490 lines
12 KiB
Plaintext
490 lines
12 KiB
Plaintext
!
|
|
! Last configuration change at 10:34:24 EST Wed Dec 9 2020 by cisco
|
|
! NVRAM config last updated at 10:30:57 EST Wed Dec 9 2020 by cisco
|
|
!
|
|
version 15.2
|
|
no service pad
|
|
service timestamps debug datetime msec
|
|
service timestamps log datetime
|
|
service password-encryption
|
|
service compress-config
|
|
!
|
|
hostname DLS2
|
|
!
|
|
boot-start-marker
|
|
boot-end-marker
|
|
!
|
|
!
|
|
no logging console
|
|
enable secret 5 $1$Q808$PU/EH2k0cNDlzRo1CsqvQ0
|
|
!
|
|
username cisco secret 5 $1$Wxk6$Rm6bIBAIkK81C93afqKIJ1
|
|
aaa new-model
|
|
!
|
|
!
|
|
aaa authentication login default local
|
|
aaa authentication login CONSOLE none
|
|
aaa authorization exec default local
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
aaa session-id common
|
|
clock timezone EST -5 0
|
|
clock summer-time EDT recurring
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
vtp mode transparent
|
|
!
|
|
ip dhcp excluded-address 10.1.80.1 10.1.80.3
|
|
ip dhcp excluded-address 10.1.120.251 10.1.120.254
|
|
ip dhcp excluded-address 10.1.200.251 10.1.200.254
|
|
ip dhcp excluded-address 10.1.110.251 10.1.110.254
|
|
ip dhcp excluded-address 10.1.110.1 10.1.110.128
|
|
ip dhcp excluded-address 10.1.120.1 10.1.120.128
|
|
ip dhcp excluded-address 10.1.200.1 10.1.200.128
|
|
!
|
|
ip dhcp pool VOICE
|
|
network 10.1.200.0 255.255.255.0
|
|
default-router 10.1.200.254
|
|
!
|
|
ip dhcp pool GUEST
|
|
network 10.1.110.0 255.255.255.0
|
|
default-router 10.1.110.254
|
|
!
|
|
ip dhcp pool OFFICE
|
|
network 10.1.120.0 255.255.255.0
|
|
default-router 10.1.120.254
|
|
domain-name tshoot.net
|
|
!
|
|
ip dhcp pool v4_BranchLAN
|
|
network 10.1.80.0 255.255.255.128
|
|
default-router 10.1.80.1
|
|
!
|
|
!
|
|
no ip domain-lookup
|
|
ip domain-name tshoot.net
|
|
crypto key generate rsa modulus 1024
|
|
ip cef
|
|
ipv6 unicast-routing
|
|
ipv6 dhcp pool v6_BranchLAN
|
|
address prefix 2001:DB8:CAFE:800:ABCD::/80
|
|
domain-name tshoot.net
|
|
!
|
|
ipv6 dhcp pool DHCPv6OFFICE
|
|
address prefix 2001:DB8:CAFE:120:ABCD::/80
|
|
domain-name tshoot.net
|
|
!
|
|
ipv6 dhcp pool DHCPv6VOICE
|
|
address prefix 2001:DB8:CAFE:200:ABCD::/80
|
|
domain-name tshoot.net
|
|
!
|
|
ipv6 dhcp pool DHCPv6GUEST
|
|
address prefix 2001:DB8:CAFE:110:ABCD::/80
|
|
domain-name tshoot.net
|
|
!
|
|
ipv6 cef
|
|
!
|
|
!
|
|
errdisable recovery cause bpduguard
|
|
!
|
|
spanning-tree mode mst
|
|
spanning-tree portfast edge default
|
|
spanning-tree portfast edge bpduguard default
|
|
spanning-tree extend system-id
|
|
!
|
|
spanning-tree mst configuration
|
|
name TSHOOT
|
|
revision 25
|
|
instance 1 vlan 99, 110, 120
|
|
instance 2 vlan 100, 200, 300
|
|
!
|
|
spanning-tree mst 1 priority 28672
|
|
spanning-tree mst 2 priority 24576
|
|
!
|
|
!
|
|
vlan 99-100,110,120,200,300,666,999
|
|
lldp run
|
|
!
|
|
track 7 ip sla 2
|
|
delay down 30 up 30
|
|
!
|
|
track 23 list boolean and
|
|
object 7
|
|
object 31
|
|
!
|
|
track 31 interface GigabitEthernet2/0 line-protocol
|
|
delay down 30 up 30
|
|
!
|
|
!
|
|
class-map match-any non-client-nrt-class
|
|
!
|
|
policy-map port_child_policy
|
|
class non-client-nrt-class
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
interface Loopback0
|
|
description Anchor
|
|
ip address 10.1.212.1 255.255.255.255
|
|
ip ospf network point-to-point
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:2120::D2/128
|
|
!
|
|
interface Port-channel2
|
|
description Channel to ALS1
|
|
switchport trunk allowed vlan 99,100,110,120,200,300
|
|
switchport trunk encapsulation dot1q
|
|
switchport trunk native vlan 666
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
!
|
|
interface Port-channel10
|
|
description Channel to DLS1
|
|
switchport trunk allowed vlan 99,100,110,120,200,300
|
|
switchport trunk encapsulation dot1q
|
|
switchport trunk native vlan 666
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
!
|
|
interface GigabitEthernet0/0
|
|
description Channel to DLS1
|
|
switchport trunk allowed vlan 99,100,110,120,200,300
|
|
switchport trunk encapsulation dot1q
|
|
switchport trunk native vlan 666
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
negotiation auto
|
|
channel-group 10 mode on
|
|
no shutdown
|
|
!
|
|
interface GigabitEthernet0/1
|
|
description Channel to DLS1
|
|
switchport trunk allowed vlan 99,100,110,120,200,300
|
|
switchport trunk encapsulation dot1q
|
|
switchport trunk native vlan 666
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
negotiation auto
|
|
channel-group 10 mode on
|
|
no shutdown
|
|
!
|
|
interface GigabitEthernet0/2
|
|
description Channel to ALS1
|
|
switchport trunk allowed vlan 99,100,110,120,200,300
|
|
switchport trunk encapsulation dot1q
|
|
switchport trunk native vlan 666
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
negotiation auto
|
|
channel-group 2 mode on
|
|
no shutdown
|
|
!
|
|
interface GigabitEthernet0/3
|
|
description Channel to ALS1
|
|
switchport trunk allowed vlan 99,100,110,120,200,300
|
|
switchport trunk encapsulation dot1q
|
|
switchport trunk native vlan 666
|
|
switchport mode trunk
|
|
switchport nonegotiate
|
|
negotiation auto
|
|
channel-group 2 mode on
|
|
no shutdown
|
|
!
|
|
interface GigabitEthernet1/0
|
|
switchport access vlan 110
|
|
switchport mode access
|
|
switchport nonegotiate
|
|
shutdown
|
|
negotiation auto
|
|
spanning-tree portfast edge
|
|
spanning-tree bpduguard enable
|
|
!
|
|
interface GigabitEthernet1/1
|
|
description PARKING_LOT
|
|
switchport access vlan 999
|
|
switchport mode access
|
|
switchport nonegotiate
|
|
shutdown
|
|
negotiation auto
|
|
!
|
|
interface GigabitEthernet1/2
|
|
description PARKING_LOT
|
|
switchport access vlan 999
|
|
switchport mode access
|
|
switchport nonegotiate
|
|
shutdown
|
|
negotiation auto
|
|
!
|
|
interface GigabitEthernet1/3
|
|
description PARKING_LOT
|
|
switchport access vlan 999
|
|
switchport mode access
|
|
switchport nonegotiate
|
|
shutdown
|
|
negotiation auto
|
|
!
|
|
interface GigabitEthernet2/0
|
|
description GE to R3
|
|
no switchport
|
|
ip address 10.1.2.13 255.255.255.252
|
|
ip access-group 101 in
|
|
negotiation auto
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:212::D2/64
|
|
ipv6 dhcp server v6_BranchLAN
|
|
spanning-tree bpduguard enable
|
|
no shutdown
|
|
!
|
|
interface Vlan1
|
|
no ip address
|
|
shutdown
|
|
!
|
|
interface Vlan99
|
|
ip address 10.1.99.253 255.255.255.0
|
|
no ip proxy-arp
|
|
standby 99 ip 10.1.99.254
|
|
standby 99 preempt
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:99::D2/64
|
|
no shutdown
|
|
!
|
|
interface Vlan100
|
|
ip address 10.1.100.253 255.255.255.0
|
|
no ip proxy-arp
|
|
standby 100 ip 10.1.100.254
|
|
standby 100 priority 110
|
|
standby 100 preempt
|
|
standby 100 track 23 decrement 20
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:100::D2/64
|
|
ipv6 nd prefix 2001:DB8:CAFE:100::/64 2592000 604800 no-autoconfig
|
|
ipv6 nd managed-config-flag
|
|
no shutdown
|
|
!
|
|
interface Vlan110
|
|
ip address 10.1.110.253 255.255.255.0
|
|
no ip proxy-arp
|
|
standby 110 ip 10.1.110.254
|
|
standby 110 preempt
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:110::D2/64
|
|
ipv6 nd prefix 2001:DB8:CAFE:110::/64 2592000 604800 no-autoconfig
|
|
ipv6 nd managed-config-flag
|
|
ipv6 dhcp server DHCPv6GUEST
|
|
no shutdown
|
|
!
|
|
interface Vlan120
|
|
ip address 10.1.120.253 255.255.255.0
|
|
no ip proxy-arp
|
|
standby 120 ip 10.1.120.254
|
|
standby 120 preempt
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:120::D2/64
|
|
ipv6 nd prefix 2001:DB8:CAFE:120::/64 2592000 604800 no-autoconfig
|
|
ipv6 nd managed-config-flag
|
|
ipv6 dhcp server DHCPv6OFFICE
|
|
no shutdown
|
|
!
|
|
interface Vlan200
|
|
ip address 10.1.200.253 255.255.255.0
|
|
no ip proxy-arp
|
|
standby 200 ip 10.1.200.254
|
|
standby 200 priority 110
|
|
standby 200 preempt
|
|
standby 200 track 23 decrement 20
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:200::D2/64
|
|
ipv6 nd prefix 2001:DB8:CAFE:200::/64 2592000 604800 no-autoconfig
|
|
ipv6 nd managed-config-flag
|
|
ipv6 dhcp server DHCPv6VOICE
|
|
no shutdown
|
|
!
|
|
interface Vlan300
|
|
ip address 10.1.30.253 255.255.255.0
|
|
no ip proxy-arp
|
|
standby 30 ip 10.1.30.254
|
|
standby 30 priority 110
|
|
standby 30 preempt
|
|
standby 30 track 23 decrement 20
|
|
ip ospf authentication message-digest
|
|
ip ospf message-digest-key 1 md5 7 01000E015A0D
|
|
ipv6 address FE80::D2 link-local
|
|
ipv6 address 2001:DB8:CAFE:300::D2/64
|
|
no shutdown
|
|
!
|
|
!
|
|
router eigrp BRANCH
|
|
!
|
|
address-family ipv6 unicast autonomous-system 2
|
|
!
|
|
af-interface default
|
|
shutdown
|
|
passive-interface
|
|
exit-af-interface
|
|
!
|
|
af-interface GigabitEthernet2/0
|
|
no shutdown
|
|
no passive-interface
|
|
exit-af-interface
|
|
!
|
|
af-interface Vlan300
|
|
no shutdown
|
|
no passive-interface
|
|
exit-af-interface
|
|
!
|
|
af-interface Vlan99
|
|
no shutdown
|
|
exit-af-interface
|
|
!
|
|
af-interface Vlan100
|
|
no shutdown
|
|
exit-af-interface
|
|
!
|
|
af-interface Vlan110
|
|
no shutdown
|
|
exit-af-interface
|
|
!
|
|
af-interface Vlan120
|
|
no shutdown
|
|
exit-af-interface
|
|
!
|
|
af-interface Vlan200
|
|
no shutdown
|
|
exit-af-interface
|
|
!
|
|
topology base
|
|
exit-af-topology
|
|
eigrp router-id 2.2.2.2
|
|
exit-address-family
|
|
!
|
|
router ospf 1
|
|
router-id 2.2.2.2
|
|
passive-interface default
|
|
no passive-interface GigabitEthernet2/0
|
|
no passive-interface Vlan300
|
|
network 10.1.2.12 0.0.0.3 area 0
|
|
network 10.1.30.0 0.0.0.255 area 0
|
|
network 10.1.99.0 0.0.0.255 area 1
|
|
network 10.1.100.0 0.0.0.255 area 1
|
|
network 10.1.110.0 0.0.0.255 area 1
|
|
network 10.1.120.0 0.0.0.255 area 1
|
|
network 10.1.200.0 0.0.0.255 area 1
|
|
network 10.1.212.1 0.0.0.0 area 0
|
|
!
|
|
ip forward-protocol nd
|
|
!
|
|
no ip http server
|
|
ip http authentication local
|
|
no ip http secure-server
|
|
!
|
|
ip ssh source-interface Vlan99
|
|
ip ssh dh min size 2048
|
|
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
|
|
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
|
|
!
|
|
!
|
|
ip sla 2
|
|
tcp-connect 2001:DB8:FEED:14::3 22 control disable
|
|
threshold 100
|
|
timeout 200
|
|
frequency 6
|
|
ip sla schedule 2 life forever start-time now
|
|
logging source-interface Vlan99
|
|
logging host 10.1.100.1
|
|
access-list 100 permit ip host 20.20.20.20 any
|
|
access-list 100 permit ip any host 20.20.20.20
|
|
access-list 100 permit icmp any any
|
|
access-list 101 permit tcp host 192.168.3.1 host 192.168.1.1 eq bgp
|
|
access-list 101 permit tcp host 192.168.3.1 eq bgp host 192.168.1.1
|
|
access-list 101 permit ip 10.1.80.0 0.0.0.255 any
|
|
access-list 101 permit ospf any any
|
|
access-list 101 permit icmp any any
|
|
access-list 101 permit udp any any
|
|
access-list 101 permit ip host 10.1.2.14 any
|
|
access-list 101 permit ip host 192.168.3.1 any
|
|
access-list 101 permit tcp any eq 22 any
|
|
access-list 101 permit eigrp any any
|
|
!
|
|
!
|
|
ipv6 prefix-list R2PrimeG0/0 seq 10 deny 2001:DB8:CAFE:120:ABCD::/80 ge 81
|
|
ipv6 prefix-list R2PrimeG0/0 seq 20 permit ::/0 le 128
|
|
!
|
|
!
|
|
snmp-server community cisco RO
|
|
snmp-server community san-fran RW
|
|
snmp-server trap-source Vlan99
|
|
snmp-server location TSHOOT Lab Facility
|
|
snmp-server contact support@tshoot.net
|
|
snmp-server enable traps eigrp
|
|
snmp-server enable traps vtp
|
|
snmp-server enable traps vlancreate
|
|
snmp-server enable traps vlandelete
|
|
snmp-server enable traps hsrp
|
|
snmp-server host 10.1.100.1 version 2c cisco
|
|
!
|
|
!
|
|
!
|
|
control-plane
|
|
!
|
|
banner exec ^C
|
|
**************************************************************************
|
|
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
|
|
* education. IOSv is provided as-is and is not supported by Cisco's *
|
|
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
|
|
* of the IOSv Software or Documentation to any third party for any *
|
|
* purposes is expressly prohibited except as otherwise authorized by *
|
|
* Cisco in writing. *
|
|
**************************************************************************^C
|
|
banner incoming ^C
|
|
**************************************************************************
|
|
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
|
|
* education. IOSv is provided as-is and is not supported by Cisco's *
|
|
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
|
|
* of the IOSv Software or Documentation to any third party for any *
|
|
* purposes is expressly prohibited except as otherwise authorized by *
|
|
* Cisco in writing. *
|
|
**************************************************************************^C
|
|
banner login ^C
|
|
**************************************************************************
|
|
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
|
|
* education. IOSv is provided as-is and is not supported by Cisco's *
|
|
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
|
|
* of the IOSv Software or Documentation to any third party for any *
|
|
* purposes is expressly prohibited except as otherwise authorized by *
|
|
* Cisco in writing. *
|
|
**************************************************************************^C
|
|
banner motd ^C^C
|
|
!
|
|
line con 0
|
|
exec-timeout 0 0
|
|
logging synchronous
|
|
login authentication local
|
|
stopbits 1
|
|
line aux 0
|
|
line vty 0 4
|
|
exec-timeout 0 0
|
|
logging synchronous
|
|
transport input ssh
|
|
line vty 5 15
|
|
!
|
|
ntp source Vlan99
|
|
ntp server 2.2.2.2
|
|
!
|
|
end |