ISP Base Configuration s2

ISP – Lab 7.2.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname ISP

!

logging buffered 65536 debugging

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone Hawaii -10

!

ip subnet-zero

!

!

interface Loopback0

ip address 10.2.1.2 255.255.255.252

!

interface Loopback1

ip address 192.168.1.1 255.255.255.0

!

interface Loopback2

ip address 192.168.2.1 255.255.255.0

!

interface Loopback3

ip address 192.168.3.1 255.255.255.0

!

interface Loopback4

ip address 192.168.4.1 255.255.255.0

!

interface Loopback5

ip address 192.168.5.1 255.255.255.0

!

interface Loopback6

ip address 192.168.6.1 255.255.255.0

!

interface Loopback10

description RedCross

ip address 213.173.185.10 255.255.255.0

interface Loopback11

description Cisco

ip address 198.133.219.25 255.255.255.0

!

interface Loopback12

description Google

ip address 216.239.33.101 255.255.255.0

!

interface FastEthernet0/0

description Link to Elmhurst

ip address 172.17.22.1 255.255.255.252

no shutdown

!

interface Serial0/0

no ip address

shutdown

!

interface Serial0/1

no ip address

shutdown

!

router bgp 222

no synchronization

bgp log-neighbor-changes

network 10.2.1.0 mask 255.255.255.252

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

network 198.133.219.0

network 213.173.185.0

network 216.239.33.0

neighbor 172.17.22.2 remote-as 65222

no auto-summary

!

ip classless

ip http server

!

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

ISP

-- Module 7 --

-- Lab 7.2.1 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

transport input none

stopbits 1

flowcontrol hardware

line aux 0

no exec

line vty 0 4

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp clock-period 17208456

ntp master 2

!

! no issues

!

end

Orlando – Lab 7.2.1 Configuration

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Orlando

!

!

!

logging buffered 65536 debugging

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

ip subnet-zero

!

clock timezone Hawaii -10

!

interface Loopback0

ip address 10.177.178.8 255.255.255.192

ip ospf network point-to-point

!

interface FastEthernet0/0

no ip address

speed auto

!

full-duplex

no shutdown

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 172.17.22.2 255.255.255.252

!

interface FastEthernet0/0.28

encapsulation dot1Q 28

ip address 172.28.128.8 255.255.255.240

ip ospf message-digest-key 1 md5 cisco

ip ospf priority 20

!

interface FastEthernet0/0.99

encapsulation dot1Q 99

ip address 172.28.170.1 255.255.255.192

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

router ospf 707

router-id 172.28.128.6

log-adjacency-changes

network 10.177.178.0 0.0.0.255 area 78

network 172.28.128.0 0.0.0.255 area 0

default-information originate

area 0 authentication message-digest

!

router bgp 65077

no synchronization

bgp log-neighbor-changes

bgp confederation identifier 65222

bgp confederation peers 65061

network 172.28.128.0 mask 255.255.255.240

neighbor 172.26.169.1 remote-as 65061

neighbor 172.26.169.1 ebgp-multihop 3

neighbor 172.26.169.1 update-source Loopback0

neighbor 172.17.22.1 remote-as 222

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.17.22.1

ip http server

!

logging source-interface Loopback0

logging 172.28.128.9

!

access-list 77 remark Allow all workgroups Telnet and SNMP access

access-list 77 permit 172.26.0.0 0.0.255.255

access-list 77 remark Allow CCNP4_Server Telnet and SNMP access

access-list 77 permit 172.28.128.0 0.0.0.15

access-list 77 remark Allow Elmhurst Telnet and SNMP access

access-list 77 permit 172.28.170.0 0.0.0.63

!

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Orlando

-- Module 7 --

-- Lab 7.2.1 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

! no issues

!

end

Elmhurst – Lab 7.2.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Elmhurst

!

logging buffered 65536 debugging

!

!

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

ip subnet-zero

clock timezone Hawaii -10

!

!

no ip domain-lookup

!

vtp domain CIT

vtp mode transparent

!

vlan 10

name ISP

!
vlan 28

name Core_28

!

vlan 99

name Management_VLAN

!

!

spanning-tree portfast default

spanning-tree extend system-id

spanning-tree backbonefast

spanning-tree vlan 28 priority 8192

!

!

interface Port-channel6

switchport mode trunk

no ip address

!

interface FastEthernet0/1

description Link to ISP

switchport access vlan 10

no ip address

!

interface FastEthernet0/2

description Link to Orlando

switchport mode trunk

speed 100

duplex full

no ip address

!

interface FastEthernet0/3

description Link to Montreal

no ip address

channel-group 6 mode desirable

!

interface FastEthernet0/4

description Link to Montreal

no ip address

channel-group 6 mode desirable

!

interface FastEthernet0/5

description Link to Server

switchport access vlan 28

no ip address

!

interface range FastEthernet0/6 - 24

no ip address

shutdown

!

interface GigabitEthernet0/1

no ip address

shutdown

!

interface GigabitEthernet0/2

no ip address

shutdown

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan99

description Management VLAN

ip address 172.28.170.2 255.255.255.192

no ip route-cache

no shutdown

!

ip default-gateway 172.28.170.1

!

ip http server

!

logging 172.28.128.9

!

access-list 77 remark Allow all workgroups Telnet and SNMP access

access-list 77 permit 172.26.0.0 0.0.255.255

access-list 77 remark Allow CCNP4_Server Telnet and SNMP access

access-list 77 permit 172.28.128.0 0.0.0.15

access-list 77 remark Allow Elmhurst Telnet and SNMP access

access-list 77 permit 172.28.170.0 0.0.0.63

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Elmhurst

Core Switch

-- Module 7 --

-- Lab 7.2.1 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 0 0

password cisco

logging synchronous

login

flowcontrol hardware

line vty 0 4

exec-timeout 0 0

password cisco

logging synchronous

login

line vty 5 15

exec-timeout 0 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

!

! broken configs here - start

!

interface Vlan28

no shut

! merely typing in these two commands results in the IP address

! from the existing management VLAN (99) to automatically get

! shifted over to VLAN 28!

!

! broken configs here - end

!

end

Montreal – Lab 7.2.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Montreal

!

logging buffered 65536 debugging

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone Hawaii -10

!

vlan 28

name Core_28

ip subnet-zero

ip routing

no ip domain-lookup

!

vtp domain CIT

vtp mode transparent

!

!

spanning-tree extend system-id

spanning-tree backbonefast

!

!

!

interface Loopback0

ip address 172.26.169.1 255.255.255.192

ip ospf network point-to-point

!

interface Port-channel62

description EtherChannel bundle to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree vlan 28 port-priority 32

!

interface range FastEthernet0/1 – 2

no ip address

shutdown

!

interface FastEthernet0/3

description Link to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

channel-group 62 mode desirable

!

interface FastEthernet0/4

description Link to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

channel-group 62 mode desirable

!

interface FastEthernet0/5

description Link to Toronto

no switchport

ip address 172.26.168.130 255.255.255.192

speed 100

duplex full

!

interface range FastEthernet0/6 – 24

no ip address

shutdown

!

interface GigabitEthernet 0/1

no ip address

shutdown

!

interface GigabitEthernet 0/2

no ip address

shutdown

!

interface Vlan1

no ip address

no ip mroute-cache

!

interface Vlan28

description Path to Elmhurst

ip address 172.28.128.6 255.255.255.240

ip ospf message-digest-key 1 md5 cisco

!

router ospf 606

log-adjacency-changes

area 6 nssa default-information-originate

area 6 range 172.26.0.0 255.255.0.0

summary-address 172.26.0.0 255.255.0.0 not-advertise

network 172.26.168.0 0.0.0.255 area 6

network 172.26.169.0 0.0.0.255 area 6

network 172.28.128.0 0.0.0.255 area 0

area 0 authentication message-digest

!

router bgp 65061

no synchronization

bgp log-neighbor-changes

bgp confederation identifier 65222

bgp confederation peers 65077

network 172.26.161.0 mask 255.255.255.192

network 172.26.162.0 mask 255.255.255.192

network 172.26.163.0 mask 255.255.255.192

network 172.26.164.0 mask 255.255.255.192

network 172.26.165.0 mask 255.255.255.192

network 172.26.165.128 mask 255.255.255.192

network 172.26.168.0 mask 255.255.255.192

network 172.26.168.128 mask 255.255.255.192

network 172.26.169.0 mask 255.255.255.192

aggregate-address 172.26.0.0 255.255.0.0 summary-only

neighbor 10.177.178.8 remote-as 65077

neighbor 10.177.178.8 ebgp-multihop 3

neighbor 10.177.178.8 update-source Loopback0

neighbor 10.177.178.8 distribute-list CIT in

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.28.128.8

ip http server

!

ip access-list standard CIT

remark Include the other pods as /16 networks

remark Also include the Cisco web site

permit 198.133.219.0 0.0.0.255

!

access-list 61 remark Allow all workgroups Telnet and SNMP access

access-list 61 permit 172.26.0.0 0.0.255.255

access-list 61 remark Allow CCNP4_Server Telnet and SNMP access

access-list 61 permit 172.28.128.0 0.0.0.15

access-list 61 remark Allow Elmhurst Telnet and SNMP access

access-list 61 permit 172.28.170.0 0.0.0.63

!

logging source-interface Loopback0

logging 172.28.128.9

snmp-server engineID local 800000090300000A8A466781

snmp-server community Acme RO 61

snmp-server chassis-id Montreal

snmp-server enable traps snmp authentication warmstart coldstart

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps rtr

snmp-server enable traps vlan-membership

snmp-server enable traps vtp

snmp-server enable traps MAC-Notification

snmp-server enable traps hsrp

snmp-server enable traps cluster

snmp-server enable traps bgp

!
banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Montreal

Distribution Router / Switch

-- Module 7 --

-- Lab 7.2.1 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

flowcontrol hardware

line vty 0 4

access-class 61 in

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

access-class 61 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

! broken configs here - start

!

!

interface Vlan28

no ip ospf message-digest-key 1 md5 cisco

ip ospf message-digest-key 1 md5 cisco

!

! space added to end of ‘cisco’

!

no service prompt config

no logging console

!

banner motd %

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Toronto

Distribution Switch

-- Module 7 --

-- Lab 7.2.1 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

%

!

hostname Toronto

!

router bgp 65061

no neighbor 10.177.178.8 update-source Loopback0

!

vlan 28

name Core_28

shutdown

! this shuts down Layer 2 switching related to VLAN 28

!

!

do reload in 00:20

no

! need blank line to acknowledge reload request

!

!

! broken configs here - end

!

end

Toronto – Lab 7.2.1 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Toronto

!

logging buffered 65536 debugging

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.6

ip host Toronto 172.26.168.1 172.26.168.129 172.26.166.2 172.26.166.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.166.1 172.26.166.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1 172.28.171.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

memory-size iomem 10

clock timezone Hawaii -10

!

ip subnet-zero

!

!

no ip domain-lookup

!

!

!

interface Loopback0

ip address 172.26.168.1 255.255.255.192

!

interface FastEthernet0/0

description Link to Montreal

ip address 172.26.168.129 255.255.255.192

ip policy route-map USE_FAST

speed 100

full-duplex

no shutdown

!

interface Serial0/0

description Fast Link to Kingston

bandwidth 1544

ip address 172.26.166.2 255.255.255.192

no shutdown

!

interface Serial0/1

bandwidth 64

encapsulation frame-relay

no shutdown

!

interface Serial0/1.1 multipoint

description Slow Frame Relay Link to Kingston

ip address 172.26.166.130 255.255.255.192

frame-relay map ip 172.26.166.129 201 broadcast

!

router eigrp 606

redistribute ospf 606 metric 10000 100 255 1 1500

passive-interface default

no passive-interface FastEthernet0/0

no passive-interface Serial0/0

no passive-interface Serial0/1.1

network 172.26.166.0 0.0.0.63

network 172.26.166.128 0.0.0.63

network 172.26.168.0 0.0.0.63

network 172.26.168.128 0.0.0.63

no auto-summary

!

router ospf 606

router-id 172.26.168.1

log-adjacency-changes

area 6 nssa

redistribute connected metric 900 metric-type 1 subnets

redistribute eigrp 606 metric 900 metric-type 1 subnets

passive-interface Serial0/0

passive-interface Serial0/1.1

network 172.26.168.0 0.0.0.255 area 6

distribute-list Access&Connected_Routes out

!

ip classless

no ip http server

!

!

ip access-list standard Access&Connected_Routes

permit 172.26.161.0 0.0.0.255

permit 172.26.162.0 0.0.1.255

permit 172.26.164.0 0.0.1.255

permit 172.26.166.0 0.0.0.255

!

ip access-list extended Admin

permit ip any 172.26.161.0 0.0.0.255

permit ip any 172.26.165.0 0.0.0.255

!

ip access-list extended END_USERS

remark Allow PC End Users

permit ip any 172.26.164.0 0.0.0.255

permit ip any 172.26.162.0 0.0.1.255

!

access-list 61 remark Allow all workgroups Telnet and SNMP access

access-list 61 permit 172.26.0.0 0.0.255.255

access-list 61 remark Allow CCNP4_Server Telnet and SNMP access

access-list 61 permit 172.28.128.0 0.0.0.15

access-list 61 remark Allow Elmhurst Telnet and SNMP access

access-list 61 permit 172.28.170.0 0.0.0.63

!

route-map USE_FAST deny 10

match ip address END_USERS

!

route-map USE_FAST permit 20

match ip address Admin

set ip next-hop 172.26.166.129

!

logging source-interface Loopback0

logging 172.28.128.9

snmp-server community Acme RO 61

snmp-server chassis-id Toronto

snmp-server enable traps snmp authentication coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps config