Campus Switch Deployed as an Aggregation for VLANs Configuration Example
From DocWiki
(Difference between revisions)
(→Introduction) |
(→Configuration Description=) |
||
| Line 5: | Line 5: | ||
[[Image:Campus_Aggregation_4500_Topology.jpg|200px|thumb|left]] | [[Image:Campus_Aggregation_4500_Topology.jpg|200px|thumb|left]] | ||
| - | =Configuration Description== | + | |
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ==Configuration Description== | ||
This configuration includes features typically enabled in a campus environment, including: | This configuration includes features typically enabled in a campus environment, including: | ||
* DHCP | * DHCP | ||
Revision as of 22:06, 20 August 2010
Contents |
Introduction
This example shows the configuration of a campus switch (Catalyst 4K) deployed as an aggregation for VLANs.
Click on thumbnail to enlarge:
Configuration Description
This configuration includes features typically enabled in a campus environment, including:
- DHCP
- VLANs
- AAA (RADIUS)
- Spanning tree
- Flexible netflow
- Multicast
- BGP
- OSPF
- PBR
- QoS
- Access lists
- Port channel
Show running-config
Building configuration...
Current configuration : 32318 bytes
!
! Last configuration change at 00:11:40 EDT Wed Jun 16 2010 by nsite
! NVRAM config last updated at 00:02:07 EDT Wed Jun 16 2010
!
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service compress-config
!
hostname 4507-CC0702
!
boot-start-marker
boot system slot0:XO.EFT2.4
boot-end-marker
!
logging buffered 20000000
logging rate-limit 10000
no logging console
no logging cns-events
enable password xxx
!
username nsite password 0 xxx
username itcampus password 0 xxx
!
!
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius
!
!
!
aaa session-id common
clock timezone EDT -4
!
flow record myFirstTry
match ipv4 source address
match ipv4 destination address
collect counter bytes
!
!
flow exporter iosha-lnx6
destination 10.5.1.24
!
!
flow monitor myFirstMonitor
record myFirstTry
exporter iosha-lnx6
!
ip subnet-zero
no ip domain-lookup
ip domain-name cisco.com
ip host linden 10.5.1.4
ip host stubbs 10.5.1.3
ip vrf Liin-intf
!
ip vrf mgmtVrf
!
ip multicast-routing
ip dhcp snooping vlan 3201-3240
ip dhcp excluded-address 140.20.1.1 140.20.1.99
ip dhcp excluded-address 140.20.2.1 140.20.2.99
ip dhcp excluded-address 140.20.3.1 140.20.3.99
ip dhcp excluded-address 140.20.4.1 140.20.4.99
ip dhcp excluded-address 140.20.5.1 140.20.5.99
ip dhcp excluded-address 140.20.6.1 140.20.6.99
ip dhcp excluded-address 140.20.7.1 140.20.7.99
ip dhcp excluded-address 140.20.8.1 140.20.8.99
ip dhcp excluded-address 140.20.9.1 140.20.9.99
ip dhcp excluded-address 140.20.10.1 140.20.10.99
ip dhcp excluded-address 140.20.11.1 140.20.11.99
ip dhcp excluded-address 140.20.12.1 140.20.12.99
ip dhcp excluded-address 140.20.13.1 140.20.13.99
ip dhcp excluded-address 140.20.14.1 140.20.14.99
ip dhcp excluded-address 140.20.15.1 140.20.15.99
ip dhcp excluded-address 140.20.16.1 140.20.16.99
ip dhcp excluded-address 140.20.17.1 140.20.17.99
ip dhcp excluded-address 140.20.18.1 140.20.18.99
ip dhcp excluded-address 140.20.19.1 140.20.19.99
ip dhcp excluded-address 140.20.20.1 140.20.20.99
ip dhcp excluded-address 140.20.21.1 140.20.21.99
ip dhcp excluded-address 140.20.22.1 140.20.22.99
ip dhcp excluded-address 140.20.23.1 140.20.23.99
ip dhcp excluded-address 140.20.24.1 140.20.24.99
ip dhcp excluded-address 140.20.25.1 140.20.25.99
ip dhcp excluded-address 140.20.26.1 140.20.26.99
ip dhcp excluded-address 140.20.27.1 140.20.27.99
ip dhcp excluded-address 140.20.28.1 140.20.28.99
ip dhcp excluded-address 140.20.29.1 140.20.29.99
ip dhcp excluded-address 140.20.30.1 140.20.30.99
ip dhcp excluded-address 140.20.31.1 140.20.31.99
ip dhcp excluded-address 140.20.32.1 140.20.32.99
ip dhcp excluded-address 140.20.33.1 140.20.33.99
ip dhcp excluded-address 140.20.34.1 140.20.34.99
ip dhcp excluded-address 140.20.35.1 140.20.35.99
ip dhcp excluded-address 140.20.36.1 140.20.36.99
ip dhcp excluded-address 140.20.37.1 140.20.37.99
ip dhcp excluded-address 140.20.38.1 140.20.38.99
ip dhcp excluded-address 140.20.39.1 140.20.39.99
ip dhcp excluded-address 140.20.40.1 140.20.40.99
ip dhcp excluded-address 140.20.1.254
ip dhcp excluded-address 140.20.2.254
ip dhcp excluded-address 140.20.3.254
ip dhcp excluded-address 140.20.4.254
ip dhcp excluded-address 140.20.5.254
ip dhcp excluded-address 140.20.6.254
ip dhcp excluded-address 140.20.7.254
ip dhcp excluded-address 140.20.8.254
ip dhcp excluded-address 140.20.9.254
ip dhcp excluded-address 140.20.10.254
ip dhcp excluded-address 140.20.11.254
ip dhcp excluded-address 140.20.12.254
ip dhcp excluded-address 140.20.13.254
ip dhcp excluded-address 140.20.14.254
ip dhcp excluded-address 140.20.15.254
ip dhcp excluded-address 140.20.16.254
ip dhcp excluded-address 140.20.17.254
ip dhcp excluded-address 140.20.18.254
ip dhcp excluded-address 140.20.19.254
ip dhcp excluded-address 140.20.20.254
ip dhcp excluded-address 140.20.21.254
ip dhcp excluded-address 140.20.22.254
ip dhcp excluded-address 140.20.23.254
ip dhcp excluded-address 140.20.24.254
ip dhcp excluded-address 140.20.25.254
ip dhcp excluded-address 140.20.26.254
ip dhcp excluded-address 140.20.27.254
ip dhcp excluded-address 140.20.28.254
ip dhcp excluded-address 140.20.29.254
ip dhcp excluded-address 140.20.30.254
ip dhcp excluded-address 140.20.31.254
ip dhcp excluded-address 140.20.32.254
ip dhcp excluded-address 140.20.33.254
ip dhcp excluded-address 140.20.34.254
ip dhcp excluded-address 140.20.35.254
ip dhcp excluded-address 140.20.36.254
ip dhcp excluded-address 140.20.37.254
ip dhcp excluded-address 140.20.38.254
ip dhcp excluded-address 140.20.39.254
ip dhcp excluded-address 140.20.40.254
no ip dhcp ping packets
!
ip dhcp pool vl341
network 140.20.1.0 255.255.255.0
default-router 140.20.1.3
domain-name cisco.com
!
ip dhcp pool vl342
network 140.20.2.0 255.255.255.0
default-router 140.20.2.3
domain-name cisco.com
!
ip dhcp pool vl343
network 140.20.3.0 255.255.255.0
default-router 140.20.3.3
domain-name cisco.com
!
ip dhcp pool vl344
network 140.20.4.0 255.255.255.0
default-router 140.20.4.3
domain-name cisco.com
!
ip dhcp pool vl345
network 140.20.5.0 255.255.255.0
default-router 140.20.5.3
domain-name cisco.com
!
ip dhcp pool vl346
network 140.20.6.0 255.255.255.0
default-router 140.20.6.3
domain-name cisco.com
!
ip dhcp pool vl347
network 140.20.7.0 255.255.255.0
default-router 140.20.7.3
domain-name cisco.com
!
ip dhcp pool vl348
network 140.20.8.0 255.255.255.0
default-router 140.20.8.3
domain-name cisco.com
!
ip dhcp pool vl349
network 140.20.9.0 255.255.255.0
default-router 140.20.9.3
domain-name cisco.com
!
ip dhcp pool vl3410
network 140.20.10.0 255.255.255.0
default-router 140.20.10.3
domain-name cisco.com
!
ip dhcp pool vl3411
network 140.20.11.0 255.255.255.0
default-router 140.20.11.3
domain-name cisco.com
!
ip dhcp pool vl3412
network 140.20.12.0 255.255.255.0
default-router 140.20.12.3
domain-name cisco.com
!
ip dhcp pool vl3413
network 140.20.13.0 255.255.255.0
default-router 140.20.13.3
domain-name cisco.com
!
ip dhcp pool vl3414
network 140.20.14.0 255.255.255.0
default-router 140.20.14.3
domain-name cisco.com
!
ip dhcp pool vl3415
network 140.20.15.0 255.255.255.0
default-router 140.20.15.3
domain-name cisco.com
!
ip dhcp pool vl3416
network 140.20.16.0 255.255.255.0
default-router 140.20.16.3
domain-name cisco.com
!
ip dhcp pool vl3417
network 140.20.17.0 255.255.255.0
default-router 140.20.17.2
domain-name cisco.com
!
ip dhcp pool vl3418
network 140.20.18.0 255.255.255.0
default-router 140.20.18.2
domain-name cisco.com
!
ip dhcp pool vl3419
network 140.20.19.0 255.255.255.0
default-router 140.20.19.2
domain-name cisco.com
!
ip dhcp pool vl3420
network 140.20.20.0 255.255.255.0
default-router 140.20.20.2
domain-name cisco.com
!
ip dhcp pool vl3421
network 140.20.21.0 255.255.255.0
default-router 140.20.21.2
domain-name cisco.com
!
ip dhcp pool vl3422
network 140.20.22.0 255.255.255.0
default-router 140.20.22.2
domain-name cisco.com
!
ip dhcp pool vl3423
network 140.20.23.0 255.255.255.0
default-router 140.20.23.2
domain-name cisco.com
!
ip dhcp pool vl3424
network 140.20.24.0 255.255.255.0
default-router 140.20.24.2
domain-name cisco.com
!
ip dhcp pool vl3425
network 140.20.25.0 255.255.255.0
default-router 140.20.25.2
domain-name cisco.com
!
ip dhcp pool vl3426
network 140.20.26.0 255.255.255.0
default-router 140.20.26.2
domain-name cisco.com
!
ip dhcp pool vl3427
network 140.20.27.0 255.255.255.0
default-router 140.20.27.2
domain-name cisco.com
!
ip dhcp pool vl3428
network 140.20.28.0 255.255.255.0
default-router 140.20.28.2
domain-name cisco.com
!
ip dhcp pool vl3429
network 140.20.29.0 255.255.255.0
default-router 140.20.29.2
domain-name cisco.com
!
ip dhcp pool vl3430
network 140.20.30.0 255.255.255.0
default-router 140.20.30.2
domain-name cisco.com
!
ip dhcp pool vl3431
network 140.20.31.0 255.255.255.0
default-router 140.20.31.2
domain-name cisco.com
!
ip dhcp pool vl3432
network 140.20.32.0 255.255.255.0
default-router 140.20.32.2
domain-name cisco.com
!
ip dhcp pool vl3433
network 140.20.33.0 255.255.255.0
default-router 140.20.33.2
domain-name cisco.com
!
ip dhcp pool vl3434
network 140.20.34.0 255.255.255.0
default-router 140.20.34.2
domain-name cisco.com
!
ip dhcp pool vl3435
network 140.20.35.0 255.255.255.0
default-router 140.20.35.2
domain-name cisco.com
!
ip dhcp pool vl3436
network 140.20.36.0 255.255.255.0
default-router 140.20.36.2
domain-name cisco.com
!
ip dhcp pool vl3437
network 140.20.37.0 255.255.255.0
default-router 140.20.37.2
domain-name cisco.com
!
ip dhcp pool vl3438
network 140.20.38.0 255.255.255.0
default-router 140.20.38.2
domain-name cisco.com
!
ip dhcp pool vl3439
network 140.20.39.0 255.255.255.0
default-router 140.20.39.2
domain-name cisco.com
!
ip dhcp pool vl3440
network 140.20.40.0 255.255.255.0
default-router 140.20.40.2
domain-name cisco.com
!
!
vtp domain nsite
vtp mode transparent
!
!
!
dot1x system-auth-control
dot1x guest-vlan supplicant
errdisable recovery cause pagp-flap
errdisable recovery interval 30
power redundancy-mode redundant
!
mac access-list extended macs
permit host 0001.0001.0001 any
permit host 0002.0002.0002 any
permit host 0021.d8cd.cf7f any
!
!
!
file prompt noisy
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
spanning-tree vlan 1,3400-3450 priority 24576
plogd kernel-debug
exception coredump
exception coredump maximum-files 5
!
redundancy
mode sso
!
vlan internal allocation policy ascending
!
vlan 21,29,40
!
vlan 50
name SNMP2
!
vlan 990
remote-span
!
vlan 3201-3240,3401-3440,4000-4003
lldp run
!
ip ftp source-interface Vlan29
ip ftp username nsite
ip ftp password lab
!
class-map match-all macs
match access-group name macs
class-map match-all dbl
match cos 1
!
policy-map macs
class macs
set cos 1
police 1000000 320000
policy-map dbl
class dbl
bandwidth percent 30
dbl
!
!
!
interface Loopback4
ip address 4.4.4.4 255.255.255.255
ip pim sparse-dense-mode
!
interface Port-channel12
switchport
!
interface Port-channel31
switchport
!
interface Port-channel41
switchport
switchport trunk allowed vlan 990,3401-3440
switchport mode dynamic desirable
ip flow monitor myFirstMonitor input
!
interface Port-channel60
ip address 140.10.40.14 255.255.255.252
ip ospf message-digest-key 200 md5 IT-NOVA
load-interval 30
speed 1000
duplex full
ntp broadcast client
!
interface Port-channel61
ip address 140.10.40.6 255.255.255.252
ip pim sparse-dense-mode
ip ospf message-digest-key 200 md5 IT-NOVA
ip ospf cost 10
load-interval 30
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 990,3401-3440
switchport mode dynamic desirable
ip flow monitor myFirstMonitor input
channel-group 41 mode active
ip dhcp snooping trust
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 990,3401-3440
switchport mode dynamic desirable
ip flow monitor myFirstMonitor input
channel-group 41 mode active
ip dhcp snooping trust
!
interface GigabitEthernet1/3
switchport trunk allowed vlan 990,3401-3440
switchport mode dynamic desirable
ip flow monitor myFirstMonitor input
channel-group 41 mode active
ip dhcp snooping trust
!
interface GigabitEthernet1/4
switchport trunk allowed vlan 990,3401-3440
switchport mode dynamic desirable
ip flow monitor myFirstMonitor input
channel-group 41 mode active
ip dhcp snooping trust
!
switchport trunk allowed vlan 990,3201-3240,3401-3440
switchport mode trunk
udld port aggressive
channel-group 12 mode active
!
interface GigabitEthernet1/14
switchport trunk allowed vlan 990,3201-3240,3401-3440
switchport mode trunk
udld port aggressive
channel-group 12 mode active
!
interface GigabitEthernet1/15
switchport trunk allowed vlan 990,3201-3240,3401-3440
switchport mode trunk
udld port aggressive
channel-group 12 mode active
!
interface GigabitEthernet1/16
switchport trunk allowed vlan 990,3201-3240,3401-3440
switchport mode trunk
udld port aggressive
channel-group 12 mode active
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/33
no switchport
no ip address
speed 1000
duplex full
channel-group 60 mode desirable
!
interface GigabitEthernet1/34
no switchport
no ip address
speed 1000
duplex full
channel-group 60 mode desirable
!
interface GigabitEthernet1/35
no switchport
no ip address
speed 1000
duplex full
channel-group 60 mode desirable
!
interface GigabitEthernet1/36
no switchport
no ip address
speed 1000
duplex full
channel-group 60 mode desirable
!
interface GigabitEthernet1/37
switchport access vlan 20
switchport mode access
switchport voice vlan 21
switchport port-security maximum 6
switchport port-security
switchport port-security violation restrict
authentication event fail retry 3 action authorize vlan 4000
authentication event server dead action authorize vlan 4002
authentication event no-response action authorize vlan 4001
authentication event server alive action reinitialize
authentication host-mode multi-host
authentication order dot1x mab webauth
authentication port-control auto
authentication periodic
authentication timer reauthenticate 120
mab eap
dot1x pae authenticator
dot1x timeout server-timeout 10
dot1x timeout tx-period 15
dot1x timeout supp-timeout 5
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/48
description MANAGEMENT PORT
switchport access vlan 29
switchport mode access
!
interface TenGigabitEthernet3/1
shutdown
!
!
interface GigabitEthernet7/1
no switchport
no ip address
channel-group 61 mode desirable
!
interface GigabitEthernet7/2
no switchport
no ip address
channel-group 61 mode desirable
!
interface GigabitEthernet7/3
no switchport
no ip address
channel-group 61 mode desirable
!
interface GigabitEthernet7/4
no switchport
no ip address
channel-group 61 mode desirable
!
interface GigabitEthernet7/5
!
interface GigabitEthernet7/6
!
interface GigabitEthernet7/7
!
interface GigabitEthernet7/8
!
interface GigabitEthernet7/9
!
interface GigabitEthernet7/10
!
interface GigabitEthernet7/11
!
interface GigabitEthernet7/12
!
interface GigabitEthernet7/13
!
interface GigabitEthernet7/14
!
interface GigabitEthernet7/15
description SNMP2
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet7/16
!
interface GigabitEthernet7/39
switchport trunk allowed vlan 3201-3240
switchport mode dynamic desirable
channel-group 31 mode active
!
interface GigabitEthernet7/40
switchport trunk allowed vlan 3201-3240
switchport mode dynamic desirable
channel-group 31 mode active
!
!
interface Vlan1
no ip address
!
interface Vlan29
description MANAGEMENT PORT
ip address 10.29.7.2 255.255.0.0
!
interface Vlan50
ip address 50.1.7.2 255.0.0.0
!
interface Vlan3201
ip address 140.20.101.1 255.255.255.0
ip pim dr-priority 0
ip ospf cost 50
!
interface Vlan3202
ip address 140.20.102.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3203
ip address 140.20.103.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3204
ip address 140.20.104.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3205
ip address 140.20.105.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3206
ip address 140.20.106.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3207
ip address 140.20.107.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3208
ip address 140.20.108.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3209
ip address 140.20.109.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3210
ip address 140.20.110.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3211
ip address 140.20.111.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3212
ip address 140.20.112.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3213
ip address 140.20.113.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3214
ip address 140.20.114.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3215
ip address 140.20.115.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3216
ip address 140.20.116.1 255.255.255.0
ip ospf cost 50
!
interface Vlan3401
ip address 140.20.1.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3402
ip address 140.20.2.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3403
ip address 140.20.3.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3404
ip address 140.20.4.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3405
ip address 140.20.5.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3406
ip address 140.20.6.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3407
ip address 140.20.7.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3408
ip address 140.20.8.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3409
ip address 140.20.9.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3410
ip address 140.20.10.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3411
ip address 140.20.11.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3412
ip address 140.20.12.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3413
ip address 140.20.13.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3414
ip address 140.20.14.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3415
ip address 140.20.15.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3416
ip address 140.20.16.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3417
ip address 140.20.17.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3418
ip address 140.20.18.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3419
ip address 140.20.19.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3420
ip address 140.20.20.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3421
ip address 140.20.21.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3422
ip address 140.20.22.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3423
ip address 140.20.23.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3424
ip address 140.20.24.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3425
ip address 140.20.25.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3426
ip address 140.20.26.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3427
ip address 140.20.27.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3428
ip address 140.20.28.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3429
ip address 140.20.29.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3430
ip address 140.20.30.1 255.255.255.0
ip pim passive
ip policy route-map pbr
!
interface Vlan3431
ip address 140.20.31.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3432
ip address 140.20.32.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3433
ip address 140.20.33.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3434
ip address 140.20.34.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3435
ip address 140.20.35.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3436
ip address 140.20.36.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3437
ip address 140.20.37.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3438
ip address 140.20.38.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3439
ip address 140.20.39.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
interface Vlan3440
ip address 140.20.40.1 255.255.255.0
ip pim passive
ip policy route-map pbr
ip igmp version 3
!
router ospf 300
ispf
log-adjacency-changes
timers throttle spf 5 5000 90000
passive-interface Vlan3201
passive-interface Vlan3202
passive-interface Vlan3203
passive-interface Vlan3204
passive-interface Vlan3205
passive-interface Vlan3206
passive-interface Vlan3207
passive-interface Vlan3208
passive-interface Vlan3209
passive-interface Vlan3210
passive-interface Vlan3211
passive-interface Vlan3212
passive-interface Vlan3213
passive-interface Vlan3214
passive-interface Vlan3215
passive-interface Vlan3216
passive-interface Vlan3401
passive-interface Vlan3402
passive-interface Vlan3403
passive-interface Vlan3404
passive-interface Vlan3405
passive-interface Vlan3406
passive-interface Vlan3407
passive-interface Vlan3408
passive-interface Vlan3409
passive-interface Vlan3410
passive-interface Vlan3411
passive-interface Vlan3412
passive-interface Vlan3413
passive-interface Vlan3414
passive-interface Vlan3415
passive-interface Vlan3416
network 4.4.4.4 0.0.0.0 area 1
network 140.10.40.4 0.0.0.3 area 1
network 140.10.40.12 0.0.0.3 area 1
network 140.20.0.0 0.0.255.255 area 1
distribute-list prefix Block30Net in
!
router bgp 1
no synchronization
bgp log-neighbor-changes
no auto-summary
!
ip route 10.0.0.0 255.0.0.0 10.29.0.1
ip route 140.100.40.0 255.255.255.0 140.10.40.13
ip route 172.18.135.211 255.255.255.255 172.18.135.1
ip http server
no ip http secure-server
!
ip pim bidir-enable
ip pim rp-address 20.10.7.1 ANYCAST
no ip pim dm-fallback
ip pim ssm range SSM
ip mroute 141.101.1.0 255.255.255.0 140.10.40.5
!
ip access-list standard ANYCAST
permit 238.0.0.0 0.0.255.255
ip access-list standard BIDIR
permit 238.1.0.0 0.0.255.255
permit 239.0.0.0 0.0.0.255
ip access-list standard SSM
permit 238.2.0.0 0.0.255.255
!
!
!
ip prefix-list Block30Net seq 5 deny 30.0.0.0/12 le 24
ip prefix-list Block30Net seq 10 deny 30.16.0.0/12 le 24
ip prefix-list Block30Net seq 15 deny 30.32.0.0/12 le 24
ip prefix-list Block30Net seq 20 permit 0.0.0.0/0 le 32
logging trap errors
logging facility local4
logging source-interface Vlan29
logging 10.5.1.21
logging 10.5.1.4
logging 10.29.9.13
access-list 100 permit ip 140.20.1.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.2.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.4.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.5.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.6.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.7.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.8.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.9.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.10.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.11.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.12.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.13.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.14.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.15.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.16.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.17.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.18.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.19.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.20.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.21.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.22.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.23.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.24.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.25.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.26.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.27.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.28.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.29.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.30.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.31.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.32.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.33.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.34.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.35.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.36.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.40.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any host 140.100.40.101
access-list 102 permit udp any any eq 5060
access-list 102 permit udp any eq 5060 any
access-list 102 permit tcp any eq 1755 any
access-list 103 permit tcp any any eq smtp
access-list 103 permit tcp any eq smtp any
access-list 103 permit tcp any eq www any
access-list 184 permit udp any any eq 1010 dscp cs4
access-list 184 permit udp any eq 1010 any dscp cs4
access-list 184 permit udp any any eq 2001
access-list 185 permit udp any eq 2001 any dscp ef
access-list 185 permit udp any any range 16384 32768
access-list 185 permit udp any range 1024 1100 any dscp ef
access-list 185 permit udp any any eq 2001 dscp ef
access-list 187 permit udp any eq 554 any
access-list 199 permit ip host 1.2.3.4 host 5.6.7.8
access-list 199 permit ip 140.101.0.0 0.0.255.255 140.20.0.0 0.0.255.255
!
route-map teet permit 10
!
route-map pbr permit 100
match ip address 100
set interface Port-channel61
!
snmp-server community 4500-TB1 RO
snmp-server community public RW
snmp-server trap timeout 45
snmp-server packetsize 512
snmp-server location RTP
snmp-server contact IOSHA
snmp-server chassis-id SANITY
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server enable traps memory
snmp-server enable traps cpu_threshold
snmp-server enable traps rf
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps entity
snmp-server enable traps flash insertion removal
snmp-server enable traps storm-control trap-rate 1
snmp-server enable traps bgp
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps ipmulticast
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps syslog
snmp-server host 10.5.1.24 version 2c 4500-TB1
snmp-server host 10.28.18.6 version 2c public
snmp-server host 10.29.9.11 version 2c public udp-port 9898 config
snmp-server host 10.29.9.9 version 2c public
snmp-server host 50.1.1.1 version 2c public
snmp-server host 50.1.1.1 version 2c public udp-port 9876
snmp-server manager
!
radius-server dead-criteria time 60
radius-server host 10.29.9.12 auth-port 1645 acct-port 1646 test username test
radius-server key cisco123
radius-server vsa send accounting
radius-server vsa send authentication
alias configure cdb do clear ip dhcp binding *
alias configure sdb do sh ip dhcp binding
alias configure sds do sh ip dhcp server statis
alias configure cdss do clear ip dhcp server statis
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 0 0
password lab
line vty 5 10
exec-timeout 0 0
password lab
line vty 11 15
!
!
monitor session 1 source vlan 3201 , 3401
monitor session 1 filter packet-type good rx
monitor session 1 filter ip access-group 199
monitor session 2 source interface Po41
monitor session 2 destination remote vlan 990
monitor session 2 filter packet-type good rx
ntp clock-period 17254830
mac address-table notification mac-move
end
