Campus Switch Deployed as an Aggregation for VLANs Configuration Example

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m (1 revision)
Line 1,140: Line 1,140:
<!--List links to related information-->
<!--List links to related information-->
-
[[Category: Configuration Examples]]
+
[[Category:Switching Configuration Examples]]

Revision as of 04:36, 17 August 2010

Contents

Introduction

This example shows the configuration of a campus switch (Catalyst 4K) deployed as an aggregation for VLANs.

Configuration Description

This configuration includes features typically enabled in a campus environment, including:

  • DHCP
  • VLANs
  • AAA (RADIUS)
  • Spanning tree
  • Flexible netflow
  • Multicast
  • BGP
  • OSPF
  • PBR
  • QoS
  • Access lists
  • Port channel

Show running-config

Building configuration...

Current configuration : 32318 bytes
!
! Last configuration change at 00:11:40 EDT Wed Jun 16 2010 by nsite
! NVRAM config last updated at 00:02:07 EDT Wed Jun 16 2010
!
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service compress-config
!
hostname 4507-CC0702
!
boot-start-marker
boot system slot0:XO.EFT2.4
boot-end-marker
!
logging buffered 20000000
logging rate-limit 10000
no logging console
no logging cns-events
enable password xxx
!
username nsite password 0 xxx
username itcampus password 0 xxx 
!
!
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius 
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius
!
!
!
aaa session-id common
clock timezone EDT -4
!
flow record myFirstTry
 match ipv4 source address
 match ipv4 destination address
 collect counter bytes
!
!
flow exporter iosha-lnx6
 destination 10.5.1.24
!
!
flow monitor myFirstMonitor
 record myFirstTry
 exporter iosha-lnx6
!
ip subnet-zero
no ip domain-lookup
ip domain-name cisco.com
ip host linden 10.5.1.4
ip host stubbs 10.5.1.3
ip vrf Liin-intf
!
ip vrf mgmtVrf
!
ip multicast-routing 
ip dhcp snooping vlan 3201-3240
ip dhcp excluded-address 140.20.1.1 140.20.1.99
ip dhcp excluded-address 140.20.2.1 140.20.2.99
ip dhcp excluded-address 140.20.3.1 140.20.3.99
ip dhcp excluded-address 140.20.4.1 140.20.4.99
ip dhcp excluded-address 140.20.5.1 140.20.5.99
ip dhcp excluded-address 140.20.6.1 140.20.6.99
ip dhcp excluded-address 140.20.7.1 140.20.7.99
ip dhcp excluded-address 140.20.8.1 140.20.8.99
ip dhcp excluded-address 140.20.9.1 140.20.9.99
ip dhcp excluded-address 140.20.10.1 140.20.10.99
ip dhcp excluded-address 140.20.11.1 140.20.11.99
ip dhcp excluded-address 140.20.12.1 140.20.12.99
ip dhcp excluded-address 140.20.13.1 140.20.13.99
ip dhcp excluded-address 140.20.14.1 140.20.14.99
ip dhcp excluded-address 140.20.15.1 140.20.15.99
ip dhcp excluded-address 140.20.16.1 140.20.16.99
ip dhcp excluded-address 140.20.17.1 140.20.17.99
ip dhcp excluded-address 140.20.18.1 140.20.18.99
ip dhcp excluded-address 140.20.19.1 140.20.19.99
ip dhcp excluded-address 140.20.20.1 140.20.20.99
ip dhcp excluded-address 140.20.21.1 140.20.21.99
ip dhcp excluded-address 140.20.22.1 140.20.22.99
ip dhcp excluded-address 140.20.23.1 140.20.23.99
ip dhcp excluded-address 140.20.24.1 140.20.24.99
ip dhcp excluded-address 140.20.25.1 140.20.25.99
ip dhcp excluded-address 140.20.26.1 140.20.26.99
ip dhcp excluded-address 140.20.27.1 140.20.27.99
ip dhcp excluded-address 140.20.28.1 140.20.28.99
ip dhcp excluded-address 140.20.29.1 140.20.29.99
ip dhcp excluded-address 140.20.30.1 140.20.30.99
ip dhcp excluded-address 140.20.31.1 140.20.31.99
ip dhcp excluded-address 140.20.32.1 140.20.32.99
ip dhcp excluded-address 140.20.33.1 140.20.33.99
ip dhcp excluded-address 140.20.34.1 140.20.34.99
ip dhcp excluded-address 140.20.35.1 140.20.35.99
ip dhcp excluded-address 140.20.36.1 140.20.36.99
ip dhcp excluded-address 140.20.37.1 140.20.37.99
ip dhcp excluded-address 140.20.38.1 140.20.38.99
ip dhcp excluded-address 140.20.39.1 140.20.39.99
ip dhcp excluded-address 140.20.40.1 140.20.40.99
ip dhcp excluded-address 140.20.1.254
ip dhcp excluded-address 140.20.2.254
ip dhcp excluded-address 140.20.3.254
ip dhcp excluded-address 140.20.4.254
ip dhcp excluded-address 140.20.5.254
ip dhcp excluded-address 140.20.6.254
ip dhcp excluded-address 140.20.7.254
ip dhcp excluded-address 140.20.8.254
ip dhcp excluded-address 140.20.9.254
ip dhcp excluded-address 140.20.10.254
ip dhcp excluded-address 140.20.11.254
ip dhcp excluded-address 140.20.12.254
ip dhcp excluded-address 140.20.13.254
ip dhcp excluded-address 140.20.14.254
ip dhcp excluded-address 140.20.15.254
ip dhcp excluded-address 140.20.16.254
ip dhcp excluded-address 140.20.17.254
ip dhcp excluded-address 140.20.18.254
ip dhcp excluded-address 140.20.19.254
ip dhcp excluded-address 140.20.20.254
ip dhcp excluded-address 140.20.21.254
ip dhcp excluded-address 140.20.22.254
ip dhcp excluded-address 140.20.23.254
ip dhcp excluded-address 140.20.24.254
ip dhcp excluded-address 140.20.25.254
ip dhcp excluded-address 140.20.26.254
ip dhcp excluded-address 140.20.27.254
ip dhcp excluded-address 140.20.28.254
ip dhcp excluded-address 140.20.29.254
ip dhcp excluded-address 140.20.30.254
ip dhcp excluded-address 140.20.31.254
ip dhcp excluded-address 140.20.32.254
ip dhcp excluded-address 140.20.33.254
ip dhcp excluded-address 140.20.34.254
ip dhcp excluded-address 140.20.35.254
ip dhcp excluded-address 140.20.36.254
ip dhcp excluded-address 140.20.37.254
ip dhcp excluded-address 140.20.38.254
ip dhcp excluded-address 140.20.39.254
ip dhcp excluded-address 140.20.40.254
no ip dhcp ping packets
!
ip dhcp pool vl341
   network 140.20.1.0 255.255.255.0
   default-router 140.20.1.3 
   domain-name cisco.com
!
ip dhcp pool vl342
   network 140.20.2.0 255.255.255.0
   default-router 140.20.2.3 
   domain-name cisco.com
!
ip dhcp pool vl343
   network 140.20.3.0 255.255.255.0
   default-router 140.20.3.3 
   domain-name cisco.com
!
ip dhcp pool vl344
   network 140.20.4.0 255.255.255.0
   default-router 140.20.4.3 
   domain-name cisco.com
!
ip dhcp pool vl345
   network 140.20.5.0 255.255.255.0
   default-router 140.20.5.3 
   domain-name cisco.com
!
ip dhcp pool vl346
   network 140.20.6.0 255.255.255.0
   default-router 140.20.6.3 
   domain-name cisco.com
!
ip dhcp pool vl347
   network 140.20.7.0 255.255.255.0
   default-router 140.20.7.3 
   domain-name cisco.com
!
ip dhcp pool vl348
   network 140.20.8.0 255.255.255.0
   default-router 140.20.8.3 
   domain-name cisco.com
!
ip dhcp pool vl349
   network 140.20.9.0 255.255.255.0
   default-router 140.20.9.3 
   domain-name cisco.com
!
ip dhcp pool vl3410
   network 140.20.10.0 255.255.255.0
   default-router 140.20.10.3 
   domain-name cisco.com
!
ip dhcp pool vl3411
   network 140.20.11.0 255.255.255.0
   default-router 140.20.11.3 
   domain-name cisco.com
!
ip dhcp pool vl3412
   network 140.20.12.0 255.255.255.0
   default-router 140.20.12.3 
   domain-name cisco.com
!
ip dhcp pool vl3413
   network 140.20.13.0 255.255.255.0
   default-router 140.20.13.3 
   domain-name cisco.com
!
ip dhcp pool vl3414
   network 140.20.14.0 255.255.255.0
   default-router 140.20.14.3 
   domain-name cisco.com
!
ip dhcp pool vl3415
   network 140.20.15.0 255.255.255.0
   default-router 140.20.15.3 
   domain-name cisco.com
!
ip dhcp pool vl3416
   network 140.20.16.0 255.255.255.0
   default-router 140.20.16.3 
   domain-name cisco.com
!
ip dhcp pool vl3417
   network 140.20.17.0 255.255.255.0
   default-router 140.20.17.2 
   domain-name cisco.com
!
ip dhcp pool vl3418
   network 140.20.18.0 255.255.255.0
   default-router 140.20.18.2 
   domain-name cisco.com
!
ip dhcp pool vl3419
   network 140.20.19.0 255.255.255.0
   default-router 140.20.19.2 
   domain-name cisco.com
!
ip dhcp pool vl3420
   network 140.20.20.0 255.255.255.0
   default-router 140.20.20.2 
   domain-name cisco.com
!
ip dhcp pool vl3421
   network 140.20.21.0 255.255.255.0
   default-router 140.20.21.2 
   domain-name cisco.com
!
ip dhcp pool vl3422
   network 140.20.22.0 255.255.255.0
   default-router 140.20.22.2 
   domain-name cisco.com
!
ip dhcp pool vl3423
   network 140.20.23.0 255.255.255.0
   default-router 140.20.23.2 
   domain-name cisco.com
!
ip dhcp pool vl3424
   network 140.20.24.0 255.255.255.0
   default-router 140.20.24.2 
   domain-name cisco.com
!
ip dhcp pool vl3425
   network 140.20.25.0 255.255.255.0
   default-router 140.20.25.2 
   domain-name cisco.com
!
ip dhcp pool vl3426
   network 140.20.26.0 255.255.255.0
   default-router 140.20.26.2 
   domain-name cisco.com
!
ip dhcp pool vl3427
   network 140.20.27.0 255.255.255.0
   default-router 140.20.27.2 
   domain-name cisco.com
!
ip dhcp pool vl3428
   network 140.20.28.0 255.255.255.0
   default-router 140.20.28.2 
   domain-name cisco.com
!
ip dhcp pool vl3429
   network 140.20.29.0 255.255.255.0
   default-router 140.20.29.2 
   domain-name cisco.com
!
ip dhcp pool vl3430
   network 140.20.30.0 255.255.255.0
   default-router 140.20.30.2 
   domain-name cisco.com
!
ip dhcp pool vl3431
   network 140.20.31.0 255.255.255.0
   default-router 140.20.31.2 
   domain-name cisco.com
!
ip dhcp pool vl3432
   network 140.20.32.0 255.255.255.0
   default-router 140.20.32.2 
   domain-name cisco.com
!
ip dhcp pool vl3433
   network 140.20.33.0 255.255.255.0
   default-router 140.20.33.2 
   domain-name cisco.com
!
ip dhcp pool vl3434
   network 140.20.34.0 255.255.255.0
   default-router 140.20.34.2 
   domain-name cisco.com
!
ip dhcp pool vl3435
   network 140.20.35.0 255.255.255.0
   default-router 140.20.35.2 
   domain-name cisco.com
!
ip dhcp pool vl3436
   network 140.20.36.0 255.255.255.0
   default-router 140.20.36.2 
   domain-name cisco.com
!
ip dhcp pool vl3437
   network 140.20.37.0 255.255.255.0
   default-router 140.20.37.2 
   domain-name cisco.com
!
ip dhcp pool vl3438
   network 140.20.38.0 255.255.255.0
   default-router 140.20.38.2 
   domain-name cisco.com
!
ip dhcp pool vl3439
   network 140.20.39.0 255.255.255.0
   default-router 140.20.39.2 
   domain-name cisco.com
!
ip dhcp pool vl3440
   network 140.20.40.0 255.255.255.0
   default-router 140.20.40.2 
   domain-name cisco.com
!
!
vtp domain nsite
vtp mode transparent
!
!
!
dot1x system-auth-control
dot1x guest-vlan supplicant
errdisable recovery cause pagp-flap
errdisable recovery interval 30
power redundancy-mode redundant
!
mac access-list extended macs
 permit host 0001.0001.0001 any
 permit host 0002.0002.0002 any
 permit host 0021.d8cd.cf7f any
!
!
!
file prompt noisy
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
spanning-tree vlan 1,3400-3450 priority 24576
plogd kernel-debug
exception coredump
exception coredump maximum-files 5
!
redundancy
 mode sso
!
vlan internal allocation policy ascending
!
vlan 21,29,40 
!
vlan 50
 name SNMP2
!
vlan 990
 remote-span
!
vlan 3201-3240,3401-3440,4000-4003 
lldp run
!
ip ftp source-interface Vlan29
ip ftp username nsite
ip ftp password lab
!
class-map match-all macs
  match access-group name macs
class-map match-all dbl
  match cos  1 
!
policy-map macs
 class macs
   set cos 1
    police 1000000 320000
policy-map dbl
 class dbl
    bandwidth percent 30
    dbl
!
!
!
interface Loopback4
 ip address 4.4.4.4 255.255.255.255
 ip pim sparse-dense-mode
!
interface Port-channel12
 switchport
!
interface Port-channel31
 switchport
!
interface Port-channel41
 switchport
 switchport trunk allowed vlan 990,3401-3440
 switchport mode dynamic desirable
 ip flow monitor myFirstMonitor input
!
interface Port-channel60
 ip address 140.10.40.14 255.255.255.252
 ip ospf message-digest-key 200 md5 IT-NOVA
 load-interval 30
 speed 1000
 duplex full
 ntp broadcast client
!
interface Port-channel61
 ip address 140.10.40.6 255.255.255.252
 ip pim sparse-dense-mode
 ip ospf message-digest-key 200 md5 IT-NOVA
 ip ospf cost 10
 load-interval 30
!
interface GigabitEthernet1/1
 switchport trunk allowed vlan 990,3401-3440
 switchport mode dynamic desirable
 ip flow monitor myFirstMonitor input
 channel-group 41 mode active
 ip dhcp snooping trust
!
interface GigabitEthernet1/2
 switchport trunk allowed vlan 990,3401-3440
 switchport mode dynamic desirable
 ip flow monitor myFirstMonitor input
 channel-group 41 mode active
 ip dhcp snooping trust
!
interface GigabitEthernet1/3
 switchport trunk allowed vlan 990,3401-3440
 switchport mode dynamic desirable
 ip flow monitor myFirstMonitor input
 channel-group 41 mode active
 ip dhcp snooping trust
!
interface GigabitEthernet1/4
 switchport trunk allowed vlan 990,3401-3440
 switchport mode dynamic desirable
 ip flow monitor myFirstMonitor input
 channel-group 41 mode active
 ip dhcp snooping trust
!
switchport trunk allowed vlan 990,3201-3240,3401-3440
 switchport mode trunk
 udld port aggressive
 channel-group 12 mode active
!
interface GigabitEthernet1/14
 switchport trunk allowed vlan 990,3201-3240,3401-3440
 switchport mode trunk
 udld port aggressive
 channel-group 12 mode active
!
interface GigabitEthernet1/15
 switchport trunk allowed vlan 990,3201-3240,3401-3440
 switchport mode trunk
 udld port aggressive
 channel-group 12 mode active
!
interface GigabitEthernet1/16
 switchport trunk allowed vlan 990,3201-3240,3401-3440
 switchport mode trunk
 udld port aggressive
 channel-group 12 mode active
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/33
 no switchport
 no ip address
 speed 1000
 duplex full
 channel-group 60 mode desirable
!
interface GigabitEthernet1/34
 no switchport
 no ip address
 speed 1000
 duplex full
 channel-group 60 mode desirable
!
interface GigabitEthernet1/35
 no switchport
 no ip address
 speed 1000
 duplex full
 channel-group 60 mode desirable
!
interface GigabitEthernet1/36
 no switchport
 no ip address
 speed 1000
 duplex full
 channel-group 60 mode desirable
!
interface GigabitEthernet1/37
 switchport access vlan 20
 switchport mode access
 switchport voice vlan 21
 switchport port-security maximum 6
 switchport port-security
 switchport port-security violation restrict
 authentication event fail retry 3 action authorize vlan 4000
 authentication event server dead action authorize vlan 4002
 authentication event no-response action authorize vlan 4001
 authentication event server alive action reinitialize
 authentication host-mode multi-host
 authentication order dot1x mab webauth
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate 120
 mab eap
 dot1x pae authenticator
 dot1x timeout server-timeout 10
 dot1x timeout tx-period 15
 dot1x timeout supp-timeout 5
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/48
 description MANAGEMENT PORT
 switchport access vlan 29
 switchport mode access
!
interface TenGigabitEthernet3/1
 shutdown
!
!
interface GigabitEthernet7/1
 no switchport
 no ip address
 channel-group 61 mode desirable
!
interface GigabitEthernet7/2
 no switchport
 no ip address
 channel-group 61 mode desirable
!
interface GigabitEthernet7/3
 no switchport
 no ip address
 channel-group 61 mode desirable
!
interface GigabitEthernet7/4
 no switchport
 no ip address
 channel-group 61 mode desirable
!
interface GigabitEthernet7/5
!
interface GigabitEthernet7/6
!
interface GigabitEthernet7/7
!
interface GigabitEthernet7/8
!
interface GigabitEthernet7/9
!
interface GigabitEthernet7/10
!
interface GigabitEthernet7/11
!
interface GigabitEthernet7/12
!
interface GigabitEthernet7/13
!
interface GigabitEthernet7/14
!
interface GigabitEthernet7/15
 description SNMP2
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet7/16
!
interface GigabitEthernet7/39
 switchport trunk allowed vlan 3201-3240
 switchport mode dynamic desirable
 channel-group 31 mode active
!
interface GigabitEthernet7/40
 switchport trunk allowed vlan 3201-3240
 switchport mode dynamic desirable
 channel-group 31 mode active
!
!
interface Vlan1
 no ip address
!
interface Vlan29
 description MANAGEMENT PORT
 ip address 10.29.7.2 255.255.0.0
!
interface Vlan50
 ip address 50.1.7.2 255.0.0.0
!
interface Vlan3201
 ip address 140.20.101.1 255.255.255.0
 ip pim dr-priority 0
 ip ospf cost 50
!
interface Vlan3202
 ip address 140.20.102.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3203
 ip address 140.20.103.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3204
 ip address 140.20.104.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3205
 ip address 140.20.105.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3206
 ip address 140.20.106.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3207
 ip address 140.20.107.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3208
 ip address 140.20.108.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3209
 ip address 140.20.109.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3210
 ip address 140.20.110.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3211
 ip address 140.20.111.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3212
 ip address 140.20.112.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3213
 ip address 140.20.113.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3214
 ip address 140.20.114.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3215
 ip address 140.20.115.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3216
 ip address 140.20.116.1 255.255.255.0
 ip ospf cost 50
!
interface Vlan3401
 ip address 140.20.1.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3402
 ip address 140.20.2.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3403
 ip address 140.20.3.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3404
 ip address 140.20.4.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3405
 ip address 140.20.5.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3406
 ip address 140.20.6.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3407
 ip address 140.20.7.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3408
 ip address 140.20.8.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3409
 ip address 140.20.9.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3410
 ip address 140.20.10.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3411
 ip address 140.20.11.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3412
 ip address 140.20.12.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3413
 ip address 140.20.13.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3414
 ip address 140.20.14.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3415
 ip address 140.20.15.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3416
 ip address 140.20.16.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3417
 ip address 140.20.17.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3418
 ip address 140.20.18.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3419
 ip address 140.20.19.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3420
 ip address 140.20.20.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3421
 ip address 140.20.21.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3422
 ip address 140.20.22.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3423
 ip address 140.20.23.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3424
 ip address 140.20.24.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3425
 ip address 140.20.25.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3426
 ip address 140.20.26.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3427
 ip address 140.20.27.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3428
 ip address 140.20.28.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3429
 ip address 140.20.29.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3430
 ip address 140.20.30.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
!
interface Vlan3431
 ip address 140.20.31.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3432
 ip address 140.20.32.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3433
 ip address 140.20.33.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3434
 ip address 140.20.34.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3435
 ip address 140.20.35.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3436
 ip address 140.20.36.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3437
 ip address 140.20.37.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3438
 ip address 140.20.38.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3439
 ip address 140.20.39.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
interface Vlan3440
 ip address 140.20.40.1 255.255.255.0
 ip pim passive
 ip policy route-map pbr
 ip igmp version 3
!
router ospf 300
 ispf
 log-adjacency-changes
 timers throttle spf 5 5000 90000
 passive-interface Vlan3201
 passive-interface Vlan3202
 passive-interface Vlan3203
 passive-interface Vlan3204
 passive-interface Vlan3205
 passive-interface Vlan3206
 passive-interface Vlan3207
 passive-interface Vlan3208
 passive-interface Vlan3209
 passive-interface Vlan3210
 passive-interface Vlan3211
 passive-interface Vlan3212
 passive-interface Vlan3213
 passive-interface Vlan3214
 passive-interface Vlan3215
 passive-interface Vlan3216
 passive-interface Vlan3401
 passive-interface Vlan3402
 passive-interface Vlan3403
 passive-interface Vlan3404
 passive-interface Vlan3405
 passive-interface Vlan3406
 passive-interface Vlan3407
 passive-interface Vlan3408
 passive-interface Vlan3409
 passive-interface Vlan3410
 passive-interface Vlan3411
 passive-interface Vlan3412
 passive-interface Vlan3413
 passive-interface Vlan3414
 passive-interface Vlan3415
 passive-interface Vlan3416
 network 4.4.4.4 0.0.0.0 area 1
 network 140.10.40.4 0.0.0.3 area 1
 network 140.10.40.12 0.0.0.3 area 1
 network 140.20.0.0 0.0.255.255 area 1
 distribute-list prefix Block30Net in
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 no auto-summary
!
ip route 10.0.0.0 255.0.0.0 10.29.0.1
ip route 140.100.40.0 255.255.255.0 140.10.40.13
ip route 172.18.135.211 255.255.255.255 172.18.135.1
ip http server
no ip http secure-server
!
ip pim bidir-enable
ip pim rp-address 20.10.7.1 ANYCAST
no ip pim dm-fallback
ip pim ssm range SSM
ip mroute 141.101.1.0 255.255.255.0 140.10.40.5
!
ip access-list standard ANYCAST
 permit 238.0.0.0 0.0.255.255
ip access-list standard BIDIR
 permit 238.1.0.0 0.0.255.255
 permit 239.0.0.0 0.0.0.255
ip access-list standard SSM
 permit 238.2.0.0 0.0.255.255
!
!
!
ip prefix-list Block30Net seq 5 deny 30.0.0.0/12 le 24
ip prefix-list Block30Net seq 10 deny 30.16.0.0/12 le 24
ip prefix-list Block30Net seq 15 deny 30.32.0.0/12 le 24
ip prefix-list Block30Net seq 20 permit 0.0.0.0/0 le 32
logging trap errors
logging facility local4
logging source-interface Vlan29
logging 10.5.1.21
logging 10.5.1.4
logging 10.29.9.13
access-list 100 permit ip 140.20.1.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.2.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.4.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.5.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.6.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.7.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.8.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.9.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.10.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.11.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.12.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.13.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.14.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.15.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.16.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.17.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.18.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.19.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.20.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.21.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.22.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.23.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.24.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.25.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.26.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.27.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.28.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.29.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.30.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.31.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.32.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.33.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.34.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.35.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.36.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 100 permit ip 140.20.40.0 0.0.0.255 40.0.0.0 0.0.255.255
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any host 140.100.40.101
access-list 102 permit udp any any eq 5060
access-list 102 permit udp any eq 5060 any
access-list 102 permit tcp any eq 1755 any
access-list 103 permit tcp any any eq smtp
access-list 103 permit tcp any eq smtp any
access-list 103 permit tcp any eq www any
access-list 184 permit udp any any eq 1010 dscp cs4
access-list 184 permit udp any eq 1010 any dscp cs4
access-list 184 permit udp any any eq 2001
access-list 185 permit udp any eq 2001 any dscp ef
access-list 185 permit udp any any range 16384 32768
access-list 185 permit udp any range 1024 1100 any dscp ef
access-list 185 permit udp any any eq 2001 dscp ef
access-list 187 permit udp any eq 554 any
access-list 199 permit ip host 1.2.3.4 host 5.6.7.8
access-list 199 permit ip 140.101.0.0 0.0.255.255 140.20.0.0 0.0.255.255
!
route-map teet permit 10
!
route-map pbr permit 100
 match ip address 100
 set interface Port-channel61
!
snmp-server community 4500-TB1 RO
snmp-server community public RW
snmp-server trap timeout 45
snmp-server packetsize 512
snmp-server location RTP
snmp-server contact IOSHA
snmp-server chassis-id SANITY
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server enable traps memory
snmp-server enable traps cpu_threshold
snmp-server enable traps rf
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps entity
snmp-server enable traps flash insertion removal
snmp-server enable traps storm-control trap-rate 1
snmp-server enable traps bgp
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps ipmulticast
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps syslog
snmp-server host 10.5.1.24 version 2c 4500-TB1 
snmp-server host 10.28.18.6 version 2c public 
snmp-server host 10.29.9.11 version 2c public udp-port 9898  config
snmp-server host 10.29.9.9 version 2c public 
snmp-server host 50.1.1.1 version 2c public 
snmp-server host 50.1.1.1 version 2c public udp-port 9876 
snmp-server manager
!
radius-server dead-criteria time 60
radius-server host 10.29.9.12 auth-port 1645 acct-port 1646 test username test
radius-server key cisco123
radius-server vsa send accounting
radius-server vsa send authentication
alias configure cdb do clear ip dhcp binding *
alias configure sdb do sh ip dhcp binding
alias configure sds do sh ip dhcp server statis
alias configure cdss do clear ip dhcp server statis
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password lab
line vty 5 10
 exec-timeout 0 0
 password lab
line vty 11 15
!
!
monitor session 1 source vlan 3201 , 3401
monitor session 1 filter packet-type good rx
monitor session 1 filter ip access-group 199
monitor session 2 source interface Po41
monitor session 2 destination remote vlan 990 
monitor session 2 filter packet-type good rx
ntp clock-period 17254830
mac address-table notification mac-move
end

Related Information

Technical Support & Documentation - Cisco Systems

Rating: 0.0/5 (0 votes cast)

Personal tools