ISP – Lab 5.4.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname ISP

!

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone Hawaii -10

!

no ip domain-lookup

!

ip subnet-zero

!

!

interface Loopback0

ip address 10.2.1.2 255.255.255.252

!

interface Loopback1

ip address 192.168.1.1 255.255.255.0

!

interface Loopback2

ip address 192.168.2.1 255.255.255.0

!

interface Loopback3

ip address 192.168.3.1 255.255.255.0

!

interface Loopback4

ip address 192.168.4.1 255.255.255.0

!

interface Loopback5

ip address 192.168.5.1 255.255.255.0

!

interface Loopback6

ip address 192.168.6.1 255.255.255.0

!

interface Loopback10

description RedCross

ip address 213.173.185.10 255.255.255.0

interface Loopback11

description Cisco

ip address 198.133.219.25 255.255.255.0

!

interface Loopback12

description Google

ip address 216.239.33.101 255.255.255.0

!

interface FastEthernet0/0

description Link to Elmhurst

ip address 172.17.22.1 255.255.255.252

no shutdown

!

interface Serial0/0

no ip address

shutdown

!

interface Serial0/1

no ip address

shutdown

!

router bgp 222

no synchronization

bgp log-neighbor-changes

network 10.2.1.0 mask 255.255.255.252

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

network 198.133.219.0

network 213.173.185.0

network 216.239.33.0

neighbor 172.17.22.2 remote-as 65222

! Notice that this router is oblivious to the fact that

! AS 65222 is a confederation.

! Also, although not done here, it is common for a router

! such as this ISP router

! to “strip” the private AS number (65222) from the BGP

! updates learned from the 172.17.22.2 neighbor and advertised

! to external BGP peers, just as

! a NAT router does not send out packets with private IP

! addresses. The private AS number is not stripped in this case

! because there are no external BGP peers outside AS 65222 –

! if there were one, at say address X,

! the ISP router would use the BGP command

! “neighbor X remove-private-AS”

no auto-summary

!

ip classless

ip http server

!

!

banner motd ^C

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

ISP

-- Lab 5.4.1 --

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

^C

!

line con 0

exec-timeout 20 0

password cisco

login

stopbits 1

flowcontrol hardware

line aux 0

no exec

line vty 0 4

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp clock-period 17208456

ntp master 2

!

! no issues

!

end


Orlando – Lab 5.4.1 Configuration

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Orlando

!

!

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone Hawaii -10

!

no ip domain-lookup

!

ip subnet-zero

!

!

interface Loopback0

ip address 172.28.171.1 255.255.255.192

!

interface FastEthernet0/0

no ip address

speed auto

!

full-duplex

no shutdown

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 172.17.22.2 255.255.255.252

!

interface FastEthernet0/0.28

encapsulation dot1Q 28

ip address 172.28.128.8 255.255.255.240

!

interface FastEthernet0/0.99

encapsulation dot1Q 99

ip address 172.28.170.1 255.255.255.192

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

router rip

version 2

network 172.28.0.0

no auto-summary

!

router bgp 65077

no synchronization

bgp log-neighbor-changes

bgp confederation identifier 65222

bgp confederation peers 65061

network 172.28.128.0 mask 255.255.255.240

network 172.28.170.0 mask 255.255.255.192

network 172.28.171.0 mask 255.255.255.192

neighbor 172.17.22.1 remote-as 222

neighbor 172.26.169.1 remote-as 65061

neighbor 172.26.169.1 ebgp-multihop 3

neighbor 172.26.169.1 update-source Loopback0

no auto-summary

!

ip classless

!

ip route 0.0.0.0 0.0.0.0 172.17.22.1

ip http server

!

logging source-interface Loopback0

logging 172.28.128.9

!

access-list 77 remark Allow all workgroups Telnet and SNMP access

access-list 77 permit 172.26.0.0 0.0.255.255

access-list 77 remark Allow CCNP4_Server Telnet and SNMP access

access-list 77 permit 172.28.128.0 0.0.0.15

access-list 77 remark Allow Elmhurst Telnet and SNMP access

access-list 77 permit 172.28.170.0 0.0.0.63

!

!

snmp-server community Acme RO 77

snmp-server chassis-id Orlando

snmp-server enable traps snmp authentication coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps frame-relay

snmp-server enable traps syslog

snmp-server enable traps rtr

snmp-server enable traps ipmulticast

!

banner motd ^C

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

Orlando

an ACME Core Workgroup Router

-- Lab 5.4.1 --

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

^C

!

line con 0

exec-timeout 20 0

password cisco

login

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

! broken configs here - start

!

ip route 172.26.0.0 255.255.0.0 172.17.22.1

!

! broken configs here - end

!

end


Elmhurst – Lab 5.4.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Elmhurst

!

!

!

logging buffered 65536 debugging

!

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone Hawaii -10

!

ip subnet-zero

no ip domain-lookup

vtp domain CIT

vtp mode transparent

!

vlan 10

name ISP

!
vlan 28

name Core_28

!

vlan 99

name Management_VLAN

!

!

spanning-tree portfast default

spanning-tree extend system-id

spanning-tree backbonefast

spanning-tree vlan 28 priority 8192

!

!

interface Port-channel6

switchport mode trunk

no ip address

!

interface FastEthernet0/1

description Link to ISP

switchport access vlan 10

no ip address

!

interface FastEthernet0/2

description Link to Orlando

switchport mode trunk

speed 100

duplex full

no ip address

!

interface FastEthernet0/3

description Link to Montreal

switchport mode trunk

no ip address

channel-group 6 mode desirable

!

interface FastEthernet0/4

description Link to Montreal

switchport mode trunk

no ip address

channel-group 6 mode desirable

!

interface FastEthernet0/5

description Link to Server

switchport access vlan 28

no ip address

!

interface range FastEthernet0/6 - 24

no ip address

shutdown

!

interface GigabitEthernet0/1

no ip address

shutdown

!

interface GigabitEthernet0/2

no ip address

shutdown

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan99

description Management VLAN

ip address 172.28.170.2 255.255.255.192

no ip route-cache

no shutdown

!

ip default-gateway 172.28.170.1

!

ip http server

!

logging 172.28.128.9

!

access-list 77 remark Allow all workgroups Telnet and SNMP access

access-list 77 permit 172.26.0.0 0.0.255.255

access-list 77 remark Allow CCNP4_Server Telnet and SNMP access

access-list 77 permit 172.28.128.0 0.0.0.15

access-list 77 remark Allow Elmhurst Telnet and SNMP access

access-list 77 permit 172.28.170.0 0.0.0.63

!

snmp-server engineID local 800000090300000A8A584101

snmp-server community Acme RO 77

snmp-server chassis-id Elmhurst

snmp-server enable traps snmp authentication coldstart

snmp-server enable traps config

snmp-server enable traps syslog

snmp-server enable traps entity

snmp-server enable traps rtr

snmp-server enable traps c2900

snmp-server enable traps vtp

snmp-server enable traps vlan-membership

snmp-server enable traps MAC-Notification

snmp-server enable traps hsrp

snmp-server enable traps cluster

!

banner motd ^C

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

Elmhurst

an ACME Corporate Core Switch

-- Lab 5.4.1 --

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

^C

!

line con 0

exec-timeout 20 0

password cisco

logging synchronous

login

flowcontrol hardware

line vty 0 4

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp clock-period 17179895

ntp server 172.17.22.1

!

!

! no issues

!

!

end


Montreal – Lab 5.4.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

service password-encryption

!

hostname Montreal

!

enable secret faux

!

logging buffered 65536 debugging

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone Hawaii -10

!

vlan 28

name Core_28

ip subnet-zero

ip routing

no ip domain-lookup

!

vtp domain CIT

vtp mode transparent

!

!

spanning-tree extend system-id

spanning-tree backbonefast

!

!

!

interface Loopback0

ip address 172.26.169.1 255.255.255.192

ip ospf network point-to-point

!

interface Port-channel62

description EtherChannel bundle to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree vlan 28 port-priority 32

!

interface range FastEthernet0/1 – 2

no ip address

shutdown

!

interface FastEthernet0/3

description Link to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

channel-group 62 mode desirable

!

interface FastEthernet0/4

description Link to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

channel-group 62 mode desirable

!

interface FastEthernet0/5

description Link to Toronto

no switchport

ip address 172.26.168.130 255.255.255.192

speed 100

duplex full

!

interface range FastEthernet0/6 – 24

no ip address

shutdown

!

interface range GigabitEthernet 0/1 – 2

no ip address

shutdown

!

interface Vlan1

no ip address

no ip mroute-cache

!

interface Vlan28

description Path to Elmhurst

ip address 172.28.128.6 255.255.255.240

ip summary-address rip 172.26.0.0 255.255.0.0

!

router rip

version 2

redistribute static

network 172.26.0.0

network 172.28.0.0

no auto-summary

!

router bgp 65061

no synchronization

bgp log-neighbor-changes

bgp confederation identifier 65222

bgp confederation peers 65077

network 172.26.161.0 mask 255.255.255.192

network 172.26.162.0 mask 255.255.255.192

network 172.26.163.0 mask 255.255.255.192

network 172.26.164.0 mask 255.255.255.192

network 172.26.165.0 mask 255.255.255.192

network 172.26.166.0 mask 255.255.255.192

network 172.26.166.128 mask 255.255.255.192

network 172.26.168.0 mask 255.255.255.192

network 172.26.168.128 mask 255.255.255.192

network 172.26.169.0 mask 255.255.255.192

aggregate-address 172.26.0.0 255.255.0.0 summary-only

neighbor 172.28.171.1 remote-as 65077

neighbor 172.28.171.1 ebgp-multihop 3

neighbor 172.28.171.1 update-source Loopback0

neighbor 172.28.171.1 distribute-list CIT in

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.28.128.8

ip http server

!

ip access-list standard CIT

remark Include the Cisco web site

permit 198.133.219.0 0.0.0.255

!

access-list 61 remark Allow all workgroups Telnet and SNMP access

access-list 61 permit 172.26.0.0 0.0.255.255

access-list 61 remark Allow CCNP4_Server Telnet and SNMP access

access-list 61 permit 172.28.128.0 0.0.0.15

access-list 61 remark Allow Elmhurst Telnet and SNMP access

access-list 61 permit 172.28.170.0 0.0.0.63

!

logging source-interface Loopback0

logging 172.28.128.9

snmp-server engineID local 800000090300000A8A466781

snmp-server community Acme RO 61

snmp-server chassis-id Montreal

snmp-server enable traps snmp authentication warmstart coldstart

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps rtr

snmp-server enable traps vlan-membership

snmp-server enable traps vtp

snmp-server enable traps MAC-Notification

snmp-server enable traps hsrp

snmp-server enable traps cluster

snmp-server enable traps bgp

!
banner motd ^C

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

Montreal

an ACME Core Workgroup Router / Switch

-- Lab 5.4.1 --

MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5

^C

!

line con 0

exec-timeout 20 0

password faux

login

flowcontrol hardware

line vty 0 4

access-class 61 in

exec-timeout 20 0

password faux

logging synchronous

login

line vty 5 15

access-class 61 in

exec-timeout 20 0

password faux

logging synchronous

login

!

ntp server 172.17.22.1

!

! broken configs here - start

!

access-list 10 permit 0.0.0.0

access-list 10 permit 172.28.170.0

!

router rip

offset-list 10 out 15

!

! broken configs here - end

!

end


Toronto – Lab 5.4.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Toronto

!

!

!

logging buffered 65536 debugging

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

memory-size iomem 10

!

clock timezone Hawaii -10

!

ip subnet-zero

!

!

no ip domain-lookup

!

!

!

interface Loopback0

ip address 172.26.168.1 255.255.255.192

!

interface FastEthernet0/0

description Link to Montreal

ip address 172.26.168.129 255.255.255.192

ip policy route-map USE_FAST

speed 100

full-duplex

no shutdown

!

interface Serial0/0

description Fast Link to Kingston

bandwidth 1544

ip address 172.26.166.2 255.255.255.192

no shutdown

!

interface Serial0/1

bandwidth 512

encapsulation frame-relay

no shutdown

!

interface Serial0/1.1 multipoint

description Slow Frame Relay Link to Kingston (Adtran 1/2)

ip address 172.26.166.130 255.255.255.192

frame-relay map ip 172.26.166.129 201 broadcast

!

router eigrp 606

redistribute rip metric 10000 100 255 1 1500

passive-interface default

no passive-interface FastEthernet0/0

no passive-interface Serial0/0

no passive-interface Serial0/1.1

network 172.26.166.0 0.0.0.63

network 172.26.166.128 0.0.0.63

network 172.26.168.0 0.0.0.63

network 172.26.168.128 0.0.0.63

no auto-summary

!

router rip

version 2

redistribute eigrp 606 metric 5

passive-interface Serial0/0

passive-interface Serial0/1.1

passive-interface Loopback0

network 172.26.0.0

distribute-list Access&Connected_Routes out

no auto-summary

!

ip classless

no ip http server

!

ip access-list standard Access&Connected_Routes

permit 172.26.161.0 0.0.0.255

permit 172.26.162.0 0.0.1.255

permit 172.26.164.0 0.0.1.255

permit 172.26.166.0 0.0.0.255

permit 172.26.168.0 0.0.0.255

!

ip access-list extended Admin

permit ip any 172.26.161.0 0.0.0.255

permit ip any 172.26.165.0 0.0.0.255

!

ip access-list extended END_USERS

remark Allow PC End Users

permit ip any 172.26.164.0 0.0.0.255

permit ip any 172.26.162.0 0.0.1.255

!

!

access-list 61 remark Allow all workgroups Telnet and SNMP access

access-list 61 permit 172.26.0.0 0.0.255.255

access-list 61 remark Allow CCNP4_Server Telnet and SNMP access

access-list 61 permit 172.28.128.0 0.0.0.15

access-list 61 remark Allow Elmhurst Telnet and SNMP access

access-list 61 permit 172.28.170.0 0.0.0.63

!

route-map USE_FAST deny 10

match ip address END_USERS