23

int f0/0
no sh
int f0/1
no sh
int s0/0/0
no sh
int s0/0/1
no sh
ip cef
ipv multicast-routing
ipv cef
sw1
int range f0/1 - 2
swi port-sec
swi port-sec maxim 1
swi port-sec vioaltion shutd
swi port-sec mac-add sticky
no sh
exit
int range f0/6 - 9, f0/11 - 18 , gi0/1 - 2

swi mo acc
swi acc vlan 999
sh
exit
vlan dot nati tag

port-chann load-ba src-dst-mac
spann mode rapid-pv

spann vlan 1-4094 priority 0
INT F0/10
spann bpdufilter enable
int range f0/19 - 20

channel-gro 14 mode active
SW2
vlan dot nati tag
spann mode rapid-pv
INT F0/10
int range f0/6 - 9, f0/11 - 18 , gi0/1 - 2

swi mo acc
swi acc vlan 999
sh
exit
Ssw3
vlan dot nati tag
INT F0/10
int range f0/1 - 9, f0/11 - 18 , gi0/1 - 2
swi mo acc
swi acc vlan 999
sh
exit
SW4
vlan dot nati tag
int range f0/6 - 9, f0/11 - 18 , gi0/1 - 2
swi mo acc
swi acc vlan 999
sh
exit

SW3
ip access-l ext V500
permit tcp a eq www a
per tcp a a eq www
per icmp a a
per tcp a eq smtp a
per tcp a a eq smtp
per udp a eq domain a
per udp a a eq domain
exit
vlan access-map ALLOW

action forward
match ip add V500
exit
vlan filter ALLOW vlan-list 500
int range f0/1 - 5

swi mo acc
swi acc vlan 500
swi multicast block
swi unicast bloc
swi protected
swi portfast
no sh
SW4
int range f0/1 - 5

swi mo acc
swi acc vlan 500
swi portfast
spann portfas bpdugu de
errdis reco caus bpdugua

errdis reco inter 360
sh run | i monitor|guard|portfast|bpdu|arp|snooping
default int ran f1/0/1 - 24
int range f1/0/19 - 24

swi tru encap dot
swi mo tru
swi noneg
no sh
exit
interface FastEthernet0/2
no switchport
ip address 172.16.27.7 255.255.255.0
vtp mode server

vtp mo tra
vtp ver 2
vtp password cisco
vtp domain CCIE
vtp mode client
no sh
!
interface FastEthernet0/3
no switchport
ip address 172.16.37.7 255.255.255.0
no sh
vlan 16
name VLAN_16_R1-SW1
vlan 18
name VLAN_18_R1-SW3
vlan 28
name VLAN_28_R2-SW3
vlan 36
name VLAN_36_R3-SW1
vlan 45
name VLAN_45_R4-R5
vlan 68
name VLAN_68_SW1-SW3
vlan 69
vlan 89
vlan 100
name VLAN_100_BB1
vlan 200
name VLAN_200_BB2
vlan 300
name VLAN_300_BB3
vlan 500
name VLAN_500_Clients
vlan 999
name Unused_Ports
SW1
int f0/1
swi mo acc
swi acc vlan 16
no sh
exit
int f0/2
swi mo acc
swi acc vlan 28
no sh
exit
int f0/3
swi mo acc
swi acc vlan 36
no sh
exit
int f0/4
swi mo acc
swi acc vlan 100
no sh
exit
int f0/5
swi mo acc
swi acc vlan 200
no sh
exit
int f0/10
swi mo acc
swi acc vlan 100
no sh
exit
vlan 16
name VLAN_16_R1-SW1
vlan 18
name VLAN_18_R1-SW3
vlan 28
name VLAN_28_R2-SW3
vlan 36
name VLAN_36_R3-SW1
vlan 45
name VLAN_45_R4-R5
vlan 68
vlan 69
vlan 89
vlan 100
name VLAN_100_BB1
vlan 200
name VLAN_200_BB2
vlan 300
name VLAN_300_BB3
vlan 500
name VLAN_500_Clients
vlan 999
name Unused_Ports
SW1
spann mode rapid-p

sSW2
spann mode rapid-p
SW1- 4
vlan dot tag nati
int range f1/0/6 - 9 , f1/0/11 - 18 , g0/1 - 2
swi mod acc
sw acc vlan 999
sh
exit
swi tr
int f0/1
swi mo acc
swi acc vlan 18
no sh
exit
int f0/4
swi mo acc
swi acc vlan 45
no sh
exit
int f0/5
swi mo acc
swi acc vlan 45
no sh
exit
int f0/10
swi mo acc
swi acc vlan 200
no sh
exit
int range f0/1 - 2

swi port-secu
swi port-secu maximum 1
swi port-secu violation shutdown
swi port-secu mac-add stic
no sh
exit
int f0/10
spann bpdufil enable
int f0/18
sw acc vlan 500
sw port-sec
sw port-sec mac-add
swi port-sec violation shutdown
exit
errdisable recovery cause psecure-violation
errdisable recov interval 600
vlan 2000
private-vlan comm
vlan 500
private-vlan primary
private-vlan association
int f0/18
no swi access-vlan 500
swi private-vlan promi
swi mo private-vlan mapp 500 2000
no sh
no swi access-vlan 999
swi private-vlan comm
swi mo private-vlan host-assoc 500 2000
swi mo private-vlan host
no sh
R5
frame-rel switch
int s0/0/0
encap fram
fram intf-type dce
int s0/0/0.100 point-to-point
fram interface-dlci 100

exit
R1
int s0/0/0
encap fram

exit
int s0/0/0
encap fram
fram map ip 10.54.14.1 200
fram map ip 10.54.14.4 200 br
exit
R4
fram sw
int s0/0/0
encap fram
fram intf-type dce
fram map ip 10.54.14.1 200 br
fram map ip 10.54.14.4 200
exit
int s0/0/1
encap fram
fram intf-type dce
fram map ip 10.54.24.4 154
fram map ip 10.54.24.2 154 br
exit
R2
int s0/0/1
encap fram
fram map ip 10.54.24.4 154 br
fram map ip 10.54.24.2 154
exit
R1
ip cef
mpls label protocol ldp
mpls router-id loo0 force
router ospf 100
router-id 154.1.1.1
net 10.154.16.1 0.0.0.0 ar 1
net 10.154.15.1 0.0.0.0 ar 1
net 154.1.1.1 0.0.0.0 ar 1
area 1 nssa
INT F0/0
ip ospf priority 0
int s0/0/1.100
mpls ip
int s0/0/1.54
mpls ip
R5
ip cef
router ospf 100
router-id 154.5.5.5
net 10.154.35.5 0.0.0.0 ar 1
net 10.154.15.5 0.0.0.0 ar 1
net 154.5.5.5 0.0.0.0 ar 1
area 1 nssa
int s0/0/1
mpls ip
int s0/0/0.100
mpls ip
int s0/0/0.54
mpls ip
R3
ip cef
router ospf 100
router-id 154.3.3.3
net 10.154.35.3 0.0.0.0 ar 1
net 10.154.36.3 0.0.0.0 ar 1
net 154.3.3.3 0.0.0.0 ar 1
area 1 nssa
INT F0/0
ip ospf priority 0
int s0/0/0
mpls ip
SW1
ip routing
router ospf 100
router-id 154.6.6.6
net 10.154.36.6 0.0.0.0 ar 1
net 10.154.16.6 0.0.0.0 ar 1
net 10.154.68.6 0.0.0.0 ar 0
net 154.6.6.6 0.0.0.0 ar 0
area 1 nssa default-information-originate
int vlan 36
ip ospf priority 255
int vlan 68
int vlan 16
ip prefix-list fv5 deny 10.154.188.0/24

ip prefix-li fv5 permit 0.0.0.0/0 le 32
router ospf 100

area 0 filter-list prefix fv5 out
exit
SW3
ip routing
router ospf 100
router-id 154.8.8.8
net 10.154.68.8 0.0.0.0 ar 0
net 154.8.8.8 0.0.0.0 ar 0
net 10.154.188.8 0.0.0.0 ar 500
passive-int vlan 500
ip prefix-list fv5 deny 10.154.188.0/24

ip prefix-li fv5 permit 0.0.0.0/0 le 32
router ospf 100

area 0 filter-list prefix fv5 out
exit
SW4
router eigrp 100

net 150.3.54.1 0.0.0.0
no auto
SW3
router eigrp 54
net 10.54.28.8 0.0.0.0
net 10.54.18.8 0.0.0.0
no auto
exit
R1
ip cef
router eigrp 54
net 10.54.18.1 0.0.0.0
net 10.54.14.1 0.0.0.0
net 10.54.15.1 0.0.0.0
no auto
distance eigrp 90 100
exit
int s0/0/0
mpls ip
int s0/0/1.54
mpls ip
R5
ip cef
router eigrp 54
net 10.54.45.5 0.0.0.0

net 10.54.15.5 0.0.0.0
no auto
redistribute ospf 100 metric 10000 100 255 1 1500
exit
router ospf 100

redistribute eigrp 54 subnet
exit
int s0/0/0.100
mpls ip
ip ospf cost 2000
int f0/1
mpls ip
R4
ip cef
router eigrp 54
net 10.54.45.4 0.0.0.0
net 10.54.14.4 0.0.0.0
net 10.54.24.4 0.0.0.0
net 154.4.4.4 0.0.0.0
no auto
exit
int s0/0/1
mpls ip
int s0/0/0
mpls ip
int f0/0
mpls ip
R2
ip cef
router eigrp 54
net 10.54.24.2 0.0.0.0
net 10.54.28.2 0.0.0.0
net 154.2.2.2 0.0.0.0

no auto
exit
int s0/0/0
mpls ip
RIP
SW4
ip routing
router rip
ver 2
net 10.0.0.0
net 154.0.0.0
passive-int default
no passive int vlan 69
no passive int loo0
no auto
redistribute eigrp metric 3
exit
router eigrp 100
redistribute rip metric 10000 100 255 1 1500
SW3
router rip
ver 2
net 10.0.0.0
passive-int default
no auto
exit
SW1
router rip
ver 2
net 10.0.0.0
passive-int default
resitribute ospf metric 10
no auto
exit
R2
router bgp 54
bgp router-id 154.2.2.2
no bgp default ipv4-unicast
neig 154.1.1.1 remote-as 54
neig 154.1.1.1 update-source lo0
neig 154.1.1.1 transport connection-mode passive
neig 154.1.1.1 password cisco
addr ipv4
neig 154.1.1.1 activate
neig 154.1.1.1 send-community
no sync
no auto
exit
R4
router bgp 54
addr ipv4
no sync
no auto
exit
R5
router bgp 54
addr ipv4
no sync
no auto
exit
R3
router bgp 54
addr ipv4
no sync
no auto
exit
SW1
router bgp 54
addr ipv4
no sync
no auto
exit
SW3
router bgp 54
addr ipv4
no sync
no auto
exit
R1
router bgp 54
neig IBGP peer-group
neig IBGP remote-as 54
neig IBGP update-source lo0
neig IBGP transport connection-mode active
neig IBGP pass cisco
neig 154.2.2.2 peer-group IBGP
address ipv4
neig IBGP send-comm
neig IBGP route-reflector-cli
no sync
no auto
exit
R5
router bgp 54
neig 150.2.54.254 remote-as 254
addres ipv4
neig 150.2.54.254 route-map PREPEND
neig 154.1.1.1 next-hop-self
exit
exit
route-map PREPEND
set as-path prepend 253
exit
R4
router bgp 54
neig 150.1.54.254 remote-as 254
addres ipv4
neig 150.1.54.254 route-map LOC
exit
exit
route-map LOC
set local-pre 200
SW1 & SW3 if doing with lo0
router bgp 54
neig 154.9.9.9 update-source loo0
neig 154.9.9.9 ebgp multi-hop 2
addr ipv4
no sync
no auto
exit
router bgp 54
addr ipv4
no sync
no auto
exit
SW3
router bgp 54
addr ipv4
no sync
no auto
exit
SW4
ROUTER BGP 144
addr ipv4
maximum-paths 2
no sync
no auto
exit
SW2
ip vrf Site-1
rd 3:3
exit
ip vrf Site-2
rd 2:2
exit
int loo71
ip vrf forwarding Site-1
ip add 71.71.71.71 255.255.255.255
no sh
exit
int loo71
ip add 72.72.72.72 255.255.255.255
no sh
exit
int f0/3
ip add 172.16.37.7 255.255.255.0
no sh
exit
ip add 172.16.27.7 255.255.255.0
no sh
exit
router bgp 777
addr ipv4 vrf Site-1
net 71.71.71.71 mask 255.255.255.255
exit
addr ipv4 vrf Site-2
net 72.72.72.72 mask 255.255.255.255
exit
R3
ip vrf Site-1
rd 1:1
exit
int f0/1
ip add 172.16.37.3 255.255.255.0
no sh
exit
int s0/0/0
mpls ip
router bgp 54
addr vpnv4
neig 154.5.5.5 send-community both
address ipv4 vrf Site-1
neig 172.16.37.7 as-override
exit
r2
ip vrf Site-2
rd 2:2
exit
int f0/1
ip add 172.16.27.2 255.255.255.0
no sh
exit
int s0/0/0
mpls ip
router bgp 54
addr vpnv4
neig 154.5.5.5 send-community both
address ipv4 vrf Site-2
neig 172.16.27.2 as-override
exit
R1
access-list 1 permit 154.2.2.2
router eigrp 54
offset-list 1 in 25545542 f0/1
exit
IPV6
R5
ipv cef
ipv unicast-rou
ipv router eigrp 54

router-id 154.5.5.5
no sh
exi
int s0/0/0.54
ipv eigrp 54
int f0/1
ipv eigrp 54
exit
int loo0
ipv eigrp 54
R2
ipv cef
ipv unicast-rou
ipv router eigrp 54

router-id 154.2.2.2
no sh
exi
int s0/0/0
ipv eigrp 54
fram map ipv6 2001:54:24::4 154 br
fram map ipv6 2001:54:24::2 154
fram map ipv6
int loo0
ipv eigrp 54
int f0/0
ipv eigrp 54
R4
ipv cef
ipv unicast-rou
ipv router eigrp 54

router-id 154.2.2.2
no sh
exi
int s0/0/1
ipv eigrp 54
fram map ipv6 2001:54:24::4 154
fram map ipv6 2001:54:24::2 154 br
fram map ipv6
EXIT
int s0/0/0
ipv eigrp 54
fram map ipv6 2001:54:14::4 154
fram map ipv6 2001:54:14::1 154 br
fram map ipv6
int loo0
ipv eigrp 54
int f0/0
ipv eigrp 54
R1
ipv cef
ipv unicast-rou
ipv router eigrp 54

router-id 154.2.2.2
no sh
exi
int s0/0/1.54
ipv eigrp 54
exit
int s0/0/0
ipv eigrp 54
fram map ipv6 2001:54:14::4 154 br
fram map ipv6 2001:54:14::1 154
fram map ipv6
int loo0
ipv eigrp 54
int f0/0
ipv eigrp 54
int tunnel 13
ipv add 2001:54:54:13::1/64
ipv eigrp 2001
tunnel source lo0
tunnel destin 154.3.3.3
tunnel mode gre ip
R3
ipv cef
ipv unicast-routing
ipv router eigrp 54
router-id 154.3.3.3
no sh
exit
int lo0
ipv add 2001:54:3::3/128
ipv eigrp 54
exit
int tunnel 13
ipv add 2001:54:54:13::3/64
ipv eigrp 2001
tunnel source lo0
tunnel destin 154.1.1.1
tunnel mode gre ip
SW3
sdm prefer dua def
ipv cef
ipv unicast-rou
ipv router eigrp 54

router-id 154.8.8.8
redis ospf 2001 metric 1 1 1 1 1 include-connected
no sh
exi
ipv router ospf 2001
router-id 154.8.8.8
redistribute eigrp 54 include-connected subnets
int loo0
ipv eigrp 54
int vlan 18
ipv eigrp 54
int vlan 28
ipv eigrp 54
int vlan 68
ipv ospf 2001 a 0
SW1
sdm prefer dua def
ipv cef
ipv unicast-rou
ipv router eigrp 54

router-id 154.6.6.6
int vlan 68
ipv ospf 2001 a 0
int loo0
ipv ospf 2001 a 0
R3
ip multicast-rout
ip pim candidate-rp lo1
ip pim candidate-bsr lo0
ip msdp peer 154.2.2.2 connect-source lo0
ip msdp originator-id loo0
ip msdp cache-sa-active
int loo1
ip add 200.100.100.100 255.255.255.255
ip pim sparse-mode
exit
int lo0
ip pim sparse-mode
int f0/0
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode
exit
router ospf 100
net 200.100.100.100 0.0.0.0 a 1
R2
ip multicast-rout
ip pim candidate-rp lo1
ip pim candidate-bsr lo0
ip msdp peer 154.3.3.3 connect-source lo0
ip mspd cache-sa-active
ip msdp originator-id loo0
int loo1
ip add 200.100.100.100 255.255.255.255
ip pim sparse-mode
exit
int lo0
ip pim sparse-mode
int f0/0
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode
exit
router eigrp 54
net 200.100.100.100 0.0.0.0
R1
ip multicast-rout
int f0/0
ip pim sparse-mode
int f0/1
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode
int s0/0/1
ip pim sparse-mode
int s0/0/1.100
ip pim sparse-mode
int s0/0/1.54
ip pim sparse-mode
R5
ip multicast-rout
int f0/1
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode
int s0/0/1
ip pim sparse-mode
int s0/0/0.100
ip pim sparse-mode
int s0/0/0.54
ip pim sparse-mode
R4
ip multicast-rout
int f0/1
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode
int s0/0/1
ip pim sparse-mode
SW1
ip multicast-rout distr
int vlan 36
ip pim sparse-mode
int vlan 16
ip pim sparse-mode
int vlan 68
ip pim sparse-mode
int lo0
ip pim sparse-mode
SW3
ip multicast-rout distr
int vlan 68
ip pim sparse-mode
int vlan 18
ip pim sparse-mode
int vlan 28
ip pim sparse-mode
int lo0
ip pim sparse-mode
int f0/1
glbp 0 ip 10.54.45.254
glbp 0 load-bal weighting
glbp 0 weight 50
glbp 0 timer 1 3
glbp 0 preempt
glbp 0 priority 110
glbp 0 authentication md5 key-string cisco
int f0/1
glbp 0 ip 10.54.45.254
glbp 0 load-bal weighting
glbp 0 weight 150
glbp 0 timer 1 3
glbp 0 preempt
glbp 0 priority 100
glbp 0 authentication md5 key-string cisco
clock clander-valid
net source loo0
ntp master 1
ntp update-calender
ntp server 154.1.1.1

ntp update-calender
ntp source lo0
ip ssg max-startup 16
ip domain-name cisco.com
crypto key generate rsa
1024
ip ssh maxstartup 16
username admin priv 15 password ccie

username guest privi 1 pass cisco
inenumber ssh
line vty 0 15
login local
transport input ssh
line console 0
no login local
ip domain-name cisco
1024
username admin privi 15 password ccie
username guest priv 1 password cisco
aaa new-model
aaa authorization exec CRL_VTY local
aaa authentication login CRL_VTY local-case
aaa authentication login CRL none
service linenumber
line vty 0 15
login authentication CRL_VTY
authorization exec CRL_VTY
no transport input
transport input ssh
exit
line con 0
login authentication CRL
exit
ip domain-name cisco
crypto key generate rsa
1024
username admin privi 15 pass ccie
username guest privi 1 pass cisco
aaa new-model
aaa authori exec CRL_VTY local
aaa authentication login CRL_VTY local-case
aaa authen login CRL none
service linenumber
line vty 0 15
login authentication CRL_VTY
authori exec RL_VTY
no transport input
transport input ssh
exit
line con 0
login authentication CRL
exit
ip access-list ext SSH

deny tcp 10.54.18.0 0.0.0.255 host 10.154.35.5 eq ssh
permit tcp an an eq ssh
exit
class-map SSH
match access-group name SSH
ip access-list ext HTTP

permit tcp 10.154.188.8 0.0.0.255 any eq 80
permit tcp 10.154.188.8 0.0.0.255 any eq 443
exit
ip access-list ext ALL_ICMP

permit icmp a a
exit
class-map BLOCK
match access-group name HTTP
match access-group name ALL_ICMP
ip access-list ext ICMP_ECHO

permit icmp any any eq echo
perm icmp a a eq echo-reply
class-map match-all ICMP_LIMIT

match access-group name ICMP_ECHO
policy-map CONTROL
class SSH
police cir 16000
conform-action transmit
exceed-action drop

23

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

23

Hochgeladen von

Copyright:

Verfügbare Formate

int f0/0

int range f0/6 - 9, f0/11 - 18 , gi0/1 - 2

vlan dot nati tag

spann mode rapid-pv

int range f0/19 - 20

int range f0/6 - 9, f0/11 - 18 , gi0/1 - 2

int range f0/19 - 20

vlan access-map ALLOW

vlan filter ALLOW vlan-list 500

int range f0/1 - 5

int range f0/1 - 5

spann portfas bpdugu de

errdis reco caus bpdugua

default int ran f1/0/1 - 24

int range f1/0/19 - 24

vtp mode server

spann mode rapid-p

int range f0/1 - 2

fram interface-dlci 100

int s0/0/0.54 point-to-point

fram interface-dlci 154

fram interface-dlci 100

int s0/0/0.54 point-to-point

ip prefix-list fv5 deny 10.154.188.0/24

router ospf 100

ip prefix-list fv5 deny 10.154.188.0/24

router ospf 100

router eigrp 100

net 10.54.45.5 0.0.0.0

router ospf 100

net 154.2.2.2 0.0.0.0

SW1 & SW3 if doing with lo0

ipv router eigrp 54

ipv router eigrp 54

ipv router eigrp 54

ipv router eigrp 54

ipv router eigrp 54

ipv router eigrp 54

ntp server 154.1.1.1

crypto key generate rsa

username admin priv 15 password ccie

ip access-list ext SSH

ip access-list ext HTTP

ip access-list ext ALL_ICMP

ip access-list ext ICMP_ECHO

class-map match-all ICMP_LIMIT

Das könnte Ihnen auch gefallen