ipv unicast-routing

ipv cef

ipv router ospf 1

area 1 nssa
no sh
exit

int s0/0/0
ipv add 2001:1:54:35::5/64
ipv ospf 1 are 1
exit

int s0/0/1.100
ipv add 2001:1:54:15::5/64
ipv ospf 1 are 1
exit

int loo0
ipv add 2001:1:54:5::5/128
ipv ospf 1 are 1
exit

R1
ipv unicast-routing
ipv cef

ipv router ospf 1

area 1 nssa

exit

int f0/0
ipv add 2001:1:54:16::1/64
ipv ospf 1 are 1
exit

int s0/0/1.100
ipv add 2001:1:54:15::1/64
ipv ospf 1 are 1
exit

int loo0
ipv add 2001:1:54:1::1/128
ipv ospf 1 are 1
exit

SW1
ipv unicast-routing
ipv cef

ipv router ospf 1

area 1 nssa
exit

int vlan 36
ipv add 2001:1:54:36::6/64
ipv ospf 1 are 1
exit

int vlan 16
ipv add 2001:1:54:16::6/64
ipv ospf 1 are 1
exit

int vlan 68
ipv add 2001:1:54:68::6/64
ipv ospf 1 are 0
exit

int loo0
ipv add 2001:1:54:6::6/128
ipv ospf 1 are 0
exit

SW2

SW3
ipv unicast-routing
ipv cef

ipv router ospf 1

exit

int vlan 68
ipv add 2001:1:54:68::8/64
ipv ospf 1 are 0
exit

int loo0
ipv add 2001:1:54:8::8/128
ipv ospf 1 are 0
exit

ip cef
ipv unicast-rou
ipv cef
int f0/0
no sh
int f0/1
no sh
int s0/0/0
no sh
int s0/0/1
no sh
sh run | i monitor|bpdu|arp|snooping|inspection|filter|root|ip tcp

default int rang f0/19 - 24

vlan dot tag native

int range f0/19 - 24

swi tr encap dot
swi mo tr
swi tr native vlan 1
swi m=no negotiate

interface FastEthernet0/2
no switchport
ip address 172.16.27.7 255.255.255.0
!
interface FastEthernet0/3
no switchport
ip address 172.16.37.7 255.255.255.0

vtp domain CCIE

vtp password cisco
vtp versio 2
vtp mode client

vlan 16
name VLAN_16_R1-SW1
vlan 18
name VLAN_18_R1-SW3
vlan 28
name VLAN_28_R2-SW3
vlan 36
name VLAN_36_R3-SW1
vlan 45
name VLAN_45_R4-R5
vlan 68
name VLAN_68_SW1-SW3
vlan 69
name VLAN_69_SW1-SW4
vlan 89
name VLAN_89_SW3-SW4
vlan 100
name VLAN_100_BB1
vlan 200
name VLAN_200_BB2
vlan 300
name VLAN_300_BB3
vlan 500
name VLAN_500_Clients
vlan 999
name Unused_Ports

int f0/1
swi mo acc
swi acc vlan 18
no sh
exit

int f0/4
swi mo acc
swi acc vlan 45
no sh
exit
int f0/5
swi mo acc
swi acc vlan 45
no sh
exit
int f0/10
swi mo acc
swi acc vlan 200
no sh
exit

int range f0/19 - 24

swi tr encap dot
swi mo tr
swi tr native vlan 1
swi nonegotiate

spann mod mst

spann mst configuration
instance 3 vlan 1-4094
instance 1 vlan 45,69,89,999
instan 2 vlan 16,18,28,36,68,100,200,300,500
revis 1
name cisco
exit
spann mst 0-1 root secon
spann mst 2 root primary

port-chan load dst-ip

int range f0/19 - 20
channel-gro 4 mode desirable
int range f0/21 - 22
channel-gro 3 mode desirable
int range f0/23 - 24
channel-gro 1 mode desirable

port-chan load dst-ip

int range f0/19 - 20
channel-gro 2 mode desirable
int range f0/21 - 22
channel-gro 1 mode desirable
int range f0/23 - 24
channel-gro 3 mode desirable

int range f0/1 - 9 , f0/11 - 18 , gi0/1 - 2

sw mo acc
sw acc vlan 999
sh
exit

ip access-l ext V500

perm tcp an an eq http
per tcp an eq http a
per tcp an eq smtp a
per tcp a a eq smtp
per udp a a eq domain
per udp a eq domain a
per icmp a a
exit

vlan access-map L2SEC

action forward
match ip add V500
exit

vlan filter L2SEC vlan-list 500

SW4

int range f0/1 - 5

sw mo acc
sw acc vlan 500
swi protected
swi port-sec
swi port-sec maximum 1
swi port-sec violation shut
swi block unicast
swi block multicast
swi portfast
exit
spann portfast bpduguard default
errdisable recovery cause psecure-viola
errdisable recovery cause bpduguard
errdisable recovery interval 600

int f0/18
swi mo acc
swi acc vlan 500
swi port-sec
swi port-sec mac-add aaa.bbb.ccc
swi port-sec maximum 1
swi port-sec violation shutdown
no sh
exit
errdisable rec cause psecure-violation
errdisable rec interval 600

vlan 2000
private-vlan isolated

spann mst config

instance 1 vlan 2000

vlan 500
private-vlan primary
private-vlan associa 2000
exit

int f0/18
no swi acc vlan 999
swi private-vlan map 500 200
swi mo private-vlan promi
no sh
exit

int range f0/16 - 17

no swi acc vlan 999
swi private-vlan host-ass 500 200
swi mod private-vlan host
no sh
exit

R- R5 .100 100
.54 154
R1-R4 200
R4-R2 154

interface Serial0/0/1
ip address 10.54.14.1 255.255.255.0
no fair-queue

interface Serial0/0/0
no ip address
encapsulation frame-relay
interface Serial0/0/0.54 point-to-point
ip address 10.54.15.1 255.255.255.0
interface Serial0/0/0.100 point-to-point
ip address 10.154.15.1 255.255.255.0

ip cef
mpls label proto ldp
mpls ldp router-id lo0 force

fram sw
int s0/0/1
encap fram
fram intf-type dce
mpls ip
int s0/0/1.54
fram interface-dlci 154
mpls ip
int s0/0/1.100
fram interface-dlci 100
mpls ip
int s0/0/0
mpls ip

ip cef
mpls label proto ldp
mpls ldp router-id lo0 force
int s0/0/0
encap fram
fram map ip 10.54.14.4 200 br
fram map ip 10.54.14.1 200
mpls ip
exit
int s0/0/1
encap fram
mpls ip
int s0/0/1.54
fram interface-dlci 154
mpls ip
int s0/0/1.100
fram interface-dlci 100
mpls ip

ip cef
mpls label proto ldp
mpls ldp router-id lo0 force

mpls ip
int s0/0/0
encap fram
fram map ip 10.54.24.4 154 br
fram map ip 10.54.24.2 154
mpls ip

R5
ip cef
mpls label proto ldp
mpls ldp router-id lo0 force

router ospf 100

router-id 154.5.5.5
net 10.154.15.5 0.0.0.0 a 1
net 10.154.35.5 0.0.0.0 a 1
net 154.5.5.5 0.0.0.0 a 1
int s0/0/0
mpls ip
R3
ip cef
mpls label proto ldp
mpls ldp router-id lo0 force
router ospf 100
router-id 154.3.3.3
net 10.154.36.3 0.0.0.0 a 1
net 10.154.35.3 0.0.0.0 a 1
net 154.3.3.3 0.0.0.0 a 1
area 1 nssa
exit

int s0/0/0
mpls ip
int f0/0
ip ospf priority 0

R1
ip cef
mpls label proto ldp
mpls ldp router-id lo0 force

router ospf 100

router-id 154.1.1.1
net 10.154.16.1 0.0.0.0 a 1
net 10.154.15.1 0.0.0.0 a 1
net 154.1.1.1 0.0.0.0 a 1
area 1 nssa

int f0/0
ip ospf priority 0

SW3

router ospf 100

router-id 154.6.6.6
net 10.154.16.6 0.0.0.0 a 1
net 10.154.36.6 0.0.0.0 a 1
net 154.6.6.6 0.0.0.0 a 0
net 10.154.68.6 0.0.0.0 a 0
area 1 nssa default-info
area 0 filter-list prefix fv5 out
exit

ip prefix-lis fv5 seq 5 deny 10.154.188.0/24

ip prefix-lis fv5 seq 10 permit 0.0.0.0/0 le 32

int vlan 36
ip ospf priority 255
int vlan 16
ip ospf priority 255
int vlan 68
ip ospf priority 255
router eigrp 100
net 150.3.54.1 0.0.0.0
no auto
exit

SW3

router eigrp 54
net 10.54.18.8 0.0.0.0
net 10.54.28.8 0.0.0.0
no auto
exit

router eigrp 54
net 10.54.18.1 0.0.0.0
net 10.54.15.1 0.0.0.0
net 10.54.14.1 0.0.0.0
no auto
exit

router eigrp 54
net 10.54.15.5 0.0.0.0
net 10.54.45.5 0.0.0.0
no auto
exit

ip cef
mpls label proto ldp
mpls ldp router-id lo0 force
router eigrp 54
net 10.54.14.4 0.0.0.0
net 10.54.45.4 0.0.0.0
net 10.54.24.4 0.0.0.0
net 154.4.4.4 0.0.0.0
no auto
exit
int f0/1
mpls ip
int s0/0/0
mpls ip
int s0/0/1
mpls ip

ip cef
mpls label proto ldp
mpls ldp router-id lo0 force
router eigrp 54
net 10.54.28.2 0.0.0.0
no net 10.54.28.1 0.0.0.0
net 10.54.24.2 0.0.0.0
net 154.2.2.2 0.0.0.0
no auto
exit

int s0/0/0
mpls ip

SW3
router ospf 100
router-id 154.8.8.8
net 10.154.68.8 0.0.0.0 a 0
net 10.154.188.8 0.0.0.0 a 500
net 154.8.8.8 0.0.0.0 a 0
area 0 filter-list prefix fv5 out
exit

ip prefix-lis fv5 seq 5 deny 10.154.188.0/24

ip prefix-lis fv5 seq 10 permit 0.0.0.0/0 le 32

router eigrp 54

ip routing

router rip
ver 2
net 10.0.0.0
net 154.0.0.0
no auto-sum
passive-interface default
no passive-int vlan 89
no passive-int vlan 69
no passive-int lo0

router bgp 54
bgp router-id 154.1.1.1
no bgp default ipv4-uni
neig IBGP peer-group
neig IBGP remote-as 54
neig IBGP update-source lo0
neig IBGP passwo cisco
neig IBGP transport connection-mode active
neig 154.2.2.2 peer-group IBGP
neig 154.3.3.3 peer-group IBGP
neig 154.4.4.4 peer-group IBGP
neig 154.5.5.5 peer-group IBGP
neig 154.6.6.6 peer-group IBGP
neig 154.8.8.8 peer-group IBGP
addr ipv4
neig IBGP route-reflector-cli
neig IBGP send-comm
neig 154.2.2.2 activate
neig 154.3.3.3 activate
neig 154.4.4.4 activate
neig 154.5.5.5 activate
neig 154.6.6.6 activate
neig 154.8.8.8 activate
no sync
no auto
exit

router bgp 54
bgp router-id 154.8.8.8
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 154.1.1.1 remote-as 54
neighbor 154.1.1.1 transport connection-mode passive
neighbor 154.1.1.1 password cisco
neighbor 154.1.1.1 update-source Loopback0
!
address-family ipv4
neighbor 154.1.1.1 activate
neighbor 154.1.1.1 send-community
no auto-summary
no synchronization
exit-address-family

router bgp 54
neig 150.2.54.254 remote-as 254
addr ipv4
neig 154.1.1.1 next-hop-self
neig 150.2.54.254 activate
neig 150.2.54.254 route-map PREPEND in
exit
route-map PREPEND
set as-path prepend 253
exit

router bgp 144

no bgp default ipv4-unicast
neig 10.154.69.6 remote-as 54
neig 10.154.89.8 remote-as 54
addr ipv4
neig 10.154.69.6 acti
neig 10.154.89.8 acti
maximum-path 2
no sync
no auto
exit
router bgp 54
no bgp default ipv4-unicast
neig 10.154.69.9 remote-as 144

addr ipv4
neig 10.154.69.9 acti

no sync
no auto
exit

router bgp 54
no bgp default ipv4-unicast
neig 10.154.89.9 remote-as 144

addr ipv4
neig 10.154.89.9 acti

no sync
no auto
exit

ip vrf Site-1
rd 3:3
exit
ip vrf Site-2
rd 2:2
exit

int lo71
ip vrf forwarding Site-1
ip add 71.71.71.71 255.255.255.255
exit

int lo72
ip vrf forwarding Site-2
ip add 72.72.72.72 255.255.255.255
exit

int f0/3
ip vrf forwarding Site-1
ip add 172.16.37.7 255.255.255.0
exit

int f0/2
ip vrf forwarding Site-2
ip add 172.16.27.7 255.255.255.0
exit

router bgp 777

addr ipv4 vrf Site-1
neig 172.16.37.3 remote-as 54
neig 172.16.37.3 activate
net 71.71.71.71 mask 255.255.255.255
exit
addr ipv4 vrf Site-2
neig 172.16.27.2 remote-as 54
neig 172.16.27.2 activate
net 72.72.72.72 mask 255.255.255.255
exit

router bgp 54
neig 154.2.2.2 remote-as 54
neig 154.2.2.2 update-source lo0
neig 154.3.3.3 remote-as 54
neig 154.3.3.3 update-source lo0
addr vpnv4
neig 154.2.2.2 activate
neig 154.2.2.2 send-comm both
neig 154.2.2.2 route-reflector-cli
neig 154.3.3.3 activate
neig 154.3.3.3 send-comm both
neig 154.3.3.3 route-reflector-cli
exit

R4

int loo0
ipv add 2001:1:54:4::4/128
exit

int tunnel 45
tunnel source lo0
tunnel mode ipv6ip 6
ipv add 2002:9A04:404::4/127
exit
ipv route 2002::/16 tunnel 45
ipv route 2001:1:54:8::8/128 2002:9A05:505::5

R5

int tunnel 45
tunnel source lo0
tunnel mode ipv6ip 6
ipv add 2002:9A05:505::5/127
exit
ipv route 2002::/16 tunnel 45
ip multicast-rou

int lo1
ip add 200.100.100.100 255.255.255.255
ip pim sparse-mode
exit

ip pim rp-candidate lo1

ip pim bsr-candidate lo0
ip msdp peer 154.2.2.2 connect-source lo0
ip msdp originator-id lo0
ip msdp cache-sa-state

int lo0
ip pim sparse-mode

int s0/0/0
ip pim sparse-mode
int f0/0
ip pim sparse-mode

R1
ip multicast-rou
int lo0
ip pim sparse-mode
int s0/0/1
ip pim sparse-mode
int s0/0/1.100
ip pim sparse-mode
int s0/0/1.54
ip pim sparse-mode
int f0/1
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode

SW
ip multicast-rou
int lo0
ip pim sparse-mode

int f0/0
ip pim sparse-mode

int s0/0/0
ip pim sparse-mode

SW1
ip multicast-rou distri
int lo0
ip pim sparse-mode
int vlan 68
ip pim sparse-mode
int vlan 500
ip pim sparse-mode
int vlan 18
ip pim sparse-mode
int vlan 28
ip pim sparse-mode

R4

ip forward-proto udp bootpc

service dhcp
int f0/1
ip helper-address 10.54.99.99
vrrp 1 ip 10.54.45.1
vrrp 1 priority 150
vrrp 1 timer adver msec 300
vrrp 1 preempt
vrrp 2 ip 10.54.45.254
vrrp 2 priority 50
vrrp 2 preempt

R5
ip forward-proto udp bootpc
service dhcp
int f0/1
ip helper-address 10.54.99.99
vrrp 1 ip 10.54.45.1
vrrp 1 priority 100
vrrp 1 timers learn
vrrp 1 preempt
vrrp 2 ip 10.54.45.254
vrrp 2 priority 150
vrrp 2 preempt

ntp master 1
clock calender-valid
ntp update-cla
ntp source lo0
ntp server 154.1.1.1
ntp update-ca
ntp source lo0

ip domain-name cisco.com
crypto rsa key generate

ip ssh maxstartup 16
service linenumber
username admin privi 15 password ccie
usern guest privi 1 pass cisco

aaa new-mo
aaa authori exec CRL_VTY local
aaa authen login CRL_VTY local-case
aaa authen login CRL none

line vty 0 15
login authen CRL_VTY
authori exec CRL_VTY
transport input none
transport input ssh
exit
line console 0
login authen CRL
exit

policy-map INBOUND
class class-default
set qos-group mpls experimental topmost
exit

int s0/0/0
service-policy input INBOUND
service-policy output MPLS-CORE-FACING
exit
policy-map CE-FACING
class QOSGROUP123
set precedence qos-group
bandwidth percent 30
class QOSGROUP467
bandwidth percent 30
set precedence qos-group
class QOSGROUP5
priority percent 15
set precedence qos-group

policy-map SHAPING
class class-default
shape average 3000000
service-policy CE-FACING

int f0/1
service-policy output SHAPING

class-map match-all CRITICAL

match mpls experimental topmost 4 6 7
class-map match-all BESTEFFORT
match mpls experimental topmost 1 2 3
class-map match-all REALTIME
match mpls experimental topmost 5
!
class-map match-any QOSGROUP123
match qos-group 1
match qos-group 2
match qos-group 3
class-map match-all QOSGROUP5
match qos-group 5
class-map match-any QOSGROUP467
match qos-group 4
match qos-group 6
match qos-group 7
!
policy-map MPLS-CORE-FACING
class CRITICAL
bandwidth percent 30
class BESTEFFORT
bandwidth percent 30
class REALTIME
priority percent 15
!
policy-map CE-FACING
class QOSGROUP123
bandwidth percent 30
class QOSGROUP467
bandwidth percent 30
class QOSGROUP5
priority percent 15

int lo 148
ip add 148.8.0.8 255.255.255.255
exit

access-list 109 permit ip host 148.8.0.8 host 148.4.0.4

route-map PBR
match ip add 109
set interface vlan 18 null0
exit
ip local policy route-map PBR

ip access-list ext SSH

deny tcp 10.154.188.0 0.0.0.255 host 10.154.35.5 eq 22
per tcp a a eq 22

class-ma match-all SSH

match access-group name SSH
exit
class-ma match-all BLOCK
match access-group name HTTP
match access-group name ALL_ICMP
exit

ip access-list ext HTTP

per tcp 10.154.188.0 0.0.0.255 an eq 80
per tcp 10.154.188.0 0.0.0.255 an eq 443
exit
ip access-list ext ALL_ICMP
per icmp a a
exit

class-ma match-all ICMP_LIMIT

match access-group name ICMP_ECHO
exit

archive
log config
logging enable
logging size 10
hidekey
notify syslog
notify syslog contenttype plaintext
exit

no logging buffered
logging on
logging host 10.154.68.1
exit

event manager applet ABC

event syslog pattern ".*%SYS-5-RESTART.*"
action 1.0 cli comm "enable"
action 2.0 cli comm "configure terminal"
action 3.0 cli comm "interface GigabitEthernet0/0"
action 4.0 cli comm "shutdown"
action 5.0 cli comm "no shutdown"
action 6.0 cli comm "exit"
action 7.0 cli comm "interface GigabitEthernet0/"
action 8.0 cli comm "shutdown"
action 9.0 cli comm "no shutdown"
action 10.0 cli comm "exit"

ip access-list ext ICMP_ECHO

perm icmp a a echo
per icmp a a echo-reply

policy-map CONTROL
class SSH
police cir 16000
conform-action transmit
exceed-action drop

class ICMP_LIMIT
police rate 100 pps burst 10 packet
conform-action transmit
exceed-action drop
class BLOCK
drop