Difference between revisions of "Datacenter CCNP 3 - december 2009"
From Teknologisk videncenter
(→Gateway 2) |
(→Distribution 2) |
||
| Line 739: | Line 739: | ||
== Distribution 2 == | == Distribution 2 == | ||
<pre> | <pre> | ||
| + | Building configuration... | ||
| + | Current configuration : 6251 bytes | ||
| + | ! | ||
| + | version 12.2 | ||
| + | no service pad | ||
| + | service timestamps debug datetime msec | ||
| + | service timestamps log datetime msec | ||
| + | no service password-encryption | ||
| + | ! | ||
| + | hostname Distribution2 | ||
| + | ! | ||
| + | enable secret 5 $1$pEkP$V/sE.K6gTww6uBWPNRK060 | ||
| + | enable password cisco | ||
| + | ! | ||
| + | no aaa new-model | ||
| + | ip subnet-zero | ||
| + | ip routing | ||
| + | ip dhcp excluded-address 192.168.3.1 192.168.3.20 | ||
| + | ip dhcp excluded-address 192.168.100.1 192.168.100.20 | ||
| + | ! | ||
| + | ip dhcp pool Lokale3 | ||
| + | network 192.168.3.0 255.255.255.0 | ||
| + | default-router 192.168.3.3 | ||
| + | dns-server 172.16.4.77 | ||
| + | ! | ||
| + | ip dhcp pool Management | ||
| + | network 192.168.100.0 255.255.255.0 | ||
| + | default-router 192.168.100.3 | ||
| + | dns-server 172.16.4.77 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | crypto pki trustpoint TP-self-signed-1708353664 | ||
| + | enrollment selfsigned | ||
| + | subject-name cn=IOS-Self-Signed-Certificate-1708353664 | ||
| + | revocation-check none | ||
| + | rsakeypair TP-self-signed-1708353664 | ||
| + | ! | ||
| + | ! | ||
| + | crypto pki certificate chain TP-self-signed-1708353664 | ||
| + | certificate self-signed 01 | ||
| + | 30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030 | ||
| + | 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 | ||
| + | 69666963 6174652D 31373038 33353336 3634301E 170D3933 30333031 30303031 | ||
| + | 30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 | ||
| + | 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303833 | ||
| + | 35333636 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 | ||
| + | 8100BB1C 4EB2426C 154FE1EC A921C666 B8A7B001 5B32CC4A 5AEFDF28 AD1163EC | ||
| + | 99A0BD35 C035EB94 6EB3E5EF F8EF6F79 72E2C2E0 DEC9E587 5AFE353F 5A3100F2 | ||
| + | 890BD9EA D189A010 1B352DF0 03F477A7 A23ACFAF D6743C5E 08FCBE6D 44EF3E4D | ||
| + | 04BFEA58 573F5ECC 6F3509D8 6B603D74 296FE485 7EDD39D8 318DD050 D2A871E8 | ||
| + | 68110203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603 | ||
| + | 551D1104 12301082 0E446973 74726962 7574696F 6E322E30 1F060355 1D230418 | ||
| + | 30168014 DB7110DA F3D5436A 80BA951B F015E53C 446E2C32 301D0603 551D0E04 | ||
| + | 160414DB 7110DAF3 D5436A80 BA951BF0 15E53C44 6E2C3230 0D06092A 864886F7 | ||
| + | 0D010104 05000381 81000A06 CB3DB008 64B56E19 2DAD6A83 22B538B5 1CD5B0D7 | ||
| + | DE7D83B9 5F64337C 0F42ED1B 3B2075C2 6A3F2A36 DE873A8F FA5546A1 EAED43DB | ||
| + | 4F7B9186 A71BA26B 8689FB18 B5E923D7 649548EE 79EB2E9B 41D542C5 2C6C18FC | ||
| + | D9BF10E8 E66065A0 1D67F658 B837D2D8 8A5E218F E89A1D62 85029DB0 8CB27D76 | ||
| + | EC50335C 9F70886C 32DF | ||
| + | quit | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | spanning-tree mode mst | ||
| + | spanning-tree extend system-id | ||
| + | ! | ||
| + | spanning-tree mst configuration | ||
| + | name REGION1 | ||
| + | revision 1 | ||
| + | instance 1 vlan 1-2 | ||
| + | instance 2 vlan 3, 100 | ||
| + | ! | ||
| + | spanning-tree mst 1 priority 28672 | ||
| + | spanning-tree mst 2 priority 24576 | ||
| + | ! | ||
| + | vlan internal allocation policy ascending | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | interface Port-channel4 | ||
| + | no switchport | ||
| + | ip address 10.0.0.6 255.255.255.252 | ||
| + | ! | ||
| + | interface Port-channel6 | ||
| + | no switchport | ||
| + | ip address 10.0.0.50 255.255.255.252 | ||
| + | ! | ||
| + | interface FastEthernet0/1 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 6 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/2 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 6 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/3 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 4 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/4 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 4 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/5 | ||
| + | switchport trunk encapsulation dot1q | ||
| + | switchport mode trunk | ||
| + | ! | ||
| + | interface FastEthernet0/6 | ||
| + | switchport trunk encapsulation dot1q | ||
| + | switchport mode trunk | ||
| + | spanning-tree mst pre-standard | ||
| + | ! | ||
| + | interface FastEthernet0/7 | ||
| + | switchport trunk encapsulation dot1q | ||
| + | switchport mode trunk | ||
| + | spanning-tree mst pre-standard | ||
| + | ! | ||
| + | interface FastEthernet0/8 | ||
| + | switchport trunk encapsulation dot1q | ||
| + | switchport mode trunk | ||
| + | spanning-tree mst pre-standard | ||
| + | ! | ||
| + | interface FastEthernet0/9 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/10 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/11 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/12 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/13 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/14 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/15 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/16 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/17 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/18 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/19 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/20 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/21 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/22 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/23 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface FastEthernet0/24 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface GigabitEthernet0/1 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface GigabitEthernet0/2 | ||
| + | switchport mode dynamic desirable | ||
| + | ! | ||
| + | interface Vlan1 | ||
| + | ip address 192.168.1.1 255.255.255.0 | ||
| + | standby 1 ip 192.168.1.3 | ||
| + | standby 1 timers msec 150 msec 500 | ||
| + | standby 1 priority 150 | ||
| + | standby 1 preempt | ||
| + | ! | ||
| + | interface Vlan2 | ||
| + | ip address 192.168.2.1 255.255.255.0 | ||
| + | standby 2 ip 192.168.2.3 | ||
| + | standby 2 timers msec 150 msec 500 | ||
| + | standby 2 priority 150 | ||
| + | standby 2 preempt | ||
| + | ! | ||
| + | interface Vlan3 | ||
| + | ip address 192.168.3.1 255.255.255.0 | ||
| + | standby 3 ip 192.168.3.3 | ||
| + | standby 3 timers msec 150 msec 500 | ||
| + | standby 3 priority 200 | ||
| + | standby 3 preempt | ||
| + | ! | ||
| + | interface Vlan100 | ||
| + | ip address 192.168.100.1 255.255.255.0 | ||
| + | standby 100 ip 192.168.100.3 | ||
| + | standby 100 timers msec 150 msec 500 | ||
| + | standby 100 priority 200 | ||
| + | standby 100 preempt | ||
| + | ! | ||
| + | router ospf 10 | ||
| + | log-adjacency-changes | ||
| + | network 10.0.0.4 0.0.0.3 area 10 | ||
| + | network 10.0.0.48 0.0.0.3 area 10 | ||
| + | network 192.168.1.0 0.0.0.255 area 10 | ||
| + | network 192.168.2.0 0.0.0.255 area 10 | ||
| + | network 192.168.3.0 0.0.0.255 area 10 | ||
| + | network 192.168.100.0 0.0.0.255 area 10 | ||
| + | ! | ||
| + | ip classless | ||
| + | ip http server | ||
| + | ip http secure-server | ||
| + | ! | ||
| + | ! | ||
| + | ip access-list extended EXTERN | ||
| + | permit ip 192.168.0.0 0.0.255.255 any | ||
| + | permit ip 10.0.0.0 0.255.255.255 any | ||
| + | ip access-list extended INTERN | ||
| + | permit ip any 10.0.0.0 0.255.255.255 | ||
| + | permit ip any 192.168.0.0 0.0.255.255 | ||
| + | deny ip any any | ||
| + | ! | ||
| + | route-map tester permit 10 | ||
| + | ! | ||
| + | route-map INTERNET permit 10 | ||
| + | match ip address INTERN | ||
| + | ! | ||
| + | route-map INTERNET permit 20 | ||
| + | match ip address EXTERN | ||
| + | set ip next-hop 10.0.0.10 | ||
| + | ! | ||
| + | ! | ||
| + | control-plane | ||
| + | ! | ||
| + | ! | ||
| + | line con 0 | ||
| + | line vty 0 4 | ||
| + | exec-timeout 0 0 | ||
| + | password cisco | ||
| + | logging synchronous | ||
| + | login | ||
| + | line vty 5 15 | ||
| + | exec-timeout 0 0 | ||
| + | password cisco | ||
| + | logging synchronous | ||
| + | login | ||
| + | ! | ||
| + | end | ||
</pre> | </pre> | ||
Revision as of 15:01, 14 December 2009
Contents
Access Layer
Lokale 1
Building configuration... Current configuration : 4993 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lokale1 ! enable secret 5 $1$uw0B$hEkCpsrPMRzcE5hX5UGo90 enable password cisco ! ip subnet-zero ! ip dhcp snooping vlan 1 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! spanning-tree mode mst spanning-tree portfast bpduguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! ! ! ! ! interface FastEthernet0/1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/3 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/4 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/5 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/6 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/7 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/8 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/9 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/10 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/11 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/12 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/13 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/14 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/15 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/16 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/17 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/18 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/19 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/20 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/21 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/22 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/23 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 100 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan100 ip address 192.168.100.11 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end
Lokale 2
Building configuration... Current configuration : 5556 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lokale2 ! enable secret 5 $1$2P6t$ucjfqPwCMeUBxZyTLav3i. enable password cisco ! ip subnet-zero ! ip dhcp snooping vlan 1 100 ip dhcp snooping ip ssh time-out 120 ip ssh authentication-retries 3 ! ! spanning-tree mode mst spanning-tree portfast bpduguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! ! ! ! ! interface FastEthernet0/1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 100 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan100 ip address 192.168.100.12 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end
Lokale 3
Building configuration... Current configuration : 4981 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lokale3 ! enable secret 5 $1$LOyI$LS5WuzEu24t1OzAwUJP6/. enable password cisco ! ip subnet-zero ! ip dhcp snooping vlan 1 100 ip dhcp snooping ip ssh time-out 120 ip ssh authentication-retries 3 ! ! spanning-tree mode mst spanning-tree portfast bpduguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! ! ! ! ! interface FastEthernet0/1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/3 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/4 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/5 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/6 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/7 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/8 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/9 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/10 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/11 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/12 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/13 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/14 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/15 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/16 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/17 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/18 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/19 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/20 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/21 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/22 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/23 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/24 description Management vlan 100 switchport access vlan 100 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan100 ip address 192.168.100.13 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end
Lokale 4
Lokale 5
Lokale 6
Distribution Layer
Distribution 1
Distribution 2
Building configuration... Current configuration : 6251 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Distribution2 ! enable secret 5 $1$pEkP$V/sE.K6gTww6uBWPNRK060 enable password cisco ! no aaa new-model ip subnet-zero ip routing ip dhcp excluded-address 192.168.3.1 192.168.3.20 ip dhcp excluded-address 192.168.100.1 192.168.100.20 ! ip dhcp pool Lokale3 network 192.168.3.0 255.255.255.0 default-router 192.168.3.3 dns-server 172.16.4.77 ! ip dhcp pool Management network 192.168.100.0 255.255.255.0 default-router 192.168.100.3 dns-server 172.16.4.77 ! ! ! crypto pki trustpoint TP-self-signed-1708353664 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1708353664 revocation-check none rsakeypair TP-self-signed-1708353664 ! ! crypto pki certificate chain TP-self-signed-1708353664 certificate self-signed 01 30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31373038 33353336 3634301E 170D3933 30333031 30303031 30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303833 35333636 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BB1C 4EB2426C 154FE1EC A921C666 B8A7B001 5B32CC4A 5AEFDF28 AD1163EC 99A0BD35 C035EB94 6EB3E5EF F8EF6F79 72E2C2E0 DEC9E587 5AFE353F 5A3100F2 890BD9EA D189A010 1B352DF0 03F477A7 A23ACFAF D6743C5E 08FCBE6D 44EF3E4D 04BFEA58 573F5ECC 6F3509D8 6B603D74 296FE485 7EDD39D8 318DD050 D2A871E8 68110203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603 551D1104 12301082 0E446973 74726962 7574696F 6E322E30 1F060355 1D230418 30168014 DB7110DA F3D5436A 80BA951B F015E53C 446E2C32 301D0603 551D0E04 160414DB 7110DAF3 D5436A80 BA951BF0 15E53C44 6E2C3230 0D06092A 864886F7 0D010104 05000381 81000A06 CB3DB008 64B56E19 2DAD6A83 22B538B5 1CD5B0D7 DE7D83B9 5F64337C 0F42ED1B 3B2075C2 6A3F2A36 DE873A8F FA5546A1 EAED43DB 4F7B9186 A71BA26B 8689FB18 B5E923D7 649548EE 79EB2E9B 41D542C5 2C6C18FC D9BF10E8 E66065A0 1D67F658 B837D2D8 8A5E218F E89A1D62 85029DB0 8CB27D76 EC50335C 9F70886C 32DF quit ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! spanning-tree mst 1 priority 28672 spanning-tree mst 2 priority 24576 ! vlan internal allocation policy ascending ! ! ! ! ! ! interface Port-channel4 no switchport ip address 10.0.0.6 255.255.255.252 ! interface Port-channel6 no switchport ip address 10.0.0.50 255.255.255.252 ! interface FastEthernet0/1 no switchport no ip address channel-group 6 mode on ! interface FastEthernet0/2 no switchport no ip address channel-group 6 mode on ! interface FastEthernet0/3 no switchport no ip address channel-group 4 mode on ! interface FastEthernet0/4 no switchport no ip address channel-group 4 mode on ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/9 switchport mode dynamic desirable ! interface FastEthernet0/10 switchport mode dynamic desirable ! interface FastEthernet0/11 switchport mode dynamic desirable ! interface FastEthernet0/12 switchport mode dynamic desirable ! interface FastEthernet0/13 switchport mode dynamic desirable ! interface FastEthernet0/14 switchport mode dynamic desirable ! interface FastEthernet0/15 switchport mode dynamic desirable ! interface FastEthernet0/16 switchport mode dynamic desirable ! interface FastEthernet0/17 switchport mode dynamic desirable ! interface FastEthernet0/18 switchport mode dynamic desirable ! interface FastEthernet0/19 switchport mode dynamic desirable ! interface FastEthernet0/20 switchport mode dynamic desirable ! interface FastEthernet0/21 switchport mode dynamic desirable ! interface FastEthernet0/22 switchport mode dynamic desirable ! interface FastEthernet0/23 switchport mode dynamic desirable ! interface FastEthernet0/24 switchport mode dynamic desirable ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 standby 1 ip 192.168.1.3 standby 1 timers msec 150 msec 500 standby 1 priority 150 standby 1 preempt ! interface Vlan2 ip address 192.168.2.1 255.255.255.0 standby 2 ip 192.168.2.3 standby 2 timers msec 150 msec 500 standby 2 priority 150 standby 2 preempt ! interface Vlan3 ip address 192.168.3.1 255.255.255.0 standby 3 ip 192.168.3.3 standby 3 timers msec 150 msec 500 standby 3 priority 200 standby 3 preempt ! interface Vlan100 ip address 192.168.100.1 255.255.255.0 standby 100 ip 192.168.100.3 standby 100 timers msec 150 msec 500 standby 100 priority 200 standby 100 preempt ! router ospf 10 log-adjacency-changes network 10.0.0.4 0.0.0.3 area 10 network 10.0.0.48 0.0.0.3 area 10 network 192.168.1.0 0.0.0.255 area 10 network 192.168.2.0 0.0.0.255 area 10 network 192.168.3.0 0.0.0.255 area 10 network 192.168.100.0 0.0.0.255 area 10 ! ip classless ip http server ip http secure-server ! ! ip access-list extended EXTERN permit ip 192.168.0.0 0.0.255.255 any permit ip 10.0.0.0 0.255.255.255 any ip access-list extended INTERN permit ip any 10.0.0.0 0.255.255.255 permit ip any 192.168.0.0 0.0.255.255 deny ip any any ! route-map tester permit 10 ! route-map INTERNET permit 10 match ip address INTERN ! route-map INTERNET permit 20 match ip address EXTERN set ip next-hop 10.0.0.10 ! ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! end
Distribution 3
Distribution 4
Core Layer
Core 1
Core 2
Gateways
Gateway 1
Building configuration... Current configuration : 2317 bytes ! ! Last configuration change at 09:09:32 UTC Mon Dec 14 2009 ! NVRAM config last updated at 13:00:01 UTC Fri Dec 11 2009 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$SVTy$kFFE8ZQHYNjdhokEH84Gn0 enable password cisco ! no aaa new-model ! resource policy ! ip cef ! ! ! ! no ip domain lookup ip host dist3 10.0.0.26 ip host dist2 10.0.0.50 ip host core1 10.0.0.1 ip host core2 10.0.0.29 ip host dist1 10.0.0.2 ip host ac3 192.168.100.13 ip host ac2 192.168.100.12 ip host dist4 10.0.0.38 ip host ac6 192.168.101.16 ip host ac5 192.168.101.15 ip host ac4 192.168.101.14 ip host gw1 10.0.0.10 ip host gw2 10.0.0.18 ip host ac1 192.168.100.11 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.254.0.1 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.0.10 255.255.255.252 ip nat inside ip virtual-reassembly speed auto full-duplex no mop enabled ! interface FastEthernet0/1 ip address 10.0.0.30 255.255.255.252 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1/0 switchport access vlan 20 ! interface FastEthernet0/1/1 shutdown ! interface FastEthernet0/1/2 shutdown ! interface FastEthernet0/1/3 shutdown ! interface Serial0/2/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Vlan1 no ip address shutdown ! interface Vlan20 ip address dhcp ip nat outside ip virtual-reassembly ! router ospf 1 log-adjacency-changes network 10.0.0.8 0.0.0.3 area 30 network 10.0.0.28 0.0.0.3 area 30 default-information originate ! ip route 0.0.0.0 0.0.0.0 dhcp ! ! ip http server no ip http secure-server ip nat inside source list Internet interface Vlan20 overload ip nat inside source static tcp 10.254.0.1 23 interface Vlan20 23 ! ip access-list extended Internet permit ip 10.0.0.0 0.0.0.255 any permit ip 192.168.0.0 0.7.255.255 any permit ip 192.168.100.0 0.0.0.255 any permit ip 192.168.101.0 0.0.0.255 any ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login line vty 5 15 exec-timeout 0 0 password cisco login ! scheduler allocate 20000 1000 end Gateway1#
Gateway 2
Building configuration... Current configuration : 2228 bytes ! ! No configuration change since last restart ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$vuPD$gxv5UIIr85nInRV.U0A4y/ enable password cisco ! no aaa new-model ! resource policy ! ip cef ! ! ! ! ip host ac4 192.168.101.14 ip host gw1 10.0.0.10 ip host gw2 10.0.0.18 ip host core1 10.0.0.1 ip host core2 10.0.0.29 ip host dist1 10.0.0.2 ip host dist2 10.0.0.50 ip host dist3 10.0.0.26 ip host dist4 10.0.0.38 ip host ac1 192.168.100.11 ip host ac2 192.168.100.12 ip host ac3 192.168.100.13 ip host ac5 192.168.101.15 ip host ac6 192.168.101.16 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.254.0.2 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.0.34 255.255.255.252 ip nat inside ip virtual-reassembly duplex auto speed auto no mop enabled ! interface FastEthernet0/1 ip address 10.0.0.18 255.255.255.252 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/3/0 switchport access vlan 10 ! interface FastEthernet0/3/1 shutdown ! interface FastEthernet0/3/2 shutdown ! interface FastEthernet0/3/3 shutdown ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address dhcp ip nat outside ip virtual-reassembly ! router ospf 1 log-adjacency-changes network 10.0.0.16 0.0.0.3 area 30 network 10.0.0.32 0.0.0.3 area 30 default-information originate ! ip route 0.0.0.0 0.0.0.0 192.168.138.1 ! ! ip http server no ip http secure-server ip nat inside source list Internet interface Vlan10 overload ip nat inside source static tcp 10.254.0.2 23 interface Vlan10 23 ! ip access-list extended Internet permit ip 10.0.0.0 0.0.0.255 any permit ip 192.168.0.0 0.7.255.255 any permit ip 192.168.100.0 0.0.0.255 any permit ip 192.168.101.0 0.0.0.255 any ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end Gateway2#