ISP – Lab 5.4.1 Configuration
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname ISP
!
!
ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6
ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130
ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129
ip host Kingston_SW 172.26.161.2
ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1
ip host Elmhurst 172.28.170.2
ip host CCNP4_Server 172.28.128.9
!
ip host RedCross 213.173.185.10
ip host Cisco 198.133.219.25
ip host Google 216.239.33.101
ip host ISP 10.2.1.2
!
clock timezone Hawaii -10
!
no ip domain-lookup
!
ip subnet-zero
!
!
interface Loopback0
ip address 10.2.1.2 255.255.255.252
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
ip address 192.168.3.1 255.255.255.0
!
interface Loopback4
ip address 192.168.4.1 255.255.255.0
!
interface Loopback5
ip address 192.168.5.1 255.255.255.0
!
interface Loopback6
ip address 192.168.6.1 255.255.255.0
!
interface Loopback10
description RedCross
ip address 213.173.185.10 255.255.255.0
interface Loopback11
description Cisco
ip address 198.133.219.25 255.255.255.0
!
interface Loopback12
description Google
ip address 216.239.33.101 255.255.255.0
!
interface FastEthernet0/0
description Link to Elmhurst
ip address 172.17.22.1 255.255.255.252
no shutdown
!
interface Serial0/0
no ip address
shutdown
!
interface Serial0/1
no ip address
shutdown
!
router bgp 222
no synchronization
bgp log-neighbor-changes
network 10.2.1.0 mask 255.255.255.252
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 198.133.219.0
network 213.173.185.0
network 216.239.33.0
neighbor 172.17.22.2 remote-as 65222
! Notice that this router is oblivious to the fact that
! AS 65222 is a confederation.
! Also, although not done here, it is common for a router
! such as this ISP router
! to “strip” the private AS number (65222) from the BGP
! updates learned from the 172.17.22.2 neighbor and advertised
! to external BGP peers, just as
! a NAT router does not send out packets with private IP
! addresses. The private AS number is not stripped in this case
! because there are no external BGP peers outside AS 65222 –
! if there were one, at say address X,
! the ISP router would use the BGP command
! “neighbor X remove-private-AS”
no auto-summary
!
ip classless
ip http server
!
!
banner motd ^C
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
ISP
-- Lab 5.4.1 --
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
^C
!
line con 0
exec-timeout 20 0
password cisco
login
stopbits 1
flowcontrol hardware
line aux 0
no exec
line vty 0 4
exec-timeout 20 0
password cisco
logging synchronous
login
!
ntp clock-period 17208456
ntp master 2
!
! no issues
!
end
Orlando – Lab 5.4.1 Configuration
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Orlando
!
!
!
ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6
ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130
ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129
ip host Kingston_SW 172.26.161.2
ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1
ip host Elmhurst 172.28.170.2
ip host CCNP4_Server 172.28.128.9
!
ip host RedCross 213.173.185.10
ip host Cisco 198.133.219.25
ip host Google 216.239.33.101
ip host ISP 10.2.1.2
!
clock timezone Hawaii -10
!
no ip domain-lookup
!
ip subnet-zero
!
!
interface Loopback0
ip address 172.28.171.1 255.255.255.192
!
interface FastEthernet0/0
no ip address
speed auto
!
full-duplex
no shutdown
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 172.17.22.2 255.255.255.252
!
interface FastEthernet0/0.28
encapsulation dot1Q 28
ip address 172.28.128.8 255.255.255.240
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 172.28.170.1 255.255.255.192
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/1
no ip address
shutdown
!
router rip
version 2
network 172.28.0.0
no auto-summary
!
router bgp 65077
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 65222
bgp confederation peers 65061
network 172.28.128.0 mask 255.255.255.240
network 172.28.170.0 mask 255.255.255.192
network 172.28.171.0 mask 255.255.255.192
neighbor 172.17.22.1 remote-as 222
neighbor 172.26.169.1 remote-as 65061
neighbor 172.26.169.1 ebgp-multihop 3
neighbor 172.26.169.1 update-source Loopback0
no auto-summary
!
ip classless
!
ip route 0.0.0.0 0.0.0.0 172.17.22.1
ip http server
!
logging source-interface Loopback0
logging 172.28.128.9
!
access-list 77 remark Allow all workgroups Telnet and SNMP access
access-list 77 permit 172.26.0.0 0.0.255.255
access-list 77 remark Allow CCNP4_Server Telnet and SNMP access
access-list 77 permit 172.28.128.0 0.0.0.15
access-list 77 remark Allow Elmhurst Telnet and SNMP access
access-list 77 permit 172.28.170.0 0.0.0.63
!
!
snmp-server community Acme RO 77
snmp-server chassis-id Orlando
snmp-server enable traps snmp authentication coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps frame-relay
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server enable traps ipmulticast
!
banner motd ^C
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
Orlando
an ACME Core Workgroup Router
-- Lab 5.4.1 --
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
^C
!
line con 0
exec-timeout 20 0
password cisco
login
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
access-class 77 in
exec-timeout 20 0
password cisco
logging synchronous
login
!
ntp server 172.17.22.1
!
! broken configs here - start
!
ip route 172.26.0.0 255.255.0.0 172.17.22.1
!
! broken configs here - end
!
end
Elmhurst – Lab 5.4.1 Configuration
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname Elmhurst
!
!
!
logging buffered 65536 debugging
!
!
ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6
ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130
ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129
ip host Kingston_SW 172.26.161.2
ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1
ip host Elmhurst 172.28.170.2
ip host CCNP4_Server 172.28.128.9
!
ip host RedCross 213.173.185.10
ip host Cisco 198.133.219.25
ip host Google 216.239.33.101
ip host ISP 10.2.1.2
!
clock timezone Hawaii -10
!
ip subnet-zero
no ip domain-lookup
vtp domain CIT
vtp mode transparent
!
vlan 10
name ISP
!
vlan 28
name Core_28
!
vlan 99
name Management_VLAN
!
!
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree backbonefast
spanning-tree vlan 28 priority 8192
!
!
interface Port-channel6
switchport mode trunk
no ip address
!
interface FastEthernet0/1
description Link to ISP
switchport access vlan 10
no ip address
!
interface FastEthernet0/2
description Link to Orlando
switchport mode trunk
speed 100
duplex full
no ip address
!
interface FastEthernet0/3
description Link to Montreal
switchport mode trunk
no ip address
channel-group 6 mode desirable
!
interface FastEthernet0/4
description Link to Montreal
switchport mode trunk
no ip address
channel-group 6 mode desirable
!
interface FastEthernet0/5
description Link to Server
switchport access vlan 28
no ip address
!
interface range FastEthernet0/6 - 24
no ip address
shutdown
!
interface GigabitEthernet0/1
no ip address
shutdown
!
interface GigabitEthernet0/2
no ip address
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan99
description Management VLAN
ip address 172.28.170.2 255.255.255.192
no ip route-cache
no shutdown
!
ip default-gateway 172.28.170.1
!
ip http server
!
logging 172.28.128.9
!
access-list 77 remark Allow all workgroups Telnet and SNMP access
access-list 77 permit 172.26.0.0 0.0.255.255
access-list 77 remark Allow CCNP4_Server Telnet and SNMP access
access-list 77 permit 172.28.128.0 0.0.0.15
access-list 77 remark Allow Elmhurst Telnet and SNMP access
access-list 77 permit 172.28.170.0 0.0.0.63
!
snmp-server engineID local 800000090300000A8A584101
snmp-server community Acme RO 77
snmp-server chassis-id Elmhurst
snmp-server enable traps snmp authentication coldstart
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps entity
snmp-server enable traps rtr
snmp-server enable traps c2900
snmp-server enable traps vtp
snmp-server enable traps vlan-membership
snmp-server enable traps MAC-Notification
snmp-server enable traps hsrp
snmp-server enable traps cluster
!
banner motd ^C
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
Elmhurst
an ACME Corporate Core Switch
-- Lab 5.4.1 --
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
^C
!
line con 0
exec-timeout 20 0
password cisco
logging synchronous
login
flowcontrol hardware
line vty 0 4
access-class 77 in
exec-timeout 20 0
password cisco
logging synchronous
login
line vty 5 15
access-class 77 in
exec-timeout 20 0
password cisco
logging synchronous
login
!
ntp clock-period 17179895
ntp server 172.17.22.1
!
!
! no issues
!
!
end
Montreal – Lab 5.4.1 Configuration
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Montreal
!
enable secret faux
!
logging buffered 65536 debugging
ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6
ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130
ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129
ip host Kingston_SW 172.26.161.2
ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1
ip host Elmhurst 172.28.170.2
ip host CCNP4_Server 172.28.128.9
!
ip host RedCross 213.173.185.10
ip host Cisco 198.133.219.25
ip host Google 216.239.33.101
ip host ISP 10.2.1.2
!
clock timezone Hawaii -10
!
vlan 28
name Core_28
ip subnet-zero
ip routing
no ip domain-lookup
!
vtp domain CIT
vtp mode transparent
!
!
spanning-tree extend system-id
spanning-tree backbonefast
!
!
!
interface Loopback0
ip address 172.26.169.1 255.255.255.192
ip ospf network point-to-point
!
interface Port-channel62
description EtherChannel bundle to Elmhurst
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
spanning-tree vlan 28 port-priority 32
!
interface range FastEthernet0/1 – 2
no ip address
shutdown
!
interface FastEthernet0/3
description Link to Elmhurst
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
channel-group 62 mode desirable
!
interface FastEthernet0/4
description Link to Elmhurst
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
channel-group 62 mode desirable
!
interface FastEthernet0/5
description Link to Toronto
no switchport
ip address 172.26.168.130 255.255.255.192
speed 100
duplex full
!
interface range FastEthernet0/6 – 24
no ip address
shutdown
!
interface range GigabitEthernet 0/1 – 2
no ip address
shutdown
!
interface Vlan1
no ip address
no ip mroute-cache
!
interface Vlan28
description Path to Elmhurst
ip address 172.28.128.6 255.255.255.240
ip summary-address rip 172.26.0.0 255.255.0.0
!
router rip
version 2
redistribute static
network 172.26.0.0
network 172.28.0.0
no auto-summary
!
router bgp 65061
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 65222
bgp confederation peers 65077
network 172.26.161.0 mask 255.255.255.192
network 172.26.162.0 mask 255.255.255.192
network 172.26.163.0 mask 255.255.255.192
network 172.26.164.0 mask 255.255.255.192
network 172.26.165.0 mask 255.255.255.192
network 172.26.166.0 mask 255.255.255.192
network 172.26.166.128 mask 255.255.255.192
network 172.26.168.0 mask 255.255.255.192
network 172.26.168.128 mask 255.255.255.192
network 172.26.169.0 mask 255.255.255.192
aggregate-address 172.26.0.0 255.255.0.0 summary-only
neighbor 172.28.171.1 remote-as 65077
neighbor 172.28.171.1 ebgp-multihop 3
neighbor 172.28.171.1 update-source Loopback0
neighbor 172.28.171.1 distribute-list CIT in
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.28.128.8
ip http server
!
ip access-list standard CIT
remark Include the Cisco web site
permit 198.133.219.0 0.0.0.255
!
access-list 61 remark Allow all workgroups Telnet and SNMP access
access-list 61 permit 172.26.0.0 0.0.255.255
access-list 61 remark Allow CCNP4_Server Telnet and SNMP access
access-list 61 permit 172.28.128.0 0.0.0.15
access-list 61 remark Allow Elmhurst Telnet and SNMP access
access-list 61 permit 172.28.170.0 0.0.0.63
!
logging source-interface Loopback0
logging 172.28.128.9
snmp-server engineID local 800000090300000A8A466781
snmp-server community Acme RO 61
snmp-server chassis-id Montreal
snmp-server enable traps snmp authentication warmstart coldstart
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps rtr
snmp-server enable traps vlan-membership
snmp-server enable traps vtp
snmp-server enable traps MAC-Notification
snmp-server enable traps hsrp
snmp-server enable traps cluster
snmp-server enable traps bgp
!
banner motd ^C
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
Montreal
an ACME Core Workgroup Router / Switch
-- Lab 5.4.1 --
MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5-MOD5
^C
!
line con 0
exec-timeout 20 0
password faux
login
flowcontrol hardware
line vty 0 4
access-class 61 in
exec-timeout 20 0
password faux
logging synchronous
login
line vty 5 15
access-class 61 in
exec-timeout 20 0
password faux
logging synchronous
login
!
ntp server 172.17.22.1
!
! broken configs here - start
!
access-list 10 permit 0.0.0.0
access-list 10 permit 172.28.170.0
!
router rip
offset-list 10 out 15
!
! broken configs here - end
!
end
Toronto – Lab 5.4.1 Configuration
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname Toronto
!
!
!
logging buffered 65536 debugging
ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6
ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130
ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129
ip host Kingston_SW 172.26.161.2
ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1
ip host Elmhurst 172.28.170.2
ip host CCNP4_Server 172.28.128.9
!
ip host RedCross 213.173.185.10
ip host Cisco 198.133.219.25
ip host Google 216.239.33.101
ip host ISP 10.2.1.2
!
memory-size iomem 10
!
clock timezone Hawaii -10
!
ip subnet-zero
!
!
no ip domain-lookup
!
!
!
interface Loopback0
ip address 172.26.168.1 255.255.255.192
!
interface FastEthernet0/0
description Link to Montreal
ip address 172.26.168.129 255.255.255.192
ip policy route-map USE_FAST
speed 100
full-duplex
no shutdown
!
interface Serial0/0
description Fast Link to Kingston
bandwidth 1544
ip address 172.26.166.2 255.255.255.192
no shutdown
!
interface Serial0/1
bandwidth 512
encapsulation frame-relay
no shutdown
!
interface Serial0/1.1 multipoint
description Slow Frame Relay Link to Kingston (Adtran 1/2)
ip address 172.26.166.130 255.255.255.192
frame-relay map ip 172.26.166.129 201 broadcast
!
router eigrp 606
redistribute rip metric 10000 100 255 1 1500
passive-interface default
no passive-interface FastEthernet0/0
no passive-interface Serial0/0
no passive-interface Serial0/1.1
network 172.26.166.0 0.0.0.63
network 172.26.166.128 0.0.0.63
network 172.26.168.0 0.0.0.63
network 172.26.168.128 0.0.0.63
no auto-summary
!
router rip
version 2
redistribute eigrp 606 metric 5
passive-interface Serial0/0
passive-interface Serial0/1.1
passive-interface Loopback0
network 172.26.0.0
distribute-list Access&Connected_Routes out
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard Access&Connected_Routes
permit 172.26.161.0 0.0.0.255
permit 172.26.162.0 0.0.1.255
permit 172.26.164.0 0.0.1.255
permit 172.26.166.0 0.0.0.255
permit 172.26.168.0 0.0.0.255
!
ip access-list extended Admin
permit ip any 172.26.161.0 0.0.0.255
permit ip any 172.26.165.0 0.0.0.255
!
ip access-list extended END_USERS
remark Allow PC End Users
permit ip any 172.26.164.0 0.0.0.255
permit ip any 172.26.162.0 0.0.1.255
!
!
access-list 61 remark Allow all workgroups Telnet and SNMP access
access-list 61 permit 172.26.0.0 0.0.255.255
access-list 61 remark Allow CCNP4_Server Telnet and SNMP access
access-list 61 permit 172.28.128.0 0.0.0.15
access-list 61 remark Allow Elmhurst Telnet and SNMP access
access-list 61 permit 172.28.170.0 0.0.0.63
!
route-map USE_FAST deny 10
match ip address END_USERS