Scribd Logo
Upload

Welcome to Scribd!

  • SKST 9020

    Uploaded by

    amriteshsingh645
    23 views29 pages

    Original Title

    SKST-9020

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views29 pages

    SKST 9020

    Uploaded by

    amriteshsingh645

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    !

    address-family ipv6
    route-target export 64820:133
    route-target import 64820:13301
    exit-address-family
    !
    vrf definition RJIL-OAM-ENB
    description *** FOR O&M LTE SERVICES ***
    rd 172.30.235.112:3
    route-target export 64720:133
    route-target import 64720:13301
    !
    address-family ipv6
    exit-address-family
    !
    vrf definition RJIL-SIGNALING-ENB
    description *** FOR SIGNALLING LTE SERVICES ***
    rd 172.30.235.112:1
    route-target export 64710:133
    route-target import 64710:13301
    !
    address-family ipv6
    exit-address-family
    !
    vrf definition RJIL-WIFI-CISCO
    description *** FOR CISCO WIFI SERVICES ***
    rd 172.30.235.112:4
    route-target export 64750:133
    route-target import 64750:13301
    !
    address-family ipv4
    exit-address-family
    !
    address-family ipv6
    exit-address-family
    !
    vrf definition SC-sw-mgmt
    description *** FOR SC l2 switch mgmt ***
    rd 172.30.235.112:9
    route-target export 64761:100
    route-target export 64820:312
    route-target import 64761:10001
    route-target import 64820:31201
    !
    address-family ipv4
    exit-address-family
    !
    address-family ipv6
    exit-address-family
    !
    logging buffered 65536 informational
    no logging console
    no logging monitor
    enable secret 9 $14$9.cU$IyzMRcGkAl6R.k$v6gU3hDMiB8EVPcS0JsOPb9mJ05hzp4MxbpJCeqYQZA
    !
    aaa new-model
    !
    !
    aaa group server tacacs+ ACSSERVER
    server name TACACS1
    server name TACACS2
    ip vrf forwarding RJIL-IP-MGMT
    ip tacacs source-interface Loopback999
    !
    aaa authentication banner #Unauthorized acces is prohibited#
    aaa authentication login AAA-CONSOLE-LOCAL group ACSSERVER local
    aaa authentication login AAA-VTY-ACS group ACSSERVER local
    aaa authentication enable default group ACSSERVER enable
    aaa authorization console
    aaa authorization config-commands
    aaa authorization exec AAA-VTY-ACS group ACSSERVER local
    aaa authorization commands 1 AAA-VTY-ACS group ACSSERVER local
    aaa authorization commands 10 default none
    aaa authorization commands 15 AAA-VTY-ACS group ACSSERVER local
    aaa accounting update newinfo
    aaa accounting exec default start-stop group ACSSERVER
    aaa accounting commands 1 default start-stop group ACSSERVER
    aaa accounting commands 15 default start-stop group ACSSERVER
    aaa accounting connection default start-stop group ACSSERVER
    aaa accounting system default start-stop group ACSSERVER
    !
    !
    !
    !
    !
    !
    aaa session-id common
    aaa password restriction
    process cpu threshold type total rising 80 interval 30
    process cpu statistics limit entry-percentage 80 size 86400
    clock timezone IST 5 30
    port-channel load-balance-hash-algo src-dst-mac
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain lookup
    ip domain name INFRA.JIO.COM
    ip multicast route-limit 8000
    ip dhcp bootp ignore
    !
    !
    !
    login block-for 30 attempts 5 within 30
    login delay 2
    login quiet-mode access-class MGMT-VTY-IPv6
    login on-failure log
    login on-success log
    ipv6 icmp error-interval 50 20
    no ipv6 source-route
    ipv6 nd cache interface-limit 50 log 1
    ipv6 unicast-routing
    ipv6 multicast-routing
    !
    !
    !
    !
    !
    !
    !
    mpls label protocol ldp
    mpls ldp password option 10 for MPLS-LDP-IPv4 7
    003647213B770F3630111F1D1B575738435F
    mpls ldp graceful-restart
    mpls ldp session protection
    mpls ldp igp sync holddown 2000
    mpls ldp discovery targeted-hello accept
    multilink bundle-name authenticated
    !
    key chain ISIS-KEY
    key 1
    key-string 7 15205F2B3B03380D3B0C0571401558512E070D
    accept-lifetime 01:00:00 Jan 1 2014 infinite
    send-lifetime 01:00:00 Jan 1 2014 infinite
    !
    crypto pki trustpoint TP-self-signed-1065288669
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1065288669
    revocation-check none
    rsakeypair TP-self-signed-1065288669
    !
    crypto pki trustpoint SLA-TrustPoint
    enrollment terminal
    revocation-check none
    !
    !
    crypto pki certificate chain TP-self-signed-1065288669
    certificate self-signed 01
    30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31303635 32383836 3639301E 170D3233 30313330 30393133
    35375A17 0D333330 31323930 39313335 375A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30363532
    38383636 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
    0A028201 0100B4E1 5B61A5F7 33D0D0AE 033651A2 D7C7B764 2A6ACCBA 154F58D2
    1D8DF473 9B433661 FC39381D C095DBD8 B980A23F 43A75876 699B0451 AB51FBDE
    C678E4C2 578FBD91 213A9AA9 B859D755 F74373C8 D1915A4E 5AA5AB64 9B0B66AF
    9B5BF9C5 0ED712AE 314C4E56 293BE17F 2E0A911D B9AD7718 00BC5CEF E24C090A
    EE395B32 2AB825E9 EA95BA04 F0B981D6 DCCE16E2 097BC3CD 676F933A FC3174B0
    44215F25 4C423179 FE2F9055 BB14BDC3 36C8AA9B 13513BFB EEAA4CAF FB525A3E
    7BEF0674 F22B850C 4A2C2D60 1DF2080F 64FE3C81 2EB52A41 13CB7930 FDB98099
    DC319857 F46A0168 FAF6F70C B607BB7D 91EE25C8 F6F7CD0A A5443288 95832B52
    B41BD5E1 18D90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
    301F0603 551D2304 18301680 14AD2F28 D9FE00C3 4E3F3663 3F0F32DB 2E8B5BB1
    C1301D06 03551D0E 04160414 AD2F28D9 FE00C34E 3F36633F 0F32DB2E 8B5BB1C1
    300D0609 2A864886 F70D0101 05050003 82010100 19162444 4A4D114C 211EE16A
    69D50749 EEB935D1 D8539033 C689C0EA B99C17FB BE1B80F1 A11C2F00 24EEB74B
    E7D24218 EE30CFFA C926448B 258C4025 B268555C 4687D53E 0AB13A42 2FF1FCC3
    D6441DFB DE6C5B51 79776334 793A44C8 048B3A7F 1EC441AD 6BB6838A 520EF5C4
    FEA91512 09A30D79 CB8780C3 ECAD9CE4 84F229AB 686C401B 87744FDD B847C80F
    7DEC03CF 30B51CF1 CD0216AC 0AD62682 7EFEE09F DC00A872 F45762BD 0742D6BC
    5FC3C742 250A82E4 77B88925 E533CD89 C7607B6C 22862854 E8C13FE6 CA64461E
    B43D3330 7F20CDD9 DD7022AF AFCB5AA0 6A5BB4D6 4328EF9F 778397E5 4B21FF4F
    0E96DE44 7A8EF4AD 66B5FE87 838E58EE 1E6CBFFE
    quit
    crypto pki certificate chain SLA-TrustPoint
    certificate ca 01
    30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
    32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
    6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
    3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
    43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
    526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
    82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
    CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
    1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
    4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
    7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
    68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
    C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
    C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
    DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
    06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
    4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
    03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
    604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
    D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
    467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
    7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
    5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
    80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
    418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
    D697DF7F 28
    quit
    !
    license feature ptp
    license udi pid ASR-920-12CZ-D sn CAT1839U3ZH
    license accept end user agreement
    license boot level advancedmetroipaccess
    no license smart enable
    license smart transport callhome
    archive
    log config
    logging enable
    logging size 200
    notify syslog contenttype plaintext
    memory reserve critical 2000
    memory free low-watermark processor 5000
    file privilege 10
    !
    !
    spanning-tree extend system-id
    sdm prefer default
    mac-address-table limit bdomain 101 maximum 20
    mac-address-table limit bdomain 102 maximum 20
    mac-address-table limit bdomain 103 maximum 20
    mac-address-table limit bdomain 104 maximum 20
    mac-address-table limit bdomain 350 maximum 20
    mac-address-table limit bdomain 351 maximum 20
    mac-address-table limit bdomain 352 maximum 20
    mac-address-table limit bdomain 353 maximum 20
    mac-address-table limit bdomain 354 maximum 20
    mac-address-table limit bdomain 355 maximum 20
    mac-address-table limit bdomain 359 maximum 20
    mac-address-table limit bdomain 550 maximum 20
    mac-address-table limit bdomain 551 maximum 20
    mac-address-table limit bdomain 552 maximum 20
    mac-address-table limit bdomain 553 maximum 20
    mac-address-table limit bdomain 901 maximum 20
    mac-address-table limit bdomain 951 maximum 20
    diagnostic bootup level minimal
    !
    username RjilUserGdwxfMyY privilege 15 secret 9 $9$TzeVTuyCbN/kj.
    $sw5A.dSKlY9saJ3a.tsWEukQVhgGMeiwviMUd0DET/w
    username rjil privilege 15 secret Rjil123
    !
    redundancy
    !
    bfd-template single-hop FIBRE
    interval microseconds min-tx 50000 min-rx 50000 multiplier 3
    !
    bridge-domain 581
    mac limit maximum addresses 30
    bridge-domain 585
    mac limit maximum addresses 30
    bridge-domain 601
    mac limit maximum addresses 160
    bridge-domain 602
    mac limit maximum addresses 160
    bridge-domain 603
    mac limit maximum addresses 160
    bridge-domain 605
    mac limit maximum addresses 160
    bridge-domain 615
    mac limit maximum addresses 160
    bridge-domain 888
    mac limit maximum addresses 40
    !
    !
    transceiver type all
    monitoring
    !
    lldp run
    !
    !
    class-map match-any RJIL-QOS-SC-VOICE-QGRP
    match qos-group 5
    class-map match-any RJIL-QOS-SC-CONTROL-DSCP
    match dscp cs6
    class-map match-any QOS-WIRELINE-EXP
    match mpls experimental topmost 6
    class-map match-any QOS-SIGNALING-QGRP
    match qos-group 7
    class-map match-any RJIL-QOS-SC-OAM-DSCP
    match dscp cs2
    class-map match-any QOS-OAM-DSCP
    match dscp cs2
    class-map match-any RJIL-QOS-SC-SIGNALING-QGRP
    match qos-group 7
    class-map match-any QOS-CONTROL-DSCP
    match dscp cs6
    class-map match-any QOS-VOICE-QGRP
    match qos-group 5
    class-map match-any RJIL-QOS-SC-VOICE-DSCP
    match dscp ef cs7
    class-map match-any RJIL-QOS-SC-CONTROL-QGRP
    match qos-group 6
    class-map match-any QOS-SIGNALING-DSCP
    match dscp cs5
    class-map match-any RJIL-QOS-SC-OAM-QGRP
    match qos-group 2
    class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-EXP
    match dscp af32
    match mpls experimental topmost 3
    class-map match-any QOS-OAM-QGRP
    match qos-group 2
    class-map match-any RJIL-QOS-SC-SIGNALING-DSCP
    match dscp cs5
    class-map match-any QOS-IPTV-EXP
    match mpls experimental topmost 4
    class-map match-any QOS-CONTROL-QGRP
    match qos-group 6
    class-map match-any QOS-VOICE-DSCP
    match dscp ef cs7
    class-map match-any QOS-INT-PREMIUM-EXP
    match mpls experimental topmost 1
    class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    match qos-group 3
    class-map match-any QOS-IPTV-QGRP
    match qos-group 4
    class-map match-any QOS-OAM-EXP
    match mpls experimental topmost 2
    class-map match-any QOS-CONTROL-EXP
    match mpls experimental topmost 6
    match ip precedence 6
    class-map match-any RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-QGRP
    match qos-group 3
    class-map match-any QOS-WIRELINE-DSCP
    match dscp cs6
    class-map match-any RJIL-QOS-SC-IPTV-QGRP
    match qos-group 4
    class-map match-any QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
    match dscp af32
    class-map match-any QOS-IPTV-DSCP
    match dscp af31 af41
    class-map match-all QOS-VOICE-EXP
    match mpls experimental topmost 5
    class-map match-any RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-DSCP
    match dscp af32
    class-map match-any QOS-WIRELINE-QGRP
    match qos-group 6
    class-map match-any QOS-SIGNALING-EXP
    match mpls experimental topmost 7
    class-map match-any RJIL-QOS-SC-IPTV-DSCP
    match dscp af31 af41
    class-map match-any RJIL-QOS-SC-INT-PREMIUM-DSCP
    match dscp af22
    class-map match-any QOS-INT-PREMIUM-DSCP
    match dscp af22
    class-map match-any RJIL-QOS-SC-INT-PREMIUM-QGRP
    match qos-group 1
    class-map match-any QOS-VOICE-SIGNALING-QGRP
    match qos-group 5
    match qos-group 7
    class-map match-any QOS-INT-PREMIUM-QGRP
    match qos-group 1
    !
    policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
    class QOS-VOICE-SIGNALING-QGRP
    priority level 1
    police cir percent 60
    queue-limit 250000 bytes
    class QOS-WIRELINE-QGRP
    priority level 2
    police cir percent 15
    queue-limit 250000 bytes
    class QOS-IPTV-QGRP
    bandwidth remaining percent 28
    queue-limit 250000 bytes
    set mpls experimental topmost 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth remaining percent 14
    queue-limit 500000 bytes
    set mpls experimental topmost 3
    class QOS-OAM-QGRP
    bandwidth remaining percent 7
    queue-limit 500000 bytes
    set mpls experimental topmost 2
    class QOS-INT-PREMIUM-QGRP
    bandwidth remaining percent 24
    queue-limit 500000 bytes
    set mpls experimental topmost 1
    class QOS-VOICE-QGRP
    police cir percent 25
    set mpls experimental topmost 5
    class class-default
    bandwidth remaining percent 27
    queue-limit 500000 bytes
    set mpls experimental topmost 0
    policy-map RJIL-QOS-NTWK-NNI-OUT-MW-500
    class class-default
    shape average 450000000
    service-policy RJIL-QOS-NTWK-NNI-OUT-MW-500-CHILD
    policy-map RJIL-QOS-SC-UNI-OUT-UBR-100-CHILD
    class QOS-VOICE-QGRP
    priority level 1
    police cir percent 25
    queue-limit 50000 bytes
    class QOS-SIGNALING-QGRP
    priority level 2
    police cir percent 5
    queue-limit 50000 bytes
    class QOS-CONTROL-QGRP
    bandwidth percent 1
    queue-limit 100000 bytes
    class QOS-IPTV-QGRP
    bandwidth percent 20
    queue-limit 50000 bytes
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth percent 10
    queue-limit 100000 bytes
    class QOS-OAM-QGRP
    bandwidth percent 5
    queue-limit 100000 bytes
    class QOS-INT-PREMIUM-QGRP
    bandwidth percent 16
    queue-limit 100000 bytes
    class class-default
    bandwidth percent 18
    queue-limit 500000 bytes
    policy-map RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
    class class-default
    shape average 100000000
    service-policy RJIL-QOS-SC-UNI-OUT-UBR-100-CHILD
    policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
    class QOS-VOICE-SIGNALING-QGRP
    priority level 1
    police cir percent 60
    queue-limit 125000 bytes
    class QOS-WIRELINE-QGRP
    priority level 2
    police cir percent 15
    queue-limit 125000 bytes
    class QOS-IPTV-QGRP
    bandwidth remaining percent 28
    queue-limit 125000 bytes
    set mpls experimental topmost 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth remaining percent 14
    queue-limit 250000 bytes
    set mpls experimental topmost 3
    class QOS-OAM-QGRP
    bandwidth remaining percent 7
    queue-limit 250000 bytes
    set mpls experimental topmost 2
    class QOS-INT-PREMIUM-QGRP
    bandwidth remaining percent 24
    queue-limit 500000 bytes
    set mpls experimental topmost 1
    class QOS-VOICE-QGRP
    police cir percent 25
    set mpls experimental topmost 5
    class QOS-SIGNALING-QGRP
    police cir percent 5
    set mpls experimental topmost 7
    class QOS-CONTROL-QGRP
    set mpls experimental topmost 6
    class class-default
    bandwidth remaining percent 27
    queue-limit 500000 bytes
    set mpls experimental topmost 0
    policy-map RJIL-QOS-SC-UNI-IN-PARENT
    class RJIL-QOS-SC-VOICE-DSCP
    set qos-group 5
    class RJIL-QOS-SC-CONTROL-DSCP
    set qos-group 6
    class RJIL-QOS-SC-IPTV-DSCP
    set qos-group 4
    class RJIL-QOS-SC-HOSTED-AV-SMARTSCHEDULER-DSCP
    set qos-group 3
    class RJIL-QOS-SC-OAM-DSCP
    set qos-group 2
    class RJIL-QOS-SC-INT-PREMIUM-DSCP
    set qos-group 1
    class RJIL-QOS-SC-SIGNALING-DSCP
    set qos-group 7
    class class-default
    policy-map RJIL-QOS-WAP-UNI-OUT-PARENT
    class QOS-VOICE-SIGNALING-QGRP
    priority level 1
    police cir percent 60
    class QOS-WIRELINE-QGRP
    priority level 2
    police cir percent 15
    class QOS-IPTV-QGRP
    bandwidth remaining percent 28
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth remaining percent 14
    class QOS-OAM-QGRP
    bandwidth remaining percent 7
    class QOS-INT-PREMIUM-QGRP
    bandwidth remaining percent 24
    queue-limit 491520 bytes
    class QOS-VOICE-QGRP
    police cir percent 25
    class QOS-SIGNALING-QGRP
    police cir percent 5
    class QOS-CONTROL-QGRP
    class class-default
    bandwidth remaining percent 27
    queue-limit 491520 bytes
    policy-map RJIL-QOS-NTWK-NNI-OUT-UBR-400-CHILD
    class QOS-VOICE-SIGNALING-QGRP
    priority level 1
    police cir percent 60
    queue-limit 250000 bytes
    class QOS-WIRELINE-QGRP
    priority level 2
    police cir percent 15
    queue-limit 250000 bytes
    class QOS-IPTV-QGRP
    bandwidth remaining percent 28
    queue-limit 250000 bytes
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth remaining percent 14
    queue-limit 500000 bytes
    class QOS-OAM-QGRP
    bandwidth remaining percent 7
    queue-limit 500000 bytes
    class QOS-INT-PREMIUM-QGRP
    bandwidth remaining percent 24
    queue-limit 500000 bytes
    class class-default
    bandwidth remaining percent 27
    queue-limit 500000 bytes
    policy-map RJIL-QOS-NTWK-NNI-OUT-UBR-400
    class class-default
    shape average 400000000
    service-policy RJIL-QOS-NTWK-NNI-OUT-UBR-400-CHILD
    policy-map RJIL-QOS-NTWK-NNI-OUT-MW-250
    class class-default
    shape average 230000000
    service-policy RJIL-QOS-NTWK-NNI-OUT-MW-250-CHILD
    policy-map RJIL-QOS-NTWK-NNI-OUT-PARENT
    class QOS-VOICE-SIGNALING-QGRP
    priority level 1
    police cir percent 60
    class QOS-WIRELINE-QGRP
    priority level 2
    police cir percent 15
    class QOS-IPTV-QGRP
    bandwidth remaining percent 28
    set mpls experimental topmost 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth remaining percent 14
    set mpls experimental topmost 3
    class QOS-OAM-QGRP
    bandwidth remaining percent 7
    set mpls experimental topmost 2
    class QOS-INT-PREMIUM-QGRP
    bandwidth remaining percent 24
    queue-limit 491520 bytes
    set mpls experimental topmost 1
    class QOS-VOICE-QGRP
    police cir percent 25
    set mpls experimental topmost 5
    class QOS-SIGNALING-QGRP
    police cir percent 5
    set mpls experimental topmost 7
    class QOS-CONTROL-QGRP
    set mpls experimental topmost 6
    class class-default
    bandwidth remaining percent 27
    queue-limit 491520 bytes
    set mpls experimental topmost 0
    policy-map RJIL-QOS-IME-UNI-IN-PARENT
    class class-default
    set qos-group 2
    police 1000000
    policy-map RJIL-QOS-SC-UNI-IN-CHILD
    class QOS-VOICE-DSCP
    set qos-group 5
    set mpls experimental imposition 5
    class QOS-WIRELINE-DSCP
    set qos-group 6
    set mpls experimental imposition 6
    class QOS-IPTV-DSCP
    set qos-group 4
    set mpls experimental imposition 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
    set qos-group 3
    set mpls experimental imposition 3
    class QOS-OAM-DSCP
    set qos-group 2
    set mpls experimental imposition 2
    class QOS-INT-PREMIUM-DSCP
    set qos-group 1
    set mpls experimental imposition 1
    class QOS-SIGNALING-DSCP
    set qos-group 7
    set mpls experimental imposition 7
    class class-default
    set mpls experimental imposition 0
    policy-map RJIL-QOS-ENB-UNI-OUT-PARENT
    class QOS-VOICE-SIGNALING-QGRP
    priority level 1
    police cir percent 60
    class QOS-WIRELINE-QGRP
    priority level 2
    police cir percent 15
    class QOS-IPTV-QGRP
    bandwidth remaining percent 28
    class QOS-HOSTED-AV-SMARTSCHEDULER-QGRP
    bandwidth remaining percent 14
    class QOS-OAM-QGRP
    bandwidth remaining percent 7
    class QOS-INT-PREMIUM-QGRP
    bandwidth remaining percent 24
    queue-limit 491520 bytes
    class QOS-VOICE-QGRP
    police cir percent 25
    class class-default
    bandwidth remaining percent 27
    queue-limit 491520 bytes
    policy-map RJIL-QOS-WAP-UNI-IN-CHILD
    class QOS-VOICE-DSCP
    set qos-group 5
    set mpls experimental imposition 5
    class QOS-WIRELINE-DSCP
    set qos-group 6
    set mpls experimental imposition 6
    class QOS-IPTV-DSCP
    set qos-group 4
    set mpls experimental imposition 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
    set qos-group 3
    set mpls experimental imposition 3
    class QOS-OAM-DSCP
    set qos-group 2
    set mpls experimental imposition 2
    class QOS-INT-PREMIUM-DSCP
    set qos-group 1
    set mpls experimental imposition 1
    class QOS-SIGNALING-DSCP
    set qos-group 7
    set mpls experimental imposition 7
    class QOS-CONTROL-DSCP
    set qos-group 6
    class class-default
    set mpls experimental imposition 0
    policy-map RJIL-QOS-ENB-UNI-IN-CHILD
    class QOS-VOICE-DSCP
    set qos-group 5
    set mpls experimental imposition 5
    class QOS-WIRELINE-DSCP
    set qos-group 6
    set mpls experimental imposition 6
    class QOS-IPTV-DSCP
    set qos-group 4
    set mpls experimental imposition 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-DSCP
    set qos-group 3
    set mpls experimental imposition 3
    class QOS-OAM-DSCP
    set qos-group 2
    set mpls experimental imposition 2
    class QOS-INT-PREMIUM-DSCP
    set qos-group 1
    set mpls experimental imposition 1
    class QOS-SIGNALING-DSCP
    set qos-group 7
    set mpls experimental imposition 7
    class QOS-CONTROL-DSCP
    set qos-group 6
    class class-default
    set mpls experimental imposition 0
    policy-map RJIL-QOS-ENB-UNI-IN-PARENT
    class class-default
    police 100000000
    service-policy RJIL-QOS-ENB-UNI-IN-CHILD
    policy-map RJIL-QOS-WAP-UNI-IN-PARENT
    class class-default
    police 100000000
    service-policy RJIL-QOS-WAP-UNI-IN-CHILD
    policy-map RJIL-QOS-NTWK-NNI-IN-PARENT
    class QOS-VOICE-EXP
    set qos-group 5
    class QOS-SIGNALING-EXP
    set qos-group 7
    class QOS-WIRELINE-EXP
    set qos-group 6
    class QOS-IPTV-EXP
    set qos-group 4
    class QOS-HOSTED-AV-SMARTSCHEDULER-EXP
    set qos-group 3
    class QOS-OAM-EXP
    set qos-group 2
    class QOS-INT-PREMIUM-EXP
    set qos-group 1
    class QOS-CONTROL-EXP
    set qos-group 6
    class class-default
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback0
    description ## SKSTSKSTESR009-CORE-MGMT-LPBK ##
    ip address 172.30.235.112 255.255.255.255
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ipv6 address 2405:200:201:3901:172:30:235:112/128
    no ipv6 redirects
    no ipv6 unreachables
    isis tag 10
    !
    interface Loopback999
    description *** Loopback interface for management ***
    vrf forwarding RJIL-IP-MGMT
    ip address 172.30.235.112 255.255.255.255
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ipv6 address 2405:200:204:139:172:30:235:112/128
    no ipv6 redirects
    no ipv6 unreachables
    !
    interface Port-channel10
    description # TO-SKSTSKSTESR008-Port-channel10-MW # # 7217724 ##
    mtu 9216
    no ip address
    load-interval 30
    carrier-delay msec 0
    no negotiation auto
    service-policy input RJIL-QOS-NTWK-NNI-IN-PARENT
    service instance 3351 ethernet
    description # Data Traffic #
    encapsulation untagged
    l2protocol peer lacp
    bridge-domain 3351
    !
    !
    interface GigabitEthernet0/0/0
    description # TO-GOBIGOBIESS005-GIGAETHERNET0/1-UBR #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    carrier-delay msec 0
    negotiation auto
    storm-control broadcast level 5.00
    storm-control action trap
    service-policy input RJIL-QOS-SC-UNI-IN-PARENT
    service-policy output RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
    service instance trunk 20 ethernet
    description # TO RAD I-BR-GOBI-ESC-0003 FOR Small Cell - GigaEthernet0/1 #
    encapsulation dot1q 585,601-605,615,888,890,951-953
    rewrite ingress tag pop 1 symmetric
    bridge-domain from-encapsulation
    !
    !
    interface GigabitEthernet0/0/1
    description # TO-SKSTSKSTESS012-GIGAETHERNET0/1-UBR #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    carrier-delay msec 0
    negotiation auto
    storm-control broadcast level 5.00
    storm-control action trap
    service-policy input RJIL-QOS-SC-UNI-IN-PARENT
    service-policy output RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
    service instance trunk 20 ethernet
    description # TO RAD I-BR-SKST-ESC-0006 FOR Small Cell - GigaEthernet0/1 #
    encapsulation dot1q 585,601-605,615,888,890,951-953
    rewrite ingress tag pop 1 symmetric
    bridge-domain from-encapsulation
    !
    !
    interface GigabitEthernet0/0/2
    description # TO-RNJRRNJRESS001-NNI-1-UBR #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    carrier-delay msec 0
    negotiation auto
    storm-control broadcast level 5.00
    storm-control action trap
    service-policy input RJIL-QOS-SC-UNI-IN-PARENT
    service-policy output RJIL-QOS-SC-UNI-OUT-UBR-100-PARENT
    service instance trunk 20 ethernet
    description # TO RAD I-BR-GOBI-ESC-0030 FOR Small Cell - NNI-1 #
    encapsulation dot1q 585,601-605,615,888,890,951-953
    rewrite ingress tag pop 1 symmetric
    bridge-domain from-encapsulation
    !
    !
    interface GigabitEthernet0/0/3
    description # TO-SKSTSKSTESR008-GigabitEthernet0/0/4-MW # # 7217725 ##
    mtu 9216
    bandwidth 450000
    no ip address
    load-interval 30
    carrier-delay msec 0
    negotiation auto
    synchronous mode
    service-policy output RJIL-QOS-NTWK-NNI-OUT-MW-500
    channel-group 10 mode active
    !
    interface GigabitEthernet0/0/4
    description # TO-SKSTSKSTESR008-GigabitEthernet0/0/7-MW # 7217725 #
    mtu 9216
    bandwidth 450000
    no ip address
    load-interval 30
    carrier-delay msec 0
    media-type auto-select
    negotiation auto
    synchronous mode
    service-policy output RJIL-QOS-NTWK-NNI-OUT-MW-500
    channel-group 10 mode active
    !
    interface GigabitEthernet0/0/5
    description # To eNode-B #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    media-type sfp
    negotiation auto
    service-policy input RJIL-QOS-ENB-UNI-IN-PARENT
    service-policy output RJIL-QOS-ENB-UNI-OUT-PARENT
    service instance 101 ethernet
    description # To eNode-B - R4G_Bearer #
    encapsulation dot1q 101
    rewrite ingress tag pop 1 symmetric
    bridge-domain 101
    !
    service instance 102 ethernet
    description # To eNode-B - R4G_Signalling #
    encapsulation dot1q 102
    rewrite ingress tag pop 1 symmetric
    bridge-domain 102
    !
    service instance 103 ethernet
    description # To eNode-B - R4G_R4G_o&m #
    encapsulation dot1q 103
    rewrite ingress tag pop 1 symmetric
    bridge-domain 103
    !
    service instance 104 ethernet
    description # Multicast #
    encapsulation dot1q 104
    rewrite ingress tag pop 1 symmetric
    bridge-domain 104
    !
    !
    interface GigabitEthernet0/0/6
    no ip address
    shutdown
    media-type auto-select
    negotiation auto
    !
    interface GigabitEthernet0/0/7
    no ip address
    shutdown
    media-type auto-select
    negotiation auto
    !
    interface GigabitEthernet0/0/8
    description # SMPS #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    media-type rj45
    negotiation auto
    service-policy input RJIL-QOS-IME-UNI-IN-PARENT
    service instance 952 ethernet
    description # IME-Utilities #
    encapsulation untagged
    bridge-domain 952
    !
    !
    interface GigabitEthernet0/0/9
    description # SMPS #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    media-type rj45
    negotiation auto
    service-policy input RJIL-QOS-IME-UNI-IN-PARENT
    service instance 952 ethernet
    description # IME-Utilities #
    encapsulation untagged
    bridge-domain 952
    !
    !
    interface GigabitEthernet0/0/10
    description # ACCESS CONTROL #
    dampening
    mtu 9216
    no ip address
    load-interval 30
    media-type rj45
    negotiation auto
    service-policy input RJIL-QOS-IME-UNI-IN-PARENT
    service instance 952 ethernet
    description # IME-Utilities #
    encapsulation untagged
    bridge-domain 952
    !
    !
    interface GigabitEthernet0/0/11
    no ip address
    shutdown
    media-type auto-select
    negotiation auto
    !
    interface TenGigabitEthernet0/0/12
    no ip address
    shutdown
    !
    interface TenGigabitEthernet0/0/13
    no ip address
    shutdown
    !
    interface GigabitEthernet0
    vrf forwarding Mgmt-intf
    no ip address
    shutdown
    negotiation auto
    !
    interface BDI101
    description # To eNode-B - R4G_Bearer #
    vrf forwarding RJIL-BEARER-ENB
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:139:700:3:2:101:3CA9/126
    ipv6 enable
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
    !
    interface BDI102
    description # To eNode-B - R4G_Signalling #
    vrf forwarding RJIL-SIGNALING-ENB
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:139:700:3:2:102:3CA9/126
    ipv6 enable
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
    !
    interface BDI103
    description # To eNode-B - R4G_R4G_o&m #
    vrf forwarding RJIL-OAM-ENB
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:139:700:3:2:103:3CA9/126
    ipv6 enable
    ipv6 mtu 9216
    ipv6 nd managed-config-flag
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 dhcp relay destination 2405:200:80E:732::10
    ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
    !
    interface BDI104
    description # Multicast #
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 enable
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 mld query-timeout 180
    ipv6 mld query-interval 60
    ipv6 mld access-group MCAST-BDR-IPv6
    ipv6 pim hello-interval 10
    ipv6 traffic-filter INFRA-iACL-IPv6-LTE in
    !
    interface BDI585
    description # TO -SAP ID - UBR mgmt #
    vrf forwarding RJIL-IME
    no ip address
    load-interval 30
    ipv6 address 2405:200:139:700:7:2:585:DD83/122
    ipv6 enable
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
    !
    interface BDI601
    description # To SC - R4G_Bearer #
    vrf forwarding RJIL-BEARER-ENB
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:139:D00:7:2:601:1103/120
    ipv6 mtu 9216
    ipv6 nd cache interface-limit 512
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 verify unicast source reachable-via rx
    ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
    !
    interface BDI602
    description # To SC - R4G_Signalling #
    vrf forwarding RJIL-SIGNALING-ENB
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:139:D00:7:2:602:1103/120
    ipv6 mtu 9216
    ipv6 nd cache interface-limit 512
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 verify unicast source reachable-via rx
    ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
    !
    interface BDI603
    description # To SC - R4G_o&m #
    vrf forwarding RJIL-OAM-ENB
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:139:D00:7:2:603:1103/120
    ipv6 mtu 9216
    ipv6 nd cache interface-limit 512
    ipv6 nd managed-config-flag
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 dhcp relay destination 2405:200:80E:732::10
    ipv6 dhcp relay source-interface BDI603
    ipv6 verify unicast source reachable-via rx
    ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
    !
    interface BDI604
    description # To SC-Multicast #
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 enable
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 mld query-timeout 180
    ipv6 mld query-interval 60
    ipv6 mld access-group MCAST-BDR-IPv6
    ipv6 pim hello-interval 10
    ipv6 pim dr-priority 100
    ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
    !
    interface BDI605
    description # SC-WiFi Access Point #
    vrf forwarding RJIL-WIFI-CISCO
    no ip address
    load-interval 30
    ipv6 address 2405:200:139:D00:7:2:605:1103/120
    ipv6 mtu 9216
    ipv6 nd cache interface-limit 1500
    ipv6 nd managed-config-flag
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 dhcp relay destination 2405:200:80E:732::10
    ipv6 dhcp relay source-interface BDI605
    ipv6 verify unicast source reachable-via rx
    !
    interface BDI615
    description # TO SC - PTP_SC #
    ip address 172.21.200.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    ip verify unicast source reachable-via rx
    ip access-group RJIL-PTP-SC-INFRA-iACL-IPv4 in
    load-interval 30
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 traffic-filter RJIL-PTP-SC-INFRA-iACL-IPv6 in
    !
    interface BDI888
    description # SC-L2 switch mgmt #
    vrf forwarding RJIL-IP-MGMT
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    ip verify unicast source reachable-via rx
    load-interval 30
    ipv6 address 2405:200:139:D00:7:2:888:1103/120
    ipv6 mtu 9216
    ipv6 nd cache interface-limit 512
    ipv6 nd managed-config-flag
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 verify unicast source reachable-via rx
    ipv6 traffic-filter RJIL-SC-INFRA-iACL-IPv6 in
    !
    interface BDI952
    description # IME-Utilities #
    vrf forwarding RJIL-IME
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    load-interval 30
    ipv6 address 2405:200:1839:952::18:6503/120
    ipv6 enable
    ipv6 mtu 9216
    ipv6 nd managed-config-flag
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 dhcp relay destination 2405:200:806:2886:78::10
    ipv6 dhcp relay destination 2405:200:853:2886:78::10
    ipv6 dhcp relay source-interface BDI952
    mpls mtu 9216
    !
    interface BDI3351
    description # TO-SKSTSKSTESR008-GigabitEthernet0/0/4-MW # # 7217724 ##
    ip address 10.67.159.27 255.255.255.254
    ip helper-address 10.70.74.21
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 9216
    ip router isis RAN
    load-interval 30
    ipv6 address 2405:200:139:0:10:67:159:27/127
    ipv6 address 2405:200:139:0:173:67:159:27/127
    ipv6 enable
    ipv6 mtu 9216
    no ipv6 redirects
    no ipv6 unreachables
    ipv6 router isis RAN
    mpls ip
    mpls mtu 9216
    mpls ldp igp sync delay 25
    isis circuit-type level-2-only
    isis network point-to-point
    isis tag 20
    !
    router isis RAN
    net 49.0003.1720.3023.5112.00
    is-type level-2-only
    router-id Loopback0
    authentication mode md5 level-2
    authentication key-chain ISIS-KEY level-2
    metric-style wide
    fast-flood 10
    ip route priority high tag 5000
    set-overload-bit on-startup 360
    max-lsp-lifetime 65535
    lsp-refresh-interval 65000
    spf-interval 5 50 200
    prc-interval 5 50 200
    lsp-gen-interval 5 50 200
    no hello padding point-to-point
    log-adjacency-changes
    fast-reroute per-prefix level-2 all
    fast-reroute remote-lfa level-2 mpls-ldp
    microloop avoidance disable
    passive-interface Loopback0
    mpls ldp sync
    !
    router bgp 55836
    bgp router-id 172.30.235.112
    bgp log-neighbor-changes
    bgp graceful-restart
    no bgp default ipv4-unicast
    neighbor RJIL-AG1-IBGP-GRP peer-group
    neighbor RJIL-AG1-IBGP-GRP remote-as 55836
    neighbor RJIL-AG1-IBGP-GRP password 7 012152236429013F28737E5A4A175940245D50
    neighbor RJIL-AG1-IBGP-GRP update-source Loopback0
    neighbor RJIL-AG1-IBGP-GRP-IPv6 peer-group
    neighbor RJIL-AG1-IBGP-GRP-IPv6 remote-as 55836
    neighbor RJIL-AG1-IBGP-GRP-IPv6 password 7 122B51302D290B342314147B60276C41284757
    neighbor RJIL-AG1-IBGP-GRP-IPv6 update-source Loopback0
    neighbor 2405:200:201:3901:172:18:251:159 peer-group RJIL-AG1-IBGP-GRP-IPv6
    neighbor 2405:200:201:3901:172:30:254:163 peer-group RJIL-AG1-IBGP-GRP-IPv6
    neighbor 172.18.251.159 peer-group RJIL-AG1-IBGP-GRP
    neighbor 172.30.254.163 peer-group RJIL-AG1-IBGP-GRP
    !
    address-family ipv4
    bgp nexthop trigger delay 0
    neighbor RJIL-AG1-IBGP-GRP send-community
    neighbor RJIL-AG1-IBGP-GRP route-map RJIL-DROP-ALL out
    neighbor 172.18.251.159 activate
    neighbor 172.30.254.163 activate
    exit-address-family
    !
    address-family vpnv4
    bgp additional-paths select backup
    bgp additional-paths install
    bgp nexthop trigger delay 1
    neighbor RJIL-AG1-IBGP-GRP send-community extended
    neighbor 172.18.251.159 activate
    neighbor 172.30.254.163 activate
    exit-address-family
    !
    address-family ipv6
    bgp nexthop trigger delay 1
    network 2405:200:201:3901:172:30:235:112/128 route-map CSR-COMM
    neighbor RJIL-AG1-IBGP-GRP send-community
    neighbor RJIL-AG1-IBGP-GRP send-label
    neighbor 172.18.251.159 activate
    neighbor 172.30.254.163 activate
    exit-address-family
    !
    address-family ipv6 multicast
    neighbor RJIL-AG1-IBGP-GRP-IPv6 route-map RJIL-DROP-ALL out
    neighbor 2405:200:201:3901:172:18:251:159 activate
    neighbor 2405:200:201:3901:172:30:254:163 activate
    exit-address-family
    !
    address-family vpnv6
    bgp recursion host
    bgp nexthop trigger delay 1
    neighbor RJIL-AG1-IBGP-GRP send-community extended
    neighbor 172.18.251.159 activate
    neighbor 172.30.254.163 activate
    exit-address-family
    !
    address-family ipv6 vrf RJIL-BEARER-ENB
    redistribute connected
    import path selection all
    import path limit 4
    exit-address-family
    !
    address-family ipv4 vrf RJIL-IME
    import path selection all
    import path limit 4
    redistribute connected
    exit-address-family
    !
    address-family ipv6 vrf RJIL-IME
    redistribute connected
    import path selection all
    import path limit 4
    exit-address-family
    !
    address-family ipv4 vrf RJIL-IP-MGMT
    redistribute connected
    exit-address-family
    !
    address-family ipv6 vrf RJIL-IP-MGMT
    redistribute connected
    exit-address-family
    !
    address-family ipv6 vrf RJIL-OAM-ENB
    redistribute connected
    import path selection all
    import path limit 4
    exit-address-family
    !
    address-family ipv6 vrf RJIL-SIGNALING-ENB
    redistribute connected
    import path selection all
    import path limit 4
    exit-address-family
    !
    address-family ipv4 vrf RJIL-WIFI-CISCO
    import path selection all
    import path limit 4
    redistribute connected
    exit-address-family
    !
    address-family ipv6 vrf RJIL-WIFI-CISCO
    redistribute connected
    import path selection all
    import path limit 4
    exit-address-family
    !
    address-family ipv6 vrf SC-sw-mgmt
    redistribute connected
    import path selection all
    import path limit 4
    exit-address-family
    !
    ip forward-protocol nd
    ip forward-protocol udp 5246
    ip forward-protocol udp 5247
    no ip http server
    ip http authentication local
    ip http secure-server
    ip http secure-active-session-modules mylist
    ip http timeout-policy idle 600 life 14400 requests 25
    ip http session-module-list mylist IOX_Server,DISTRIB
    ip http client source-interface Loopback999
    !
    ip bgp-community new-format
    ip ftp source-interface Loopback999
    ip tftp source-interface Loopback999
    crypto key generate rsa general-keys modulus 1024
    ip ssh time-out 60
    ip ssh port 2222 rotary 35
    ip ssh source-interface Loopback999
    ip ssh version 2
    ip ssh dscp 18
    !
    ip access-list standard MGMT-SNMP-IPv4
    10 deny any
    ip access-list standard MGMT-VTY-IPv4
    10 deny any
    ip access-list standard MPLS-LDP-IPv4
    10 permit 172.16.0.0 0.15.255.255
    ip access-list standard NTP-ACL
    10 permit 172.16.63.22
    20 permit 172.26.217.153
    !
    ip access-list extended INFRA-iACL-IPv4-WiFi
    10 remark Phase 1 a Anti-spoofing,Fragmentation,Attack Denies
    10 remark Deny Fragments
    10 deny tcp any 49.44.0.0 0.0.7.255 fragments
    20 deny udp any 49.44.0.0 0.0.7.255 fragments
    30 deny icmp any 49.44.0.0 0.0.7.255 fragments
    40 deny tcp any any eq 5900
    50 remark Deny access to RJIL Infrastructure devices
    50 deny ip any 49.44.0.0 0.0.7.255
    60 remark Deny special-use address sources.
    60 remark See RFC 3330 for additional special-use addresses.
    60 deny ip host 0.0.0.0 any
    70 deny ip any 0.0.0.0 0.255.255.255
    80 deny ip 0.0.0.0 0.255.255.255 any
    90 deny ip host 255.255.255.255 any
    100 deny ip 127.0.0.0 0.255.255.255 any
    110 deny ip any 127.0.0.0 0.255.255.255
    120 deny ip 169.254.0.0 0.0.255.255 any
    130 deny ip 192.0.2.0 0.0.0.255 any
    140 deny ip any 192.0.2.0 0.0.0.255
    150 deny ip 192.18.0.0 0.1.255.255 any
    160 deny ip any 192.18.0.0 0.1.255.255
    170 deny ip 192.0.0.0 0.0.0.255 any
    180 deny ip any 192.0.0.0 0.0.0.255
    190 deny ip 224.0.0.0 31.255.255.255 any
    200 remark Deny RFC1918 space from entering AS
    200 permit ip any 10.73.1.0 0.0.0.63
    210 permit ip any 10.70.120.64 0.0.0.15
    220 permit ip any host 172.16.92.209
    230 permit ip any host 172.16.92.213
    240 permit ip any 10.70.120.80 0.0.0.15
    250 permit ip any 10.70.120.0 0.0.0.15
    260 deny ip 192.168.0.0 0.0.255.255 any
    270 deny ip any 10.0.0.0 0.255.255.255
    280 deny ip any 172.16.0.0 0.15.255.255
    290 deny ip any 192.168.0.0 0.0.255.255
    300 remark See RFC5737
    300 deny ip 198.51.100.0 0.0.0.255 any
    310 deny ip any 198.51.100.0 0.0.0.255
    320 deny ip 203.0.113.0 0.0.0.255 any
    330 deny ip any 203.0.113.0 0.0.0.255
    340 remark Deny RIL infrastructure space as a source of external packets
    340 deny ip 49.44.0.0 0.0.7.255 any
    350 remark Phase 2 a Explicit Permit
    350 permit ip any any
    !
    ip sla responder
    ip sla responder twamp
    timeout 2000
    ip sla server twamp
    timer inactivity 1200
    logging alarm informational
    logging source-interface Loopback999 vrf RJIL-IP-MGMT
    logging host ipv6 2405:200:816:651::30 vrf RJIL-IP-MGMT
    logging host ipv6 2405:200:A80:FD19:5DC:98E5:692C:2012 vrf RJIL-IP-MGMT
    logging host ipv6 2405:200:A10:FCB1:250:56FF:FE96:2145
    ipv6 mld state-limit 25000
    !
    route-map RJIL-DROP-ALL deny 10
    !
    route-map CSR-COMM permit 10
    set community 64600:133
    !
    snmp-server community OnM4G@Ge0 RO ipv6 MGMT-SNMP-IPv6 MGMT-SNMP-IPv4
    snmp-server trap-source Loopback999
    snmp-server source-interface informs Loopback999
    snmp-server queue-length 1000
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps tty
    snmp-server enable traps config-copy
    snmp-server enable traps config
    snmp-server enable traps config-ctid
    snmp-server enable traps isis
    snmp-server enable traps ipsla
    snmp-server enable traps memory bufferpeak
    snmp-server enable traps fru-ctrl
    snmp-server enable traps entity
    snmp-server enable traps cpu threshold
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-
    change inconsistency
    snmp-server enable traps netsync
    snmp-server enable traps aaa_server
    snmp-server enable traps mpls rfc ldp
    snmp-server enable traps mpls ldp
    snmp-server enable traps alarms informational
    snmp-server enable traps bulkstat collection transfer
    snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
    snmp-server enable traps transceiver all
    snmp-server enable traps mpls vpn
    snmp-server enable traps mpls rfc vpn
    snmp-server host 2405:200:806:2904:10:70:224:97 vrf RJIL-IP-MGMT version 2c
    OnM4G@Ge0
    snmp ifmib ifalias long
    snmp ifmib ifindex persist
    mpls ldp router-id Loopback0
    !
    tacacs server TACACS1
    address ipv4 10.70.57.84
    key 7 113B130C18325E595C797D
    tacacs server TACACS2
    address ipv4 10.70.64.116
    key 7 073D2B4541294C504F415D
    !
    !
    !
    ipv6 access-list INFRA-iACL-IPv6-LTE
    sequence 10 deny ipv6 any 2405:200::/40 fragments
    sequence 20 permit ipv6 2405:200::/40 any
    sequence 30 permit ipv6 any 2405:200::/40
    sequence 40 deny ipv6 2002:E000::/20 any
    sequence 50 deny ipv6 2002:7F00::/24 any
    sequence 60 deny ipv6 2002::/24 any
    sequence 70 deny ipv6 2002:FF00::/24 any
    sequence 80 deny ipv6 2002:A00::/24 any
    sequence 90 deny ipv6 2002:AC10::/28 any
    sequence 100 deny ipv6 2002:C0A8::/32 any
    sequence 110 deny ipv6 host :: any
    sequence 120 deny ipv6 host ::1 any
    sequence 130 deny ipv6 ::/96 any
    sequence 140 deny ipv6 ::FFFF:0.0.0.0/96 any
    sequence 150 deny ipv6 ::/104 any
    sequence 160 deny ipv6 3FFE::/16 any
    sequence 170 remark Phase 1 a anti-spoofing and Fragmentation Denies
    sequence 180 remark Deny Fragments
    sequence 190 remark Permit RJIL ILL Customer
    sequence 200 remark Deny access to RJIL Infrastructure devices
    sequence 210 deny ipv6 any 2405:200:200::/40
    sequence 220 remark Deny RIL infrastructure space as a source of external packets
    sequence 230 deny ipv6 2405:200:200::/40 any
    sequence 240 remark Deny special-use address sources Refer RFC6890
    sequence 250 deny ipv6 ::/8 any
    sequence 260 deny ipv6 FEC0::/10 any
    sequence 270 deny ipv6 FC00::/7 any
    sequence 280 deny ipv6 FF00::/8 any
    sequence 290 deny ipv6 any 2001:10::/28
    sequence 300 deny ipv6 2001:10::/28 any
    sequence 310 deny ipv6 any 2001:DB8::/32
    sequence 320 deny ipv6 2001:DB8::/32 any
    sequence 330 permit ipv6 any 2001:2::/48
    sequence 340 permit ipv6 any 2001::/32
    sequence 350 deny ipv6 any 2001::/23
    sequence 360 deny ipv6 2001::/23 any
    sequence 370 remark deny false 6to4 packets
    sequence 380 remark deny loopback address
    sequence 390 deny ipv6 host 1:: any
    sequence 400 remark deny ipv4-compatible addresses
    sequence 410 remark ipv4 mapped adresses - obsoleted
    sequence 420 remark deny other compatible addresses
    sequence 430 deny ipv6 ::224.0.0.0/100 any
    sequence 440 deny ipv6 ::127.0.0.0/104 any
    sequence 450 deny ipv6 ::255.0.0.0/104 any
    sequence 460 remark deny 6bone addresses - depreciated
    sequence 470 remark Phase 2 a explicit Permit
    sequence 480 permit ipv6 any any
    !
    ipv6 access-list MCAST-BDR-IPv6
    sequence 10 permit ipv6 any FF30::/12
    !
    ipv6 access-list MGMT-SNMP-IPv6
    sequence 10 permit ipv6 2405:200:A10:FC00::/64 any
    sequence 20 permit ipv6 2405:200:A10:FC04::/64 any
    sequence 30 permit ipv6 2405:200:A10:FC09::/64 any
    sequence 40 permit ipv6 2405:200:A10:FCB0::/64 any
    sequence 50 permit ipv6 2405:200:A10:FCB1::/64 any
    sequence 60 permit ipv6 2405:200:A10:FCBA::/64 any
    sequence 70 permit ipv6 2405:200:A10:FCC7::/64 any
    sequence 80 permit ipv6 2405:200:A60:FDC0::/64 any
    sequence 90 permit ipv6 2405:200:A10:FCC0::/64 any
    sequence 100 permit ipv6 2405:200:A10:FCC4::/64 any
    sequence 110 permit ipv6 2405:200:800::/44 any
    sequence 120 permit ipv6 2405:200:855:2575::/64 any
    sequence 130 permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
    !
    ipv6 access-list MGMT-VTY-IPv6
    sequence 10 permit ipv6 2405:200:100::/40 any
    sequence 20 permit ipv6 2405:200:802:679::/64 any
    sequence 30 permit ipv6 2405:200:804:651::/64 any
    sequence 40 permit ipv6 2405:200:806:651::/64 any
    sequence 50 permit ipv6 2405:200:808:651::/64 any
    sequence 60 permit ipv6 2405:200:A10:FC80::/64 any
    sequence 70 permit ipv6 2405:200:A10:FCB0::/64 any
    sequence 80 permit ipv6 2405:200:A10:FCB1::/64 any
    sequence 90 permit ipv6 2405:200:A10:FCC0::/64 any
    sequence 100 permit ipv6 2405:200:A10:FCC4::/64 any
    sequence 110 permit ipv6 2405:200:A60:FDC0::/64 any
    sequence 120 permit ipv6 2405:200:A60:F0F0::/60 any
    sequence 130 permit ipv6 2405:200:800::/44 any
    sequence 140 permit ipv6 2405:200:855:2575::/64 any
    sequence 150 permit ipv6 2405:200:806:2904::/64 any
    sequence 160 permit ipv6 2405:200:A10:FCC7::/64 any
    sequence 170 permit ipv6 2405:200:A80:FD19:5DC:98E5:692C:0/112 any
    !
    control-plane
    !
    privilege exec all level 10 show
    banner login #
    -------------------------------------------------------------------------
    UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    You must have explicit, authorized permission to access or configure this
    device.
    Unauthorized attempts and actions to access or use this system may result
    in civil and/or criminal penalties.
    All activities performed on this device are logged and monitored.
    GCTv20.8
    NE-ID INBRSKSTXXXXTW0006ENBESR001
    SAP-ID I-BR-SKST-ENB-9020
    FAC-ID INBRSKSTXXXXTW0006
    HostName SKSTSKSTESR009
    -------------------------------------------------------------------------
    #
    banner motd #
    -------------------------------------------------------------------------
    UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
    You must have explicit, authorized permission to access or configure this
    device.
    Unauthorized attempts and actions to access or use this system may result
    in civil and/or criminal penalties.
    All activities performed on this device are logged and monitored.
    GCTv20.8
    NE-ID INBRSKSTXXXXTW0006ENBESR001
    SAP-ID I-BR-SKST-ENB-9020
    FAC-ID INBRSKSTXXXXTW0006
    HostName SKSTSKSTESR009
    -------------------------------------------------------------------------
    #
    !
    line con 0
    exec-timeout 5 0
    privilege level 15
    authorization commands 15 AAA-VTY-ACS
    logging synchronous
    login authentication AAA-CONSOLE-LOCAL
    transport output none
    stopbits 1
    line vty 0 4
    access-class MGMT-VTY-IPv4 in
    access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
    exec-timeout 5 0
    privilege level 15
    ipv6 access-class MGMT-VTY-IPv6 in
    ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
    authorization commands 15 AAA-VTY-ACS
    logging synchronous
    login authentication AAA-VTY-ACS
    transport preferred none
    transport input ssh
    transport output ssh
    line vty 5 9
    access-class MGMT-VTY-IPv4 in
    access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
    exec-timeout 5 0
    privilege level 15
    ipv6 access-class MGMT-VTY-IPv6 in
    ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
    authorization commands 15 AAA-VTY-ACS
    logging synchronous
    login authentication AAA-VTY-ACS
    transport preferred none
    transport input ssh
    transport output ssh
    line vty 10 20
    access-class MGMT-VTY-IPv4 in
    access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
    ipv6 access-class MGMT-VTY-IPv6 in
    ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
    no exec
    transport input ssh
    line vty 21 25
    access-class MGMT-VTY-IPv4 in
    access-class MGMT-VTY-IPv4 in vrfname RJIL-IP-MGMT
    exec-timeout 5 0
    privilege level 10
    ipv6 access-class MGMT-VTY-IPv6 in
    ipv6 access-class MGMT-VTY-IPv6 in vrfname RJIL-IP-MGMT
    logging synchronous
    login authentication AAA-LOCAL
    rotary 35
    transport preferred none
    transport input ssh
    transport output ssh
    !
    ztp disable
    esmc process
    call-home
    ! If contact email address in call-home is configured as sch-smart-
    licensing@cisco.com
    ! the email address configured in Cisco Smart License Portal will be used as
    contact email address to send SCH notifications.
    contact-email-addr sch-smart-licensing@cisco.com
    vrf RJIL-IP-MGMT
    no http secure server-identity-check
    profile "CiscoTAC-1"
    active
    destination transport-method http
    destination address http
    https://[2405:200:a80:fdf5::b]/Transportgateway/services/DeviceRequestHandler
    no destination address http
    https://tools.cisco.com/its/service/oddce/services/DDCEService
    ntp authentication-key 1 md5 122B0F1E1D2B22103A 7
    ntp authenticate
    ntp trusted-key 1
    ntp source Loopback999
    ntp access-group peer NTP-ACL
    ntp master 5
    ntp server vrf RJIL-IP-MGMT 172.16.105.144 key 1
    ntp server vrf RJIL-IP-MGMT 172.26.217.153 key 1
    ntp server vrf RJIL-IP-MGMT 172.16.63.22 key 1 prefer
    !
    !

    event manager policy Mandatory.dualrate_eem_policy.tcl type system authorization


    bypass
    !
    line vty 0 4
    no access-class MGMT-VTY-IPv4 in vrf-also
    exec-timeout 5 0
    privilege level 15
    no ipv6 access-class MGMT-VTY-IPv6 in
    !
    end

    You might also like