port-channel64.201
protocol 4
timers hellotime 1 holdtime 4
authentication md5 key-string 7 00071A150754
bfd-template single-hop test
interval min-tx 5000 min-rx 5000 multiplier 5
!
!
!
crypto ikev2 authorization policy default
route set interface
!
crypto ikev2 proposal 1
encryption aes-cbc-256
integrity sha512
group 14
!
crypto ikev2 policy 1
proposal 1
no crypto ikev2 policy default
!
!
crypto ikev2 profile test_profile
match identity remote address 0.0.0.0
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint tp
!
crypto ikev2 diagnose error 100
crypto ikev2 dpd 30 5 on-demand
!
!
cdp run
!
lldp run
!
class-map match-all testyang
match protocol attribute category file-sharing
match protocol attribute sub-category desktop-virtualization
class-map match-all test
class-map type inspect match-any cmap
match access-group name OGACL
class-map match-any class-bfd
match access-group name acl-bfd
class-map type inspect match-any zone_cmap
match protocol icmp
match protocol http
match protocol https
match protocol dns
match protocol ftp
match protocol snmp
match protocol snmptrap
match protocol sip
match protocol pop3
match protocol rtsp
match protocol smtp
match protocol imap
match protocol udp
match protocol tcp
class-map type inspect match-any branch_ramnoes1_102020_210640388-sRule1-l4-cm_
match protocol http
match protocol https
match protocol pop3
match protocol pop3s
match protocol rtsp
match protocol sip
match protocol smtp
match protocol snmp
match protocol snmptrap
class-map match-all t23
class-map match-all y
match ip rtp 2300 2400
class-map type inspect match-any zone_cmap_new
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all branch_ramnoes1_102020_210640388-seq-Rule1-cm_
match class-map branch_ramnoes1_102020_210640388-sRule1-l4-cm_
!
policy-map type inspect zone_pmap
class type inspect zone_cmap_new
inspect
class class-default
pass
policy-map bfd-test-child
class class-bfd
shape average 100000000000
set cos 7
policy-map bfd-test
class class-default
shape average percent 100
service-policy bfd-test-child
policy-map test
class test
!
!
zone security branch_lan_zone
zone security branch_wan_zone
zone security lan_zone
zone security wan_zone
zone-pair security lan_zone-wan_zone source lan_zone destination wan_zone
service-policy type inspect zone_pmap
zone-pair security wan_zone-lan_zone source wan_zone destination lan_zone
service-policy type inspect zone_pmap
!
!
!
!
!
!
crypto ipsec security-association lifetime kilobytes disable
!
crypto ipsec transform-set test_trans esp-gcm
mode tunnel
crypto ipsec transform-set IKEv2 esp-gcm
mode transport
no crypto ipsec transform-set default
crypto ipsec df-bit clear
!
crypto ipsec profile MPN00043_Profile
!
no crypto ipsec profile default
!
crypto ipsec profile test_profile
description "ipsec profile"
set security-association replay disable
set transform-set test_trans
set ikev2-profile test_profile
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address <removed>!
interface Loopback11
no ip address
ipv6 address <removed>
!
interface Loopback12
ip address <removed>!
interface Loopback50
ip address <removed>!
interface Loopback208
ip address <removed>!
interface Port-channel56
no ip address
standby version 2
no negotiation auto
ipv6 address <removed>
ipv6 enable
!
interface Port-channel57
no ip address
no negotiation auto
!
interface Port-channel57.10
encapsulation dot1Q 10
vrf forwarding MPN00043
ipv6 address <removed>
!
interface Port-channel64
no ip address
!
interface Port-channel64.100
encapsulation dot1Q 100
ip address <removed>!
interface Port-channel64.101
encapsulation dot1Q 101
ip address <removed>!
interface Port-channel64.102
encapsulation dot1Q 102
ip address <removed> ipv6 address <removed>
ipv6 enable
!
interface Port-channel64.200
encapsulation dot1Q 200
ip address <removed>!
interface Port-channel64.201
encapsulation dot1Q 201
ip address <removed>!
interface Tunnel1
no ip address
!
interface Tunnel2
bandwidth 200000000
bandwidth receive 30000000
ip flow monitor cts-monitor input
ip flow monitor cts-monitor output
ip address <removed> no ip redirects
ip mtu 1400
ip pim nbma-mode
ip pim sparse-mode
ip hello-interval eigrp 100 20
ip hold-time eigrp 100 60
ip nhrp authentication iplabs
ip nhrp map multicast 45.35.1.1
ip nhrp map 8.1.1.1 45.35.1.1
ip nhrp map 8.1.1.31 85.75.1.2
ip nhrp map multicast 85.75.1.2
ip nhrp map 8.1.1.10 1.200.1.1
ip nhrp map multicast 1.200.1.1
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 8.1.1.1
ip nhrp nhs 8.1.1.10
ip nhrp nhs 8.1.1.31
no ip nhrp record
zone-member security wan_zone
ip tcp adjust-mss 1376
load-interval 30
ipv6 address <removed>
ipv6 mtu 9960
ipv6 nhrp authentication iplabs
ipv6 nhrp map 8::10/128 1.200.1.1
ipv6 nhrp map multicast 45.35.1.1
ipv6 nhrp map 8::1/128 45.35.1.1
ipv6 nhrp map 8::22/128 85.75.1.2
ipv6 nhrp map multicast 85.75.1.2
ipv6 nhrp map multicast 1.200.1.1
ipv6 nhrp network-id 2
ipv6 nhrp nhs 8::10
ipv6 nhrp nhs 8::1
ipv6 nhrp nhs 8::22
nhrp group SPOKE_10G
nhrp map group HUB service-policy output bfd-test
cts sgt inline
cts role-based enforcement
et-analytics enable
bfd interval 5000 min_rx 5000 multiplier 5
no bfd echo
tunnel source TenGigabitEthernet0/0/4
tunnel mode gre multipoint
tunnel key 200
tunnel path-mtu-discovery
tunnel protection ipsec profile test_profile
!
interface Tunnel4
no ip address
tunnel mode rbscp
tunnel rbscp window-stuff 1
tunnel rbscp ack-split 4
!
interface Tunnel11
no ip address
!
interface Tunnel32
no ip address
!
interface Tunnel199
no ip address
!
interface Tunnel430
description E0000514940-City of Virginia Beach
vrf forwarding MPN00043
ip address <removed> no ip unreachables
shutdown
tunnel source 67.174.161.38
tunnel destination 66.174.161.38
tunnel protection ipsec profile MPN00043_Profile
!
interface Tunnel432
no ip address
!
interface Tunnel2112
vrf forwarding cust451
no ip address
nat64 enable
ipv6 address <removed>
tunnel mode ipv6ip
tunnel destination 45.1.1.1
tunnel key 100
tunnel vrf cust451
!
interface Tunnel21112
no ip address
!
interface TenGigabitEthernet0/0/0
ip address <removed> no negotiation auto
redundancy rii 33
redundancy group 1 ip 109.109.109.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/1
no ip address
no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/1.10
encapsulation dot1Q 10
ip nat inside
!
interface TenGigabitEthernet0/0/2
description connected to te-2/1/1 on asr9x-core
ip address <removed> ip nbar protocol-discovery
ip nat inside
zone-member security lan_zone
no negotiation auto
cdp enable
redundancy rii 41
redundancy group 1 ip 192.168.11.10 exclusive decrement 10
ip virtual-reassembly
!
interface TenGigabitEthernet0/0/3
ip address <removed> no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/3.100
encapsulation dot1Q 100
ip address <removed> nat64 enable
!
interface TenGigabitEthernet0/0/4
description connected-to-asr1k-core2
mtu 9216
ip address <removed> ip accounting mac-address input
ip accounting mac-address output
ip mtu 9184
ip nbar protocol-discovery
ip nat outside
zone-member security wan_zone
load-interval 30
no negotiation auto
cdp enable
mka policy MACSEC-POLICY
mka pre-shared-key key-chain GCORE-MACSEC-PRIMARY
redundancy rii 14
redundancy asymmetric-routing enable
redundancy group 1 decrement 20
hold-queue 240000 in
hold-queue 240000 out
!
interface TenGigabitEthernet0/0/5
ip address <removed> no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/6
description "to switch eth1/41"
ip dhcp client client-id ascii cisco-cc36.cf6a.8700-Te0/0/0
no ip address
ip accounting mac-address input
ip accounting mac-address output
load-interval 30
no negotiation auto
cdp enable
!
interface TenGigabitEthernet0/0/6.7
!
interface TenGigabitEthernet0/0/6.20
encapsulation dot1Q 10
ip address <removed> ip nat inside
redundancy rii 13
redundancy group 1 ip 108.108.108.5 exclusive decrement 10
!
interface TenGigabitEthernet0/0/6.550
encapsulation dot1Q 550
vrf forwarding cust451
ip address <removed> nat64 enable
redundancy rii 550
redundancy group 2 ip 135.2.195.4 exclusive decrement 10
!
interface TenGigabitEthernet0/0/7
mtu 2000
ip address <removed> ip accounting mac-address input
ip accounting mac-address output
ip pim sparse-mode
ip nat inside
zone-member security lan_zone
ip igmp static-group 224.1.1.1
standby version 2
standby 10 ip 12.1.1.10
standby 10 priority 10
standby 10 preempt
standby 20 ipv6 12::10/64
standby 20 priority 20
standby 20 preempt
load-interval 30
no negotiation auto
cdp enable
ipv6 address <removed>
!
interface TenGigabitEthernet0/0/8
no ip address
load-interval 30
no negotiation auto
cdp enable
channel-group 64
!
interface TenGigabitEthernet0/0/9
no ip address
load-interval 30
no negotiation auto
cdp enable
channel-group 64
!
interface TenGigabitEthernet0/0/10
description connected-to-asr1-core
ip address <removed> ip nat outside
no negotiation auto
cdp enable
redundancy rii 34
!
interface TenGigabitEthernet0/0/11
ip address <removed> no negotiation auto
cdp enable
ipv6 address <removed>
ipv6 enable
ipv6 ospf 100 area 0
et-analytics enable
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address <removed> negotiation auto
!
!
router eigrp 100
network 2.2.2.0 0.0.0.255
network 20.30.40.0 0.0.0.255
network 30.30.30.30 0.0.0.0
network 40.40.40.40 0.0.0.0
network 50.50.50.50 0.0.0.0
network 61.1.1.0 0.0.0.255
network 67.0.0.0
network 67.174.161.38 0.0.0.0
network 108.108.108.0 0.0.0.255
network 208.1.1.3 0.0.0.0
!
router ospf 71 vrf cust451
!
router bgp 202
bgp router-id 2.2.2.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 8::1 remote-as 101
neighbor 8::10 remote-as 103
neighbor 8.1.1.1 remote-as 101
neighbor 8.1.1.10 remote-as 103
neighbor 8.1.1.31 remote-as 4200003213
!
address-family ipv4
network 12.0.0.0
network 12.1.1.0 mask 255.255.255.0
network 16.0.0.0
network 192.168.11.0
network 192.168.11.1 mask 255.255.255.255
network 211.0.0.0 mask 255.0.0.0
redistribute static
neighbor 8.1.1.1 activate
neighbor 8.1.1.10 activate
neighbor 8.1.1.10 route-map LOCAL-PREF in
neighbor 8.1.1.31 activate
exit-address-family
!
address-family ipv6
redistribute connected
network 12::/64
neighbor 8::1 activate
neighbor 8::1 route-map LOCAL-PREF in
neighbor 8::10 activate
exit-address-family
!
ip forward-protocol nd
no ip forward-protocol udp
!
ip extcommunity-list expanded yangcommunity
10 permit ^$
ip tcp selective-ack
ip tcp mss 1280
ip pim rp-address 100.100.100.100
ip tftp source-interface GigabitEthernet0
ip tftp blocksize 8192
no ip ftp passive
ip dns server
ip http server
ip http authentication aaa
ip http secure-server
ip http secure-trustpoint TP-self-signed-1504753420
ip http client source-interface GigabitEthernet0
ip http client secure-trustpoint TP-self-signed-1504753420
ip nat settings gatekeeper-size 512
ip nat translation udp-timeout 180
ip nat pool p1 172.16.10.1 172.16.255.254 prefix-length 16
ip nat pool pat_pool1 40.1.1.1 40.1.255.254 prefix-length 16
ip nat inside source list 2699 pool p1 redundancy 1 mapping-id 2147483647 overload
ip ssh bulk-mode 131072
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh source-interface GigabitEthernet0
ip ssh pubkey-chain
username admin
ip ssh server peruser session limit 16
ip ssh server certificate profile
server
ocsp-response include
ip ssh server algorithm encryption aes128-gcm
ip ssh server algorithm authentication password keyboard
ip route 16.0.0.0 255.0.0.0 192.168.11.2
ip route 22.0.0.0 255.0.0.0 192.168.11.2
ip route 23.0.0.0 255.0.0.0 61.1.1.1
ip route 81.0.0.0 255.0.0.0 109.109.109.3
ip route 82.0.0.0 255.0.0.0 61.1.1.1
ip route 109.110.110.0 255.255.255.0 61.1.1.1
ip route 145.0.0.0 255.0.0.0 61.1.1.2
ip route 146.0.0.0 255.0.0.0 61.1.1.2
ip route 147.0.0.0 255.0.0.0 61.1.1.2
ip route 148.0.0.0 255.0.0.0 61.1.1.2
ip route 149.0.0.0 255.0.0.0 61.1.1.2
ip route 211.0.0.0 255.0.0.0 192.168.11.2
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.104.45.1
ip route vrf Mgmt-intf 10.64.62.25 255.255.255.255 10.104.45.1
ip route vrf Mgmt-intf 202.153.144.25 255.255.255.255 11.4.0.1
!
ip access-list extended OGACL
10 permit object-group service object-group net-og1 object-group dest-og
ip access-list extended acl-bfd
10 permit udp any any eq 3784
20 permit udp any any eq 3785
ip access-list extended icmp_block
10 deny ip host 61.1.1.2 any log
20 permit ip any any
ip access-list extended icmp_block1
10 permit ip any any
!
ip access-list role-based allow_webtraff
10 permit tcp dst eq www
20 permit tcp dst eq 443
ip sla responder
logging host 10.64.67.49 vrf Mgmt-intf
ip access-list standard 1
10 permit 22.0.0.0 0.255.255.255
ip access-list extended 2699
10 permit ip 30.0.0.0 0.255.255.255 any
20 permit udp object-group udp_group any
30 permit ip 81.0.0.0 0.255.255.255 any
40 permit ip 22.0.0.0 0.255.255.255 any
50 permit ip 23.0.0.0 0.255.255.255 any
arp entries interface-limit 2147483647
ipv6 route 2001:DD8:8086:6502::/64 2001:DB8:8086:6502::2
ipv6 route vrf cust451 41C2::/64 Tunnel2112
ipv6 route vrf cust451 6000::/64 Tunnel2112
ipv6 router eigrp 100
!
ipv6 router ospf 100
timers pacing flood 5
!
route-map test1 permit 60000
!
route-map LOCAL-PREF permit 10
set local-preference 50
!
snmp-server community DNAC RO RW
snmp-server community DNAC_SNMP RO RO
snmp-server community LIVE RO RO
snmp-server community com RO RO
snmp-server community public-read RO RO
snmp-server community public-rw RO RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps pfr
snmp-server enable traps flowmon
snmp-server enable traps ds1
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps casa
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps aaa_server
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps atm subif
snmp-server enable traps sonet
snmp-server enable traps srp
snmp-server enable traps memory bufferpeak
snmp-server enable traps fru-ctrl
snmp-server enable traps entity-qfp mem-res-thresh throughput-notif
snmp-server enable traps entity-sensor
snmp-server enable traps entity-state
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ether-oam
snmp-server enable traps resource-policy
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps dlsw
snmp-server enable traps bgp state-changes all backward-trans limited updown-limited
snmp-server enable traps bgp threshold prefix
snmp-server enable traps bgp cbgp2 state-changes all backward-trans limited updown-limited
snmp-server enable traps bgp cbgp2 threshold prefix
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps rsvp
snmp-server enable traps isis
snmp-server enable traps dhcp
snmp-server enable traps ip local pool
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps pki
snmp-server enable traps flash insertion removal lowspace
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps config-copy
snmp-server enable traps syslog
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc down
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps cnpd
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps pppoe
snmp-server enable traps ipsla
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
snmp-server enable traps netsync
snmp-server enable traps ptp
snmp-server enable traps lost-ptp-slave
snmp-server enable traps breach-ptp-offset-threshold
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps smart-license
snmp-server enable traps bfd
snmp-server enable traps diameter
snmp-server enable traps lisp
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps mpls rfc traffic-eng
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps otn
snmp-server enable traps pw vc
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps dsp video-usage
snmp-server enable traps dsp video-out-of-resource
snmp-server enable traps sbc adj-status
snmp-server enable traps sbc blacklist
snmp-server enable traps sbc congestion-alarm
snmp-server enable traps sbc h248-ctrlr-status
snmp-server enable traps sbc media-source
snmp-server enable traps sbc radius-conn-status
snmp-server enable traps sbc sla-violation
snmp-server enable traps sbc sla-violation-rev1
snmp-server enable traps sbc svc-state
snmp-server enable traps sbc qos-statistics
snmp-server enable traps firewall serverstatus
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps gdoi gm-start-registration
snmp-server enable traps gdoi gm-registration-complete
snmp-server enable traps gdoi gm-re-register
snmp-server enable traps gdoi gm-rekey-rcvd
snmp-server enable traps gdoi gm-rekey-fail
snmp-server enable traps gdoi ks-rekey-pushed
snmp-server enable traps gdoi gm-incomplete-cfg
snmp-server enable traps gdoi ks-no-rsa-keys
snmp-server enable traps gdoi ks-new-registration
snmp-server enable traps gdoi ks-reg-complete
snmp-server enable traps gdoi ks-role-change
snmp-server enable traps gdoi ks-gm-deleted
snmp-server enable traps gdoi ks-peer-reachable
snmp-server enable traps gdoi ks-peer-unreachable
snmp-server dbal cache
snmp-server subagent cache-stats
no snmp-server subagent enable
snmp mib flash cache
snmp mib nhrp
snmp mib notification-log globalsize 400
snmp mib notification-log globalageout 25
!
!
!
!
!
ipv6 access-list ogacl
sequence 10 permit ipv6 object-group ogv6 any
!
control-plane
!
cts role-based permissions from 55 to 66 allow_webtraff
cts role-based monitor permissions default ipv4
!
!
!
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
line vty 0 4
privilege level 15
transport input ssh
!
!
!
!
!
!
!
!
telemetry ietf subscription 294967225
filter xpath /crypto-ios-xe-events:nhrp-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967226
filter xpath /crypto-ios-xe-events:nhrp-alarm
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967227
filter xpath /crypto-ios-xe-events:ike-ipsec-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967228
filter xpath /crypto-ios-xe-events:ike-ipsec-alarm
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967229
filter xpath /qfp-resource-ios-xe-events:qfp-exmem-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967232
filter xpath /utd-ios-xe-events:utd-con
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967233
filter xpath /red-app-events:red-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967234
filter xpath /sse-ios-xe-events:sse-tunnel-params-absent
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967240
filter xpath /crypto-pki-ios-xe-events:pki-certificate-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967243
filter xpath /crypto-pki-ios-xe-events:pki-certificate-expiry
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967244
filter xpath /line-ios-xe-events:line-state-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967245
filter xpath /ospf-ios-xe-events:ospfv3-nbr-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967246
filter xpath /ospf-ios-xe-events:ospfv3-if-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967258
filter xpath /ios-events-ios-xe-oper:usb-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967259
filter xpath /ios-events-ios-xe-oper:tempsensor-state
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967260
filter xpath /ios-events-ios-xe-oper:tempsensor-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967261
filter xpath /ios-events-ios-xe-oper:system-reboot-issued
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967262
filter xpath /ios-events-ios-xe-oper:system-reboot-complete
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967263
filter xpath /ios-events-ios-xe-oper:system-logout-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967264
filter xpath /ios-events-ios-xe-oper:system-login-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967265
filter xpath /ios-events-ios-xe-oper:system-aaa-login-fail
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967267
filter xpath /ios-events-ios-xe-oper:sfp-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967271
filter xpath /ios-events-ios-xe-oper:pem-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967272
filter xpath /ios-events-ios-xe-oper:pem-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967273
filter xpath /ios-events-ios-xe-oper:ospf-neighbor-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967274
filter xpath /ios-events-ios-xe-oper:ospf-interface-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967275
filter xpath /ios-events-ios-xe-oper:memory-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967276
filter xpath /ios-events-ios-xe-oper:interface-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967277
filter xpath /ios-events-ios-xe-oper:interface-admin-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967280
filter xpath /ios-events-ios-xe-oper:fantray-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967281
filter xpath /ios-events-ios-xe-oper:fan-fault
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967283
filter xpath /ios-events-ios-xe-oper:disk-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967289
filter xpath /ios-events-ios-xe-oper:cpu-usage
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967293
filter xpath /ios-events-ios-xe-oper:bgp-peer-state-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 294967295
filter xpath /ios-events-ios-xe-oper:aaa-admin-pwd-change
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967244
filter xpath /ios-events-ios-xe-oper:utd-file-analysis-status-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967245
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-status-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967246
filter xpath /ios-events-ios-xe-oper:utd-file-analysis-file-upload-state
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967247
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-retrospective-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967248
filter xpath /ios-events-ios-xe-oper:utd-file-reputation-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967253
filter xpath /im-events-ios-xe-oper:im-event
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967255
filter xpath /ios-events-ios-xe-oper:utd-version-mismatch
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967256
filter xpath /ios-events-ios-xe-oper:utd-update
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry ietf subscription 2094967257
filter xpath /ios-events-ios-xe-oper:utd-ips-alert
stream rfc5277
update-policy on-change
receiver name confd-rfc5277
telemetry receiver protocol confd-rfc5277
host ip-address 0.0.0.0 0
protocol rfc5277
netconf-yang
netconf-yang feature candidate-datastore
yang-interfaces feature deprecated disable
sd-routing
no ipv6-strict-control
organization-name vmng-scale-ind-swe
site-id 115
sp-organization-name vmng-scale-ind
system-ip 209.134.0.2
vbond name vbond1
vbond port 12346
wan-interface TenGigabitEthernet0/0/4
end
accoladenobf1714#