Difference between revisions of "Datacenter CCNP 3 - december 2009"
From Teknologisk videncenter
(→Distribution 1) |
(→Core 2) |
||
| Line 1,252: | Line 1,252: | ||
== Core 2 == | == Core 2 == | ||
<pre> | <pre> | ||
| + | |||
| + | Building configuration... | ||
| + | |||
| + | Current configuration : 3574 bytes | ||
| + | ! | ||
| + | version 12.2 | ||
| + | no service pad | ||
| + | service timestamps debug uptime | ||
| + | service timestamps log uptime | ||
| + | no service password-encryption | ||
| + | ! | ||
| + | hostname Core2 | ||
| + | ! | ||
| + | enable secret 5 $1$8LPE$BNGBYpQDx1Jey86SO5.zu. | ||
| + | enable password cisco | ||
| + | ! | ||
| + | no aaa new-model | ||
| + | ip subnet-zero | ||
| + | ip routing | ||
| + | ip host dist1 10.0.0.2 | ||
| + | ip host core1 10.0.0.1 | ||
| + | ip host gw1 10.0.0.10 | ||
| + | ip host ac6 192.168.101.16 | ||
| + | ip host ac5 192.168.101.15 | ||
| + | ip host ac4 192.168.101.14 | ||
| + | ip host ac3 192.168.100.13 | ||
| + | ip host ac2 192.168.100.12 | ||
| + | ip host ac1 192.168.100.11 | ||
| + | ip host dist4 10.0.0.38 | ||
| + | ip host dist3 10.0.0.26 | ||
| + | ip host dist2 10.0.0.50 | ||
| + | ip host core2 10.0.0.29 | ||
| + | ip host gw2 10.0.0.18 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | no file verify auto | ||
| + | spanning-tree mode pvst | ||
| + | spanning-tree extend system-id | ||
| + | ! | ||
| + | vlan internal allocation policy ascending | ||
| + | ! | ||
| + | ! | ||
| + | interface Port-channel1 | ||
| + | no switchport | ||
| + | ip address 10.0.0.14 255.255.255.252 | ||
| + | ! | ||
| + | interface Port-channel2 | ||
| + | no switchport | ||
| + | ip address 10.0.0.41 255.255.255.252 | ||
| + | ip policy route-map internet | ||
| + | ! | ||
| + | interface Port-channel5 | ||
| + | no switchport | ||
| + | ip address 10.0.0.45 255.255.255.252 | ||
| + | ip policy route-map internet | ||
| + | ! | ||
| + | interface Port-channel6 | ||
| + | no switchport | ||
| + | ip address 10.0.0.49 255.255.255.252 | ||
| + | ip policy route-map internet | ||
| + | ! | ||
| + | interface Port-channel9 | ||
| + | no switchport | ||
| + | ip address 10.0.0.37 255.255.255.252 | ||
| + | ip policy route-map internet | ||
| + | ! | ||
| + | interface FastEthernet0/1 | ||
| + | no switchport | ||
| + | ip address 10.0.0.29 255.255.255.252 | ||
| + | ! | ||
| + | interface FastEthernet0/2 | ||
| + | no switchport | ||
| + | ip address 10.0.0.33 255.255.255.252 | ||
| + | ! | ||
| + | interface FastEthernet0/3 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 9 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/4 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 9 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/5 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 2 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/6 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 2 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/7 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 1 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/8 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 1 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/9 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 5 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/10 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 5 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/11 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 6 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/12 | ||
| + | no switchport | ||
| + | no ip address | ||
| + | channel-group 6 mode on | ||
| + | ! | ||
| + | interface FastEthernet0/13 | ||
| + | ! | ||
| + | interface FastEthernet0/14 | ||
| + | ! | ||
| + | interface FastEthernet0/15 | ||
| + | ! | ||
| + | interface FastEthernet0/16 | ||
| + | ! | ||
| + | interface FastEthernet0/17 | ||
| + | ! | ||
| + | interface FastEthernet0/18 | ||
| + | ! | ||
| + | interface FastEthernet0/19 | ||
| + | ! | ||
| + | interface FastEthernet0/20 | ||
| + | ! | ||
| + | interface FastEthernet0/21 | ||
| + | ! | ||
| + | interface FastEthernet0/22 | ||
| + | ! | ||
| + | interface FastEthernet0/23 | ||
| + | ! | ||
| + | interface FastEthernet0/24 | ||
| + | ! | ||
| + | interface GigabitEthernet0/1 | ||
| + | ! | ||
| + | interface GigabitEthernet0/2 | ||
| + | ! | ||
| + | interface Vlan1 | ||
| + | no ip address | ||
| + | ! | ||
| + | router ospf 1 | ||
| + | log-adjacency-changes | ||
| + | network 10.0.0.12 0.0.0.3 area 0 | ||
| + | network 10.0.0.28 0.0.0.3 area 30 | ||
| + | network 10.0.0.32 0.0.0.3 area 30 | ||
| + | network 10.0.0.36 0.0.0.3 area 20 | ||
| + | network 10.0.0.40 0.0.0.3 area 20 | ||
| + | network 10.0.0.44 0.0.0.3 area 10 | ||
| + | network 10.0.0.48 0.0.0.3 area 10 | ||
| + | ! | ||
| + | ip classless | ||
| + | ip http server | ||
| + | ! | ||
| + | ! | ||
| + | ip access-list extended test | ||
| + | deny ip 192.168.3.0 0.0.0.255 10.0.0.0 0.0.0.255 | ||
| + | deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 | ||
| + | permit ip 192.168.3.0 0.0.0.255 any | ||
| + | ! | ||
| + | ! | ||
| + | ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 | ||
| + | route-map internet permit 5 | ||
| + | match ip address test | ||
| + | set ip next-hop 10.0.0.30 | ||
| + | ! | ||
| + | route-map internet permit 10 | ||
| + | match ip address prefix-list DEFAULT | ||
| + | set ip next-hop 10.0.0.34 | ||
| + | ! | ||
| + | ! | ||
| + | control-plane | ||
| + | ! | ||
| + | ! | ||
| + | line con 0 | ||
| + | line vty 0 4 | ||
| + | exec-timeout 0 0 | ||
| + | password cisco | ||
| + | logging synchronous | ||
| + | login | ||
| + | line vty 5 15 | ||
| + | exec-timeout 0 0 | ||
| + | password cisco | ||
| + | login | ||
| + | ! | ||
| + | ! | ||
| + | end | ||
| + | |||
| + | Core2# | ||
| + | |||
</pre> | </pre> | ||
Revision as of 15:04, 14 December 2009
Contents
Access Layer
Lokale 1
Building configuration... Current configuration : 4993 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lokale1 ! enable secret 5 $1$uw0B$hEkCpsrPMRzcE5hX5UGo90 enable password cisco ! ip subnet-zero ! ip dhcp snooping vlan 1 100 ip ssh time-out 120 ip ssh authentication-retries 3 ! ! spanning-tree mode mst spanning-tree portfast bpduguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! ! ! ! ! interface FastEthernet0/1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/3 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/4 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/5 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/6 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/7 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/8 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/9 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/10 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/11 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/12 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/13 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/14 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/15 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/16 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/17 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/18 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/19 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/20 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/21 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/22 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/23 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 100 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan100 ip address 192.168.100.11 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end
Lokale 2
Building configuration... Current configuration : 5556 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lokale2 ! enable secret 5 $1$2P6t$ucjfqPwCMeUBxZyTLav3i. enable password cisco ! ip subnet-zero ! ip dhcp snooping vlan 1 100 ip dhcp snooping ip ssh time-out 120 ip ssh authentication-retries 3 ! ! spanning-tree mode mst spanning-tree portfast bpduguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! ! ! ! ! interface FastEthernet0/1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 100 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan100 ip address 192.168.100.12 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end
Lokale 3
Building configuration... Current configuration : 4981 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lokale3 ! enable secret 5 $1$LOyI$LS5WuzEu24t1OzAwUJP6/. enable password cisco ! ip subnet-zero ! ip dhcp snooping vlan 1 100 ip dhcp snooping ip ssh time-out 120 ip ssh authentication-retries 3 ! ! spanning-tree mode mst spanning-tree portfast bpduguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! ! ! ! ! interface FastEthernet0/1 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/2 switchport mode trunk ip dhcp snooping trust ! interface FastEthernet0/3 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/4 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/5 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/6 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/7 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/8 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/9 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/10 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/11 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/12 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/13 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/14 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/15 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/16 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/17 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/18 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/19 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/20 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/21 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/22 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/23 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface FastEthernet0/24 description Management vlan 100 switchport access vlan 100 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security aging time 60 spanning-tree portfast ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan100 ip address 192.168.100.13 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end
Lokale 4
Lokale 5
Lokale 6
Distribution Layer
Distribution 1
Building configuration... Current configuration : 5273 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Distribution1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$6Cq4$2JJ2WoEIpkhErwkOkQFwb. enable password cisco ! no aaa new-model system mtu routing 1500 ip subnet-zero ip routing no ip domain-lookup no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.20 ip dhcp excluded-address 192.168.2.1 192.168.2.20 ! ip dhcp pool Lokale1 network 192.168.1.0 255.255.255.0 default-router 192.168.1.3 dns-server 172.16.4.77 ! ip dhcp pool Lokale2 network 192.168.2.0 255.255.255.0 default-router 192.168.2.3 dns-server 172.16.4.77 ! ! ! ! crypto pki trustpoint TP-self-signed-201700352 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-201700352 revocation-check none rsakeypair TP-self-signed-201700352 ! ! crypto pki certificate chain TP-self-signed-201700352 certificate self-signed 01 30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32303137 30303335 32301E17 0D393330 33303130 30303130 305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373030 33353230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 C037C167 F4C36547 30273FA3 A9F114E7 2987E23C 45C63C19 B728D92F 3F0F5D81 FA590DAD 5CB8A9F1 410A7775 BA4C8C46 99A375E7 BB4501AD 1E5EA063 BDD657C9 71B08A7F 480DBA2D A1FE403E F6DB281E ED66CB2E AF2AA97C 53B93EEB 50CF3745 327851B9 6D6AA1FE 985D9654 45B4F445 70729C77 93ECA5CE 3F7356F2 E256BC8B 02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D 11041230 10820E44 69737472 69627574 696F6E31 2E301F06 03551D23 04183016 8014C42D FB57C926 B42FA71E BE55D5D7 13A7D8B0 1821301D 0603551D 0E041604 14C42DFB 57C926B4 2FA71EBE 55D5D713 A7D8B018 21300D06 092A8648 86F70D01 01040500 03818100 4953F22D D2BD99DE 3BFE27EB 9501FB2C BDF39899 07C2932A 023F7F71 56190673 81803DB9 76DF3FAE 74A24B5F 9628BF08 3315D673 E5741E10 8255C041 BEC57E3E AAD42992 8B299643 8930DC2D 08A68953 068AEF34 B4BE4BE1 F5C8F31D 0A20310F 5C31A5B9 B69FAD5E EEC99907 1CD0CDBE EBBE9A00 6705E270 AC2F7077 AAFC0B48 quit ! ! ! ! ! ! spanning-tree mode mst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! spanning-tree mst 1 priority 24576 spanning-tree mst 2 priority 28672 ! vlan internal allocation policy ascending ! ! ! ! interface Port-channel5 no switchport ip address 10.0.0.46 255.255.255.252 ! interface Port-channel7 no switchport ip address 10.0.0.2 255.255.255.252 ! interface FastEthernet0/1 no switchport no ip address channel-group 7 mode on ! interface FastEthernet0/2 no switchport no ip address channel-group 7 mode on ! interface FastEthernet0/3 no switchport no ip address channel-group 5 mode on ! interface FastEthernet0/4 no switchport no ip address channel-group 5 mode on ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.1.2 255.255.255.0 standby 1 ip 192.168.1.3 standby 1 timers msec 150 msec 500 standby 1 priority 200 standby 1 preempt ! interface Vlan2 ip address 192.168.2.2 255.255.255.0 standby 1 timers msec 150 msec 500 standby 2 ip 192.168.2.3 standby 2 priority 200 standby 2 preempt ! interface Vlan3 ip address 192.168.3.2 255.255.255.0 standby 1 timers msec 150 msec 500 standby 3 ip 192.168.3.3 standby 3 priority 150 standby 3 preempt ! interface Vlan100 ip address 192.168.100.2 255.255.255.0 standby 1 timers msec 150 msec 500 standby 100 ip 192.168.100.3 standby 100 priority 150 standby 100 preempt ! router ospf 10 log-adjacency-changes network 10.0.0.0 0.0.0.3 area 10 network 10.0.0.44 0.0.0.3 area 10 network 192.168.1.0 0.0.0.255 area 10 network 192.168.2.0 0.0.0.255 area 10 network 192.168.3.0 0.0.0.255 area 10 network 192.168.100.0 0.0.0.255 area 10 ! ip classless ip http server ip http secure-server ! ! ! ! control-plane ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! end
Distribution 2
Building configuration... Current configuration : 6251 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Distribution2 ! enable secret 5 $1$pEkP$V/sE.K6gTww6uBWPNRK060 enable password cisco ! no aaa new-model ip subnet-zero ip routing ip dhcp excluded-address 192.168.3.1 192.168.3.20 ip dhcp excluded-address 192.168.100.1 192.168.100.20 ! ip dhcp pool Lokale3 network 192.168.3.0 255.255.255.0 default-router 192.168.3.3 dns-server 172.16.4.77 ! ip dhcp pool Management network 192.168.100.0 255.255.255.0 default-router 192.168.100.3 dns-server 172.16.4.77 ! ! ! crypto pki trustpoint TP-self-signed-1708353664 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1708353664 revocation-check none rsakeypair TP-self-signed-1708353664 ! ! crypto pki certificate chain TP-self-signed-1708353664 certificate self-signed 01 30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31373038 33353336 3634301E 170D3933 30333031 30303031 30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303833 35333636 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BB1C 4EB2426C 154FE1EC A921C666 B8A7B001 5B32CC4A 5AEFDF28 AD1163EC 99A0BD35 C035EB94 6EB3E5EF F8EF6F79 72E2C2E0 DEC9E587 5AFE353F 5A3100F2 890BD9EA D189A010 1B352DF0 03F477A7 A23ACFAF D6743C5E 08FCBE6D 44EF3E4D 04BFEA58 573F5ECC 6F3509D8 6B603D74 296FE485 7EDD39D8 318DD050 D2A871E8 68110203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603 551D1104 12301082 0E446973 74726962 7574696F 6E322E30 1F060355 1D230418 30168014 DB7110DA F3D5436A 80BA951B F015E53C 446E2C32 301D0603 551D0E04 160414DB 7110DAF3 D5436A80 BA951BF0 15E53C44 6E2C3230 0D06092A 864886F7 0D010104 05000381 81000A06 CB3DB008 64B56E19 2DAD6A83 22B538B5 1CD5B0D7 DE7D83B9 5F64337C 0F42ED1B 3B2075C2 6A3F2A36 DE873A8F FA5546A1 EAED43DB 4F7B9186 A71BA26B 8689FB18 B5E923D7 649548EE 79EB2E9B 41D542C5 2C6C18FC D9BF10E8 E66065A0 1D67F658 B837D2D8 8A5E218F E89A1D62 85029DB0 8CB27D76 EC50335C 9F70886C 32DF quit ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration name REGION1 revision 1 instance 1 vlan 1-2 instance 2 vlan 3, 100 ! spanning-tree mst 1 priority 28672 spanning-tree mst 2 priority 24576 ! vlan internal allocation policy ascending ! ! ! ! ! ! interface Port-channel4 no switchport ip address 10.0.0.6 255.255.255.252 ! interface Port-channel6 no switchport ip address 10.0.0.50 255.255.255.252 ! interface FastEthernet0/1 no switchport no ip address channel-group 6 mode on ! interface FastEthernet0/2 no switchport no ip address channel-group 6 mode on ! interface FastEthernet0/3 no switchport no ip address channel-group 4 mode on ! interface FastEthernet0/4 no switchport no ip address channel-group 4 mode on ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree mst pre-standard ! interface FastEthernet0/9 switchport mode dynamic desirable ! interface FastEthernet0/10 switchport mode dynamic desirable ! interface FastEthernet0/11 switchport mode dynamic desirable ! interface FastEthernet0/12 switchport mode dynamic desirable ! interface FastEthernet0/13 switchport mode dynamic desirable ! interface FastEthernet0/14 switchport mode dynamic desirable ! interface FastEthernet0/15 switchport mode dynamic desirable ! interface FastEthernet0/16 switchport mode dynamic desirable ! interface FastEthernet0/17 switchport mode dynamic desirable ! interface FastEthernet0/18 switchport mode dynamic desirable ! interface FastEthernet0/19 switchport mode dynamic desirable ! interface FastEthernet0/20 switchport mode dynamic desirable ! interface FastEthernet0/21 switchport mode dynamic desirable ! interface FastEthernet0/22 switchport mode dynamic desirable ! interface FastEthernet0/23 switchport mode dynamic desirable ! interface FastEthernet0/24 switchport mode dynamic desirable ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 standby 1 ip 192.168.1.3 standby 1 timers msec 150 msec 500 standby 1 priority 150 standby 1 preempt ! interface Vlan2 ip address 192.168.2.1 255.255.255.0 standby 2 ip 192.168.2.3 standby 2 timers msec 150 msec 500 standby 2 priority 150 standby 2 preempt ! interface Vlan3 ip address 192.168.3.1 255.255.255.0 standby 3 ip 192.168.3.3 standby 3 timers msec 150 msec 500 standby 3 priority 200 standby 3 preempt ! interface Vlan100 ip address 192.168.100.1 255.255.255.0 standby 100 ip 192.168.100.3 standby 100 timers msec 150 msec 500 standby 100 priority 200 standby 100 preempt ! router ospf 10 log-adjacency-changes network 10.0.0.4 0.0.0.3 area 10 network 10.0.0.48 0.0.0.3 area 10 network 192.168.1.0 0.0.0.255 area 10 network 192.168.2.0 0.0.0.255 area 10 network 192.168.3.0 0.0.0.255 area 10 network 192.168.100.0 0.0.0.255 area 10 ! ip classless ip http server ip http secure-server ! ! ip access-list extended EXTERN permit ip 192.168.0.0 0.0.255.255 any permit ip 10.0.0.0 0.255.255.255 any ip access-list extended INTERN permit ip any 10.0.0.0 0.255.255.255 permit ip any 192.168.0.0 0.0.255.255 deny ip any any ! route-map tester permit 10 ! route-map INTERNET permit 10 match ip address INTERN ! route-map INTERNET permit 20 match ip address EXTERN set ip next-hop 10.0.0.10 ! ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! end
Distribution 3
Distribution 4
Core Layer
Core 1
Core 2
Building configuration... Current configuration : 3574 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Core2 ! enable secret 5 $1$8LPE$BNGBYpQDx1Jey86SO5.zu. enable password cisco ! no aaa new-model ip subnet-zero ip routing ip host dist1 10.0.0.2 ip host core1 10.0.0.1 ip host gw1 10.0.0.10 ip host ac6 192.168.101.16 ip host ac5 192.168.101.15 ip host ac4 192.168.101.14 ip host ac3 192.168.100.13 ip host ac2 192.168.100.12 ip host ac1 192.168.100.11 ip host dist4 10.0.0.38 ip host dist3 10.0.0.26 ip host dist2 10.0.0.50 ip host core2 10.0.0.29 ip host gw2 10.0.0.18 ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface Port-channel1 no switchport ip address 10.0.0.14 255.255.255.252 ! interface Port-channel2 no switchport ip address 10.0.0.41 255.255.255.252 ip policy route-map internet ! interface Port-channel5 no switchport ip address 10.0.0.45 255.255.255.252 ip policy route-map internet ! interface Port-channel6 no switchport ip address 10.0.0.49 255.255.255.252 ip policy route-map internet ! interface Port-channel9 no switchport ip address 10.0.0.37 255.255.255.252 ip policy route-map internet ! interface FastEthernet0/1 no switchport ip address 10.0.0.29 255.255.255.252 ! interface FastEthernet0/2 no switchport ip address 10.0.0.33 255.255.255.252 ! interface FastEthernet0/3 no switchport no ip address channel-group 9 mode on ! interface FastEthernet0/4 no switchport no ip address channel-group 9 mode on ! interface FastEthernet0/5 no switchport no ip address channel-group 2 mode on ! interface FastEthernet0/6 no switchport no ip address channel-group 2 mode on ! interface FastEthernet0/7 no switchport no ip address channel-group 1 mode on ! interface FastEthernet0/8 no switchport no ip address channel-group 1 mode on ! interface FastEthernet0/9 no switchport no ip address channel-group 5 mode on ! interface FastEthernet0/10 no switchport no ip address channel-group 5 mode on ! interface FastEthernet0/11 no switchport no ip address channel-group 6 mode on ! interface FastEthernet0/12 no switchport no ip address channel-group 6 mode on ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address ! router ospf 1 log-adjacency-changes network 10.0.0.12 0.0.0.3 area 0 network 10.0.0.28 0.0.0.3 area 30 network 10.0.0.32 0.0.0.3 area 30 network 10.0.0.36 0.0.0.3 area 20 network 10.0.0.40 0.0.0.3 area 20 network 10.0.0.44 0.0.0.3 area 10 network 10.0.0.48 0.0.0.3 area 10 ! ip classless ip http server ! ! ip access-list extended test deny ip 192.168.3.0 0.0.0.255 10.0.0.0 0.0.0.255 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip 192.168.3.0 0.0.0.255 any ! ! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 route-map internet permit 5 match ip address test set ip next-hop 10.0.0.30 ! route-map internet permit 10 match ip address prefix-list DEFAULT set ip next-hop 10.0.0.34 ! ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco login ! ! end Core2#
Gateways
Gateway 1
Building configuration... Current configuration : 2317 bytes ! ! Last configuration change at 09:09:32 UTC Mon Dec 14 2009 ! NVRAM config last updated at 13:00:01 UTC Fri Dec 11 2009 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$SVTy$kFFE8ZQHYNjdhokEH84Gn0 enable password cisco ! no aaa new-model ! resource policy ! ip cef ! ! ! ! no ip domain lookup ip host dist3 10.0.0.26 ip host dist2 10.0.0.50 ip host core1 10.0.0.1 ip host core2 10.0.0.29 ip host dist1 10.0.0.2 ip host ac3 192.168.100.13 ip host ac2 192.168.100.12 ip host dist4 10.0.0.38 ip host ac6 192.168.101.16 ip host ac5 192.168.101.15 ip host ac4 192.168.101.14 ip host gw1 10.0.0.10 ip host gw2 10.0.0.18 ip host ac1 192.168.100.11 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.254.0.1 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.0.10 255.255.255.252 ip nat inside ip virtual-reassembly speed auto full-duplex no mop enabled ! interface FastEthernet0/1 ip address 10.0.0.30 255.255.255.252 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1/0 switchport access vlan 20 ! interface FastEthernet0/1/1 shutdown ! interface FastEthernet0/1/2 shutdown ! interface FastEthernet0/1/3 shutdown ! interface Serial0/2/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Vlan1 no ip address shutdown ! interface Vlan20 ip address dhcp ip nat outside ip virtual-reassembly ! router ospf 1 log-adjacency-changes network 10.0.0.8 0.0.0.3 area 30 network 10.0.0.28 0.0.0.3 area 30 default-information originate ! ip route 0.0.0.0 0.0.0.0 dhcp ! ! ip http server no ip http secure-server ip nat inside source list Internet interface Vlan20 overload ip nat inside source static tcp 10.254.0.1 23 interface Vlan20 23 ! ip access-list extended Internet permit ip 10.0.0.0 0.0.0.255 any permit ip 192.168.0.0 0.7.255.255 any permit ip 192.168.100.0 0.0.0.255 any permit ip 192.168.101.0 0.0.0.255 any ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login line vty 5 15 exec-timeout 0 0 password cisco login ! scheduler allocate 20000 1000 end Gateway1#
Gateway 2
Building configuration... Current configuration : 2228 bytes ! ! No configuration change since last restart ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$vuPD$gxv5UIIr85nInRV.U0A4y/ enable password cisco ! no aaa new-model ! resource policy ! ip cef ! ! ! ! ip host ac4 192.168.101.14 ip host gw1 10.0.0.10 ip host gw2 10.0.0.18 ip host core1 10.0.0.1 ip host core2 10.0.0.29 ip host dist1 10.0.0.2 ip host dist2 10.0.0.50 ip host dist3 10.0.0.26 ip host dist4 10.0.0.38 ip host ac1 192.168.100.11 ip host ac2 192.168.100.12 ip host ac3 192.168.100.13 ip host ac5 192.168.101.15 ip host ac6 192.168.101.16 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.254.0.2 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.0.34 255.255.255.252 ip nat inside ip virtual-reassembly duplex auto speed auto no mop enabled ! interface FastEthernet0/1 ip address 10.0.0.18 255.255.255.252 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/3/0 switchport access vlan 10 ! interface FastEthernet0/3/1 shutdown ! interface FastEthernet0/3/2 shutdown ! interface FastEthernet0/3/3 shutdown ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address dhcp ip nat outside ip virtual-reassembly ! router ospf 1 log-adjacency-changes network 10.0.0.16 0.0.0.3 area 30 network 10.0.0.32 0.0.0.3 area 30 default-information originate ! ip route 0.0.0.0 0.0.0.0 192.168.138.1 ! ! ip http server no ip http secure-server ip nat inside source list Internet interface Vlan10 overload ip nat inside source static tcp 10.254.0.2 23 interface Vlan10 23 ! ip access-list extended Internet permit ip 10.0.0.0 0.0.0.255 any permit ip 192.168.0.0 0.7.255.255 any permit ip 192.168.100.0 0.0.0.255 any permit ip 192.168.101.0 0.0.0.255 any ! ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end Gateway2#