interface GigabitEthernet2/10

description VIRTUALIZATION / VPRIVATE1 cluster / trunk / guest traffic /

vprivate1-node5 / bond2 / slave eth7
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 115 mode active
!
interface GigabitEthernet2/11
description NOC LAN - Nagios server (nagios.eunet.rs), eth0
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/12
description NOC LAN - Syslog server (syslog.eunet.rs)
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/13
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/14
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/15
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/16
description FREE
switchport
switchport mode access
 switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/17
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/18
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/19
description FREE
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/20
description FREE
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/21
description LDAP CLUSTER - LDAP node 1 (ldapnode1.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
shutdown
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/22
description LDAP CLUSTER - LDAP node 2 (ldapnode2.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/23
description LDAP CLUSTER - LDAP node 3 (ldapnode3.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/24
description LDAP CLUSTER - LDAP node 4 (ldapnode4.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
shutdown
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/25
description BLADE 1 (switch 2) / etherchannel 11 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 11 mode active
!
interface GigabitEthernet2/26
description BLADE 1 (switch 2) / etherchannel 11 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 11 mode active
!
interface GigabitEthernet2/27
description BLADE 2 (switch 2) / etherchannel 13 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 13 mode active
!
interface GigabitEthernet2/28
description BLADE 2 (switch 2) / etherchannel 13 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 13 mode active
!
interface GigabitEthernet2/29
description BLADE 3 (switch 2) / etherchannel 15 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 15 mode active
!
interface GigabitEthernet2/30
description BLADE 3 (switch 2) / etherchannel 15 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 15 mode active
!
interface GigabitEthernet2/31
description BLADE 4 (switch 2) / etherchannel 17 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 17 mode active
!
interface GigabitEthernet2/32
description BLADE 4 (switch 2) / etherchannel 17 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 17 mode active
!
interface GigabitEthernet2/33
description BLADE 5 (switch 2) / etherchannel 19 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 19 mode active
!
interface GigabitEthernet2/34
description BLADE 5 (switch 2) / etherchannel 19 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 19 mode active
!
interface GigabitEthernet2/35
description VIRTUALIZATION / VPUBLIC platforma / cluster LANs / trunk / vpublic-
blade1 / vpublic-cluster-sw1 / etherchannel 20 / member 3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4000
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 20 mode active
!
interface GigabitEthernet2/36
description VIRTUALIZATION / VPUBLIC platforma / cluster LANs / trunk / vpublic-
blade1 / vpublic-cluster-sw1 / etherchannel 20 / member 4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4000
switchport mode trunk
 switchport nonegotiate
mtu 9216
no cdp enable
channel-group 20 mode active
!
interface GigabitEthernet2/37
description VIRTUALIZATION / VPRIVATE1 cluster / cluster LAN / vprivate1-sw
(gornji) / etherchannel 100 member 3 / Te1/0/23
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 110 mode active
!
interface GigabitEthernet2/38
description VIRTUALIZATION / VPRIVATE1 cluster / cluster LAN / vprivate1-sw
(donji) / etherchannel 100 member 4 / Te2/0/23
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 110 mode active
!
interface GigabitEthernet2/39
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/40
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/41
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/42
description FREE
switchport
shutdown
!
interface GigabitEthernet2/43
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/44
description FREE
no ip address
 shutdown
!
interface GigabitEthernet2/45
description VoIP SERVERI - ipt-pri-gw1.eunet.rs, eth1
switchport
switchport access vlan 700
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/46
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/47
description VIRTUALIZATION / VDIST1 cluster / cluster LAN / vdist1-node2
switchport
switchport access vlan 450
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/48
description DISTRIBUTION, trunk do access sloja, SW-BG-6, GigabitEthernet0/24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
no cdp enable
!
interface GigabitEthernet5/1
description L3-BG-2 (Gi0/1) DISTRIBUTION / etherchannel 5 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
channel-group 5 mode active
!
interface GigabitEthernet5/2
no ip address
shutdown
!
interface GigabitEthernet5/3
description FW-BG-1 (gornja kutija) / failover link
switchport
switchport access vlan 4094
switchport mode access
switchport nonegotiate
spanning-tree portfast edge
!
interface TenGigabitEthernet5/4
description FW-BG-1 (gornja kutija) / etherchannel 1 / member 1
switchport
 switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 1 mode active
!
interface TenGigabitEthernet5/5
description FW-BG-1 (donja kutija) / etherchannel 2 / member 1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 2 mode active
!
interface GigabitEthernet6/1
description L3-BG-2 (Gi0/2) DISTRIBUTION / etherchannel 5 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
channel-group 5 mode active
!
interface GigabitEthernet6/2
no ip address
shutdown
!
interface GigabitEthernet6/3
description FW-BG-1 (donja kutija) / failover link
switchport
switchport access vlan 4094
switchport mode access
switchport nonegotiate
spanning-tree portfast edge
!
interface TenGigabitEthernet6/4
description FW-BG-1 (gornja kutija) / etherchannel 1 / member 2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 1 mode active
!
interface TenGigabitEthernet6/5
description FW-BG-1 (donja kutija) / etherchannel 2 / member 2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 2 mode active
!
interface TenGigabitEthernet8/1
 description CORE / uplink 1 / CORE-BG-1 / TenGigabitEthernet2/4
mtu 9216
ip address 194.247.195.130 255.255.255.252
no ip proxy-arp
ip mtu 1500
ip flow ingress
ipv6 address 2A00:1108:0:3F80:0:11:D1:1/64
ipv6 mtu 1500
ipv6 ospf 100 area 0
mpls traffic-eng tunnels
mpls ip
no cdp enable
ip rsvp bandwidth
!
interface TenGigabitEthernet8/2
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node1
/ etherchannel 50 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 50 mode active
!
interface TenGigabitEthernet8/3
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node2
/ etherchannel 51 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 51 mode active
!
interface TenGigabitEthernet8/4
description VIRTUALIZATION / VPRIVATE platforma / cluster LANs, guest traffic /
trunk / vprivate-blade1 / vprivate-cluster-sw1 / etherchannel 127 / member 1
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan none
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 60 mode active
!
interface TenGigabitEthernet9/1
description CORE / uplink 2 / CORE-BG-1 / TenGigabitEthernet3/4
mtu 9216
ip address 194.247.195.134 255.255.255.252
no ip proxy-arp
ip mtu 1500
ip flow ingress
ipv6 address 2A00:1108:3F81::11:D1:1/64
ipv6 mtu 1500
ipv6 ospf 100 area 0
mpls traffic-eng tunnels
 mpls ip
no cdp enable
ip rsvp bandwidth
!
interface TenGigabitEthernet9/2
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node1
/ etherchannel 50 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 50 mode active
!
interface TenGigabitEthernet9/3
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node2
/ etherchannel 51 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 51 mode active
!
interface TenGigabitEthernet9/4
description VIRTUALIZATION / VPRIVATE platforma / cluster LANs, guest traffic /
trunk / vprivate-blade1 / vprivate-cluster-sw1 / etherchannel 127 / member 2
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan none
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 60 mode active
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
description MANAGEMENT - layer2 i layer3 switchevi
vrf forwarding INTERNAL_SERVICES
ip address 194.247.197.33 255.255.255.240
ip access-group SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan21
description MAIL cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.225 255.255.255.240
ip access-group MAIL-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
 ip flow ingress
ipv6 address 2A00:1108:0:40A0::1/64
ipv6 nd ra suppress
!
interface Vlan22
description POP cluster (POP3/IMAP/LMTP proxy+backend)
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.129 255.255.255.240
ip access-group POP-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40A1::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-POP-CLUSTER-OUT out
!
interface Vlan30
description MISC SERVERS 1 - solair4, webmail. cache, news, XEN, ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.38 255.255.255.240
ip access-group MISC-SERVERS-1-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40D0::1/64
ipv6 nd ra suppress
!
interface Vlan40
description COLLECTORS - dialin RADIUS, SNMP/dialin/VoIP collector, ADSL
collector, users ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.54 255.255.255.240
ip access-group COLLECTORS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan50
description Logging services
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.209 255.255.255.240
ip access-group LOGGING-SERVICES-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4002::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-LOGGING-SERVICES-OUT out
!
interface Vlan55
description Elasticsearch cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.161 255.255.255.240
no ip redirects
no ip unreachables
 no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4003::1/64
ipv6 nd ra suppress
!
interface Vlan60
description Databases
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.94 255.255.255.240
ip access-group DATABASE-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4040::1/64
ipv6 nd ra suppress
!
interface Vlan65
description MANAGEMENT / storage management / range 1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.65 255.255.255.240
ip access-group STORAGE-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan66
description MANAGEMENT / storage management / range 2
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.193 255.255.255.240
ip access-group STORAGE-MANAGEMENT-2-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan70
description MANAGEMENT / SCE management, Subscriber Manager, Collection Manager
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.110 255.255.255.240
ip access-group SCE-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan80
description RADIUS Cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.126 255.255.255.240
ip access-group RADIUS-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan90
description MANAGEMENT - UPS-evi
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.241 255.255.255.248
ip access-group UPS-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan91
description MANAGEMENT / IBM BladeCenter blades / chassis, IOMs
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.33 255.255.255.240 secondary
ip address 194.247.198.161 255.255.255.240
ip access-group BLADE-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan92
description MANAGEMENT - HP EVA 5000 storage
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.177 255.255.255.240
ip access-group EVA-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan93
description MANAGEMENT - klime, kamere, EMU, ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.126 255.255.255.240
ip access-group ENV-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan94
description MANAGEMENT - PDU
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.94 255.255.255.240
ip access-group PDU-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan95
description MANAGEMENT / Network and service monitoring and management servers and
appliances
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.193 255.255.255.240
ip access-group NETWORK-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
 ipv6 address 2A00:1108:0:4000::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-NETWORK-MANAGEMENT-OUT out
!
interface Vlan96
description MANAGEMENT / VPUBLIC platforma / Dell m1000e blades / CMCs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.6 255.255.255.248
ip access-group VPUBLIC-CMC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8000::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC-CMC-MANAGEMENT-OUT out
!
interface Vlan97
description MANAGEMENT / VPUBLIC platforma / Dell m1000e blades / switches
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.14 255.255.255.248
ip access-group VPUBLIC-SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8001::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC-SWITCH-MANAGEMENT-OUT out
!
interface Vlan98
description MANAGEMENT / VPUBLIC platforma / Dell m1000e blades / iDRACs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.30 255.255.255.240
ip access-group VPUBLIC-iDRAC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8002::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC-iDRAC-MANAGEMENT-OUT out
!
interface Vlan100
description NOC LAN
vrf forwarding INTERNAL_SERVICES
ip address 213.240.47.113 255.255.255.248 secondary
ip address 194.247.192.30 255.255.255.224
ip access-group NOC-LAN-OUT out
no ip redirects
no ip unreachables
ip flow ingress
ipv6 address 2A00:1108:0:C000::1/64
ipv6 nd ra suppress
!
interface Vlan101
description MANAGEMENT / Dedicated Servers / Dell m1000e blades / CMCs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.70 255.255.255.248
 ip access-group DEDICATED-SERVERS-iDRAC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8006::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-DEDICATED-SERVERS-iDRAC-MANAGEMENT-OUT out
!
interface Vlan102
description MANAGEMENT / Dedicated Servers / Dell m1000e blades / switches
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.78 255.255.255.248
ip access-group DEDICATED-SERVERS-SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8007::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-DEDICATED-SERVERS-SWITCH-MANAGEMENT-OUT out
!
interface Vlan103
description MANAGEMENT / Dedicated Servers / Dell m1000e blades / iDRACs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.110 255.255.255.240 secondary
ip address 213.240.45.94 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8008::1/64
ipv6 nd ra suppress
!
interface Vlan110
description Billing database servers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.6 255.255.255.248
ip access-group BILLING-DATABASE-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan120
description Misc application servers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.14 255.255.255.248
ip access-group MISC-APPLICATIONS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4071::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-MISC-APPLICATIONS-OUT out
!
interface Vlan121
description Billing application servers
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.46 255.255.255.240
ip access-group BILLING-APPLICATIONS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan122
description DEVELOPMENT - MISC Billing servers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.113 255.255.255.240
ip access-group DEV-MISC-BILLING-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan130
description Backup Vlan
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.30 255.255.255.248
ip access-group BACKUP-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan150
description Kompanijski web portali: www.eunet.rs, my.eunet.rs, ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.22 255.255.255.248
ip access-group COMPANY-WEB-PORTALS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4080::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-COMPANY-WEB-PORTALS-OUT out
!
interface Vlan160
description Testing serveri
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.254 255.255.255.224
ip access-group TEST-SERVERI-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2A00:1108:0:7FFF::1/64
ipv6 traffic-filter IPv6-TEST-SERVERI-OUT out
!
interface Vlan180
description DEVELOPMENT / Razvojni alati za globalno kompanijsko razvojno
okruzenje
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.241 255.255.255.248
ip access-group DEVELOPMENT-TOOLS-OUT out
no ip redirects
 no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40E0::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-DEVELOPMENT-TOOLS-OUT out
!
interface Vlan200
description Office LAN u Sava Centru
vrf forwarding INTERNAL_SERVICES
ip address 194.247.199.254 255.255.255.224
ip access-group SC-OFFICE-LAN-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan210
description REMOTE_MISC_APPLICATIONS
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.1 255.255.255.248
ip access-group REMOTE-MISC-APPLICATIONS-IN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan300
description LVS subnet - virtuelni servisi na load balancerima
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.190 255.255.255.240
ip access-group VIRTUAL-SERVICES-1-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4100::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VIRTUAL-SERVICES-1-OUT out
!
interface Vlan310
description Office serveri
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.78 255.255.255.240
ip access-group OFFICE-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan311
description Serveri za potrebe Marketinga, Prodaje i Web teama
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.233 255.255.255.248
ip access-group MARKETING-SERVERI-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan400
description LDAP cluster
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.174 255.255.255.240
ip access-group LDAP-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan401
description Milter cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.193 255.255.255.240
ip access-group MILTER-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40A2::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-MILTER-CLUSTER-OUT out
!
interface Vlan410
description Docker cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.209 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan450
description VIRTUALIZATION / VDIST1 cluster / distribution Proxmox cluster 1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.57 255.255.255.248
ip access-group VDIST1-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip igmp snooping querier
ipv6 address 2A00:1108:0:7020::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VDIST1-CLUSTER-OUT out
!
interface Vlan451
description MANAGEMENT / VDIST1 cluster / server iLO / iDRAC
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.209 255.255.255.248
ip access-group VDIST1-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan500
description VIRTUALIZATION / VPRIVATE1 cluster / cluster LAN
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.97 255.255.255.240
ip access-group VPRIVATE1-CLUSTER-OUT out
 no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7000::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE1-CLUSTER-OUT out
!
interface Vlan501
description MANAGEMENT / VPRIVATE1 cluster / iDRAC
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.217 255.255.255.248
ip access-group VPRIVATE1-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8010::1/64
ipv6 traffic-filter IPv6-VPRIVATE1-MANAGEMENT-OUT out
!
interface Vlan540
description YUNET CDN - Apache Traffic Server test
vrf forwarding INTERNAL_SERVICES
ip address 217.26.209.145 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
ipv6 address 2A00:1108:0:7FF1::1/64
ipv6 nd ra suppress
!
interface Vlan545
description YUNET HOSTING TEST
vrf forwarding INTERNAL_SERVICES
ip address 194.247.206.49 255.255.255.240
ip access-group YUNET-HOSTING-TEST-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7FF0::1/64
ipv6 nd ra suppress
!
interface Vlan552
description MANAGEMENT / VPRIVATE platforma / Dell m1000e blades / CMCs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.38 255.255.255.248
ip access-group VPRIVATE-CMC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8003::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE-CMC-MANAGEMENT-OUT out
!
interface Vlan553
description MANAGEMENT / VPRIVATE platforma / Dell m1000e blades / switches
 vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.46 255.255.255.248
ip access-group VPRIVATE-SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8004::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE-SWITCH-MANAGEMENT-OUT out
!
interface Vlan554
description MANAGEMENT / VPRIVATE platforma / Dell m1000e blades / iDRACs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.62 255.255.255.240
ip access-group VPRIVATE-iDRAC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8005::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE-iDRAC-MANAGEMENT-OUT out
!
interface Vlan555
description VIRTUALIZATION / VPRIVATE2 cluster / cluster LAN / vprivate-blade1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.177 255.255.255.240
ip access-group VPRIVATE2-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7001::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE2-CLUSTER-OUT out
!
interface Vlan580
no ip address
shutdown
!
interface Vlan600
description DEVELOPMENT - NOC
vrf forwarding DEV_SANDBOX
ip address 194.247.192.30 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan603
description DEVELOPMENT - LVS subnet
vrf forwarding DEV_SANDBOX
ip address 194.247.192.190 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan610
description DEVELOPMENT - Billing database servers
 vrf forwarding DEV_SANDBOX
ip address 194.247.196.6 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan620
description DEVELOPMENT - Misc application servers
vrf forwarding DEV_SANDBOX
ip address 194.247.196.14 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan621
description DEVELOPMENT - Billing application servers
vrf forwarding DEV_SANDBOX
ip address 194.247.196.46 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan630
description DEVELOPMENT - solair4, webmail. cache, news, XEN, ...
vrf forwarding DEV_SANDBOX
ip address 194.247.192.38 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan640
description DEVELOPMENT - dialin RADIUS, SNMP/dialin/VoIP collector, ADSL
collector
vrf forwarding DEV_SANDBOX
ip address 194.247.192.54 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan650
description DEVELOPMENT - COMPANY-WEB-PORTALS
vrf forwarding DEV_SANDBOX
ip address 194.247.196.22 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan660
description DEVELOPMENT / Razvojno okruzenje za novi korisnicki portal
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.225 255.255.255.248
ip access-group DEV-USER-PORTAL-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan700
 description VoIP serveri i gaetway-i
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.222 255.255.255.240
ip access-group VoIP-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40C0::1/64
ipv6 nd ra suppress
!
interface Vlan800
description NAMESERVERS / resolving nameservers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.241 255.255.255.248
ip access-group RESOLVING-NAMESERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4010::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-RESOLVING-NAMESERVERS-OUT out
!
interface Vlan810
description NAMESERVERS / authoritative nameservers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.49 255.255.255.248
ip access-group AUTHORITATIVE-NAMESERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4011::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-AUTHORITATIVE-NAMESERVERS-OUT out
!
interface Vlan820
description HOSTING / YUnet shared web hosting / cPanel
vrf forwarding INTERNAL_SERVICES
ip address 185.53.112.1 255.255.255.224 secondary
ip address 194.247.196.65 255.255.255.240
ip access-group YUNET-WEB-HOSTING-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4090::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-YUNET-WEB-HOSTING-OUT out
!
interface Vlan900
description DISTRIBUTION / layer7 load balancers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.81 255.255.255.240
ip access-group L7-LOAD-BALANCERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
 ip flow ingress
!
interface Vlan990
description ACCESS / OpenVPN server / TEST
mtu 9216
ip address 194.247.195.173 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
ip flow ingress
mpls ldp discovery transport-address interface
mpls traffic-eng tunnels
mpls ip
ip rsvp bandwidth
!
interface Vlan997
no ip address
!
interface Vlan999
description NETWORK BOOT / INSTALL
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.254 255.255.255.248
ip access-group NETBOOT-INSTALL-OUT out
ip helper-address 194.247.192.206
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan4000
description VIRTUALIZATION / VPUBLIC1 cluster / cluster LAN / vpublic-blade1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.129 255.255.255.240
ip access-group VPUBLIC1-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7010::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC1-CLUSTER-OUT out
!
interface Vlan4092
description FW-BG-1 inside link
vrf forwarding INTERNAL_SERVICES
mtu 9216
ip address 194.247.195.121 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
ip flow ingress
load-interval 30
ipv6 address 2A00:1108:0:3002:0:11:D1:1/64
ipv6 mtu 1500
ipv6 nd ra suppress
!
interface Vlan4093
 description FW-BG-1 outside link
mtu 9216
ip address 194.247.195.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
ip flow ingress
load-interval 30
ipv6 address 2A00:1108:0:3003:0:11:D1:1/64
ipv6 mtu 1500
ipv6 nd ra suppress
ipv6 ospf 100 area 0
!
router ospf 20 vrf INTERNAL_SERVICES
log-adjacency-changes
nsf
redistribute connected metric-type 1 subnets
redistribute static metric-type 1 subnets
network 194.247.195.120 0.0.0.7 area 0
network 194.247.197.32 0.0.0.15 area 0
!
router ospf 10
log-adjacency-changes
nsf
redistribute connected metric-type 1 subnets route-map REDISTRIBUTE-CONNECTED
redistribute static metric-type 1 subnets route-map REDISTRIBUTE-STATIC
network 194.247.195.0 0.0.0.7 area 0
network 194.247.195.128 0.0.0.3 area 0
network 194.247.195.132 0.0.0.3 area 0
network 194.247.195.172 0.0.0.3 area 11072
maximum-paths 8
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
!
router bgp 8771
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp deterministic-med
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor 2A00:1108::11:C0:1 remote-as 8771
neighbor 2A00:1108::11:C0:1 description CORE-BG-1 (route reflector)
neighbor 2A00:1108::11:C0:1 update-source Loopback0
neighbor 194.247.193.116 remote-as 8771
neighbor 194.247.193.116 description CORE-BG-1 (route reflector)
neighbor 194.247.193.116 update-source Loopback0
!
address-family ipv4
no neighbor 2A00:1108::11:C0:1 activate
neighbor 194.247.193.116 activate
neighbor 194.247.193.116 send-community both
neighbor 194.247.193.116 next-hop-self
neighbor 194.247.193.116 soft-reconfiguration inbound
neighbor 194.247.193.116 route-map GLOBAL-PREFIXES in
neighbor 194.247.193.116 route-map GLOBAL-PREFIXES out
no auto-summary
no synchronization
 exit-address-family
!
address-family vpnv6
neighbor 194.247.193.116 activate
neighbor 194.247.193.116 send-community both
exit-address-family
!
address-family vpnv4
neighbor 194.247.193.116 activate
neighbor 194.247.193.116 send-community both
exit-address-family
!
address-family ipv6
neighbor 2A00:1108::11:C0:1 activate
neighbor 2A00:1108::11:C0:1 send-community both
neighbor 2A00:1108::11:C0:1 soft-reconfiguration inbound
neighbor 2A00:1108::11:C0:1 route-map IPv6-GLOBAL-PREFIXES in
neighbor 2A00:1108::11:C0:1 route-map IPv6-GLOBAL-PREFIXES out
no synchronization
exit-address-family
!
address-family ipv4 vrf DEV_SANDBOX
redistribute connected
redistribute static
no synchronization
exit-address-family
!
address-family ipv6 vrf DEV_SANDBOX
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip classless
ip forward-protocol nd
ip forward-protocol udp bootpc
ip forward-protocol udp bootps
ip route 10.0.0.0 255.0.0.0 Null0 tag 9999
ip route 10.255.255.254 255.255.255.255 Null0 tag 9999 name BLACKHOLE
ip route 172.16.0.0 255.240.0.0 Null0 tag 9999
ip route 192.168.0.0 255.255.0.0 Null0 tag 9999
!
ip bgp-community new-format
ip community-list expanded upstream-prefixes permit 8771:64666
ip community-list expanded peer-prefixes permit 8771:64777
ip community-list expanded customer-prefixes permit 8771:64888
ip community-list expanded yunet-blackhole permit 8771:64900
ip as-path access-list 10 permit ^$
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 194.247.192.7 1984
ip flow-export destination 194.247.192.194 2055
!
no ip http server
no ip http secure-server
ip ospf name-lookup
!
!
ip prefix-list BOGONS seq 10 permit 10.0.0.0/8 le 32
ip prefix-list BOGONS seq 20 permit 172.16.0.0/12 le 32
ip prefix-list BOGONS seq 30 permit 192.168.0.0/16 le 32
logging alarm informational
logging trap debugging
logging source-interface Loopback0
logging 194.247.192.185
no cdp run
ipv6 route vrf INTERNAL_SERVICES ::/0 2A00:1108:0:3002:0:11:F1:1
ipv6 router ospf 100
log-adjacency-changes
maximum-paths 8
redistribute connected metric-type 1
redistribute static metric-type 1
!
ipv6 ospf name-lookup
!
route-map GLOBAL-NOUPSTREAM-PREFIXES permit 5
match community yunet-blackhole
set ip next-hop 10.255.255.254
!
route-map GLOBAL-NOUPSTREAM-PREFIXES permit 10
match as-path 10
!
route-map GLOBAL-NOUPSTREAM-PREFIXES permit 20
match community peer-prefixes customer-prefixes
!
route-map GLOBAL-PREFIXES permit 5
match community yunet-blackhole
set ip next-hop 10.255.255.254
!
route-map GLOBAL-PREFIXES permit 10
match as-path 10
!
route-map GLOBAL-PREFIXES permit 20
match community upstream-prefixes peer-prefixes customer-prefixes
!
route-map REDISTRIBUTE-STATIC deny 10
match ip address prefix-list BOGONS
!
route-map REDISTRIBUTE-STATIC deny 20
match tag 9999
!
route-map REDISTRIBUTE-STATIC deny 30
match tag 64900
!
route-map REDISTRIBUTE-STATIC permit 999
!
route-map GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 5
match community yunet-blackhole
set ip next-hop 10.255.255.254
!
route-map GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 10
match as-path 10
!
route-map GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 20
match community customer-prefixes
!
route-map IPv6-GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 10
match as-path 10
!
route-map IPv6-GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 20
match community customer-prefixes
!
route-map IPv6-GLOBAL-PREFIXES permit 10
match as-path 10
!
route-map IPv6-GLOBAL-PREFIXES permit 20
match community upstream-prefixes peer-prefixes customer-prefixes
!
route-map IPv6-GLOBAL-NOUPSTREAM-PREFIXES permit 10
match as-path 10
!
route-map IPv6-GLOBAL-NOUPSTREAM-PREFIXES permit 20
match community peer-prefixes customer-prefixes
!
route-map REDISTRIBUTE-CONNECTED deny 10
match ip address prefix-list BOGONS
!
route-map REDISTRIBUTE-CONNECTED permit 999
!
snmp-server community kwefff9h RO 2
snmp-server community 24rm9f0k RW 2
snmp-server community kv3fzflu RO 12
snmp-server community NM5P0LL3R RO 5
snmp-server trap timeout 45
snmp-server trap-source Loopback0
snmp-server location Sava Centar, Belgrade, Serbia
snmp-server system-shutdown
snmp-server enable traps entity
snmp-server host 194.247.192.5 version 2c kwefff9h
!
mpls ldp router-id Loopback0 force
!
ipv6 access-list IPv6-VPUBLIC-CMC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-SWITCH-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
 permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-iDRAC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit ipv6 2A00:1108:0:7010::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VDIST1-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE1-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE-CMC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
 permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE-SWITCH-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE-iDRAC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit ipv6 2A00:1108:0:7001::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE2-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-RESOLVING-NAMESERVERS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
 permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any host 2A00:1108:0:4010::A eq domain
permit tcp any host 2A00:1108:0:4010::A eq domain
permit udp any host 2A00:1108:0:4010::B eq domain
permit tcp any host 2A00:1108:0:4010::B eq domain
permit udp any host 2A00:1108:0:4010::10 eq domain
permit tcp any host 2A00:1108:0:4010::10 eq domain
permit udp any host 2A00:1108:0:4010::11 eq domain
permit tcp any host 2A00:1108:0:4010::11 eq domain
deny ipv6 any any
!
ipv6 access-list NETWORK-MANAGEMENT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:C000::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE1-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit ipv6 2A00:1108:0:7000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-AUTHORITATIVE-NAMESERVERS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any host 2A00:1108:0:4011::A eq domain
permit tcp any host 2A00:1108:0:4011::A eq domain
permit udp any host 2A00:1108:0:4011::B eq domain
permit tcp any host 2A00:1108:0:4011::B eq domain
permit udp any host 2A00:1108:0:4011::C eq domain
permit tcp any host 2A00:1108:0:4011::C eq domain
permit udp any host 2A00:1108:0:4011::10 eq domain
 permit tcp any host 2A00:1108:0:4011::10 eq domain
permit udp any host 2A00:1108:0:4011::11 eq domain
permit tcp any host 2A00:1108:0:4011::11 eq domain
permit tcp 2A00:1108:0:4090::/64 host 2A00:1108:0:4011::10 eq 2087
permit tcp 2A00:1108:0:4090::/64 host 2A00:1108:0:4011::11 eq 2087
deny ipv6 any any
!
ipv6 access-list IPv6-YUNET-WEB-HOSTING-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any any range 50000 60000
permit tcp 2A00:1108:0:C002::/64 2A00:1108:0:4090::/64 eq 2087
permit tcp 2A00:1108:0:FFFD::/64 2A00:1108:0:4090::/64 eq 2087
permit tcp host 2A00:1108:0:4011::10 2A00:1108:0:4090::/64 eq 2087
permit tcp host 2A00:1108:0:4011::11 2A00:1108:0:4090::/64 eq 2087
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 587
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq pop3
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 143
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 2077
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 2082
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 2095
permit tcp any host 2A00:1108:0:4090::66 eq www
permit tcp any host 2A00:1108:0:4090::66 eq 443
permit tcp any host 2A00:1108:0:4090::66 eq ftp-data
permit tcp any host 2A00:1108:0:4090::66 eq ftp
permit tcp any host 2A00:1108:0:4090::66 eq smtp
permit tcp any host 2A00:1108:0:4090::66 eq 465
permit tcp any host 2A00:1108:0:4090::66 eq 995
permit tcp any host 2A00:1108:0:4090::66 eq 993
permit tcp any host 2A00:1108:0:4090::66 eq 2078
permit tcp any host 2A00:1108:0:4090::66 eq 2083
permit tcp any host 2A00:1108:0:4090::66 eq 2096
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 587
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq pop3
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 143
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 2077
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 2082
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 2095
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq www
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 443
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq ftp-data
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq ftp
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq smtp
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 465
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 995
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 993
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 2078
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 2083
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 2096
 deny ipv6 any any
!
ipv6 access-list IPv6-NETWORK-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC1-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
permit tcp 2A00:1108:0:4001::/64 any eq 8006
deny ipv6 any any
!
ipv6 access-list IPv6-DEDICATED-SERVERS-iDRAC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-POP-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
 permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp 2A00:1108:0:40A0::/64 2A00:1108:0:40A1::/64 eq 2003
deny ipv6 any any
!
ipv6 access-list IPv6-MILTER-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 6277 any gt 1023
permit udp any eq 24441 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-DEDICATED-SERVERS-SWITCH-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-MISC-APPLICATIONS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp 2A00:1108:0:4070::/64 host 2A00:1108:0:4071::10:1 range 5671 5672
permit tcp 2A00:1108:0:40A1::/64 host 2A00:1108:0:4071::10:1 range 5671 5672
deny ipv6 any any
!
ipv6 access-list IPv6-COMPANY-WEB-PORTALS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
 permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:0:4080::100:21 eq www
permit tcp any host 2A00:1108:0:4080::100:21 eq 443
deny ipv6 any any
!
ipv6 access-list IPv6-TEST-SERVERI-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:0:7FFF::7F46 range 49100 49300
permit udp any host 2A00:1108:0:7FFF::7F46 range 49100 49300
deny ipv6 any any
!
ipv6 access-list IPv6-DEVELOPMENT-TOOLS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-VPS-SHARED-SUBNET-IN
permit ipv6 2A00:1108:200::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-VPS-SHARED-SUBNET-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
 permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:200::10 eq pop3
permit tcp any host 2A00:1108:0:C000::20 eq 22
permit tcp any host 2A00:1108:0:C000::20 eq www
permit tcp any host 2A00:1108:0:C000::20 eq 443
deny ipv6 any any
!
ipv6 access-list IPv6-VIRTUAL-SERVICES-1-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:0:4100::177 eq pop3
permit tcp any host 2A00:1108:0:4100::177 eq 995
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 2003
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 12340
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 12345
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 10025
permit tcp any host 2A00:1108:0:4100::179 eq smtp
deny ipv6 any any
!
ipv6 access-list IPv6-LOGGING-SERVICES-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:C000::/64 any
permit ipv6 2A00:1108:0:4000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
permit tcp 2A00:1108:0:4003::/64 host 2A00:1108:0:4002::100:1 eq 9300
permit tcp 2A00:1108:0:C002::/64 host 2A00:1108:0:4002::100:2 eq www
permit tcp 2A00:1108:0:C002::/64 host 2A00:1108:0:4002::100:2 eq 443
permit tcp 2A00:1108:0:FFFD::/64 host 2A00:1108:0:4002::100:2 eq www
permit tcp 2A00:1108:0:FFFD::/64 host 2A00:1108:0:4002::100:2 eq 443
permit tcp 2A00:1108:0:4003::/64 host 2A00:1108:0:4002::100:2 eq 9300
deny ipv6 any any
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner login ^C

DIST-BG-1.EUnet.rs (Sava Centar)

Contact: YUnet International Network Operations Center

Phone: +381 11 311 9901
Fax: +381 11 3282 760
E-mail: [email protected]

Authorised access only.

^C
!
line con 0
exec-timeout 30 0
password 7 141A131B094B292236
login
terminal-type vt100
line vty 0 4
access-class 1 in vrf-also
exec-timeout 30 0
password 7 011E07145E44050633
login
ipv6 access-class NETWORK-MANAGEMENT in
terminal-type vt100
transport input telnet
line vty 5 15
access-class 1 in vrf-also
exec-timeout 30 0
password 7 011E07145E44050633
login
ipv6 access-class NETWORK-MANAGEMENT in
terminal-type vt100
transport input telnet
!
ntp logging
ntp source Loopback0
ntp access-group peer 4
ntp access-group serve-only 3
ntp server 194.247.193.116
!
end

root@kvm1:/home/srdjan/backup/yunet-pc/confbackup/dist-bg-1#

interface GigabitEthernet2/10
description VIRTUALIZATION / VPRIVATE1 cluster / trunk / guest traffic /
vprivate1-node5 / bond2 / slave eth7
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 115 mode active
!
interface GigabitEthernet2/11
description NOC LAN - Nagios server (nagios.eunet.rs), eth0
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/12
description NOC LAN - Syslog server (syslog.eunet.rs)
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/13
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/14
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/15
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/16
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/17
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
 shutdown
no cdp enable
!
interface GigabitEthernet2/18
description FREE
switchport
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
no cdp enable
!
interface GigabitEthernet2/19
description FREE
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/20
description FREE
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
shutdown
!
interface GigabitEthernet2/21
description LDAP CLUSTER - LDAP node 1 (ldapnode1.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
shutdown
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/22
description LDAP CLUSTER - LDAP node 2 (ldapnode2.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/23
description LDAP CLUSTER - LDAP node 3 (ldapnode3.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/24
 description LDAP CLUSTER - LDAP node 4 (ldapnode4.eunet.rs), eth1
switchport
switchport access vlan 400
switchport mode access
switchport nonegotiate
shutdown
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/25
description BLADE 1 (switch 2) / etherchannel 11 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 11 mode active
!
interface GigabitEthernet2/26
description BLADE 1 (switch 2) / etherchannel 11 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 11 mode active
!
interface GigabitEthernet2/27
description BLADE 2 (switch 2) / etherchannel 13 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 13 mode active
!
interface GigabitEthernet2/28
description BLADE 2 (switch 2) / etherchannel 13 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 13 mode active
!
interface GigabitEthernet2/29
description BLADE 3 (switch 2) / etherchannel 15 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 15 mode active
!
interface GigabitEthernet2/30
description BLADE 3 (switch 2) / etherchannel 15 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 15 mode active
!
interface GigabitEthernet2/31
description BLADE 4 (switch 2) / etherchannel 17 / member 1
 switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 17 mode active
!
interface GigabitEthernet2/32
description BLADE 4 (switch 2) / etherchannel 17 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 17 mode active
!
interface GigabitEthernet2/33
description BLADE 5 (switch 2) / etherchannel 19 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 19 mode active
!
interface GigabitEthernet2/34
description BLADE 5 (switch 2) / etherchannel 19 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 19 mode active
!
interface GigabitEthernet2/35
description VIRTUALIZATION / VPUBLIC platforma / cluster LANs / trunk / vpublic-
blade1 / vpublic-cluster-sw1 / etherchannel 20 / member 3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4000
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 20 mode active
!
interface GigabitEthernet2/36
description VIRTUALIZATION / VPUBLIC platforma / cluster LANs / trunk / vpublic-
blade1 / vpublic-cluster-sw1 / etherchannel 20 / member 4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4000
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 20 mode active
!
interface GigabitEthernet2/37
description VIRTUALIZATION / VPRIVATE1 cluster / cluster LAN / vprivate1-sw
(gornji) / etherchannel 100 member 3 / Te1/0/23
switchport
switchport access vlan 500
 switchport mode access
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 110 mode active
!
interface GigabitEthernet2/38
description VIRTUALIZATION / VPRIVATE1 cluster / cluster LAN / vprivate1-sw
(donji) / etherchannel 100 member 4 / Te2/0/23
switchport
switchport access vlan 500
switchport mode access
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 110 mode active
!
interface GigabitEthernet2/39
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/40
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/41
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/42
description FREE
switchport
shutdown
!
interface GigabitEthernet2/43
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/44
description FREE
no ip address
shutdown
!
interface GigabitEthernet2/45
description VoIP SERVERI - ipt-pri-gw1.eunet.rs, eth1
switchport
switchport access vlan 700
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/46
description FREE
switchport
shutdown
no cdp enable
!
interface GigabitEthernet2/47
description VIRTUALIZATION / VDIST1 cluster / cluster LAN / vdist1-node2
switchport
switchport access vlan 450
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
!
interface GigabitEthernet2/48
description DISTRIBUTION, trunk do access sloja, SW-BG-6, GigabitEthernet0/24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
no cdp enable
!
interface GigabitEthernet5/1
description L3-BG-2 (Gi0/1) DISTRIBUTION / etherchannel 5 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
channel-group 5 mode active
!
interface GigabitEthernet5/2
no ip address
shutdown
!
interface GigabitEthernet5/3
description FW-BG-1 (gornja kutija) / failover link
switchport
switchport access vlan 4094
switchport mode access
switchport nonegotiate
spanning-tree portfast edge
!
interface TenGigabitEthernet5/4
description FW-BG-1 (gornja kutija) / etherchannel 1 / member 1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 1 mode active
!
interface TenGigabitEthernet5/5
description FW-BG-1 (donja kutija) / etherchannel 2 / member 1
switchport
 switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 2 mode active
!
interface GigabitEthernet6/1
description L3-BG-2 (Gi0/2) DISTRIBUTION / etherchannel 5 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
channel-group 5 mode active
!
interface GigabitEthernet6/2
no ip address
shutdown
!
interface GigabitEthernet6/3
description FW-BG-1 (donja kutija) / failover link
switchport
switchport access vlan 4094
switchport mode access
switchport nonegotiate
spanning-tree portfast edge
!
interface TenGigabitEthernet6/4
description FW-BG-1 (gornja kutija) / etherchannel 1 / member 2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 1 mode active
!
interface TenGigabitEthernet6/5
description FW-BG-1 (donja kutija) / etherchannel 2 / member 2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4092-4094
switchport mode trunk
switchport nonegotiate
logging event bundle-status
channel-group 2 mode active
!
interface TenGigabitEthernet8/1
description CORE / uplink 1 / CORE-BG-1 / TenGigabitEthernet2/4
mtu 9216
ip address 194.247.195.130 255.255.255.252
no ip proxy-arp
ip mtu 1500
ip flow ingress
ipv6 address 2A00:1108:0:3F80:0:11:D1:1/64
ipv6 mtu 1500
ipv6 ospf 100 area 0
mpls traffic-eng tunnels
 mpls ip
no cdp enable
ip rsvp bandwidth
!
interface TenGigabitEthernet8/2
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node1
/ etherchannel 50 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 50 mode active
!
interface TenGigabitEthernet8/3
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node2
/ etherchannel 51 / member 1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 51 mode active
!
interface TenGigabitEthernet8/4
description VIRTUALIZATION / VPRIVATE platforma / cluster LANs, guest traffic /
trunk / vprivate-blade1 / vprivate-cluster-sw1 / etherchannel 127 / member 1
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan none
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 60 mode active
!
interface TenGigabitEthernet9/1
description CORE / uplink 2 / CORE-BG-1 / TenGigabitEthernet3/4
mtu 9216
ip address 194.247.195.134 255.255.255.252
no ip proxy-arp
ip mtu 1500
ip flow ingress
ipv6 address 2A00:1108:3F81::11:D1:1/64
ipv6 mtu 1500
ipv6 ospf 100 area 0
mpls traffic-eng tunnels
mpls ip
no cdp enable
ip rsvp bandwidth
!
interface TenGigabitEthernet9/2
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node1
/ etherchannel 50 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
 switchport nonegotiate
mtu 9216
no cdp enable
channel-group 50 mode active
!
interface TenGigabitEthernet9/3
description VIRTUALIZATION / VDIST1 cluster / trunk / guest traffic / vdist1-node2
/ etherchannel 51 / member 2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 51 mode active
!
interface TenGigabitEthernet9/4
description VIRTUALIZATION / VPRIVATE platforma / cluster LANs, guest traffic /
trunk / vprivate-blade1 / vprivate-cluster-sw1 / etherchannel 127 / member 2
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan none
switchport mode trunk
switchport nonegotiate
mtu 9216
no cdp enable
channel-group 60 mode active
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
description MANAGEMENT - layer2 i layer3 switchevi
vrf forwarding INTERNAL_SERVICES
ip address 194.247.197.33 255.255.255.240
ip access-group SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan21
description MAIL cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.225 255.255.255.240
ip access-group MAIL-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40A0::1/64
ipv6 nd ra suppress
!
interface Vlan22
description POP cluster (POP3/IMAP/LMTP proxy+backend)
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.129 255.255.255.240
ip access-group POP-CLUSTER-OUT out
no ip redirects
 no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40A1::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-POP-CLUSTER-OUT out
!
interface Vlan30
description MISC SERVERS 1 - solair4, webmail. cache, news, XEN, ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.38 255.255.255.240
ip access-group MISC-SERVERS-1-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40D0::1/64
ipv6 nd ra suppress
!
interface Vlan40
description COLLECTORS - dialin RADIUS, SNMP/dialin/VoIP collector, ADSL
collector, users ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.54 255.255.255.240
ip access-group COLLECTORS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan50
description Logging services
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.209 255.255.255.240
ip access-group LOGGING-SERVICES-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4002::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-LOGGING-SERVICES-OUT out
!
interface Vlan55
description Elasticsearch cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.161 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4003::1/64
ipv6 nd ra suppress
!
interface Vlan60
description Databases
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.94 255.255.255.240
ip access-group DATABASE-SERVERS-OUT out
 no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4040::1/64
ipv6 nd ra suppress
!
interface Vlan65
description MANAGEMENT / storage management / range 1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.65 255.255.255.240
ip access-group STORAGE-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan66
description MANAGEMENT / storage management / range 2
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.193 255.255.255.240
ip access-group STORAGE-MANAGEMENT-2-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan70
description MANAGEMENT / SCE management, Subscriber Manager, Collection Manager
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.110 255.255.255.240
ip access-group SCE-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan80
description RADIUS Cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.126 255.255.255.240
ip access-group RADIUS-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan90
description MANAGEMENT - UPS-evi
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.241 255.255.255.248
ip access-group UPS-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan91
description MANAGEMENT / IBM BladeCenter blades / chassis, IOMs
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.33 255.255.255.240 secondary
ip address 194.247.198.161 255.255.255.240
ip access-group BLADE-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan92
description MANAGEMENT - HP EVA 5000 storage
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.177 255.255.255.240
ip access-group EVA-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan93
description MANAGEMENT - klime, kamere, EMU, ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.126 255.255.255.240
ip access-group ENV-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan94
description MANAGEMENT - PDU
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.94 255.255.255.240
ip access-group PDU-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan95
description MANAGEMENT / Network and service monitoring and management servers and
appliances
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.193 255.255.255.240
ip access-group NETWORK-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4000::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-NETWORK-MANAGEMENT-OUT out
!
interface Vlan96
description MANAGEMENT / VPUBLIC platforma / Dell m1000e blades / CMCs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.6 255.255.255.248
ip access-group VPUBLIC-CMC-MANAGEMENT-OUT out
no ip redirects
 no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8000::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC-CMC-MANAGEMENT-OUT out
!
interface Vlan97
description MANAGEMENT / VPUBLIC platforma / Dell m1000e blades / switches
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.14 255.255.255.248
ip access-group VPUBLIC-SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8001::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC-SWITCH-MANAGEMENT-OUT out
!
interface Vlan98
description MANAGEMENT / VPUBLIC platforma / Dell m1000e blades / iDRACs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.30 255.255.255.240
ip access-group VPUBLIC-iDRAC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8002::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC-iDRAC-MANAGEMENT-OUT out
!
interface Vlan100
description NOC LAN
vrf forwarding INTERNAL_SERVICES
ip address 213.240.47.113 255.255.255.248 secondary
ip address 194.247.192.30 255.255.255.224
ip access-group NOC-LAN-OUT out
no ip redirects
no ip unreachables
ip flow ingress
ipv6 address 2A00:1108:0:C000::1/64
ipv6 nd ra suppress
!
interface Vlan101
description MANAGEMENT / Dedicated Servers / Dell m1000e blades / CMCs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.70 255.255.255.248
ip access-group DEDICATED-SERVERS-iDRAC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8006::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-DEDICATED-SERVERS-iDRAC-MANAGEMENT-OUT out
!
interface Vlan102
 description MANAGEMENT / Dedicated Servers / Dell m1000e blades / switches
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.78 255.255.255.248
ip access-group DEDICATED-SERVERS-SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8007::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-DEDICATED-SERVERS-SWITCH-MANAGEMENT-OUT out
!
interface Vlan103
description MANAGEMENT / Dedicated Servers / Dell m1000e blades / iDRACs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.110 255.255.255.240 secondary
ip address 213.240.45.94 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8008::1/64
ipv6 nd ra suppress
!
interface Vlan110
description Billing database servers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.6 255.255.255.248
ip access-group BILLING-DATABASE-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan120
description Misc application servers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.14 255.255.255.248
ip access-group MISC-APPLICATIONS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4071::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-MISC-APPLICATIONS-OUT out
!
interface Vlan121
description Billing application servers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.46 255.255.255.240
ip access-group BILLING-APPLICATIONS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan122
description DEVELOPMENT - MISC Billing servers
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.113 255.255.255.240
ip access-group DEV-MISC-BILLING-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan130
description Backup Vlan
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.30 255.255.255.248
ip access-group BACKUP-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan150
description Kompanijski web portali: www.eunet.rs, my.eunet.rs, ...
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.22 255.255.255.248
ip access-group COMPANY-WEB-PORTALS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4080::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-COMPANY-WEB-PORTALS-OUT out
!
interface Vlan160
description Testing serveri
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.254 255.255.255.224
ip access-group TEST-SERVERI-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2A00:1108:0:7FFF::1/64
ipv6 traffic-filter IPv6-TEST-SERVERI-OUT out
!
interface Vlan180
description DEVELOPMENT / Razvojni alati za globalno kompanijsko razvojno
okruzenje
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.241 255.255.255.248
ip access-group DEVELOPMENT-TOOLS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40E0::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-DEVELOPMENT-TOOLS-OUT out
!
interface Vlan200
description Office LAN u Sava Centru
vrf forwarding INTERNAL_SERVICES
 ip address 194.247.199.254 255.255.255.224
ip access-group SC-OFFICE-LAN-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan210
description REMOTE_MISC_APPLICATIONS
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.1 255.255.255.248
ip access-group REMOTE-MISC-APPLICATIONS-IN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan300
description LVS subnet - virtuelni servisi na load balancerima
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.190 255.255.255.240
ip access-group VIRTUAL-SERVICES-1-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4100::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VIRTUAL-SERVICES-1-OUT out
!
interface Vlan310
description Office serveri
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.78 255.255.255.240
ip access-group OFFICE-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan311
description Serveri za potrebe Marketinga, Prodaje i Web teama
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.233 255.255.255.248
ip access-group MARKETING-SERVERI-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan400
description LDAP cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.174 255.255.255.240
ip access-group LDAP-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan401
description Milter cluster
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.193 255.255.255.240
ip access-group MILTER-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40A2::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-MILTER-CLUSTER-OUT out
!
interface Vlan410
description Docker cluster
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.209 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan450
description VIRTUALIZATION / VDIST1 cluster / distribution Proxmox cluster 1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.57 255.255.255.248
ip access-group VDIST1-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip igmp snooping querier
ipv6 address 2A00:1108:0:7020::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VDIST1-CLUSTER-OUT out
!
interface Vlan451
description MANAGEMENT / VDIST1 cluster / server iLO / iDRAC
vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.209 255.255.255.248
ip access-group VDIST1-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan500
description VIRTUALIZATION / VPRIVATE1 cluster / cluster LAN
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.97 255.255.255.240
ip access-group VPRIVATE1-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7000::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE1-CLUSTER-OUT out
!
interface Vlan501
description MANAGEMENT / VPRIVATE1 cluster / iDRAC
 vrf forwarding INTERNAL_SERVICES
ip address 194.247.198.217 255.255.255.248
ip access-group VPRIVATE1-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8010::1/64
ipv6 traffic-filter IPv6-VPRIVATE1-MANAGEMENT-OUT out
!
interface Vlan540
description YUNET CDN - Apache Traffic Server test
vrf forwarding INTERNAL_SERVICES
ip address 217.26.209.145 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
ipv6 address 2A00:1108:0:7FF1::1/64
ipv6 nd ra suppress
!
interface Vlan545
description YUNET HOSTING TEST
vrf forwarding INTERNAL_SERVICES
ip address 194.247.206.49 255.255.255.240
ip access-group YUNET-HOSTING-TEST-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7FF0::1/64
ipv6 nd ra suppress
!
interface Vlan552
description MANAGEMENT / VPRIVATE platforma / Dell m1000e blades / CMCs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.38 255.255.255.248
ip access-group VPRIVATE-CMC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8003::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE-CMC-MANAGEMENT-OUT out
!
interface Vlan553
description MANAGEMENT / VPRIVATE platforma / Dell m1000e blades / switches
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.46 255.255.255.248
ip access-group VPRIVATE-SWITCH-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8004::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE-SWITCH-MANAGEMENT-OUT out
!
interface Vlan554
description MANAGEMENT / VPRIVATE platforma / Dell m1000e blades / iDRACs
vrf forwarding INTERNAL_SERVICES
ip address 213.240.45.62 255.255.255.240
ip access-group VPRIVATE-iDRAC-MANAGEMENT-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:8005::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE-iDRAC-MANAGEMENT-OUT out
!
interface Vlan555
description VIRTUALIZATION / VPRIVATE2 cluster / cluster LAN / vprivate-blade1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.177 255.255.255.240
ip access-group VPRIVATE2-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7001::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPRIVATE2-CLUSTER-OUT out
!
interface Vlan580
no ip address
shutdown
!
interface Vlan600
description DEVELOPMENT - NOC
vrf forwarding DEV_SANDBOX
ip address 194.247.192.30 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan603
description DEVELOPMENT - LVS subnet
vrf forwarding DEV_SANDBOX
ip address 194.247.192.190 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan610
description DEVELOPMENT - Billing database servers
vrf forwarding DEV_SANDBOX
ip address 194.247.196.6 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan620
description DEVELOPMENT - Misc application servers
vrf forwarding DEV_SANDBOX
ip address 194.247.196.14 255.255.255.248
 no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan621
description DEVELOPMENT - Billing application servers
vrf forwarding DEV_SANDBOX
ip address 194.247.196.46 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan630
description DEVELOPMENT - solair4, webmail. cache, news, XEN, ...
vrf forwarding DEV_SANDBOX
ip address 194.247.192.38 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan640
description DEVELOPMENT - dialin RADIUS, SNMP/dialin/VoIP collector, ADSL
collector
vrf forwarding DEV_SANDBOX
ip address 194.247.192.54 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan650
description DEVELOPMENT - COMPANY-WEB-PORTALS
vrf forwarding DEV_SANDBOX
ip address 194.247.196.22 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan660
description DEVELOPMENT / Razvojno okruzenje za novi korisnicki portal
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.225 255.255.255.248
ip access-group DEV-USER-PORTAL-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan700
description VoIP serveri i gaetway-i
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.222 255.255.255.240
ip access-group VoIP-SERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:40C0::1/64
ipv6 nd ra suppress
!
interface Vlan800
description NAMESERVERS / resolving nameservers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.192.241 255.255.255.248
ip access-group RESOLVING-NAMESERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4010::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-RESOLVING-NAMESERVERS-OUT out
!
interface Vlan810
description NAMESERVERS / authoritative nameservers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.49 255.255.255.248
ip access-group AUTHORITATIVE-NAMESERVERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4011::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-AUTHORITATIVE-NAMESERVERS-OUT out
!
interface Vlan820
description HOSTING / YUnet shared web hosting / cPanel
vrf forwarding INTERNAL_SERVICES
ip address 185.53.112.1 255.255.255.224 secondary
ip address 194.247.196.65 255.255.255.240
ip access-group YUNET-WEB-HOSTING-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:4090::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-YUNET-WEB-HOSTING-OUT out
!
interface Vlan900
description DISTRIBUTION / layer7 load balancers
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.81 255.255.255.240
ip access-group L7-LOAD-BALANCERS-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan990
description ACCESS / OpenVPN server / TEST
mtu 9216
ip address 194.247.195.173 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
 ip flow ingress
mpls ldp discovery transport-address interface
mpls traffic-eng tunnels
mpls ip
ip rsvp bandwidth
!
interface Vlan997
no ip address
!
interface Vlan999
description NETWORK BOOT / INSTALL
vrf forwarding INTERNAL_SERVICES
ip address 194.247.194.254 255.255.255.248
ip access-group NETBOOT-INSTALL-OUT out
ip helper-address 194.247.192.206
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan4000
description VIRTUALIZATION / VPUBLIC1 cluster / cluster LAN / vpublic-blade1
vrf forwarding INTERNAL_SERVICES
ip address 194.247.196.129 255.255.255.240
ip access-group VPUBLIC1-CLUSTER-OUT out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ipv6 address 2A00:1108:0:7010::1/64
ipv6 nd ra suppress
ipv6 traffic-filter IPv6-VPUBLIC1-CLUSTER-OUT out
!
interface Vlan4092
description FW-BG-1 inside link
vrf forwarding INTERNAL_SERVICES
mtu 9216
ip address 194.247.195.121 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
ip flow ingress
load-interval 30
ipv6 address 2A00:1108:0:3002:0:11:D1:1/64
ipv6 mtu 1500
ipv6 nd ra suppress
!
interface Vlan4093
description FW-BG-1 outside link
mtu 9216
ip address 194.247.195.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1500
ip flow ingress
load-interval 30
ipv6 address 2A00:1108:0:3003:0:11:D1:1/64
 ipv6 mtu 1500
ipv6 nd ra suppress
ipv6 ospf 100 area 0
!
router ospf 20 vrf INTERNAL_SERVICES
log-adjacency-changes
nsf
redistribute connected metric-type 1 subnets
redistribute static metric-type 1 subnets
network 194.247.195.120 0.0.0.7 area 0
network 194.247.197.32 0.0.0.15 area 0
!
router ospf 10
log-adjacency-changes
nsf
redistribute connected metric-type 1 subnets route-map REDISTRIBUTE-CONNECTED
redistribute static metric-type 1 subnets route-map REDISTRIBUTE-STATIC
network 194.247.195.0 0.0.0.7 area 0
network 194.247.195.128 0.0.0.3 area 0
network 194.247.195.132 0.0.0.3 area 0
network 194.247.195.172 0.0.0.3 area 11072
maximum-paths 8
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
!
router bgp 8771
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp deterministic-med
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor 2A00:1108::11:C0:1 remote-as 8771
neighbor 2A00:1108::11:C0:1 description CORE-BG-1 (route reflector)
neighbor 2A00:1108::11:C0:1 update-source Loopback0
neighbor 194.247.193.116 remote-as 8771
neighbor 194.247.193.116 description CORE-BG-1 (route reflector)
neighbor 194.247.193.116 update-source Loopback0
!
address-family ipv4
no neighbor 2A00:1108::11:C0:1 activate
neighbor 194.247.193.116 activate
neighbor 194.247.193.116 send-community both
neighbor 194.247.193.116 next-hop-self
neighbor 194.247.193.116 soft-reconfiguration inbound
neighbor 194.247.193.116 route-map GLOBAL-PREFIXES in
neighbor 194.247.193.116 route-map GLOBAL-PREFIXES out
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv6
neighbor 194.247.193.116 activate
neighbor 194.247.193.116 send-community both
exit-address-family
!
address-family vpnv4
neighbor 194.247.193.116 activate
neighbor 194.247.193.116 send-community both
 exit-address-family
!
address-family ipv6
neighbor 2A00:1108::11:C0:1 activate
neighbor 2A00:1108::11:C0:1 send-community both
neighbor 2A00:1108::11:C0:1 soft-reconfiguration inbound
neighbor 2A00:1108::11:C0:1 route-map IPv6-GLOBAL-PREFIXES in
neighbor 2A00:1108::11:C0:1 route-map IPv6-GLOBAL-PREFIXES out
no synchronization
exit-address-family
!
address-family ipv4 vrf DEV_SANDBOX
redistribute connected
redistribute static
no synchronization
exit-address-family
!
address-family ipv6 vrf DEV_SANDBOX
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip classless
ip forward-protocol nd
ip forward-protocol udp bootpc
ip forward-protocol udp bootps
ip route 10.0.0.0 255.0.0.0 Null0 tag 9999
ip route 10.255.255.254 255.255.255.255 Null0 tag 9999 name BLACKHOLE
ip route 172.16.0.0 255.240.0.0 Null0 tag 9999
ip route 192.168.0.0 255.255.0.0 Null0 tag 9999
!
ip bgp-community new-format
ip community-list expanded upstream-prefixes permit 8771:64666
ip community-list expanded peer-prefixes permit 8771:64777
ip community-list expanded customer-prefixes permit 8771:64888
ip community-list expanded yunet-blackhole permit 8771:64900
ip as-path access-list 10 permit ^$
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 194.247.192.7 1984
ip flow-export destination 194.247.192.194 2055
!
no ip http server
no ip http secure-server
ip ospf name-lookup
!
!
ip prefix-list BOGONS seq 10 permit 10.0.0.0/8 le 32
ip prefix-list BOGONS seq 20 permit 172.16.0.0/12 le 32
ip prefix-list BOGONS seq 30 permit 192.168.0.0/16 le 32
logging alarm informational
logging trap debugging
logging source-interface Loopback0
logging 194.247.192.185
no cdp run
ipv6 route vrf INTERNAL_SERVICES ::/0 2A00:1108:0:3002:0:11:F1:1
ipv6 router ospf 100
log-adjacency-changes
 maximum-paths 8
redistribute connected metric-type 1
redistribute static metric-type 1
!
ipv6 ospf name-lookup
!
route-map GLOBAL-NOUPSTREAM-PREFIXES permit 5
match community yunet-blackhole
set ip next-hop 10.255.255.254
!
route-map GLOBAL-NOUPSTREAM-PREFIXES permit 10
match as-path 10
!
route-map GLOBAL-NOUPSTREAM-PREFIXES permit 20
match community peer-prefixes customer-prefixes
!
route-map GLOBAL-PREFIXES permit 5
match community yunet-blackhole
set ip next-hop 10.255.255.254
!
route-map GLOBAL-PREFIXES permit 10
match as-path 10
!
route-map GLOBAL-PREFIXES permit 20
match community upstream-prefixes peer-prefixes customer-prefixes
!
route-map REDISTRIBUTE-STATIC deny 10
match ip address prefix-list BOGONS
!
route-map REDISTRIBUTE-STATIC deny 20
match tag 9999
!
route-map REDISTRIBUTE-STATIC deny 30
match tag 64900
!
route-map REDISTRIBUTE-STATIC permit 999
!
route-map GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 5
match community yunet-blackhole
set ip next-hop 10.255.255.254
!
route-map GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 10
match as-path 10
!
route-map GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 20
match community customer-prefixes
!
route-map IPv6-GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 10
match as-path 10
!
route-map IPv6-GLOBAL-NOUPSTREAM-NOPEER-PREFIXES permit 20
match community customer-prefixes
!
route-map IPv6-GLOBAL-PREFIXES permit 10
match as-path 10
!
route-map IPv6-GLOBAL-PREFIXES permit 20
match community upstream-prefixes peer-prefixes customer-prefixes
!
route-map IPv6-GLOBAL-NOUPSTREAM-PREFIXES permit 10
match as-path 10
!
route-map IPv6-GLOBAL-NOUPSTREAM-PREFIXES permit 20
match community peer-prefixes customer-prefixes
!
route-map REDISTRIBUTE-CONNECTED deny 10
match ip address prefix-list BOGONS
!
route-map REDISTRIBUTE-CONNECTED permit 999
!
snmp-server community kwefff9h RO 2
snmp-server community 24rm9f0k RW 2
snmp-server community kv3fzflu RO 12
snmp-server community NM5P0LL3R RO 5
snmp-server trap timeout 45
snmp-server trap-source Loopback0
snmp-server location Sava Centar, Belgrade, Serbia
snmp-server system-shutdown
snmp-server enable traps entity
snmp-server host 194.247.192.5 version 2c kwefff9h
!
mpls ldp router-id Loopback0 force
!
ipv6 access-list IPv6-VPUBLIC-CMC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-SWITCH-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-iDRAC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
 permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit ipv6 2A00:1108:0:7010::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VDIST1-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE1-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE-CMC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE-SWITCH-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
 permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE-iDRAC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit ipv6 2A00:1108:0:7001::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE2-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-RESOLVING-NAMESERVERS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any host 2A00:1108:0:4010::A eq domain
permit tcp any host 2A00:1108:0:4010::A eq domain
 permit udp any host 2A00:1108:0:4010::B eq domain
permit tcp any host 2A00:1108:0:4010::B eq domain
permit udp any host 2A00:1108:0:4010::10 eq domain
permit tcp any host 2A00:1108:0:4010::10 eq domain
permit udp any host 2A00:1108:0:4010::11 eq domain
permit tcp any host 2A00:1108:0:4010::11 eq domain
deny ipv6 any any
!
ipv6 access-list NETWORK-MANAGEMENT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:C000::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VPRIVATE1-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit ipv6 2A00:1108:0:7000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-AUTHORITATIVE-NAMESERVERS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any host 2A00:1108:0:4011::A eq domain
permit tcp any host 2A00:1108:0:4011::A eq domain
permit udp any host 2A00:1108:0:4011::B eq domain
permit tcp any host 2A00:1108:0:4011::B eq domain
permit udp any host 2A00:1108:0:4011::C eq domain
permit tcp any host 2A00:1108:0:4011::C eq domain
permit udp any host 2A00:1108:0:4011::10 eq domain
permit tcp any host 2A00:1108:0:4011::10 eq domain
permit udp any host 2A00:1108:0:4011::11 eq domain
permit tcp any host 2A00:1108:0:4011::11 eq domain
permit tcp 2A00:1108:0:4090::/64 host 2A00:1108:0:4011::10 eq 2087
permit tcp 2A00:1108:0:4090::/64 host 2A00:1108:0:4011::11 eq 2087
deny ipv6 any any
!
ipv6 access-list IPv6-YUNET-WEB-HOSTING-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
 permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any any range 50000 60000
permit tcp 2A00:1108:0:C002::/64 2A00:1108:0:4090::/64 eq 2087
permit tcp 2A00:1108:0:FFFD::/64 2A00:1108:0:4090::/64 eq 2087
permit tcp host 2A00:1108:0:4011::10 2A00:1108:0:4090::/64 eq 2087
permit tcp host 2A00:1108:0:4011::11 2A00:1108:0:4090::/64 eq 2087
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 587
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq pop3
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 143
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 2077
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 2082
permit tcp 2A00:1108::/32 host 2A00:1108:0:4090::66 eq 2095
permit tcp any host 2A00:1108:0:4090::66 eq www
permit tcp any host 2A00:1108:0:4090::66 eq 443
permit tcp any host 2A00:1108:0:4090::66 eq ftp-data
permit tcp any host 2A00:1108:0:4090::66 eq ftp
permit tcp any host 2A00:1108:0:4090::66 eq smtp
permit tcp any host 2A00:1108:0:4090::66 eq 465
permit tcp any host 2A00:1108:0:4090::66 eq 995
permit tcp any host 2A00:1108:0:4090::66 eq 993
permit tcp any host 2A00:1108:0:4090::66 eq 2078
permit tcp any host 2A00:1108:0:4090::66 eq 2083
permit tcp any host 2A00:1108:0:4090::66 eq 2096
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 587
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq pop3
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 143
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 2077
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 2082
permit tcp 2A00:1108::/32 2A00:1108:0:4090:FFFF::/80 eq 2095
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq www
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 443
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq ftp-data
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq ftp
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq smtp
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 465
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 995
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 993
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 2078
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 2083
permit tcp any 2A00:1108:0:4090:FFFF::/80 eq 2096
deny ipv6 any any
!
ipv6 access-list IPv6-NETWORK-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
 permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC1-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
permit tcp 2A00:1108:0:4001::/64 any eq 8006
deny ipv6 any any
!
ipv6 access-list IPv6-DEDICATED-SERVERS-iDRAC-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-POP-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp 2A00:1108:0:40A0::/64 2A00:1108:0:40A1::/64 eq 2003
deny ipv6 any any
!
ipv6 access-list IPv6-MILTER-CLUSTER-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
 permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 6277 any gt 1023
permit udp any eq 24441 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-DEDICATED-SERVERS-SWITCH-MANAGEMENT-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
deny ipv6 any any
!
ipv6 access-list IPv6-MISC-APPLICATIONS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp 2A00:1108:0:4070::/64 host 2A00:1108:0:4071::10:1 range 5671 5672
permit tcp 2A00:1108:0:40A1::/64 host 2A00:1108:0:4071::10:1 range 5671 5672
deny ipv6 any any
!
ipv6 access-list IPv6-COMPANY-WEB-PORTALS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:0:4080::100:21 eq www
 permit tcp any host 2A00:1108:0:4080::100:21 eq 443
deny ipv6 any any
!
ipv6 access-list IPv6-TEST-SERVERI-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:0:7FFF::7F46 range 49100 49300
permit udp any host 2A00:1108:0:7FFF::7F46 range 49100 49300
deny ipv6 any any
!
ipv6 access-list IPv6-DEVELOPMENT-TOOLS-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-VPS-SHARED-SUBNET-IN
permit ipv6 2A00:1108:200::/64 any
deny ipv6 any any
!
ipv6 access-list IPv6-VPUBLIC-VPS-SHARED-SUBNET-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:200::10 eq pop3
permit tcp any host 2A00:1108:0:C000::20 eq 22
permit tcp any host 2A00:1108:0:C000::20 eq www
permit tcp any host 2A00:1108:0:C000::20 eq 443
deny ipv6 any any
!
ipv6 access-list IPv6-VIRTUAL-SERVICES-1-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:4000::/64 any
permit ipv6 2A00:1108:0:C000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit tcp any host 2A00:1108:0:4100::177 eq pop3
permit tcp any host 2A00:1108:0:4100::177 eq 995
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 2003
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 12340
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 12345
permit tcp 2A00:1108:0:40A0::/64 host 2A00:1108:0:4100::177 eq 10025
permit tcp any host 2A00:1108:0:4100::179 eq smtp
deny ipv6 any any
!
ipv6 access-list IPv6-LOGGING-SERVICES-OUT
permit ipv6 2A00:1108::/50 any
permit ipv6 2A00:1108:0:C000::/64 any
permit ipv6 2A00:1108:0:4000::/64 any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit tcp any any established
permit tcp any eq ftp-data any gt 1023
permit udp any eq domain any gt 1023
permit udp any eq snmp any gt 1023
permit udp any eq ntp any gt 1023
permit udp any eq ntp any eq ntp
permit udp any eq 623 any gt 1023
permit tcp 2A00:1108:0:4003::/64 host 2A00:1108:0:4002::100:1 eq 9300
permit tcp 2A00:1108:0:C002::/64 host 2A00:1108:0:4002::100:2 eq www
permit tcp 2A00:1108:0:C002::/64 host 2A00:1108:0:4002::100:2 eq 443
permit tcp 2A00:1108:0:FFFD::/64 host 2A00:1108:0:4002::100:2 eq www
permit tcp 2A00:1108:0:FFFD::/64 host 2A00:1108:0:4002::100:2 eq 443
permit tcp 2A00:1108:0:4003::/64 host 2A00:1108:0:4002::100:2 eq 9300
deny ipv6 any any
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner login ^C

DIST-BG-1.EUnet.rs (Sava Centar)

Contact: YUnet International Network Operations Center

Phone: +381 11 311 9901
Fax: +381 11 3282 760
 E-mail: [email protected]

Authorised access only.

^C
!
line con 0
exec-timeout 30 0
password 7 141A131B094B292236
login
terminal-type vt100
line vty 0 4
access-class 1 in vrf-also
exec-timeout 30 0
password 7 011E07145E44050633
login
ipv6 access-class NETWORK-MANAGEMENT in
terminal-type vt100
transport input telnet
line vty 5 15
access-class 1 in vrf-also
exec-timeout 30 0
password 7 011E07145E44050633
login
ipv6 access-class NETWORK-MANAGEMENT in
terminal-type vt100
transport input telnet
!
ntp logging
ntp source Loopback0
ntp access-group peer 4
ntp access-group serve-only 3
ntp server 194.247.193.116
!
end

root@kvm1:/home/srdjan/backup/yunet-pc/confbackup/dist-bg-1#