Difference between revisions of "PengeBanken"
From Teknologisk videncenter
(→AAA01SWCO) |
|||
| Line 307: | Line 307: | ||
! | ! | ||
ntp clock-period 17179326 | ntp clock-period 17179326 | ||
| + | ntp server 172.16.255.10 | ||
| + | end | ||
| + | </pre> | ||
| + | |||
| + | ==AAA01RT== | ||
| + | <pre> | ||
| + | version 12.4 | ||
| + | service config | ||
| + | service timestamps debug datetime msec | ||
| + | service timestamps log datetime msec | ||
| + | no service password-encryption | ||
| + | ! | ||
| + | hostname AAA01RT | ||
| + | ! | ||
| + | boot-start-marker | ||
| + | boot-end-marker | ||
| + | ! | ||
| + | enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0 | ||
| + | ! | ||
| + | aaa new-model | ||
| + | ! | ||
| + | ! | ||
| + | aaa authentication login default group radius local | ||
| + | aaa authorization exec default group radius local | ||
| + | ! | ||
| + | aaa session-id common | ||
| + | ! | ||
| + | resource policy | ||
| + | ! | ||
| + | ip cef | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ip domain name pengebanken.dk | ||
| + | ip name-server 172.16.241.11 | ||
| + | ip ssh version 2 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | voice-card 0 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9. | ||
| + | ! | ||
| + | ! | ||
| + | class-map match-any MissionCritical-Trust | ||
| + | match ip dscp af31 | ||
| + | class-map match-any VoIP-RTP-Trust | ||
| + | match ip dscp ef | ||
| + | class-map match-any VoIP-Control-Trust | ||
| + | match ip dscp cs3 | ||
| + | class-map match-any Management-Trust | ||
| + | match ip dscp cs2 | ||
| + | ! | ||
| + | ! | ||
| + | policy-map PbPolicy | ||
| + | class VoIP-RTP-Trust | ||
| + | priority percent 25 | ||
| + | class VoIP-Control-Trust | ||
| + | bandwidth percent 5 | ||
| + | class MissionCritical-Trust | ||
| + | bandwidth percent 40 | ||
| + | class Management-Trust | ||
| + | bandwidth percent 5 | ||
| + | class class-default | ||
| + | fair-queue | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | crypto isakmp policy 10 | ||
| + | encr aes 256 | ||
| + | authentication pre-share | ||
| + | group 5 | ||
| + | lifetime 1000 | ||
| + | crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1 | ||
| + | ! | ||
| + | ! | ||
| + | crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac | ||
| + | ! | ||
| + | crypto map PB_crypto_Map 10 ipsec-isakmp | ||
| + | set peer 10.1.1.1 | ||
| + | set transform-set PB-TransformSet | ||
| + | match address Tunnel1_til_Aarhus | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | interface Tunnel1 | ||
| + | description Til_Aarhus | ||
| + | ip address 172.16.254.6 255.255.255.252 | ||
| + | ip mtu 1420 | ||
| + | tunnel source FastEthernet0/0 | ||
| + | tunnel destination 10.1.1.1 | ||
| + | ! | ||
| + | interface FastEthernet0/0 | ||
| + | description Internet | ||
| + | ip address 10.1.1.3 255.255.255.0 | ||
| + | duplex auto | ||
| + | speed auto | ||
| + | crypto map PB_crypto_Map | ||
| + | ! | ||
| + | interface FastEthernet0/1 | ||
| + | description Til_AHA01SWCO | ||
| + | ip address 172.18.255.6 255.255.255.252 | ||
| + | ip ospf network point-to-point | ||
| + | ip ospf dead-interval minimal hello-multiplier 3 | ||
| + | duplex auto | ||
| + | speed auto | ||
| + | service-policy output PbPolicy | ||
| + | ! | ||
| + | interface Serial0/2/0 | ||
| + | no ip address | ||
| + | shutdown | ||
| + | no fair-queue | ||
| + | clock rate 125000 | ||
| + | ! | ||
| + | interface Serial0/2/1 | ||
| + | no ip address | ||
| + | shutdown | ||
| + | clock rate 125000 | ||
| + | ! | ||
| + | router ospf 1 | ||
| + | log-adjacency-changes | ||
| + | redistribute bgp 65003 metric 255 subnets | ||
| + | network 172.18.255.6 0.0.0.0 area 0 | ||
| + | default-information originate metric 255 | ||
| + | ! | ||
| + | router bgp 65003 | ||
| + | no synchronization | ||
| + | bgp log-neighbor-changes | ||
| + | redistribute static | ||
| + | redistribute ospf 1 match internal external 1 external 2 | ||
| + | neighbor 172.16.254.5 remote-as 65001 | ||
| + | neighbor 172.16.254.5 description AHA01FW | ||
| + | neighbor 172.16.254.5 route-map 65003-RMAP-IN in | ||
| + | neighbor 172.16.254.5 route-map 65003-RMAP-OUT out | ||
| + | default-information originate | ||
| + | no auto-summary | ||
| + | ! | ||
| + | ip route 10.1.1.1 255.255.255.255 FastEthernet0/0 | ||
| + | ! | ||
| + | ! | ||
| + | ip http server | ||
| + | no ip http secure-server | ||
| + | ! | ||
| + | ip access-list extended Tunnel1_til_Aarhus | ||
| + | permit gre host 10.1.1.3 host 10.1.1.1 | ||
| + | ! | ||
| + | ! | ||
| + | ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32 | ||
| + | ! | ||
| + | ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32 | ||
| + | ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 | ||
| + | ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 | ||
| + | ip radius source-interface FastEthernet0/1 | ||
| + | access-list 1 permit 172.16.241.17 | ||
| + | access-list 1 permit 172.16.7.0 0.0.0.255 | ||
| + | snmp-server community PengeBanken RO 1 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | route-map 65003-RMAP-IN permit 10 | ||
| + | match ip address prefix-list 65003-PRE-IN | ||
| + | ! | ||
| + | route-map 65003-RMAP-OUT permit 10 | ||
| + | match ip address prefix-list 65003-PLIST-OUT | ||
| + | set as-path prepend 65003 65003 65003 65003 65003 65003 65003 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken | ||
| + | ! | ||
| + | control-plane | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | line con 0 | ||
| + | line aux 0 | ||
| + | line vty 0 4 | ||
| + | length 0 | ||
| + | ! | ||
| + | scheduler allocate 20000 1000 | ||
ntp server 172.16.255.10 | ntp server 172.16.255.10 | ||
end | end | ||
</pre> | </pre> | ||
Revision as of 09:05, 14 September 2009
PengeBanken Konfig filer
AAA01SWCO
version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AAA01SWCO ! enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/ ! username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/ aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! ! ! aaa session-id common mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ip subnet-zero ip routing ip domain-name pengebanken.dk ip name-server 172.16.241.11 ! ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 2,8-11 priority 24576 ! vlan internal allocation policy ascending ! ip ssh version 2 ! ! ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/3 description AAFS01 switchport access vlan 8 switchport mode access mls qos trust cos spanning-tree portfast ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/15 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/18 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/20 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/21 description Til_AHA01RT no switchport ip address 172.18.255.5 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 mls qos trust cos spanning-tree portfast ! interface FastEthernet0/22 description Til_AAA01SWOP switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,8-11 switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/23 description Til_AAA01SWCO switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,8-11 switchport mode trunk mls qos trust cos ! interface FastEthernet0/24 description Til_TDC MPLS no switchport ip address 172.18.255.1 255.255.255.252 mls qos trust cos ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 ip address dhcp shutdown ! interface Vlan2 description Management ip address 192.168.2.2 255.255.255.0 standby 2 ip 192.168.2.1 standby 2 timers msec 200 msec 800 standby 2 priority 110 standby 2 preempt delay minimum 300 ! interface Vlan8 description Common_Services ip address 172.18.8.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 8 ip 172.18.8.1 standby 8 timers msec 200 msec 800 standby 8 priority 110 standby 8 preempt delay minimum 300 ! interface Vlan9 description Administration ip address 172.18.9.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 9 ip 172.18.9.1 standby 9 timers msec 200 msec 800 standby 9 priority 110 standby 9 preempt delay minimum 300 ! interface Vlan10 description BankRaadgiver ip address 172.18.10.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 10 ip 172.18.10.1 standby 10 timers msec 200 msec 800 standby 10 priority 110 standby 10 preempt delay minimum 300 ! interface Vlan11 description IP-Telefoni ip address 172.18.11.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 11 ip 172.18.11.1 standby 11 timers msec 200 msec 800 standby 11 priority 110 standby 11 preempt delay minimum 300 ! router ospf 1 log-adjacency-changes network 172.18.0.0 0.0.255.255 area 0 default-information originate ! router bgp 65003 no synchronization bgp log-neighbor-changes redistribute connected neighbor 172.18.255.2 remote-as 65000 neighbor 172.18.255.2 description TDC_MPLS neighbor 172.18.255.2 soft-reconfiguration inbound neighbor 172.18.255.2 route-map 65003-RMAP-IN in neighbor 172.18.255.2 route-map 65003-RMAP-OUT out no auto-summary ! ip classless ip http server ip http secure-server ! ip radius source-interface Vlan2 ! ! ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32 ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 access-list 1 permit 172.16.241.17 access-list 1 permit 172.16.7.0 0.0.0.255 route-map 65003-RMAP-IN permit 10 match ip address prefix-list 65003-PRE-IN ! route-map 65003-RMAP-OUT permit 10 match ip address prefix-list 65003-PRE-OUT ! snmp-server community PengeBanken RO 1 radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! line con 0 line vty 5 15 ! ntp clock-period 17179326 ntp server 172.16.255.10 end
AAA01RT
version 12.4 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AAA01RT ! boot-start-marker boot-end-marker ! enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0 ! aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! aaa session-id common ! resource policy ! ip cef ! ! ! ! ip domain name pengebanken.dk ip name-server 172.16.241.11 ip ssh version 2 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9. ! ! class-map match-any MissionCritical-Trust match ip dscp af31 class-map match-any VoIP-RTP-Trust match ip dscp ef class-map match-any VoIP-Control-Trust match ip dscp cs3 class-map match-any Management-Trust match ip dscp cs2 ! ! policy-map PbPolicy class VoIP-RTP-Trust priority percent 25 class VoIP-Control-Trust bandwidth percent 5 class MissionCritical-Trust bandwidth percent 40 class Management-Trust bandwidth percent 5 class class-default fair-queue ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1 ! ! crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac ! crypto map PB_crypto_Map 10 ipsec-isakmp set peer 10.1.1.1 set transform-set PB-TransformSet match address Tunnel1_til_Aarhus ! ! ! ! ! interface Tunnel1 description Til_Aarhus ip address 172.16.254.6 255.255.255.252 ip mtu 1420 tunnel source FastEthernet0/0 tunnel destination 10.1.1.1 ! interface FastEthernet0/0 description Internet ip address 10.1.1.3 255.255.255.0 duplex auto speed auto crypto map PB_crypto_Map ! interface FastEthernet0/1 description Til_AHA01SWCO ip address 172.18.255.6 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 duplex auto speed auto service-policy output PbPolicy ! interface Serial0/2/0 no ip address shutdown no fair-queue clock rate 125000 ! interface Serial0/2/1 no ip address shutdown clock rate 125000 ! router ospf 1 log-adjacency-changes redistribute bgp 65003 metric 255 subnets network 172.18.255.6 0.0.0.0 area 0 default-information originate metric 255 ! router bgp 65003 no synchronization bgp log-neighbor-changes redistribute static redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.254.5 remote-as 65001 neighbor 172.16.254.5 description AHA01FW neighbor 172.16.254.5 route-map 65003-RMAP-IN in neighbor 172.16.254.5 route-map 65003-RMAP-OUT out default-information originate no auto-summary ! ip route 10.1.1.1 255.255.255.255 FastEthernet0/0 ! ! ip http server no ip http secure-server ! ip access-list extended Tunnel1_til_Aarhus permit gre host 10.1.1.3 host 10.1.1.1 ! ! ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32 ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 ip radius source-interface FastEthernet0/1 access-list 1 permit 172.16.241.17 access-list 1 permit 172.16.7.0 0.0.0.255 snmp-server community PengeBanken RO 1 ! ! ! route-map 65003-RMAP-IN permit 10 match ip address prefix-list 65003-PRE-IN ! route-map 65003-RMAP-OUT permit 10 match ip address prefix-list 65003-PLIST-OUT set as-path prepend 65003 65003 65003 65003 65003 65003 65003 ! ! ! radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 length 0 ! scheduler allocate 20000 1000 ntp server 172.16.255.10 end