Wednesday, 20 January 2016

TS

1,2,4,7,3,5,

Ticket 1:
=====

check for dhcp configuration on R7,R8
check for host entries on R7 and R8
check for client-id on server1, host1
check for acl on vlan12 on SW1and SW2
check for helper address on SW1 and SW2
check for vlan12 config on sw1 and sw2
check for interface address on eth1/0 of sw1 and sw2
check for ospf config on all devices

Ticket2:
=====









Posted by at No comments:

Sunday, 17 January 2016

BGP Attributes

http://netcerts.net/bgp-path-attributes-and-the-decision-process/
Posted by at No comments:

Tuesday, 5 January 2016

LAb config tip

> 1.1 + 1.2 + 1.3 + 4.2--------L2--------------30 min

> 1.4 + 2.7 + 3.3 + 3.4 + 5.3--DMVPN-----------30 min

> 2.1 +  3.1 + 2.5  + 3.2 + 2.8--OSPF-BGP-MPLS---60 min

> 2.2 + 2.6 + 2.8 + 2.9 + 2.10-EIGRP-BGP-IPV6--45 min

> 2.3 + 2.4 + 2.11-------------EIGRP-BGP-------15 min

> 4.1 + 5.1 + 5.2 + 5.4--------SEC-NTP---------30 min




> 1.1 + 1.2 + 1.3 + 4.2--------L2--------------30 min

> 1.4 + 2.3 + 2.4  3.3 + 3.4  +2.7 + 5.3 + 2.11 --DMVPN-----------45 min

> 2.1 + 2.5 + 3.1 + 3.2 + 2.8--OSPF-BGP-MPLS---60 min

> 2.2 + 2.6 + 2.8 + 2.9 + 2.10-EIGRP-BGP-IPV6--45 min

> 4.1 + 5.1 + 5.2 + 5.4--------SEC-NTP---------30 min

*******************
Common Configurations:
*******************
=====================
1.1 + 1.2 + 1.3 + 4.2--------L2
=====================

SW1
SW2
SW3
SW4

vtp domain CCIE
vtp version 2
vtp mode
vtp password CCIErocks?

vlan 23,24,35,14,15,46,67,57,999
interface range e2/0-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate

interface range e3/0-3
 switchport mode access
 switchport access vlan 999
interface  e0/0
 switchport mode access
 switchport access vlan


spanning-tree mode mst
spanning-tree mst configuration 
 name CCIE
 revision 1
 instance 1 vlan 1,15,23,35,57,67,999
 instance 2 vlan 14,24,46

spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary
spanning-tree portfast default
spanning-tree portfast bpduguard default

4.2
---
SW3:

interface range e0/0-3 
 switchport port-security
 switchport port-security maximum 1
 switchport port-security mac-address sticky
 switchport port-security violation shutdown

========================================
1.4 + 2.3 + 2.4  3.3 + 3.4  +2.7 + 5.3 + 2.11 --- DMVPN
=========================================
R15,16,17,18,19,SW5,SW6

R15,16,17,SW5,SW6:
--------------------------

router eigrp CCIE
 address-family ipv4 unicast autonomous-system 45678
  network 123.17.17.17 0.0.0.0
  network 123.20.1.10 0.0.0.0
  network 123.20.1.18 0.0.0.0
  network 10.20.1.25 0.0.0.0
  af-interface e0/1
   authentication mode hmac-sha-256 CCIE
  af-interface e0/2
   authentication mode hmac-sha-256 CCIE
 exit-address-family

R18,R19:

int s1/0
 encapsulation ppp
 ppp chap hostname ACME-R18
 ppp chap password CCIE

router eigrp CCIE
 address-family ipv4 unicast autonomous-system 45678
  network 10.2.18.1 0.0.0.0
  network 123.18.18.18 0.0.0.0
  network 10.20.1.26 0.0.0.0
  eigrp stub connected static redistribute

R17:
interface Tunnel0
 ip address 10.20.1.25 255.255.255.248
 no ip redirects
 bandwidth 1000
 delay 1000
 ip mtu 1400
 ip tcp adjust-mss 1380
 ip nhrp map multicast dynamic
 ip nhrp authentication 45678key
 ip nhrp network-id 45678
 ip nhrp holdtime 300
 ip nhrp redirect
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel vrf LOCALSP

R18
interface Tunnel0
 ip address 10.20.1.26 255.255.255.248
 no ip redirects
 bandwidth 1000
 delay 1000
 ip mtu 1400
 ip tcp adjust-mss 1380
 ip nhrp map 10.20.1.25  203.3.17.2
 ip nhrp map multicast 203.3.17.2
 ip nhrp nhs 10.20.1.25  
 ip nhrp authentication 45678key
 ip nhrp network-id 45678
 ip nhrp holdtime 300
 ip nhrp shortcut
 tunnel source Serial1/0
 tunnel mode gre multipoint
 tunnel vrf LOCALSP

crypto isakmp policy 10
 encryption aes
 authentication pre-share
 group 2
crypto keyring KEYDMVPN vrf LOCALSP
 pre-shared-key address  0.0.0.0 0.0.0.0 key CCIE

crypto ipsec transform-set CCIEXFORM esp-aes 128
 mode transport

crypto ipsec profile DMVPNPROFILE
 set transform-set CCIEXFORM 

int tunnel 0
 tunnel protection ipsec profile DMVPNPROFILE

2.7
---

R15
router bgp 45678
 bgp router-id 123.15.15.15
 neighbor 103.2.45.1 remote-as 10003
 aggregate-address 123.20.1.0 255.255.255.0 summary-only
 redistribute eigrp 45678

router eigrp CCIE
 address-family ipv4 unicast autonomous-system 45678
 topology base 
  redistribute bgp 45678 metric 10000 10 255 1 1500

R16
interface Ethernet0/0
 ip vrf forwarding LOCALSP
 ip address 203.3.16.2 255.255.255.252

router bgp 45678
 bgp router-id 123.16.16.16
 address-family ipv4 vrf LOCALSP
  network 0.0.0.0 backdoor
  neighbor 203.3.16.1 remote-as 20003
  neighbor 203.3.16.1 activate
  neighbor 203.3.16.1 prefix-list defaultroute in
  neighbor 203.3.16.1 prefix-list denyall  out

ip prefix-list defaultroute permit 0.0.0.0/0
ip prefix-list denyall deny 0.0.0.0/0 le 32

R17
interface Ethernet0/0
 ip vrf forwarding LOCALSP
 ip address 203.3.17.2 255.255.255.252

router bgp 45678
 bgp router-id 123.17.17.17
 address-family ipv4 vrf LOCALSP
  network 0.0.0.0 backdoor
  neighbor 203.3.17.1 remote-as 20003
  neighbor 203.3.17.1 activate
  neighbor 203.3.17.1 prefix-list defaultroute in
  neighbor 203.3.17.1 prefix-list denyall  out

ip prefix-list defaultroute permit 0.0.0.0/0
ip prefix-list denyall deny 0.0.0.0/0 le 32

R18
interface S1/0
 ip vrf forwarding LOCALSP
 ip address 203.3.18.2 255.255.255.252

router bgp 65222
 bgp router-id 123.18.18.18
 address-family ipv4 vrf LOCALSP
  network 0.0.0.0 backdoor
  neighbor 203.3.18.1 remote-as 20003
  neighbor 203.3.18.1 activate
  neighbor 203.3.18.1 prefix-list defaultroute in
  neighbor 203.3.18.1 prefix-list denyall  out

ip prefix-list defaultroute permit 0.0.0.0/0
ip prefix-list denyall deny 0.0.0.0/0 le 32

R19
interface S1/0
 ip vrf forwarding LOCALSP
 ip address 203.3.19.2 255.255.255.252

router bgp 65222
 bgp router-id 123.19.19.19
 address-family ipv4 vrf LOCALSP
  network 0.0.0.0 backdoor
  neighbor 203.3.19.1 remote-as 20003
  neighbor 203.3.19.1 activate
  neighbor 203.3.19.1 prefix-list defaultroute in
  neighbor 203.3.19.1 prefix-list denyall  out

ip prefix-list defaultroute permit 0.0.0.0/0
ip prefix-list denyall deny 0.0.0.0/0 le 32

do show ip bgp vpnv4 all 

R17:
-----
shell processing full

2.11:
----

R15
ip multicast-routing
int loopback 0
 ip pim sparse-mode
int e0/1 
 ip pim sparse-mode
int e0/2
 ip pim sparse-mode
ip pim rp-candidate loopback 0
ip pim bsr-candidate loopback 0 32


================================
 2.1  + 2.5  +  3.1 + 3.2 + 2.8--OSPF-BGP-MPLS
==================================

2.1:
----
router ospf 12345
 router-id 123.1.1.1
 network 123.0.0.0 0.255.255.255 area 0

2.5+3.1:
--------
R1:
----
mpls ldp router-id loopback 0 force
router ospf 12345
 mpls ldp autoconfig area 0

router bgp 12345
 bgp router-id 123.1.1.1
 no bgp default ipv4-unicast
 neighbor iBGP peer-group
 neighbor iBGP remote-as 12345
 neighbor iBGP update-source loopback 0
 neighbor 123.2.2.2 peer-group iBGP
 neighbor 123.3.3.3 peer-group iBGP
 neighbor 123.6.6.6 peer-group iBGP
 neighbor 123.7.7.7 peer-group iBGP
 address-family ipv4
  neighbor 123.2.2.2 activate
  neighbor 123.3.3.3 activate
  neighbor 123.6.6.6 activate
  neighbor 123.7.7.7 activate
  neighbor iBGP route-reflector-client
address-family vpnv4
  neighbor 123.2.2.2 activate
  neighbor 123.3.3.3 activate
  neighbor 123.6.6.6 activate
  neighbor 123.7.7.7 activate
  neighbor iBGP route-reflector-client

R2:
----

mpls ldp router-id loopback 0 force
no mpls ip propagate-ttl forwarded
router ospf 12345
 mpls ldp autoconfig area 0 

router bgp 12345
 bgp router-id 123.2.2.2
 no bgp default ipv4-unicast 
 neighbor 123.1.1.1 remote-as 12345
 address-family ipv4
  neighbor 123.1.1.1 activate
  neighbor 123.1.1.1 next-hop-self

 address-family ipv4 vrf GREEN
  neighbor 10.120.12.2 remote-as 65112
  neighbor 10.120.12.2 activate
 address-family ipv4 vrf BLUE
  neighbor 10.120.13.2 remote-as 65112
  neighbor 10.120.13.2 activate
 address-family ipv4 vrf RED
  neighbor 10.120.14.2 remote-as 65112
  neighbor 10.120.14.2 activate
 address-family ipv4 vrf YELLOW
  neighbor 10.120.15.2 remote-as 65112
  neighbor 10.120.15.2 activate
 address-family ipv4 vrf INET
  neighbor 10.120.99.2 remote-as 65112
  neighbor 10.120.99.2 activate

router bgp 12345
 address-family vpnv4
  neighbor 123.1.1.1 activate

 address-family ipv4 vrf GREEN
  neighbor 101.1.123.1 remote-as 10001
  neighbor 101.1.123.1 activate
 address-family ipv4 vrf BLUE
  neighbor 101.1.123.1 remote-as 10001
  neighbor 101.1.123.1 activate
 address-family ipv4 vrf RED
  neighbor 101.1.123.1 remote-as 10001
  neighbor 101.1.123.1 activate
 address-family ipv4 vrf YELLOW
  neighbor 101.1.123.1 remote-as 10001
  neighbor 101.1.123.1 activate
 address-family ipv4 vrf INET
  neighbor 101.1.123.1 remote-as 10001
  neighbor 101.1.123.1 activate


2.8:
---

ip prefix-list net123 permit 123.0.0.0/8 le 32
router bgp 12345
 address-family ipv4 vrf INET
  neighbor 101.1.123.1 prefix-list net123 out

R12
router bgp 65111
 bgp router-id 123.12.12.12
 neighbor 201.1.12.1 remote-as 20001
 redistribute connected

R13
router bgp 65111
 bgp router-id 123.13.13.13
 neighbor 201.1.13.1 remote-as 20001
 neighbor 202.2.13.1 remote-as 20002
 neighbor 202.2.13.1 weight 1000
 redistribute connected

R14
router bgp 65111
 bgp router-id 123.14.14.14
 neighbor 202.2.14.1 remote-as 20002
 redistribute connected

do show ip bgp 

R20
router bgp 65112
  neighbor 10.120.99.5 weight 1000


===================================
2.2 + 2.6 + 2.8 + 2.9 + 2.10-EIGRP-BGP-IPV6
===================================
router eigrp 34567
 network 123.0.0.0 0.255.255.255

int vlan 34
 delay 100

R8
router bgp 34567
 bgp router-id 123.8.8.8
 no bgp default ipv4-unicast
 neighbor IBGP peer-group
 neighbor IBGP remote-as 34567
 neighbor IBGP update-source loopback 0
 neighbor 123.9.9.9 peer-group IBGP
 neighbor 123.10.10.10 peer-group IBGP
 neighbor 123.11.11.11 peer-group IBGP
 neighbor 101.1.34.1 remote-as 10001
 address-family ipv4
  neighbor 123.9.9.9 activate
  neighbor 123.10.10.10 activate
  neighbor 123.11.11.11 activate
 neighbor 101.1.34.1 activate
  neighbor IBGP next-hop-self
  redistribute eigrp 34567 

ip prefix-list defaultroute permit 0.0.0.0/0
route-map defaulroute permit 10
 match ip address prefix-list defaultroute

2.8:
----
R2
ip prefix-list net123 permit 123.0.0.0/8 le 32
router bgp 12345
 address-family ipv4 vrf INET
  neighbor 101.1.123.1 prefix-list net123 out

2.9:
----
R10
ipv6 unicast-routing
router ospfv3 1
 router-id 123.10.10.10
interface loopback 0
 ospfv3 1 ipv6 area 10
interface   e0/1
 ospfv3 1 ipv6 area 10

2.10:
----
R10
router bgp 34567
 neighbor 2001:CC1E:BEF:10:201:1:34:1 remote-as 20001
 address-family ipv6  
  neighbor 2001:CC1E:BEF:10:201:1:34:1 activate
  redistribute ospf 1 match internal external 1 external 2 include-connected




===================================
2.3 + 2.4 + 2.11-------EIGRP-BGP
===================================

R17
router eigrp CCIE
 address-family ipv4 unicast autonomous-system 45678
  network 123.17.17.17 0.0.0.0
  network 123.20.1.10 0.0.0.0
  network 123.20.1.18 0.0.0.0
  network 10.20.1.25 0.0.0.0
  af-interface e0/1
   authentication mode hmac-sha-256 CCIE
  af-interface e0/2
   authentication mode hmac-sha-256 CCIE
 exit-address-family


R18
router eigrp CCIE
 address-family ipv4 unicast autonomous-system 45678
  network 10.2.18.1 0.0.0.0
  network 123.18.18.18 0.0.0.0
  network 10.20.1.26 0.0.0.0
  eigrp stub connected static redistribute

Posted by at No comments:

Monday, 4 January 2016

TS Ticket 9

CPS_BUYER_B9R23#show running-config | sec nat
no crypto ipsec nat-transparency udp-encapsulation
 ip nat inside
 ip nat outside
ip nat source static udp 192.168.1.2 4500 interface Serial4/0 4500
ip nat inside source static udp 192.168.1.2 4500 interface Serial4/0 4500
ip nat inside source static udp 192.168.1.2 500 interface Serial4/0 500
ip nat inside source list 192 interface Serial4/0 overload
ip nat inside source static tcp 192.168.1.200 80 interface Serial4/0 8008

Posted by at No comments:

MPLS Ticket 8 Tshoot

aTS02_R7#show ip bgp 172.16.0.0/16
BGP routing table entry for 172.16.0.0/16, version 64
Paths: (3 available, best #1, table default)
  Advertised to update-groups:
     1          2          3        
  Refresh Epoch 1
  Local
    0.0.0.0 from 0.0.0.0 (172.7.7.7)
      Origin incomplete, metric 10, localpref 101, weight 32768, valid, sourced, best
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 2
  Local, (aggregated by 65100 172.8.8.8)
    172.8.8.8 (metric 11) from 172.8.8.8 (172.8.8.8)
      Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 1
  Local, (aggregated by 65100 172.7.7.7)
    0.0.0.0 from 0.0.0.0 (172.7.7.7)
      Origin IGP, localpref 101, weight 32768, valid, aggregated, local, atomic-aggregate
      rx pathid: 0, tx pathid: 0
aTS02_R7#
aTS02_R7#
aTS02_R7#
aTS02_R7#show run | sec ospf
 ip ospf priority 0
router ospf 1
 router-id 172.7.7.7
 area 0 range 172.16.0.0 255.255.0.0
 redistribute bgp 65100 subnets
 network 172.247.247.1 0.0.0.0 area 3
 network 172.0.0.0 0.255.255.255 area 0
 default-information originate
  redistribute ospf 1
aTS02_R7#

R7:
===


CPS_TSB8_BUYER_R7#show running-config
Building configuration...

Current configuration : 6161 bytes
!
! Last configuration change at 23:28:26 CET Mon Jan 4 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPS_TSB8_BUYER_R7
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable password cps
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 172.16.200.1
ip dhcp excluded-address 172.16.100.1
!
ip dhcp pool BancoBank_VLAN200
 default-router 172.16.200.1
 domain-name bancobank.org
 dns-server 172.7.7.7
!
ip dhcp pool BancoBank_VLAN100
 network 172.16.0.0 255.255.0.0
 default-router 172.16.100.1
 domain-name bancobank.org
 dns-server 172.7.7.7
!
ip dhcp pool BancoBank_VLAN200_Server1
 host 172.16.200.200 255.255.255.0
 client-identifier 01aa.bbcc.0064.00
 default-router 172.16.200.1
 domain-name bancobank.org
 dns-server 172.7.7.7
!
!
!
ip domain name bancobank.org
ip host remote2user1.bancobank.org 172.16.201.100
ip host Server1.bancobank.org 172.16.200.200
ip host User1.bancobank.org 172.16.100.200
ip host SW1.bancobank.org 172.1.1.1
ip host SW2.bancobank.org 172.2.2.2
ip host R7.bancobank.org 172.7.7.7
ip host R8.bancobank.org 172.8.8.8
ip host HomeUser.bancobank.org 10.23.45.100
ip host test 172.7.7.7
ip host remote1user1.bancobank.org 172.16.101.100
ip host remote1user2.bancobank.org 172.16.102.200
ip host remote2user2.bancobank.org 172.16.202.200
ip name-server 172.7.7.7
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
redundancy
!
!
track 21 ip sla 21
!
!      
!
!
!
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0      
!
!
crypto ipsec transform-set bancobank_TS esp-aes esp-sha-hmac
 mode transport
!
crypto ipsec profile bancobank_prof
 set transform-set bancobank_TS
!
!
!
!
!
!
!      
interface Loopback0
 ip address 172.7.7.7 255.255.255.255
!
interface Tunnel10
 description GRE to HomeOffice
 bandwidth 1000
 ip address 172.247.247.1 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip nhrp authentication banco
 ip nhrp map multicast dynamic
 ip nhrp network-id 172
 ip nhrp holdtime 300
 ip tcp adjust-mss 1360
 delay 1000
 tunnel source Ethernet0/0.125
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile bancobank_prof
!
interface Ethernet0/0
 no ip address
!      
interface Ethernet0/0.123
 encapsulation dot1Q 123
 ip address 123.45.67.22 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/0.124
 encapsulation dot1Q 124
 ip address 124.45.67.22 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/0.125
 encapsulation dot1Q 125
 ip address 125.45.67.22 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
!
interface Ethernet0/1
 ip address 172.16.0.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
 ip ospf priority 0
!
interface Ethernet0/2
 ip address 172.16.0.5 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/3
 ip address 172.16.0.9 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet1/0
 no ip address
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/3
 no ip address
!
interface Ethernet2/0
 no ip address
!
interface Ethernet2/1
 no ip address
!
interface Ethernet2/2
 no ip address
!
interface Ethernet2/3
 no ip address
!
interface Ethernet3/0
 no ip address
 shutdown
!
interface Ethernet3/1
 no ip address
 shutdown
!
interface Ethernet3/2
 no ip address
 shutdown
!
interface Ethernet3/3
 no ip address
 shutdown
!
interface Serial4/0
 no ip address
 serial restart-delay 0
!
interface Serial4/1
 no ip address
 serial restart-delay 0
!
interface Serial4/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial4/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 172.7.7.7
 redistribute bgp 65100 metric 10 subnets
 network 172.247.247.1 0.0.0.0 area 3
 network 172.0.0.0 0.255.255.255 area 0
 default-information originate
!
router bgp 65100
 bgp router-id 172.7.7.7
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 bgp default local-preference 102
 neighbor 123.45.67.21 remote-as 12345
 neighbor 124.45.67.21 remote-as 12345
 neighbor 172.8.8.8 remote-as 65100
 neighbor 172.8.8.8 update-source Loopback0
 !
 address-family ipv4
  aggregate-address 172.16.0.0 255.255.0.0 summary-only
  redistribute connected
  redistribute static
  redistribute ospf 1
  neighbor 123.45.67.21 activate
  neighbor 123.45.67.21 default-originate
  neighbor 124.45.67.21 activate
  neighbor 172.8.8.8 activate
  neighbor 172.8.8.8 next-hop-self
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 172 interface Ethernet0/0.125 overload
ip route 0.0.0.0 0.0.0.0 125.45.67.21
!
!
!
access-list 172 permit ip any any
!
control-plane
!
!
!
!
!
!
!
!      
line con 0
 exec-timeout 0 0
 privilege level 15
 password cps
 logging synchronous
line aux 0
line vty 0
 password cps
 login
 transport input none
line vty 1 4
 login
 transport input none
!
!
end

R8:
===

CPS_TSB8_BUYER_R8#show running-config
Building configuration...

Current configuration : 5519 bytes
!
! Last configuration change at 23:23:35 CET Mon Jan 4 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPS_TSB8_BUYER_R8
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable password cps
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 172.16.200.1
ip dhcp excluded-address 172.16.100.1
!
ip dhcp pool BancoBank_VLAN200
 network 172.16.200.0 255.255.255.0
 default-router 172.16.200.1
 domain-name bancobank.org
 dns-server 172.8.8.8
!
ip dhcp pool BancoBank_VLAN100_Host1
 host 172.16.100.100 255.255.255.0
 client-identifier 01aa.bbcc.0065.00
 domain-name bancobank.org
 default-router 172.16.100.1
 dns-server 172.8.8.8
!
ip dhcp pool BancoBank_VLAN100
 network 172.16.0.0 255.255.0.0
 domain-name bancobank.org
 dns-server 172.8.8.8
 default-router 172.16.100.100
!
!
!
ip domain name bancobank.org
ip host Host1.bancobank.org 172.16.100.200
ip host Server1.bancobank.org 172.16.200.200
ip host User1.bancobank.org 172.16.100.200
ip host SW1.bancobank.org 172.1.1.1
ip host SW2.bancobank.org 172.2.2.2
ip host R7.bancobank.org 172.7.7.7
ip host R8.bancobank.org 172.8.8.8
ip host HomeUser.bancobank.org 10.23.45.100
ip host Office1Server.bancobank.org 172.16.101.200
ip host Office2Server.bancobank.org 172.16.201.100
ip name-server 172.7.7.7
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!      
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 172.8.8.8 255.255.255.255
!
interface Tunnel10
 no ip address
 tunnel source Ethernet0/0.124
!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.123
 encapsulation dot1Q 123
 ip address 123.45.67.26 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/0.124
 encapsulation dot1Q 124
 ip address 124.45.67.26 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/0.125
 encapsulation dot1Q 125
 ip address 125.45.67.26 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
!
interface Ethernet0/1
 ip address 172.16.0.17 255.255.255.252
 ip virtual-reassembly in
!
interface Ethernet0/2
 ip address 172.16.0.6 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/3
 ip address 172.16.0.13 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet1/0
 no ip address
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/3
 no ip address
!
interface Ethernet2/0
 no ip address
!
interface Ethernet2/1
 no ip address
!
interface Ethernet2/2
 no ip address
!
interface Ethernet2/3
 no ip address
!
interface Ethernet3/0
 no ip address
 shutdown
!
interface Ethernet3/1
 no ip address
 shutdown
!
interface Ethernet3/2
 no ip address
 shutdown
!
interface Ethernet3/3
 no ip address
 shutdown
!
interface Serial4/0
 no ip address
 serial restart-delay 0
!
interface Serial4/1
 no ip address
 serial restart-delay 0
!
interface Serial4/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial4/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial5/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/0
 no ip address
 shutdown
 serial restart-delay 0
!      
interface Serial6/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial6/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial7/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 172.8.8.8
 area 0 range 172.16.0.0 255.255.0.0
 redistribute bgp 65100 subnets
 network 172.0.0.0 0.255.255.255 area 0
 default-information originate
!
router bgp 65100
 bgp router-id 172.8.8.8
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 bgp default local-preference 101
 neighbor 123.45.67.25 remote-as 12345
 neighbor 124.45.67.25 remote-as 12345
 neighbor 172.7.7.7 remote-as 65100
 neighbor 172.7.7.7 update-source Loopback0
 !
 address-family ipv4
  aggregate-address 172.16.0.0 255.255.0.0 summary-only
  redistribute static
  neighbor 123.45.67.25 activate
  neighbor 123.45.67.25 default-originate route-map MED
  neighbor 123.45.67.25 route-map MED out
  neighbor 124.45.67.25 activate
  neighbor 172.7.7.7 activate
  neighbor 172.7.7.7 next-hop-self
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 172 interface Ethernet0/0.125 overload
ip route 0.0.0.0 0.0.0.0 125.45.67.25
!
!
route-map MED permit 10
 set metric 100
 set origin incomplete
!
!
access-list 172 permit ip any any
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 password cps
 logging synchronous
line aux 0
line vty 0
 password cps
 login
 transport input none
line vty 1 4
 login
 transport input none
!
!
end
Posted by at No comments:

LAB config

Section 1:
*******


1.1
===
vtp version 2
vtp domain CCIE
vtp mode
vtp password
mac addressing-table

1.2:
==
inter range 2/0-3
inter range 1/0-3, eth3/0-3
sw mode acc
sw ac vl 999


1.3:
===

sp port de
sp port bpdugua de
span mode mst
spa mst con
name CCIE
revision 1
instance 1
instance 2

SW1,2 - vlan 14,15,23,24,35,46,57,67,999
SW3,4 - vlan 34,38,89,49,110,411,310,999


1.4:
==
inter ser1/0
encap ppp
ppp chap host name ACME-R18
ppp chap pass CCIE

***
no peer neighbor-route
ppp ipcp route default

Section 2-3:
********
2.1/3.1:
=====

ip cef
mpls ldp router-id lo0 force
no mpls ip prop
router ospf 12345
mpls ldp autoconf
router-id 123.***
network *** 0.0.0.0 area 0


->On R1:

max-metric router-lsa

2.2:
==
router eigrp 34567
no auto
eigrp router-id
network *.*.*.* 0.0.0.0

-> SW3, SW4:

inter vlan 34
delay 100

2.3:
===
router eigrp CCIE
add ipv4 au 45678
eigrp router-id ****
network ****


key chain KC_EIGRP
 key 1
  key-string CCIE
af-interface default
   authentication mode hmac-sha-256 CCIE
   authentication key-chain KC_EIGRP
  exit-af-interface
  !
-> On R17:

  af-interface Tunnel0
   no authentication mode
   no authentication key-chain
   no next-hop-self
   no split-horizon
  exit-af-interface
  !    


2.4/3.3/3.4:
========

int tunnel 0
tunnel vrf LOCALSP
bandwidth 1000
delay 1000
ip mtu 1400
ip tcp 1380
ip nhrp authen 45678key
ip nhrp netw 45678
ip nhrp hold 300
ip nhrp multicast dynamic
tunnel mode gre multipoint
tunnel source eth0/0
tunnel key 10000


-> On R18 and R19:

router eigrp CCIE
 !      
 address-family ipv4 unicast autonomous-system 45678
  !
  topology base
  exit-af-topology
  network 10.2.18.1 0.0.0.0
  network 10.20.1.26 0.0.0.0
  network 123.18.18.18 0.0.0.0
 exit-address-family
!


crypto isakmp policy 10
en aes
auth pre-share
group 2

crypto keyring DMVPN vrf LOCALSP
 pre-shared-key address 203.3.19.2 key CCIE
 pre-shared-key address 203.3.17.2 key CCIE


crypto ipsec tran CCIEXFORM esp-aes 128
mode transport

crypto ipsec profile DMVPNPROFILE
set tran CCIEXFORM

int tun 0
tunnel prot ipsec pro DMVPNPROFILE


2.5/3.2:
=====
->R1:
router bgp 12345
bgp router-id
bgp listen range 123.0.0.0/8 peer-group iBGP
neighbor iBGP peer-group
nei iBGP 12345
nei iBGP up lo0

add ipv4 uni
neig iBGP activate
nei iBGP route-re

add vpnv4
neigh iBGP activa
neigh iBGP send-commun e
nei iBGP route-re

-R2:

router bgp 12345
neigh 123.1.1.1 remote-as 12345
neigh 123.1.1.1 upda lo0

add ipv4
neigh 123.1.1.1 next-ho
neigh ac

add vpnv4
neigh 123.1.1.1 next-ho
neigh ac

2.6:
==

router bgp 34567
bgp router-id
bgp listen range 123.0.0.0/8 peer-group iBGP
neighbor iBGP peer-group
nei iBGP 34567
nei iBGP up lo0

add ipv4 uni
neig iBGP activate
nei iBGP route-re
nei iBGP next-hop-self


router bgp 34567
bgp default local-pref

router bgp 34567
add ipv4
redistribute eigrp 34567

ip prefix-li pf 0.0.0.0/0

route-map DEFAULT
match ip add pre pf

- > On R9,R11:

router eigrp 34567
redistribute bgp 34567 metric 10000 10 255 1 1500 route-map DEFAULT

2.7:
==

-> R15:

router bgp 45678
nei 103.2.45.1 remote 10003






Posted by at No comments:

Sunday, 3 January 2016

Leaking routes from vrf table to global table

ip vrf LOCALSP
 rd 100:100
 export ipv4 unicast map 0
 route-target export 100:100
 ip vrf forwarding LOCALSP

router bgp 45678
 bgp router-id 123.16.16.16
 bgp log-neighbor-changes
 !      
 address-family ipv4 vrf LOCALSP
  neighbor 203.3.16.1 remote-as 20003
  neighbor 203.3.16.1 activate
  neighbor 203.3.16.1 prefix-list pf in
 exit-address-family

ip prefix-list 0 seq 5 permit 0.0.0.0/0

route-map 0 permit 10
 match ip address prefix-list 0
Posted by at No comments:
Subscribe to: Posts (Atom)