ISP Base Configuration s1

ISP – Lab 7.1.1 and Lab 7.1.2 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname ISP

!

enable password cisco

!

clock timezone PST -7

ip subnet-zero

!

ip cef

cns event-service server

!

interface Loopback0

ip address 10.2.1.2 255.255.255.252

!

interface Loopback1

ip address 192.168.1.1 255.255.255.0

!

interface Loopback2

ip address 192.168.2.1 255.255.255.0

!

interface Loopback3

ip address 192.168.3.1 255.255.255.0

!

interface Loopback4

ip address 192.168.4.1 255.255.255.0

!

interface Loopback5

ip address 192.168.5.1 255.255.255.0

!

interface Loopback6

ip address 192.168.6.1 255.255.255.0

!

interface Loopback10

description RedCross

ip address 213.173.185.10 255.255.255.0

interface Loopback11

description Cisco

ip address 198.133.219.25 255.255.255.0

!

interface Loopback12

description Google

ip address 216.239.33.101 255.255.255.0

!

interface FastEthernet0/0

description Link to Elmhurst

ip address 172.17.22.1 255.255.255.252

no shutdown

!

interface Serial0/0

no ip address

shutdown

!

interface Serial0/1

no ip address

shutdown

!

router bgp 222

synchronization

bgp log-neighbor-changes

network 10.2.1.0 mask 255.255.255.252

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

network 198.133.219.0

network 213.173.185.0

network 216.239.33.0

neighbor 172.17.22.2 remote-as 77

no auto-summary

!

ip classless

ip http server

!

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

ISP

-- Module 7 --

-- Lab 7.1.1 and Lab 7.1.2 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

transport input none

stopbits 1

flowcontrol hardware

line aux 0

no exec

line vty 0 4

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp clock-period 17208456

ntp master 2

!

! no issues

!

end

Orlando – Lab 7.1.1 and Lab 7.1.2 Configuration

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Orlando

!

enable password cisco

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.2 172.27.227.2

ip host Toronto 172.26.168.1 172.26.168.129 172.26.167.2 172.26.167.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.167.1 172.26.167.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

ip subnet-zero

!

clock timezone PST -7

!

call rsvp-sync

!

interface Loopback0

ip address 10.177.178.8 255.255.255.192

ip ospf network point-to-point

!

interface FastEthernet0/0

no ip address

speed auto

full-duplex

no shutdown

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 172.17.22.2 255.255.255.252

!

interface FastEthernet0/0.28

encapsulation dot1Q 28

ip address 172.28.128.8 255.255.255.240

ip ospf prior 20

!

interface FastEthernet0/0.99

encapsulation dot1Q 99

ip address 172.28.170.1 255.255.255.192

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface Serial0/1

no ip address

shutdown

!

router ospf 707

router-id 172.27.227.8

log-adjacency-changes

network 10.177.178.0 0.0.0.255 area 78

network 172.28.128.0 0.0.0.255 area 0

default-information originate

area 0 authentication message-digest

!

router bgp 65077

no synchronization

bgp log-neighbor-changes

bgp confederation identifier 77

bgp confederation peers 65061

network 172.28.128.0 mask 255.255.255.240

neighbor 172.26.169.1 remote-as 65061

neighbor 172.26.169.1 ebgp-multihop 3

neighbor 172.26.169.1 update-source Loopback0

neighbor 172.17.22.1 remote-as 222

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.17.22.1

ip http server

!

logging source-interface Loopback0

logging 172.28.128.9

!

access-list 77 remark Allow all workgroups Telnet and SNMP access

access-list 77 permit 172.26.0.0 0.0.255.255

access-list 77 remark Allow Elmhurst Telnet and SNMP access

access-list 77 permit 172.28.128.0 0.0.0.255

!

!

dial-peer cor custom

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Orlando

-- Module 7 --

-- Lab 7.1.1 and Lab 7.1.2 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

access-class 77 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

!

! no issues

!

end

Elmhurst – Lab 7.1.1 and Lab 7.1.2 Configuration

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Elmhurst

!

logging buffered 65536 debugging

enable password cisco

!

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.2 172.27.227.2

ip host Toronto 172.26.168.1 172.26.168.129 172.26.167.2 172.26.167.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.167.1 172.26.167.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

ip subnet-zero

clock timezone PST -7

no ip domain-lookup

vtp domain CIT

vtp mode transparent

!

vlan 10

name ISP

!
vlan 28

name Core_28

!

vlan 99

name Management_VLAN

!

!

spanning tree portfast default

spanning-tree extend system-id

spanning-tree backbonefast

spanning-tree vlan 28 priority 8192

!

!

interface Port-channel6

switchport mode trunk

no ip address

!

interface FastEthernet0/1

description Link to ISP

switchport access vlan 10

no ip address

!

interface FastEthernet0/2

description Link to Orlando

switchport mode trunk

no ip address

!

interface FastEthernet0/3

description Link to Montreal

no ip address

channel-group 6 mode desirable

!

interface FastEthernet0/4

description Link to Montreal

no ip address

channel-group 6 mode desirable

!

interface FastEthernet0/5

description Link to Server

switchport access vlan 28

no ip address

!

interface range FastEthernet0/6 - 24

no ip address

shutdown

!

interface GigabitEthernet0/1

no ip address

shutdown

!

interface GigabitEthernet0/2

no ip address

shutdown

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan99

description Management VLAN

ip address 172.28.170.2 255.255.255.192

no ip route-cache

no shutdown

!

ip default-gateway 172.28.170.1

!

ip http server

!

logging 172.28.128.9

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Elmhurst

Core Switch

-- Module 7 --

-- Lab 7.1.1 and Lab 7.1.2 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 0 0

password cisco

logging synchronous

login

flowcontrol hardware

line vty 0 4

exec-timeout 0 0

password cisco

logging synchronous

login

line vty 5 15

exec-timeout 0 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

!

! no issues

!

end

Montreal – Lab 7.1.1 and Lab 7.1.2 Configuration

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Montreal

!

logging buffered 65536 debugging

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.2 172.27.227.2

ip host Toronto 172.26.168.1 172.26.168.129 172.26.167.2 172.26.167.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.167.1 172.26.167.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

clock timezone PST -7

!

vlan 28

name Core_28

ip subnet-zero

ip routing

no ip domain-lookup

!

vtp domain CIT

vtp mode transparent

!

!

spanning-tree extend system-id

spanning-tree backbonefast

!

!

!

interface Loopback0

ip address 172.26.169.1 255.255.255.192

ip ospf network point-to-point

!

interface Port-channel62

description EtherChannel bundle to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree vlan 28 port-priority 32

!

interface range FastEthernet0/1 – 2

no ip address

shutdown

!

interface FastEthernet0/3

description Link to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

channel-group 62 mode desirable

!

interface FastEthernet0/4

description Link to Elmhurst

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

channel-group 62 mode desirable

!

interface FastEthernet0/5

description Link to Toronto

no switchport

ip address 172.26.168.130 255.255.255.192

duplex full

speed 100

!

interface range FastEthernet0/6 – 24

no ip address

shutdown

!

interface GigabitEthernet 0/1

no ip address

shutdown

!

interface GigabitEthernet 0/2

no ip address

shutdown

!

interface Vlan1

no ip address

no ip mroute-cache

!

interface Vlan28

description Path to Elmhurst

ip address 172.28.128.6 255.255.255.240

!

router ospf 606

router-id 172.27.227.6

log-adjacency-changes

area 6 nssa default-information-originate

area 6 range 172.26.0.0 255.255.0.0

summary-address 172.26.0.0 255.255.0.0 not-advertise

network 172.26.168.0 0.0.0.255 area 6

network 172.26.169.0 0.0.0.255 area 6

network 172.27.227.0 0.0.0.255 area 0

network 172.28.128.0 0.0.0.255 area 0

area 0 authentication message-digest

!

router bgp 65061

bgp log-neighbor-changes

bgp confederation identifier 77

bgp confederation peers 65077

network 172.26.161.0 mask 255.255.255.192

network 172.26.162.0 mask 255.255.255.192

network 172.26.163.0 mask 255.255.255.192

network 172.26.164.0 mask 255.255.255.192

network 172.26.165.0 mask 255.255.255.192

network 172.26.165.128 mask 255.255.255.192

network 172.26.167.0 mask 255.255.255.192

network 172.26.167.128 mask 255.255.255.192

network 172.26.168.0 mask 255.255.255.192

network 172.26.168.128 mask 255.255.255.192

network 172.26.169.0 mask 255.255.255.192

aggregate-address 172.26.0.0 255.255.0.0 summary-only

neighbor 10.177.177.7 remote-as 65077

neighbor 10.177.177.7 ebgp-multihop 3

neighbor 10.177.177.7 update-source Loopback0

neighbor 10.177.177.7 distribute-list CIT in

neighbor 10.177.178.8 remote-as 65077

neighbor 10.177.178.8 ebgp-multihop 3

neighbor 10.177.178.8 update-source Loopback0

neighbor 10.177.178.8 distribute-list CIT in

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.28.128.8

ip http server

!

ip access-list standard CIT

remark Include the other pods as /16 networks

remark Also include the Cisco web site

permit 198.133.219.0 0.0.0.255

!

access-list 61 remark Allow workgroup Telnet and SNMP access

access-list 61 permit 172.26.0.0 0.0.255.255

access-list 61 remark Allow Elmhurst Telnet and SNMP access

access-list 61 permit 172.28.128.8 0.0.0.0

!

logging source-interface Loopback0

logging 172.28.128.9

snmp-server engineID local 800000090300000A8A466781

snmp-server community Acme RO 61

snmp-server chassis-id Montreal

snmp-server enable traps snmp authentication warmstart coldstart

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps rtr

snmp-server enable traps vlan-membership

snmp-server enable traps vtp

snmp-server enable traps MAC-Notification

snmp-server enable traps hsrp

snmp-server enable traps cluster

snmp-server enable traps bgp

!
banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Montreal

Distribution Router / Switch

-- Module 7 --

-- Lab 7.1.1 and Lab 7.1.2 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

flowcontrol hardware

line vty 0 4

access-class 61 in

exec-timeout 20 0

password cisco

logging synchronous

login

line vty 5 15

access-class 61 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp server 172.17.22.1

!

! broken configs here - start

!

router bgp 65061

no neighbor 10.177.177.7 distribute-list CIT in

no neighbor 10.177.178.8 distribute-list CIT in

neighbor 10.177.177.7 distribute-list ClT in

neighbor 10.177.178.8 distribute-list ClT in

no ip access-list standard CIT

ip access-list extended CIT

permit tcp 172.21.0.0 0.0.255.255 any eq bgp

permit tcp 172.22.0.0 0.0.255.255 any eq bgp

permit tcp 172.23.0.0 0.0.255.255 any eq bgp

permit tcp 172.24.0.0 0.0.255.255 any eq bgp

permit tcp 172.25.0.0 0.0.255.255 any eq bgp

permit tcp 198.133.219.0 0.0.0.255 any eq bgp

!

router ospf 606

no area 0 authentication message-digest

area 6 authentication message-digest

!

! broken configs here - end

!

end

Toronto – Lab 7.1.1 and Lab 7.1.2 Configuration

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Toronto

!

logging buffered 65536 debugging

ip host Montreal 172.26.169.1 172.26.168.130 172.28.128.2 172.27.227.2

ip host Toronto 172.26.168.1 172.26.168.129 172.26.167.2 172.26.167.130

ip host Kingston 172.26.165.1 172.26.161.1 172.26.167.1 172.26.167.129

ip host Kingston_SW 172.26.161.2

ip host Orlando 172.28.128.8 172.17.22.2 172.28.170.1

ip host Elmhurst 172.28.170.2

ip host CCNP4_Server 172.28.128.9

!

ip host RedCross 213.173.185.10

ip host Cisco 198.133.219.25

ip host Google 216.239.33.101

ip host ISP 10.2.1.2

!

memory-size iomem 10

clock timezone PST -7

ip subnet-zero

!

!

no ip domain-lookup

!

ip cef

!

call rsvp-sync

!

!

interface Loopback0

ip address 172.26.168.1 255.255.255.192

!

interface FastEthernet0/0

description Link to Montreal

ip address 172.26.168.129 255.255.255.192

ip policy route-map USE_FAST

speed 100

full-duplex

no shutdown

!

interface Serial0/0

description Fast Link to Kingston

bandwidth 1544

ip address 172.26.166.2 255.255.255.192

no shutdown

!

interface Serial0/1

bandwidth 64

encapsulation frame-relay

no shutdown

!

interface Serial0/1.1 multipoint

description Slow Frame Relay Link to Kingston

ip address 172.26.166.130 255.255.255.192

frame-relay map ip 172.26.166.129 201 broadcast

!

router eigrp 606

redistribute ospf 606 metric 10000 100 255 1 1500

passive-interface default

no passive-interface FastEthernet0/0

no passive-interface Serial0/0

no passive-interface Serial0/1.1

network 172.26.166.0 0.0.0.63

network 172.26.166.128 0.0.0.63

network 172.26.168.0 0.0.0.63

network 172.26.168.128 0.0.0.63

auto-summary

!

router ospf 606

router-id 172.26.168.1

log-adjacency-changes

area 6 nssa

redistribute eigrp 606 metric 900 metric-type 1 subnets

passive-interface Serial0/0

passive-interface Serial0/1.1

network 172.26.167.0 0.0.0.255 area 6

network 172.26.168.0 0.0.0.255 area 6

distribute-list Access_Routes out

!

ip classless

no ip http server

ip pim bidir-enable

!

!

ip access-list standard Access_Routes

permit 172.26.161.0 0.0.0.255

permit 172.26.162.0 0.0.1.255

permit 172.26.164.0 0.0.1.255

!

ip access-list extended Admin

permit ip any 172.26.161.0 0.0.0.255

permit ip any 172.26.165.0 0.0.0.255

!

ip access-list extended END_USERS

remark Allow PC End Users

permit ip any 172.26.164.0 0.0.0.255

permit ip any 172.26.162.0 0.0.1.255

!

access-list 61 remark Allow this workgroup to Telnet in

access-list 61 permit 172.26.0.0 0.0.255.255

access-list 61 remark Allow Elmhurst to Telnet in

access-list 61 permit 172.28.128.8 0.0.0.0

!

route-map USE_FAST deny 10

match ip address END_USERS

!

route-map USE_FAST permit 20

match ip address Admin

set ip next-hop 172.26.166.129

!

logging source-interface Loopback0

logging 172.28.128.9

snmp-server community Acme RO 61

snmp-server chassis-id Toronto

snmp-server enable traps snmp authentication coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps syslog

snmp-server enable traps rtr

snmp-server enable traps ipmulticast

!

banner motd ^C

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Toronto

Distribution Router

-- Module 7 --

-- Lab 7.1.1 and Lab 7.1.2 --

ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

^C

!

line con 0

exec-timeout 20 0

password cisco

login

stopbits 1

flowcontrol hardware

line aux 0

no exec

line vty 0 4

access-class 61 in

exec-timeout 20 0

password cisco

logging synchronous

login

!

ntp clock-period 17208260

ntp server 172.17.22.1

!

! broken configs here - start

!

no ip access-list extended END_USERS

ip access-list extended END_USERS

remark Allow PC End Users

permit tcp any 172.26.162.0 0.0.1.255 eq telnet

permit tcp any 172.26.162.0 0.0.1.255 eq ftp-data

permit tcp any 172.26.162.0 0.0.1.255 eq ftp

permit tcp any 172.26.162.0 0.0.1.255 eq www

permit udp any 172.26.162.0 0.0.1.255 eq tftp

permit tcp any 172.26.164.0 0.0.0.255 eq telnet

permit tcp any 172.26.164.0 0.0.0.255 eq ftp-data