Thursday, August 2, 2012

Alternatives to VXLAN


NVGRE

NVGRE (Network Virtualization Generic Routing Encapsulation) achieves the same functional goal as VXLAN on the network, however the encapsulation of VLAN traffic is done on the virtualised server instead.   In essence the network VLAN limitations are overcome by application software.

The server builds a gre tunnel and the virtual subnet id is included in the GRE header.  Each virtual machine is mapped to a host PA (physical address).  End to end communication is completed over existing networks that are essentially unaware of the encapsulated payloads and server vlan mappings.


IP Rewrite

An alternative approach to GRE tunnelling is ‘IP rewrite’. This solution requires each virtual server has its own IP address. This ip address is rewritten to a physical ip address for transport across the network.  This mapping is reversed on reaching the destination.  

CISCO OTV
OTV or Overlay Transport Virtualisation is Cisco's proprietary solution to extending VLANs over IP networks. It encapsulates L2 within IP allowing VLANs to be tunneled over a routed IP network. It is currently enabled on the NEXUS OS.


TRILL
Transparent Interconnection of Lots Of Links or TRILL, enables extension of L2 domains, through use of RBridges or (Routing Bridges).  TRILL RBridges communicate with a link state protocol, however this  executes within the L2 domain i.e. no ip addresses are required.  RBridges have knowledge of the topology consisting of all the RBridges and all the links between RBridges.

When an RBridge receives an Ethernet frame from an end node it encapsulates the frame in a TRILL header, addressing the packet to the RBridge with the destination MAC attached to it.  The destination RBridge performs the decapsulation before sending the packet onwards.

TRILL like the other technoloigies described enables a large L2 cloud to be created with a common subnet. Therefore hosts within the L2 cloud do NOT need  to change their ip address if they relocate. TRILL is an ietf standard.



to be continued .....

Monday, July 30, 2012

VXLANs - Building On VLANS


VLANS have been around ever since I have been in networking, providing a network segregation function at Layer 2.  

802.1q is the IEEE standard that defines VLAN tagging. In summary a 32 bit field is added between source MAC and Ether Type field in an Ethernet Frame.  12 bits of this field were set aside for the VLAN id, so enabling 4094 vlans.  

In hindsight only setting aside 12 bits to the VLAN id could now be viewed as an oversight.   Today especially in the Cloud Infrastructure space, single physical topologies, have now become multi tenanted spaces each requiring their own isolated network.   4094 vlans has become a constraint.

Additionally when the VLAN concept was derived it was designed to run in a ‘localised’ environment. Today there are requirements for multiple physical environments to be logically connected at L2.

VXLAN or Virtual eXtensible LANs aim to build upon the existing VLAN concept but solve some of the problems described. Firstly the VXLAN id is 24 bits, doubling the old VLAN id field size, and enabling over 16 million VLAN ids.     Secondly VXLAN extends the reach of VLAN by enabling VLANs to be transported or encapsulation over an IP, Layer 3 routed domain.

VXLAN does not represent the only solution to the VLAN limitations of 802.1Q.  I hope to post on some of the other solutions available.

Monday, April 2, 2012

Zone Based Firewall

I interface
P olicy
Z one pair
A pply

Each interface is assigned a security zone

A zone pair specify a one way firewall policy between 2 zones

INTERFACES
int fa0/0
zone-member security outside

int s0/1/0
zone-member securty inside

ZONE-PAIRS
zone-pair security {name} source inside dest outside

POLICY
class-map type inspect match-any ALLOWED
match telnet

policy-map type inspect FWPOLICY
class type inspect ALLOWED
inspect

APPLY
zone-pair security inside-to-outside
service-policy type inspect  FWPOLICY

show zone security
show zone-pair security
show class-map type inspect ALLOWED


I nterface
P policy
Z one pair
S ervice policy

Step 1: Define and populate our zones:

configure terminal
!
zone security ZONE_PRIVATE
zone security ZONE_INTERNET
!
interface range fa0/0 - 1
zone-member security ZONE_PRIVATE
!
interface s0/0
zone-member security ZONE_INTERNET

Step 2: Define the class maps that identify traffic that is permitted between zones:

configure terminal
!
class-map type inspect match-any CM_INTERNET_TRAFFIC
match protocol http
match protocol https
match protocol ftp

Step 3: Configure a policy map which specifies the action for the class map:

configure terminal
!
policy-map type inspect PM_PRIVATE_TO_INTERNET
class type inspect CM_INTERNET_TRAFFIC
inspect

Step 4: Configure the zone pair and apply your policy:

configure terminal
zone-pair security ZONEP_PRIV_INT source ZONE_PRIVATE destination ZONE_INTERNET
service-policy type inspect PM_PRIVATE_TO_INTERNET
 
 
 
ANOTHER EXAMPLE!!!!! 
 
class-map type inspect match-any Guest_Protocols
 match protocol http
 match protocol https
 match protocol dns
class-map type inspect match-any All_Protocols
 match protocol tcp
 match protocol udp
 match protocol icmp
!
policy-map type inspect Trusted
 class class-default
  pass
policy-map type inspect Guest_to_Internet
 class type inspect Guest_Protocols
  inspect 
 class class-default
  drop
policy-map type inspect Trusted_to_Internet
 class type inspect All_Protocols
  inspect 
 class class-default
  drop
!         
zone security Trusted
zone security Guest
zone security Internet
zone-pair security Trusted source Trusted destination Trusted
 service-policy type inspect Trusted
zone-pair security Trusted->Internet source Trusted destination Internet
 service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet
 service-policy type inspect Guest_to_Internet 



 MY EXAMPLE !!!!!!!


Just a basic Zone Based Firewall Example

R1 -----------------1.1.1.4 FA0/0 R4 2.2.2.4 FA0/1 -------------------- R3


CONFIG ON R4

zone security RICHPRIVATE
zone security RICHINTERNET

Int fa0/0
 zone-member security RICHPRIVATE

Int fa0/1
 zone-member security RICHINTERNET

class-map type inspect match-any ALLOW
 match protocol telnet
 match protocol icmp

policy-map type inspect RICHINSPECT
 class type inspect ALLOW
  inspect

zone-pair security RICHPRIVATE-TO-INTERNET source RICHPRIVATE destination RICHINTERNET
 service-policy type inspect RICHINSPECT


R4#show policy-map type inspect zone-pair

policy exists on zp RICHPRIVATE-TO-INTERNET
 Zone-pair: RICHPRIVATE-TO-INTERNET

  Service-policy inspect : RICHINSPECT

    Class-map: ALLOW (match-any)
      Match: protocol telnet
        0 packets, 0 bytes
        30 second rate 0 bps
      Match: protocol icmp
        1 packets, 80 bytes
        30 second rate 0 bps

   Inspect
        Packet inspection statistics [process switch:fast switch]
        icmp packets: [0:10]

        Session creations since subsystem startup or last reset 1
        Current session counts (estab/half-open/terminating) [0:0:0]
        Maxever session counts (estab/half-open/terminating) [0:1:0]
        Last session created 00:04:54
        Last statistic reset never
        Last session creation rate 0
        Maxever session creation rate 1
        Last half-open session total 0

    Class-map: class-default (match-any)
      Match: any
      Drop
        0 packets, 0 bytes


Great troubleshooting command 

ip inspect log drop-pkt













pppoe

Cisco IOS Broadband Access Aggregation and DSL Command Reference


client side

interface FastEthernet0/0
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address dhcp
encapsulation ppp
ppp authentication chap
dialer pool 1
dialer-group 1

!interface Virtual-Template1
 no ip address


server side

ip dhcp pool R3
network 192.168.1.0 255.255.255.0
bba-group pppoe global
virtual-template 1
!
!interface FastEthernet0/0
no ip address
duplex half
pppoe enable group global
!
interface Virtual-Template1
ip address 192.168.1.2 255.255.255.0

Monday, March 12, 2012

Troubleshooting OSPF


Useful commands

show ip ospf interface brief  
show ip ospf neighbor
debug ip ospf hello
debug ip ospf adj


common ospf problems

1) NETWORK TYPES, plus HELLO AND DEAD TIMERS


check compatibility on ospf network-types and timers



 Broadcast to Broadcast                                 (DR)
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

 Non-Broadcast to Non-Broadcast            (DR)
 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5



 Point-to-Point to Point-to-Point                             (NO DR)
 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

 Point-to-Multipoint to Point-to-Multipoint       (NO DR)
 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5



Network types with DR can be mixed. Likewise network types with NON DR can be mixed. However the hello timers will need to be tweaked and matched  e.g.  ip ospf hello-interval 10


debug ip ospf hello with point-to-point towards point-to-multipoint

*Mar  1 00:32:29.935: OSPF: Mismatched hello parameters from 1.1.1.2
*Mar  1 00:32:29.935: OSPF: Dead R 40 C 120, Hello R 10 C 30


Notes

i)if you mix network types that have compatible timers then the adjacency may well form, but the route exchange wont work as expected!!!!

ii) A  DR and BDR on a frame relay network must have full reachability with other routers in the region. Make sure of the neighbour command to achieve this.  



2) MASK

The network mask must match on adjoining interfaces (unless its a point to point ospf network type).

This will be highlighted by debug ip ospf hello

*Mar  1 00:18:21.327: OSPF: Mismatched hello parameters from 1.1.1.2
*Mar  1 00:18:21.327: OSPF: Dead R 40 C 40, Hello R 10 C 10  Mask R 255.255.255.0 C 255.255.255.128


3) MTU

Interface mtu's must match.   This can be highlighted by debug ip ospf adj

*Mar  1 00:14:15.879: OSPF: Rcv DBD from 2.2.2.2 on FastEthernet0/0
       seq 0x9C9 opt 0x52 flag 0x7 len 32  mtu 500 state EXSTART

4) AREA ID AND STUB SETTINGS

If using stub areas. All routers in area must be configured that way.

5) AUTHENTICATION

Using debug ip ospf adj


*Mar  1 00:07:26.607: OSPF: Rcv pkt from 10.10.10.2, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
*Mar  1 00:07:30.843: OSPF: Send with youngest Key 1
*Mar  1 00:07:30.843: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 10.10.10.1

6) ROUTER IDS MUST BE UNIQUE

*Mar  1 00:02:43.899: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate
router-id 1.1.1.1 from 10.10.10.1 on interface FastEthernet0/0

Wednesday, February 29, 2012

LAB 2 CONFIG - latest

LAB 2 final configs

R1
==============
R1#show run
Building configuration...

Current configuration : 4473 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
resource policy
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
!
!
!
!
ip cef
no ip domain lookup
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
class-map match-any DATA
 match ip dscp af11
 match ip dscp af21
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-any VOICE
 match ip dscp ef
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3
 match ip dscp af31
!
!
policy-map RICH
 class VOICE
  bandwidth percent 40
 class DATA
  bandwidth percent 35
 class class-default
  fair-queue
policy-map parent
 class class-default
  shape average 64000
  shape adaptive 32000
  service-policy RICH
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
!
!
!
!
!
interface Loopback0
 ip address 15.15.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface Multilink2001100118
 bandwidth 384
 ip address 15.15.15.249 255.255.255.252
 ip tcp header-compression iphc-format
 no peer neighbor-route
 ppp multilink
 ppp multilink fragment delay 10
 ppp multilink interleave
 ppp multilink group 2001100118
 service-policy output AutoQoS-Policy-Trust
 ip rtp header-compression iphc-format
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 shutdown
 frame-relay lmi-type cisco
!
interface FastEthernet0/1
 ip address 15.15.15.161 255.255.255.224
 duplex auto
 speed auto
 ipv6 address FC01:DB8:74:B::/64 eui-64
 ipv6 ospf 1 area 1
!
interface Serial0/1
 no ip address
 shutdown
!
interface Serial0/2
 bandwidth 384
 no ip address
 encapsulation ppp
 no peer neighbor-route
 auto qos voip trust
 no fair-queue
 ppp chap hostname RACK15R1
 ppp chap password 0 cisco
 ppp multilink
 ppp multilink group 2001100118
!
interface Serial0/3
 no ip address
 encapsulation frame-relay IETF
 no frame-relay inverse-arp
!
interface Serial0/3.100 point-to-point
 ip address 15.15.15.242 255.255.255.252
 ipv6 address FC01:DB8:74:A::/64 eui-64
 ipv6 ospf 1 area 1
 frame-relay interface-dlci 100
  class DLCI100
!
router eigrp 8
 redistribute ospf 1 metric 10000 100 100 100 1500 route-map BLOCK
 network 15.15.15.249 0.0.0.0
 distribute-list 12 in
 auto-summary
!
router ospf 1
 log-adjacency-changes
 area 2 nssa default-information-originate
 redistribute eigrp 8 metric 20 subnets route-map BLOCK
 network 15.15.1.1 0.0.0.0 area 0
 network 15.15.15.161 0.0.0.0 area 0
 network 15.15.15.242 0.0.0.0 area 2
 default-information originate always
!
router bgp 152
 no synchronization
 bgp log-neighbor-changes
 bgp confederation identifier 4
 bgp confederation peers 151
 neighbor 15.15.2.2 remote-as 151
 neighbor 15.15.2.2 ebgp-multihop 20
 neighbor 15.15.2.2 update-source Loopback0
 neighbor 15.15.5.5 remote-as 152
 neighbor 15.15.5.5 update-source Loopback0
 no auto-summary
!
ip classless
!
!
ip http server
no ip http secure-server
!
!
map-class frame-relay DLCI100
 service-policy output parent
access-list 12 deny   0.0.0.0
access-list 12 permit any
access-list 100 permit ip host 4.1.1.0 host 255.255.255.0
access-list 100 permit ip host 198.1.1.4 host 255.255.255.252
access-list 100 permit ip host 198.198.1.0 host 255.255.255.0
access-list 100 permit ip host 198.198.4.0 host 255.255.255.0
access-list 100 permit ip host 198.198.5.0 host 255.255.255.0
access-list 100 permit ip host 128.28.2.0 host 255.255.255.0
ipv6 router ospf 1
 log-adjacency-changes
!
ipv6 pim rp-address FC01:DB8:74:C:211:21FF:FEFB:1D4D mgroup
!
route-map BLK deny 10
 match ip address 12
!
route-map BLK permit 20
!
route-map BLOCK deny 10
 match ip address 100
!
route-map BLOCK permit 20
!
!
!
ipv6 access-list mgroup
 permit ipv6 host FF08::4000:4000 any
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drop
s" owner AutoQoS
rmon alarm 33333 cbQosCMDropBitRate.1059.1061 30 absolute rising-threshold 1 333
33 falling-threshold 0 owner AutoQoS
!
control-plane
!
!
!
!
!
!
!
!
!
alias exec siib show ip interface brief
alias exec sir show ip route
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end




r2
===============
R2#show run
Building configuration...

Current configuration : 3747 bytes
!
! Last configuration change at 07:57:02 UTC Sun Jan 2 2000
! NVRAM config last updated at 07:57:03 UTC Sun Jan 2 2000
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging console
!
!
resource policy
!
no aaa new-model
memory-size iomem 10
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
!
!
!
!
ip cef
no ip domain lookup
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 15.15.2.2 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 shutdown
 frame-relay lmi-type cisco
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.22
 encapsulation dot1Q 22
 ip address 15.15.15.129 255.255.255.224
 no snmp trap link-status
!
interface FastEthernet0/1.24
 encapsulation dot1Q 24
 ip address 15.15.15.34 255.255.255.224
 no snmp trap link-status
 ntp broadcast client
 ipv6 address FC01:DB8:74:C::/64 eui-64
 ipv6 ospf 1 area 0
 glbp 1 ip 15.15.15.35
 glbp 1 preempt
 glbp 1 authentication md5 key-string cisco
!
interface FastEthernet0/1.34
!
interface Serial0/1
 no ip address
 shutdown
!
interface Serial0/2
 no ip address
 encapsulation frame-relay IETF
 clock rate 64000
 no frame-relay inverse-arp
!
interface Serial0/2.200 point-to-point
 ip address 15.15.15.241 255.255.255.252
 ipv6 address FC01:DB8:74:A::/64 eui-64
 ipv6 mld join-group FF08::4000:4000
 ipv6 ospf 1 area 1
 frame-relay interface-dlci 200
!
interface Serial0/3
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 area 2 nssa
 redistribute connected subnets
 redistribute rip metric 40 subnets route-map ALLOW
 network 15.15.1.1 0.0.0.0 area 2
 network 15.15.2.2 0.0.0.0 area 2
 network 15.15.15.129 0.0.0.0 area 2
 network 15.15.15.241 0.0.0.0 area 2
!
router rip
 version 2
 passive-interface default
 offset-list 1 out 5 FastEthernet0/1.24
 network 15.0.0.0
 neighbor 15.15.15.33
!
router bgp 151
 no synchronization
 bgp log-neighbor-changes
 bgp confederation identifier 4
 bgp confederation peers 152
 neighbor 15.15.1.1 remote-as 152
 neighbor 15.15.1.1 ebgp-multihop 20
 neighbor 15.15.1.1 update-source Loopback0
 neighbor 15.15.8.8 remote-as 151
 neighbor 15.15.8.8 update-source Loopback0
 neighbor 15.15.10.10 remote-as 152
 neighbor 15.15.10.10 ebgp-multihop 20
 neighbor 15.15.10.10 update-source Loopback0
 no auto-summary
!
ip classless
!
!
ip http server
no ip http secure-server
!
!
ip prefix-list RICH seq 5 deny 127.0.0.0/8
ip prefix-list RICH seq 10 deny 191.255.0.0/16
ip prefix-list RICH seq 15 deny 223.255.255.0/24
access-list 1 permit any
access-list 141 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0
access-list 141 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0
access-list 141 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0
access-list 199 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0
access-list 199 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0
access-list 199 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0
ipv6 router ospf 1
 log-adjacency-changes
 area 1 virtual-link 15.15.7.7
!
ipv6 pim rp-address FC01:DB8:74:C:211:21FF:FEFB:1D4D mgroup
!
route-map ALLOW deny 10
 match ip address 141
!
route-map ALLOW permit 20
!
!
!
ipv6 access-list mgroup
 permit ipv6 host FF08::4000:4000 any
!
control-plane
!
!
!
!
!
!
!
!
!
alias exec siib show ip interface brief
alias exec sir show ip route
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
ntp clock-period 17208372
!
end





R3
===============
R3#show run
Building configuration...

Current configuration : 2242 bytes
!
! Last configuration change at 03:08:01 UTC Sun Jan 2 2000
! NVRAM config last updated at 07:57:02 UTC Sun Jan 2 2000
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
resource policy
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0

R3#
R3#
R3#
R3#
R3#show run
Building configuration...

Current configuration : 2242 bytes
!
! Last configuration change at 03:08:01 UTC Sun Jan 2 2000
! NVRAM config last updated at 07:57:02 UTC Sun Jan 2 2000
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
resource policy
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
!
!
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 15.15.3.3 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 ip address 150.3.1.253 255.255.255.128
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 shutdown
 frame-relay lmi-type cisco
!
interface FastEthernet0/1
 ip address 15.15.15.193 255.255.255.224
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
!
interface Serial0/2
 no ip address
 shutdown
!
interface Serial0/3
 ip address 15.15.15.245 255.255.255.252
 encapsulation ppp
 ip summary-address eigrp 8 198.2.0.0 255.255.248.0 5
 ppp chap hostname BACKUP
 ppp chap password 0 CISCO
!
router eigrp 8
 redistribute eigrp 100 metric 10000 100 100 100 1500
 network 15.15.15.245 0.0.0.0
 auto-summary
!
router eigrp 100
 network 150.3.1.253 0.0.0.0
 auto-summary
!
router ospf 1
 log-adjacency-changes
 summary-address 198.2.0.0 255.255.248.0
 redistribute eigrp 100 metric 10 subnets
 network 15.15.3.3 0.0.0.0 area 0
 network 15.15.15.193 0.0.0.0 area 0
 distance 171 15.15.1.1 0.0.0.0 33
!
router bgp 152
 no synchronization
 bgp log-neighbor-changes
 bgp confederation identifier 4
 bgp confederation peers 151
 neighbor 15.15.5.5 remote-as 152
 neighbor 15.15.5.5 update-source Loopback0
 no auto-summary
!
ip classless
!
!
ip http server
no ip http secure-server
!
access-list 22 permit 15.15.4.4
access-list 33 permit 150.2.1.0 0.0.0.128
access-list 33 permit 150.1.1.0 0.0.0.128
!
!
tftp-server flash:TEST 22
!
control-plane
!
!
!
!
!
!
!
!
!
alias exec siib show ip interface brief
alias exec sir show ip route
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
ntp clock-period 17208475
ntp server 15.15.4.4
!
end




R4
===============

R4#show run
Building configuration...


Current configuration : 4128 bytes
!
! Last configuration change at 01:23:10 UTC Mon Jan 3 2000
! NVRAM config last updated at 01:23:11 UTC Mon Jan 3 2000
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
aaa new-model
!
!
aaa authentication login default none
aaa authentication login HTTP local-case
aaa authorization exec HTTP local
!
!
aaa session-id common
dot11 syslog
!
flow exporter RICH
 destination 198.2.5.10
 source FastEthernet0/1
 transport udp 9991
!
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ipv6 unicast-routing
ipv6 cef
ipv6 multicast-routing
!
multilink bundle-name authenticated
frame-relay switching
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-401673191
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-401673191
 revocation-check none
 rsakeypair TP-self-signed-401673191
!
!
!
!
username cisco password 0 cisco
username ADMIN password 0 CISCO
archive
 log config
  hidekeys
!
!
!
!
!
ip tftp source-interface Loopback0
!
!
!
!
interface Loopback0
 ip address 15.15.4.4 255.255.255.0
!
interface Loopback13
 no ip address
 ipv6 address FC01:DB8:74:4::4/64
 ipv6 ospf 1 area 0
!
interface FastEthernet0/0
 ip address 15.15.15.65 255.255.255.224
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 15.15.15.33 255.255.255.224
 ip flow ingress
 ip flow egress
 duplex auto
 speed auto
 ipv6 address FC01:DB8:74:C::/64 eui-64
 ipv6 ospf 1 area 0
 ntp broadcast
 glbp 1 ip 15.15.15.35
 glbp 1 priority 105
 glbp 1 preempt
 glbp 1 authentication md5 key-string cisco
!
interface Serial0/2/0
 no ip address
 encapsulation frame-relay IETF
 shutdown
 frame-relay lmi-type cisco
!
interface Serial0/2/1
 no ip address
 shutdown
!
interface Serial0/3/0
 no ip address
 encapsulation frame-relay
 frame-relay lmi-type ansi
 frame-relay intf-type dce
 frame-relay route 200 interface Serial0/3/1 100
!
interface Serial0/3/1
 no ip address
 encapsulation frame-relay
 clock rate 2000000
 frame-relay lmi-type ansi
 frame-relay intf-type dce
 frame-relay route 100 interface Serial0/3/0 200
!
router rip
 version 2
 passive-interface default
 network 15.0.0.0
 neighbor 15.15.15.66
 neighbor 15.15.15.34
!
ip forward-protocol nd
no ip http server
ip http access-class 99
ip http authentication aaa login-authentication HTTP
ip http authentication aaa exec-authorization HTTP
ip http secure-server
!
ip flow-export source FastEthernet0/1
ip flow-export version 9
ip flow-export destination 198.2.5.10 9991
!
!
access-list 99 permit 15.15.10.10
access-list 99 permit 15.15.15.130
ipv6 pim rp-address FC01:DB8:74:C:211:21FF:FEFB:1D4D mgroup
ipv6 router ospf 1
 log-adjacency-changes
!
!
!
!
!
!
!
!
ipv6 access-list mgroup
 permit ipv6 host FF08::4000:4000 any
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
!
!
!
!
!
alias exec sir show ip route
alias exec siib show ip interface brief
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp source Loopback0
ntp master
ntp update-calendar
event manager applet CPU
 event tag 1.0 snmp oid cpmCPUTotal5minRev get-type exact entry-op gt entry-val "60" entry-type value poll-interval 60
 action 1.0 cli command "terminal length 12"
 action 2.0 cli command "show processes cpu sorted 5 min" pattern "--More--"
 action 3.0 mail server "198.2.5.10" to "engineer@cisco.com" from "EEM@cisco.com" subject "CPUAlert5min" body "$_cli_result"
event manager applet CCIE
 event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type next entry-op gt entry-val "60" poll-interval 60
 action 1.0 cli command "event manager run EMAIL"
event manager applet EMAIL
 action 1.0 cli command "enable"
 action 2.0 mail server "198.2.5.10" to "engineer@cisco.com" from "EEMm@cisco.com" subject "CPUAlert5min" body "$_cli_result"
event manager applet GET
 event none
 action 1.0 cli command "enable"
 action 2.0 cli command "term len 13"
 action 3.0 cli command "show process cpu corted 5min " pattern "--More--"
!
end



R5
===============

R5#show run
Building configuration...

Current configuration : 3487 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
no logging console
!
!
resource policy
!
aaa new-model
!
!
aaa authentication login default line none
aaa authentication ppp R1 group R1 group radius local-case
aaa authentication ppp R3 group tacacs+ local-case
!
aaa session-id common
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
!
!
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username RACK15R1 password 0 cisco
username BACKUP password 0 CISCO
!
!
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3
 match ip dscp af31
!
!
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
!
!
!
!
!
interface Loopback0
 ip address 15.15.5.5 255.255.255.0
!
interface Multilink1
 no ip address
 no peer neighbor-route
 ppp multilink
 ppp multilink group 1
!
interface Multilink2001100118
 bandwidth 384
 ip address 15.15.15.250 255.255.255.252
 ip tcp header-compression iphc-format
 ppp multilink
 ppp multilink fragment delay 10
 ppp multilink interleave
 ppp multilink group 2001100118
 service-policy output AutoQoS-Policy-Trust
 ip rtp header-compression iphc-format
!
interface FastEthernet0/0
 ip address 150.1.1.253 255.255.255.128
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 shutdown
 frame-relay lmi-type cisco
!
interface FastEthernet0/1
 ip address 15.15.15.97 255.255.255.224
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
!
interface Serial0/2
 bandwidth 384
 no ip address
 encapsulation ppp
 no peer neighbor-route
 auto qos voip trust
 no fair-queue
 clock rate 64000
 ppp authentication chap callin R1
 ppp multilink
 ppp multilink group 2001100118
!
interface Serial0/3
 ip address 15.15.15.246 255.255.255.252
 encapsulation ppp
 clock rate 64000
 ppp authentication chap callin R3
!
router eigrp 8
 redistribute connected
 network 15.15.5.5 0.0.0.0
 network 15.15.15.97 0.0.0.0
 network 15.15.15.246 0.0.0.0
 network 15.15.15.250 0.0.0.0
 auto-summary
!
router bgp 152
 no synchronization
 bgp log-neighbor-changes
 bgp confederation identifier 4
 bgp confederation peers 151
 neighbor 15.15.1.1 remote-as 152
 neighbor 15.15.1.1 update-source Loopback0
 neighbor 15.15.1.1 route-reflector-client
 neighbor 15.15.3.3 remote-as 152
 neighbor 15.15.3.3 update-source Loopback0
 neighbor 15.15.3.3 route-reflector-client
 neighbor 15.15.10.10 remote-as 152
 neighbor 15.15.10.10 update-source Loopback0
 neighbor 15.15.10.10 route-reflector-client
 neighbor 150.1.1.254 remote-as 254
 no auto-summary
!
ip classless
!
!
ip http server
no ip http secure-server
!
!
!
tacacs-server host 198.2.3.129 key cisco
tacacs-server directed-request
radius-server host 198.2.3.128 auth-port 1645 acct-port 1646 key cisco
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS
rmon alarm 33333 cbQosCMDropBitRate.1059.1061 30 absolute rising-threshold 1 33333 falling-threshold 0 owner
!
control-plane
!
!
!
!
!
!
!
!
!
alias exec siib show ip interface brief
alias exec sir show ip route
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end


SW1
===============

SW1#show run
Building configuration...

Current configuration : 6194 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
no logging console
!
!
!
no aaa new-model
system mtu routing 1500
vtp domain rich
vtp mode transparent
authentication mac-move permit
ip subnet-zero
ip routing
no ip domain-lookup
!
!
ipv6 unicast-routing
!
!
crypto pki trustpoint TP-self-signed-2869437696
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2869437696
 revocation-check none
 rsakeypair TP-self-signed-2869437696
!
!
crypto pki certificate chain TP-self-signed-2869437696
 certificate self-signed 01
  3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383639 34333736 3936301E 170D3933 30333031 30303031
  30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38363934
  33373639 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B9DA 7314332D F437A5BF 09FD31C7 DC264B21 03E5B16C F8588A7B FAE3EE10
  F2F89C44 BD5945EE 25305382 F14F4AB4 AFE27A60 2D420ED1 E95BCC38 A74267FD
  204DCF2C B15BFCEE 7D37C141 042EC843 969900DB 6DCF5720 10056A4C 8C8A0A08
  3634D772 6694342B 2C380F29 342E293B EF3D6A54 9DEF1C53 D21264EA 18F6417A
  25F10203 010001A3 64306230 0F060355 1D130101 FF040530 030101FF 300F0603
  551D1104 08300682 04535731 2E301F06 03551D23 04183016 8014D853 F08AF11A
  E1E1DE56 F41FE176 6E1E329F BEB0301D 0603551D 0E041604 14D853F0 8AF11AE1
  E1DE56F4 1FE1766E 1E329FBE B0300D06 092A8648 86F70D01 01040500 03818100
  2AD05AF0 FB6FA4C9 9783F347 A8DFAE6D 63BA31E7 D23842FD 8C2684CE F7F15664
  46BFCF55 32545C9B 91593081 6CCAE507 9E5F0845 D505F4DC 7842C86E 3ED80C05
  53AA074C BF89B73E B934463F 7DDE1898 A096DD59 A836767C F35BD4C2 9DE07B6A
  E5798B5D 90074DDD 7D40A561 1C42B155 9AC92C90 C8751FC0 7B782539 06D93CB6
  quit
!
!
!
spanning-tree mode pvst
spanning-tree portfast bpdufilter default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name VLAN_BB2
!
vlan 3
 name VLAN_BB3
!
vlan 11
 name VLAN_A
!
vlan 13
 name VLAN_B
!
vlan 15
 name VLAN_BB1
!
vlan 22
 name VLAN_C
!
vlan 24
 name VLAN_H
!
vlan 44
 name VLAN_F
!
vlan 45
 name VLAN_G
!
!
!
!
interface Loopback0
 ip address 15.15.7.7 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 44
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 15
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
 switchport access vlan 15
 switchport mode access
 udld port aggressive
 storm-control broadcast level 50.00
 spanning-tree portfast
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/22
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 15.15.15.162 255.255.255.224
 ipv6 address FC01:DB8:74:B::/64 eui-64
 ipv6 ospf 1 area 1
!
interface Vlan13
 ip address 15.15.15.194 255.255.255.224
 ipv6 address FC01:DB8:74:10::10/64
 ipv6 ospf 1 area 0
!
router ospf 1
 log-adjacency-changes
 network 15.15.7.7 0.0.0.0 area 0
 network 15.15.15.162 0.0.0.0 area 0
 network 15.15.15.194 0.0.0.0 area 0
!
ip classless
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
ipv6 router ospf 1
 log-adjacency-changes
 area 1 virtual-link 15.15.2.2
!
!
!
!
alias exec sir show ip route
alias exec siib show ip int b
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 login
line vty 5 15
 login
!
end



SW2
===============
SW2#show run
Building configuration...

Current configuration : 6391 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
no logging console
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
!
vtp domain rich
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-1694526336
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1694526336
 revocation-check none
 rsakeypair TP-self-signed-1694526336
!
!
crypto pki certificate chain TP-self-signed-1694526336
 certificate self-signed 01
  3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31363934 35323633 3336301E 170D3933 30333031 30303237
  31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36393435
  32363333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100EAFD 2F209EA8 B2DF8737 D9109197 403D5A8C 598278B7 79E14277 68BDF508
  62E20EEF 3D548CE2 0E9E663C 61CBB667 4FEDC6FE F1DE6ABC 74841155 9C0CEF4B
  965A87EA 6820EAE4 A2B761A1 4DDE1F19 F413801D 51DDF211 186FFBD6 F7948D59
  485E6B27 738D05F2 025EEA58 03C1545D 75653988 29387B8B 0BE7194B 914DE117
  07FF0203 010001A3 64306230 0F060355 1D130101 FF040530 030101FF 300F0603
  551D1104 08300682 04535732 2E301F06 03551D23 04183016 8014A711 7A3126B1
  D61AEC57 B3F7CD93 8322061E EFF2301D 0603551D 0E041604 14A7117A 3126B1D6
  1AEC57B3 F7CD9383 22061EEF F2300D06 092A8648 86F70D01 01040500 03818100
  ADFA1FEE 29743F88 CD3C56BE 8338EEE7 D6DF907E CBA4C0D5 53B0B259 354DFA17
  DDD9A813 27C9EC48 11E1FD0B 3AB29D2B 8178ADB2 D869C609 09D3D1E0 6EBBB78F
  9DE1D054 1B9FC4E0 0AF9DAAA A61FB491 5E56D55A 94259C38 4E0B81E7 2A0F122B
  3BA2B180 4BF8E001 EC2B75B1 7DC08CAC B4C38963 72FB35AE F5F7533C 375C5182
  quit
!
!
!
spanning-tree mode pvst
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 0
!
vlan internal allocation policy ascending
!
vlan 2
 name VLAN_BB2
!
vlan 3
 name VLAN_BB3
!
vlan 11
 name VLAN_A
!
vlan 13
 name VLAN_B
!
vlan 15
 name VLAN_BB1
!
vlan 22
 name VLAN_C
!
vlan 24
 name VLAN_H
!
vlan 44
 name VLAN_F
!
vlan 45
 name VLAN_G
!
!
!
!
!
!
interface Loopback0
 ip address 15.15.8.8 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
 switchport access vlan 11
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 13
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 22,24
 switchport trunk pruning vlan 22,24
 switchport mode trunk
!
interface FastEthernet0/3
 switchport access vlan 13
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 45
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport access vlan 2
 switchport mode access
 udld port aggressive
 storm-control broadcast level 50.00
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/22
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 ip address 150.2.1.253 255.255.255.128
!
interface Vlan22
 ip address 15.15.15.130 255.255.255.224
!
router ospf 1
 log-adjacency-changes
 area 2 nssa
 redistribute connected subnets
 network 15.15.8.8 0.0.0.0 area 2
 network 15.15.15.130 0.0.0.0 area 2
!
router bgp 151
 no synchronization
 bgp log-neighbor-changes
 bgp confederation identifier 4
 bgp confederation peers 152
 neighbor 15.15.2.2 remote-as 151
 neighbor 15.15.2.2 update-source Loopback0
 neighbor 150.2.1.254 remote-as 254
 neighbor 150.2.1.254 route-map ASPREPEND in
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
!
access-list 133 permit ip host 197.68.21.0 host 255.255.255.0
access-list 133 permit ip host 197.68.22.0 host 255.255.255.0
route-map ASPREPEND permit 10
 match ip address 133
 set as-path prepend 254 254
!
route-map ASPREPEND permit 20
!
!
control-plane
!
alias exec sir show ip route
alias exec siib show ip interface brief
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 login
line vty 5 15
 login
!
end





SW3
===============
SW3#show run
Building configuration...

Current configuration : 4697 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW3
!
boot-start-marker
boot-end-marker
!
no logging console
!
!
!
no aaa new-model
system mtu routing 1500
vtp domain rich
vtp mode transparent
authentication mac-move permit
ip subnet-zero
no ip domain-lookup
!
!
!
!
crypto pki trustpoint TP-self-signed-1443705088
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1443705088
 revocation-check none
 rsakeypair TP-self-signed-1443705088
!
!
crypto pki certificate chain TP-self-signed-1443705088
 certificate self-signed 01
  3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31343433 37303530 3838301E 170D3933 30333031 30303238
  35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34343337
  30353038 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BCEC 16C710BD ECEE6926 781EB47B 3A69D60F 1EBD74E9 5F0CAC03 19FA762E
  DDB6E9B2 8E5D8AE4 596FFE51 B4E7554C C097F4BA F56DE988 124B7713 47A26EE3
  4389F9AD 33C65E14 D8F129FF 571C3768 B66ADEAD 6449D679 4992ADEE E4727413
  9C4D3411 DFB45BDA D0D598D2 409E6407 BBD0E503 4D49CC68 6BDBDED5 7A434C93
  58AF0203 010001A3 64306230 0F060355 1D130101 FF040530 030101FF 300F0603
  551D1104 08300682 04535733 2E301F06 03551D23 04183016 80149CB5 7315652C
  9747FAAE A60E9774 D481A9BA 2BB9301D 0603551D 0E041604 149CB573 15652C97
  47FAAEA6 0E9774D4 81A9BA2B B9300D06 092A8648 86F70D01 01040500 03818100
  A70743C8 CE02F63B D77D2F05 C058CF23 385E56C4 C5B1F43C 34B62139 A6623A08
  1368B32B 4359366A B0EA95DF FC2412CB 26A5B93C 5BECB796 8BBF4C93 956A55D4
  252E5E47 8236A1DF D3EC7EA9 48332B47 94F8F70C 06E60E41 B744B7E3 D8E7F7FD
  72B88DA1 6D892FC3 F3747A79 4363D251 905ED591 785A9A5C EF220B36 43457D87
  quit
!
!
!
spanning-tree mode pvst
spanning-tree portfast bpdufilter default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name VLAN_BB2
!
vlan 3
 name VLAN_BB3
!
vlan 11
 name VLAN_A
!
vlan 13
 name VLAN_B
!
vlan 15
 name VLAN_BB1
!
vlan 22
 name VLAN_C
!
vlan 24
 name VLAN_H
!
vlan 44
 name VLAN_F
!
vlan 45
 name VLAN_G
!
!
!
!
interface Loopback0
 ip address 15.15.9.9 255.255.255.0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
 switchport access vlan 3
 switchport mode access
 udld port aggressive
 storm-control broadcast level 50.00
 spanning-tree portfast
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/22
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
!
!
alias exec siib show ip interface brief
alias exec sir show ip route
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 login
line vty 5 15
 login
!
end


SW4
===============

SW4#show run
Building configuration...

Current configuration : 7385 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW4
!
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
!
vtp domain rich
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-3166831616
 enrollment selfsigned

SW4#
SW4#
SW4#
SW4#
SW4#show run
Building configuration...

Current configuration : 7385 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW4
!
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
!
vtp domain rich
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-3166831616
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3166831616
 revocation-check none
 rsakeypair TP-self-signed-3166831616
!
!
crypto pki certificate chain TP-self-signed-3166831616
 certificate self-signed 01
  3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33313636 38333136 3136301E 170D3933 30333031 30303232
  35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31363638
  33313631 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100AFB9 589FF6C0 A352638A DF9A4F36 91E401F1 4084C7C7 1C44C520 3CCA629D
  125E9FA4 E9D09A9B 07051BA7 6CCCD226 0E3D1358 D6875AD8 50D19376 759F3086
  10BF9106 A38B42AC 82F56C57 B4E29743 BBA28763 96BBD674 0839B98B 1D51186F
  F9EA3F58 CB98119E 7E64EBCF 62DD5FFE 3116FEA6 B3B28186 CD585333 565C7E1A
  58CB0203 010001A3 64306230 0F060355 1D130101 FF040530 030101FF 300F0603
  551D1104 08300682 04535734 2E301F06 03551D23 04183016 8014BF2D 90652CDB
  E423505C 522F3845 F09F1A86 A8AC301D 0603551D 0E041604 14BF2D90 652CDBE4
  23505C52 2F3845F0 9F1A86A8 AC300D06 092A8648 86F70D01 01040500 03818100
  904B3B48 CD254C7D 6DCAE303 D3125054 8A8AFC4A 39FB920E 70719ED2 40489DE0
  406F750A 8ADA04AD 78BE7212 B2705ED5 13D4D7F1 7E6706ED 7C9C46AD DA6221FC
  067DC84D 00283F9E 47C6038D 03E6A777 16E98E6D 371B11B3 3C958FC2 81AAABDB
  AC882E41 6E3D4021 39109B91 E5D60C0A 44C94920 6EF107ED 14F8F1C0 8437E2A1
  quit
!
!
spanning-tree mode pvst
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name VLAN_BB2
!
vlan 3
 name VLAN_BB3
!
vlan 11
 name VLAN_A
!
vlan 13
 name VLAN_B
!
vlan 15
 name VLAN_BB1
!
vlan 22
 name VLAN_C
!
vlan 24
 name VLAN_H
!
vlan 44
 name VLAN_F
!
vlan 45
 name VLAN_G
!
!
!
!
!
!
interface Loopback0
 ip address 15.15.10.10 255.255.255.0
!
interface FastEthernet0/1
 switchport mode dynamic desirable
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/3
 switchport mode dynamic desirable
!
interface FastEthernet0/4
 switchport mode dynamic desirable
!
interface FastEthernet0/5
 switchport mode dynamic desirable
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/21
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/22
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3,11,13,44,45
 switchport trunk pruning vlan 3,11,13,44,45
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/25
 switchport mode dynamic desirable
!
interface FastEthernet0/26
 switchport mode dynamic desirable
!
interface FastEthernet0/27
 switchport mode dynamic desirable
!
interface FastEthernet0/28
 switchport mode dynamic desirable
!
interface FastEthernet0/29
 switchport mode dynamic desirable
!
interface FastEthernet0/30
 switchport mode dynamic desirable
!
interface FastEthernet0/31
 switchport mode dynamic desirable
!
interface FastEthernet0/32
 switchport mode dynamic desirable
!
interface FastEthernet0/33
 switchport mode dynamic desirable
!
interface FastEthernet0/34
 switchport mode dynamic desirable
!
interface FastEthernet0/35
 switchport mode dynamic desirable
!
interface FastEthernet0/36
 switchport mode dynamic desirable
!
interface FastEthernet0/37
 switchport mode dynamic desirable
!
interface FastEthernet0/38
 switchport mode dynamic desirable
!
interface FastEthernet0/39
 switchport mode dynamic desirable
!
interface FastEthernet0/40
 switchport mode dynamic desirable
!
interface FastEthernet0/41
 switchport mode dynamic desirable
!
interface FastEthernet0/42
 switchport mode dynamic desirable
!
interface FastEthernet0/43
 switchport mode dynamic desirable
!
interface FastEthernet0/44
 switchport mode dynamic desirable
!
interface FastEthernet0/45
 switchport mode dynamic desirable
!
interface FastEthernet0/46
 switchport mode dynamic desirable
!
interface FastEthernet0/47
 switchport mode dynamic desirable
!
interface FastEthernet0/48
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan44
 ip address 15.15.15.66 255.255.255.224
!
interface Vlan45
 ip address 15.15.15.98 255.255.255.224
!
!
router eigrp 8
 redistribute rip metric 10 100 100 100 1500
 network 15.15.10.10 0.0.0.0
 network 15.15.15.98 0.0.0.0
!
router rip
 version 2
 redistribute eigrp 8 metric 1
 passive-interface default
 network 15.0.0.0
 neighbor 15.15.15.65
 distance 171
!
router bgp 152
 no synchronization
 bgp log-neighbor-changes
 bgp confederation identifier 4
 bgp confederation peers 151
 neighbor 15.15.2.2 remote-as 151
 neighbor 15.15.2.2 ebgp-multihop 20
 neighbor 15.15.2.2 update-source Loopback0
 neighbor 15.15.5.5 remote-as 152
 neighbor 15.15.5.5 update-source Loopback0
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
alias exec silogging synchronous
alias exec sir show ip route
alias exec siib show ip interface brief
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 login
line vty 5 15
 login
!
end




NOTES ON LAB
============


EEM SCRIPT



event syslog occurs 1 pattern ".*FastEthernt0/0, changed state to administratively down.*" period 2
action 1.0 cli command "enable"
action 2.0 cli command "configuration t"
action 3.0 cli command "int fa0/0"
action 4.0 cli command "no shut"



event manager applet test1
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type next entry-op gt entry-val "60" poll-interval 60
action 1.0 cli command "enable"
action 2.0 cli command "show process cpu | in ^__[1-9]"
action 3.0 syslog msg "$_cli_result"
action 4.0 cli command "end"
action 5.0 cli command "exit"


conf t



event manager applet showproc
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type next entry-op gt entry-val "60" poll-interval 60
action 1.0 cli command "enable"
action 1.0 cli command "event manager run EmailList"

event manager applet EmailList
evenet none
action 1.0 cli command "enable"
action 2.0 cli command "event manager run GetList"
action 2.0 mail server "198.2.5.10" to engineer@cisco.com from EEMm@cisco.com subject "CPUAlert5min" body "$_cli_result"


event manager applet GetlList
event none
action 1.0 cli command "enable"
action 2.0 cli command "term len 13"
action 3.0 cli command "show process cpu corted 5min "pattern "--More--"













   










learnings Feb 2012

IP OSPF NETWORK POINT-TO-POINT
always use ip ospf network point-to-point on loopbacks unless prohibited.
This ensures that ospf advertises the loopback with the correct mask. Otherwise this can cause downstream problems with route filters etc. Also can be a problem when building MPLS adjacencies.

OSPF VIRTUAL-LINKS
Its best practice to use the router id when forming virtual links between routers. If anyone adds another loopback this may break existing adjacencies.

Also referencing OSPF advertising routers with the distance command relies on the router id being fixed.


ADJUSTING OSPF DISTANCE WITH AN ACL
access-list 2 deny 7.7.14.0 0.0.0.0
access-list 2 deny  7.7.12.0 0.0.0.0
access-list 2 deny 7.7.1.0 0.0.0.0
access-list 2 permit any

router ospf 1
distance 175 7.7.1.1 0.0.0.0 2


EIGRP NEIGHBORS
You need neighbor statements at both ends

BGP NETWORK ROUTE MAP COMMAND
router bgp 1
network 200.200.200.0 mask 255.255.255.0 route-map SETCOMMUNITY


BGP METRIC
Only need to set on one side. The default is zero so will be preferred.
still need the send-community attribute on neighbor statement!!!

NO-EXPORT Community
Remember this can be applied on the way out of your AS. Thereby telling the neighboring as not to advertise!!!!!

CHECK OUT ROUTINGBITS.COM

CHECKING PORTFAST STATUS
show spanning-tree interface fa0/2 portfast

TO CHECK SPANNING-TREE TOPOLOGY
show spanning-tree summ

MPLS GOOD PRACITICE
mpls ldp router-id lo0

mpls uses tcp
ldp uses tcp port 646. connection established from higher ip on ephemeral port to neighbor on port 646.
tdp uses tcp port  711.

if an acl prohibits. then change protocol!!

show mpls interfaces
show mpls ldp discovery
show mpls forwarding-table

REMEMBER
if running trunk out to access router. remember to still put switchport nonegotiate

If up down on serials. check the clocking. if CTS etc all UP this may indicate a cable problem


CHECK OUT WHEN TO USE OSPF FILTER LISTS --- Inter Area Filtering.

Filter Lists and Area Range commands are two methods of filtering inter area routes



It is for Inter-area filtering. Here we filter goinf from area 0 to area 1.
NB. Uses prefix lists.


R1 Configuration:

!
ip prefix-list DENY_R4_LOOPBACKS seq 5 deny 172.16.104.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 1 filter-list prefix DENY_R4_LOOPBACKS out
 network 10.1.13.1 0.0.0.0 area 0
 network 10.1.124.1 0.0.0.0 area 1
 network 172.16.101.1 0.0.0.0 area 0
!

R2 Configuration:
!
ip prefix-list DENY_R4_LOOPBACKS seq 5 deny 172.16.104.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 1 filter-list prefix DENY_R4_LOOPBACKS out
 network 10.1.13.1 0.0.0.0 area 0
 network 10.1.124.1 0.0.0.0 area 1
 network 172.16.101.1 0.0.0.0 area 0


If prohibited from using a filter list. Then the area range command can be used with the no-advertise option.


R1 Configuration:

!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 0 range 172.16.103.0 255.255.255.0 not-advertise
 area 0 range 172.16.133.0 255.255.255.0 not-advertise
 network 10.1.13.1 0.0.0.0 area 0
 network 10.1.124.1 0.0.0.0 area 1
 network 172.16.101.1 0.0.0.0 area 0
!

R2 Configuration
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 area 0 range 172.16.103.0 255.255.255.0 not-advertise
 area 0 range 172.16.133.0 255.255.255.0 not-advertise
 network 10.1.23.2 0.0.0.0 area 0
 network 10.1.124.2 0.0.0.0 area 1
 network 172.16.102.2 0.0.0.0 area 0
!





OSPF SHAM-LINKS need to be up and adjacency FULL

MAKE OSPF SHAM LINK AREA 0. 

R4#show ip ospf sham-links
Sham Link OSPF_SL3 to address 7.7.100.5 is up
Area 0 source address 7.7.100.4
  Run as demand circuit
  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40,
    Hello due in 00:00:02
    Adjacency State FULL (Hello suppressed)
    Index 1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec


TO CONTROL ACCESS TO A MCAST GROUP
ip igmp access-group {acl}

no access-list 11
access-list 11 permit 239.10.5.1 0.0.0.0
access-list 11 permit 224.0.1.39 0.0.0.0
access-list 11 permit 224.0.1.40 0.0.0.0
access-list 11 deny any

int vlan 243
ip igmp access-group 11

PIM  
show ip pim nei
show ip igmp groups
this shows groups!!
show ip pim rp map
show ip pim interface


USEFUL COMMAND
show run brief
show run class-map
show run policy-map

NTP PEER
Means clocks will sync. Clock with the lowere stratum will provide the clock.
ntp server is ONE way. IE will take clock from server regardless of server's stratum.

NEAT TRICK TO SAVE A RUNNING CONFIG
 copy run flash:rich

to display the file
more flash:rich

copy flash:rich run


R4#show ip prot
Routing Protocol is "rip"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 26 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Neighbor(s):
    15.15.15.66
    15.15.15.34


use show ip route x.x..x.x longer prefixes


MATCH ANY CLASSFUL NETWORKS

access-list 101 permit 0.0.0.0 127.0.0.0 host 255.0.0.0
access-list 101 permit 128.0.0.0 63.255.0 host 255.255.0.0
access-list 101 permit 192.0.0.0 31.255.255.0 host 255.255.255.0

route-map BLOCKCLASSFUL deny 10
match ip addr 101
route-map BLOCKCLASSFUL permit 20

router ospf 1
redist rip subnets route-mapBLOCKCLASSFUL


LEARNINGS FOR RIP LAB
1) Need to filter classfull networks on redistribution on R2!! Otherwise requirement for all networks to have a single path out of area zero to the right cannot be met. This networks originate in the RIP domain due to classfull routing properties of RIP.

2) For BGP need a distance command on R3 to poison the next hop address. Need to make sure path to exit does not traverse a NON BGP domain. Routes learnt from backbone are not advertised in the IGP. so if the path goes to a NON BGP router it will be dropped as the required route will not be present in the routing table.

3) Wathc out for the addition of autoqos. This will have repercussions for the 'no peer neighbor' route applied to the interface on R5.  Also for redistribution on R1 do NOT qualify with an interface, oetherwise this will break as well!!!!

4)check bgp domain has route reflector client

5) dont forget redistribute coonnected on r5 and sw2

6) acl for as prepending is a single line!!!

access-list 177 permit ip 197.68.20.0 0.0.3.0 host 255.255.255.0

route-map my as permit 10
match ip addr  177
set as-path prepend 254 254 254
route-map myas permit 20

7) IPV6 MULTICAST
cut and paste on r1,R2 and R4

ipv6 multicast-routing

ipv6 access-list mgroup
permit host ff08::4000:4000 any

ipv6 pim rp-address FC01:DB8:74:C:211:21FF:FEFB:1D4D mgroup


8) IP HTTP SECURE-SERVER

ip http secure-server

username cisco password 0 cisco
username ADMIN privilege 15 password 0 CISCO

aaa new-model
aaa authentication login default line none

aaa authentication login HTTP local-case
aaa authorization exec HTTP local 

ip http authentication aaa login-authentication HTTP
ip http authentication aaa exec-authorization HTTP


EEM
====

TO FIND OID value

technology
    --- Network Management
         ----- SNMP
                 ----- Maintain Op
                         -----How to collect CPU


event manager applet CCIE
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type next entry-op gt entry-val "60" poll-interval 60
action 1.0 cli command "enable"
action 1.0 cli command "event manager run EMAIL"

event manager applet EMAIL
evenet none
action 1.0 cli command "enable"
action 2.0 cli command "event manager run GET"
action 2.0 mail server "198.2.5.10" to engineer@cisco.com from EEMm@cisco.com subject "CPUAlert5min" body "$_cli_result"

event manager applet GET
event none
action 1.0 cli command "enable"
action 2.0 cli command "term len 13"
action 3.0 cli command "show process cpu corted 5min "pattern "--More--"